Download as pdf or txt
Download as pdf or txt
You are on page 1of 180






Lab Instructions and Lab Answer Key:

Configuring, Managing and
Troubleshooting Microsoft
Exchange Server 2010 Service Pack 2

Information in this document, including URL and other Internet Web site references, is subject to change
without notice. Unless otherwise noted, the example companies, organizations, products, domain names,
e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with
any real company, organization, product, domain name, e-mail address, logo, person, place or event is
intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the
user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in
or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property
rights covering subject matter in this document. Except as expressly provided in any written license
agreement from Microsoft, the furnishing of this document does not give you any license to these
patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and
Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding
these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a
manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links
may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not
responsible for the contents of any linked site or any link contained in a linked site, or any changes or
updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission
received from any linked site. Microsoft is providing these links to you only as a convenience, and the
inclusion of any link does not imply endorsement of Microsoft of the site or the products contained
2012 Microsoft Corporation. All rights reserved.
Microsoft and the trademarks listed at
/Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other trademarks are
property of their respective owners

Product Number: 10135B

Part Number: X18-30632
Released: 05/2012

Lab Instructions: Deploying Microsoft Exchange Server 2010

Module 1
Lab Instructions: Deploying Microsoft Exchange Server 2010
Lab A: Installing Exchange Server 2010
Exercise 1: Evaluating Requirements for an Exchange Server Installation

Exercise 2: Preparing for an Exchange Server 2010 Installation

Exercise 3: Installing Exchange Server 2010

Lab B: Verifying an Exchange Server 2010 Installation

Exercise 1: Verifying an Exchange Server 2010 Installation

Lab Instructions: Deploying Microsoft Exchange Server 2010

Lab A: Installing Exchange Server 2010

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:

On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.


In Hyper-V Manager, click 10135B--NYC-DC1, and in the Actions pane, click Start.

10135B- NYC-DC1: Domain controller in the domain.


In the Actions pane, click Connect. Click the CTRL+ALT+DELETE button in the top-left corner of the
Virtual Machine Connection window.


Log on using the following credentials:


User name: Administrator

Password: Pa$$w0rd

Domain: Contoso

Repeat these steps to start, and log on to the 10135B-NYC-SVR1 virtual machine.

10135B- NYC-SVR1: Member server in the domain.

Lab Scenario
You are working as a messaging administrator in Contoso Ltd. Your organization is preparing to install its
first Exchange Server 2010 server. Contoso Ltd. is a large multinational organization that includes offices
in Seattle, Washington, in the United States, and in Tokyo, Japan.
Contoso Ltd. does not have a previous version of Exchange Server deployed so you do not have to
upgrade a previous messaging system. Before installing Exchange Server 2010, you must verify that the
Active Directory environment is ready for the installation. You also must verify that all computers that will
run Exchange Server 2010 meet the prerequisites for installing Exchange.

Lab Instructions: Deploying Microsoft Exchange Server 2010

Exercise 1: Evaluating Requirements for an Exchange Server Installation

The Active Directory administrators at Contoso Ltd. are testing the Exchange Server 2010 deployment by
deploying a domain controller in a test environment. The server administration team has deployed a
Windows Server 2008 R2 server that you can use to deploy the first Exchange Server 2010 server in the
test organization.
You need to verify that the Active Directory environment and the server meet all prerequisites for
installing Exchange Server 2010. Use the following checklist to verify that the prerequisites are met:


Active Directory domain controllers: Windows Server 2003

SP2 or later

Yes or No

Active Directory domain and forest functional level:

Windows Server 2003 or higher

Yes or No

DNS requirements

Yes or No

Exchange Server 2010 schema changes

Yes or No

Active Directory Domain Services (AD DS) management


Yes or No

Microsoft .NET Framework 3.5 or later

Yes or No

Windows Remote Management (WinRM)

Yes or No

Windows PowerShell Version 2

Yes or No

2010 Office System Converter: Microsoft Filter Pack

Yes or No

Web Server (IIS) server role along with the following role
ISAPI Extensions
IIS 6 Metabase Compatibility
IIS 6 Management Console
Basic Authentication
Windows Authentication
Digest Authentication
Dynamic Content Compression
.NET Extensibility

Yes or No

Windows Server 2008 features

WCF HTTP Activation
RPC over HTTP Proxy

Yes or No

The main tasks for this exercise are:


Evaluate the Active Directory requirements.


Evaluate the DNS requirements.


Evaluate the server requirements.

Lab Instructions: Deploying Microsoft Exchange Server 2010

X Task 1: Evaluate the Active Directory requirements


On NYC-DC1, evaluate whether the domain controller requirements are met.


Evaluate whether the domain and forest functional level requirements are met.


Use Adsiedit.msc to evaluate whether the Exchange schema changes are applied.

X Task 2: Evaluate the DNS requirements

On NYC-SVR1, use Ipconfig, Ping, and NSLookup to evaluate DNS name resolution functionality.

X Task 3: Evaluate the server requirements


On NYC-SVR1, evaluate whether the required Windows Server 2008 features, including the required
AD DS administration tools, are installed.


Evaluate whether the Microsoft Internet Information Services (IIS) components are installed.


Evaluate whether the prerequisite software is installed.

Results: After this exercise, you should have evaluated whether your organization meets the AD DS, DNS,
and server requirements for installing Exchange Server 2010. You should have identified the additional
components that need to be installed or configured to meet the requirements.

Exercise 2: Preparing for an Exchange Server 2010 Installation

Now that you have identified which prerequisites are not met in the current AD DS and server
configuration, you need to update the environment to meet them.
The main tasks for this exercise are:

Install the Windows Server 2008 server roles and features.


Prepare AD DS for the Exchange Server 2010 installation.

X Task 1: Install the Windows Server 2008 server roles and features

On NYC-SVR1, in Server Manager, install the prerequisite server roles and features for Exchange
Server 2010.


Configure the Net.Tcp Port Sharing Service to start Automatically.

Lab Instructions: Deploying Microsoft Exchange Server 2010

X Task 2: Prepare AD DS for the Exchange Server 2010 installation


In Hyper-V Manager, connect C:\Program Files\Microsoft Learning

\10135\Drives\Exchange2010SP2.iso as the DVD drive for NYC-SVR1.


From a command prompt, run the Exchange Server setup program with the /PrepareAD parameter.
Configure an Exchange organization name of Contoso.

Results: After this exercise, you should have prepared the AD DS and server configuration for the
Exchange Server 2010 installation.

Exercise 3: Installing Exchange Server 2010

After you prepare the environment, continue with the Exchange Server 2010 server installation.
The main task for this exercise is:

Install Microsoft Exchange Server 2010.

X Task 1: Install Microsoft Exchange Server 2010


Start the Exchange Server 2010 installation.


Perform a Typical Exchange Server Installation.


Choose to automatically install required roles and features.


Choose to enable access for Outlook 2003 or Entourage clients.

Results: After this exercise, you should have prepared the AD DS and server configuration for the
Exchange Server 2010 installation.

Lab Instructions: Deploying Microsoft Exchange Server 2010

Lab B: Verifying an Exchange Server 2010 Installation

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:

On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.


Ensure that the 10135B-NYC-DC1 and the 10135B-NYC-SVR1 virtual machines are running.


10135B- NYC-DC1: Domain controller in the domain.

10135B- NYC-SVR1: Member server in the domain.

If required, connect to the virtual machines.

Lab Scenario
You have completed the installation of the first Exchange Server at Contoso Ltd. You now need to verify
that the installation completed successfully. You also should ensure that the installation meets the best
practices that Microsoft suggests.

Exercise 1: Verifying an Exchange Server 2010 Installation

The main tasks for this exercise are:

View the Exchange Server services.


View the Exchange Server folders.


Create a new user, and send a test message.


Run the Exchange Server Best Practices Analyzer Tool.

Lab Instructions: Deploying Microsoft Exchange Server 2010

X Task 1: View the Exchange Server services


Open the Services console.


Review the status for each Exchange Server service.

X Task 2: View the Exchange Server folders.

Using Windows Explorer, browse to C:\Program Files\Microsoft\Exchange Server\v14. This list of

folders includes ClientAccess, Mailbox, and TransportRoles. The three roles were installed as part of
the typical setup.

X Task 3: Create a new user, and send a test message


Open the Exchange Management Console.


Under Recipient Configuration, create a new mailbox with a new user account named TestUser and
a password of Pa$$w0rd.


Using Internet Explorer, open https://NYC-SVR1/owa.


Log on as TestUser, and send a message to Administrator.


Log on to Outlook Web App as Administrator, and verify that the message was delivered.

X Task 4: Run the Exchange Server Best Practices Analyzer tool


Start the Exchange Server Best Practices Analyzer.


Run a Health Check scan with a name of Post-Installation Test. Scan only


Review the information in the Exchange Server Best Practices Analyzer report.

Results: After this exercise, you should have verified that the Exchange Server 2010 server installation
completed successfully.

X To prepare for the next module

When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:

On the host computer, start Hyper-V Manager.


Right-click the virtual machine name in the Virtual Machines list, and then click Revert.


In the Revert Virtual Machine dialog box, click Revert.


In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.


To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.


Wait for 10135B-VAN-DC1 to start, and then start 10135B-VAN-EX1. Connect to the virtual machine.


Wait for 10135B-VAN-EX1 to start, and then start 10135B-VAN-EX3. Connect to the virtual machine.

Lab Instructions: Configuring Mailbox Servers

Module 2
Lab Instructions: Configuring Mailbox Servers
Exercise 1: Configuring Mailbox Databases

Exercise 2: Configuring Public Folders

Lab Instructions: Configuring Mailbox Servers

Lab: Configuring Mailbox Servers

Lab Setup
Important If required, start the 10135B-VAN-DC1 virtual machine first, and ensure that it
is fully started before starting the other virtual machines.
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:

On the host computer, click Start, point to Administrative Tools, and click Hyper-V Manager.


Ensure that the 10135B-VAN-DC1, 10135B-VAN-EX1, and the 10135B-VAN-EX3 virtual machines are


10135B-VAN-DC1: Domain controller in the domain

10135B-VAN-EX1: Exchange 2010 server in the domain

10135B-VAN-EX3: Exchange 2010 server in the domain

If required, connect to the virtual machines. Log on to the computers as Adatum\Administrator,

using the password Pa$$w0rd.

Lab Scenario
You are a new messaging administrator at A. Datum Corporation, and your manager has left instructions
indicating that you need to create and configure a database for the executive group, and then move the
existing database for the accounting group to a new location. Additionally, you need to add an additional
public folder database, and then replicate data to it.

Lab Instructions: Configuring Mailbox Servers

Exercise 1: Configuring Mailbox Databases

You must configure the executives database so that the mailbox does not send or receive messages after
the mailbox size reaches 1,024 MB. Additionally, you should ensure that a warning is sent to users if their
mailbox reaches 850 MB.
The main tasks for this exercise are:

Create a new database for the Executive mailboxes.


Configure the Executive mailbox database with appropriate limits.


Move the existing Accounting database to a new location.

X Task 1: Create a new database for the Executive mailboxes


On VAN-EX1, open the Exchange Management Console.


Create a new database named Executive on VAN-EX1.


Store database files in C:\Mailbox\Executive.


Store log files in C:\Mailbox\Executive.

X Task 2: Configure the Executive mailbox database with appropriate limits

Configure the limits on the Executive database:

Prohibit send and receive: 1024 MB

Issue warning: 850 MB

X Task 3: Move the existing Accounting database to a new location


Move the Accounting database files.


Store database files in C:\Mailbox\Accounting.


Store log files in C:\Mailbox\Accounting.

Results: After this exercise, you should have created a new database, set the specified limits, and moved
the existing Accounting database to a new folder.

Lab Instructions: Configuring Mailbox Servers

Exercise 2: Configuring Public Folders

Before creating a new public folder database and replicating it, you must check the numbers of items and
size in the Executive public folder so that you can later verify that the replication was successful.
The main tasks for this exercise are:

Check Executives public folder statistics.


Create a public folder database on VAN-EX3.


Add a replica of the Executives public folder on VAN-EX3.


Verify replication between VAN-EX1 and VAN-EX3.

X Task 1: Check Executives public folder statistics


On VAN-EX3, open the Exchange Management Console, and in the Toolbox node, open the Public
Folder Management Console.


In the Public Folder Management Console, connect to VAN-EX1, and view the number of items and
size in the Executives public folder on VAN-EX1.

Write down Total Items ______________________

Write down Size (KB) ________________________

X Task 2: Create a public folder database on VAN-EX3

Create a new public folder database on VAN-EX3 named PF-VAN-EX3.

Store database files in C:\Mailbox\PF-VAN-EX3\PF-VAN-EX3.edb.

Store log files in C:\Mailbox\PF-VAN-EX3.

X Task 3: Add a replica of the Executives public folder on VAN-EX3

Add PF-VAN-EX3 as a replica for the Executives public folders, and then wait for replication to
Note It can take up to 15 minutes for replication to complete.

X Task 4: Verify replication between VAN-EX1 and VAN-EX3

Verify the number and size of items in the Executives public folder on

Results: After this exercise, you should have created a new public folder database on VAN-EX3 and added
replicas for each public folder.

Lab Instructions: Configuring Mailbox Servers

X To prepare for the next module

When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:

On the host computer, start Hyper-V Manager.


Right-click the virtual machine name in the Virtual Machines list, and then click Revert.


In the Revert Virtual Machine dialog box, click Revert.


Repeat this step for every virtual machine that is running.


In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.


To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.


Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.


Wait for VAN-EX1 to start, and then start VAN-CL1. Connect to the virtual machine.

Lab Instructions: Managing Recipient Objects

Module 3
Lab Instructions: Managing Recipient Objects
Exercise 1: Managing Recipients

Exercise 2: Configuring Email Address Policies

Exercise 3: Configuring Address Lists

Exercise 4: Performing Bulk Recipient Management Tasks

Lab Instructions: Managing Recipient Objects

Lab: Managing Exchange Recipients

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:

On the host computer, click Start, point to Administrative Tools, and click Hyper-V Manager.


Ensure that the 10135B-VAN-DC1, 10135B-VAN-EX1, and 10135B-VAN-CL1 virtual machines are


10135B-VAN-DC1: Domain controller in the domain.

10135B-VAN-EX1: Exchange 2010 server in the domain.

10135B-VAN-CL1: Windows 7 client computer in the domain.

If required, connect to the virtual machines. Log on to the computers as Adatum\Administrator,

using the password Pa$$w0rd.

Lab Scenario
You are the messaging administrator for A. Datum Corporation. Your company is purchasing a new
company called Adventure Works. Adventure Works recipients will need to maintain a separate email
domain and address list. You also must create new mailboxes for the new departments employees.

Lab Instructions: Managing Recipient Objects

Exercise 1: Managing Recipients

Your manager wants you to complete several tasks in preparation for the Adventure Works acquisition
The main tasks for this exercise are:

Create and configure a mailbox for called Adventure Works Questions.


Create a resource mailbox and configure auto-accept settings for the Adventure Works Project Room.


Move George Schallers mailbox to VAN-EX1\Mailbox Database 1.


Create and configure a mail-enabled contact for Ian Palangio at Woodgrove Bank.


Create a moderated distribution list for Adventure Works Project, and delegate an administrator.


Create a room list distribution group for the Adventure Works meeting rooms.


Verify that changes were completed successfully.

Task 1: Create and configure a mailbox called Adventure Works Questions


On VAN-EX1, open the Exchange Management Console.


Create a new mailbox named Adventure Works Questions in the Mailbox Database 1 database.
Configure a user logon name of AdventureWksQ and a password of Pa$$w0rd.


Configure the mailbox with a Company name of Adventure Works.


Assign George Schaller full access to the Adventure Works Questions mailbox.

Task 2: Create a resource mailbox, and configure auto-accept settings for the

In Exchange Management Console, create a new room mailbox named ProjectRoom in the Mailbox
Database 1 database. Configure a user logon name of ProjectRoom.


Enable the Booking Attendant on ProjectRoom.


Configure the ProjectRoom with the Company name of Adventure Works.

Task 3: Move George Schallers mailbox to VAN-EX1\Mailbox Database 1

In Exchange Management Console, create a new local move request to move George Schallers
mailbox to VAN-EX1\Mailbox Database 1.

Task 4: Create and configure a mail-enabled contact for Ian Palangio at Woodgrove

In Exchange Management Console, create a new mail-enabled contact for Ian Palangio, using an
alias of IanPalangioWB and an email address of

Lab Instructions: Managing Recipient Objects

Task 5: Create a moderated distribution list for the Adventure Works Project, and
delegate an administrator

In Exchange Management Console, create a new Distribution group called Adventure Works Project
with an alias of AdventureWorksProject.


Add the following recipients to the Adventure Works Project group:


George Schaller

Ian Palangio

Wei Yu

Paul West

Specify George Schaller as the group moderator, and enable moderation of all messages.

Task 6: Create a room list distribution group for the Adventure Works meeting

On VAN-EX1, if required, open the Exchange Management Shell.


At the command prompt, type $Members=Get-User -Filter {(RecipientTypeDetails -eq

"RoomMailbox") -and (Company -eq "Adventure Works")} and press Enter.


At the command prompt, type New-DistributionGroup -Name "Adventure Works Conference

Rooms" -RoomList -Members $Members and press Enter.

Task 7: Verify that changes were completed successfully


Log on to VAN-CL1 as Adatum\Administrator, and open Outlook.


Create and send a new meeting request. Invite the Adventure Works Project group, and select the
Adventure Works Conference Rooms room list. Specify ProjectRoom as the room.


On VAN-EX1, open Outlook Web App, log on as Adatum\George, using the password Pa$$w0rd,
and accept the meeting request message. Send the response now.

Results: After this exercise, you should have completed all of the assigned tasks, which include creating a
mailbox, creating a resource mailbox, moving a mailbox, creating a contact, and creating a moderated
distribution group.

Exercise 2: Configuring Email Address Policies

Adventure Works maintains a distinct identity for customers, but some functions, such as accounting, are
integrated with A. Datum Corporation. To ensure that users receive all email properly, they must be able
to receive email at all domains, but use their own domain as the reply-to address.
The main tasks for this exercise are:

Create an email address policy for Adventure Works users.


Verify that addresses were applied to A. Datum users.

Lab Instructions: Managing Recipient Objects

Task 1: Create an email address policy for Adventure Works users


On VAN-EX1, open the Exchange Management Console.


Create a new email address policy with the following configuration:


Apply to all recipients with a company attribute of Adventure Works the domain.


SMTP address: first name.last


Accepted domain:

Task 2: Verify that addresses are applied correctly


In the Exchange Management Console, view the properties for George Schaller, and modify his
company description to Adventure Works.


Confirm that George Schaller has an email address that uses the domain.

Results: After this exercise, you should have created an email address policy for Adventure Works users.

Exercise 3: Configuring Address Lists

New address lists and offline address books are necessary to organize the address books for users in the
combined A. Datum and Adventure Works organization. However, each organization requires a separate
address to make it easier to find users. You also must create a new offline address book that includes
those address lists to support sales people with portable computers.
The main tasks for this exercise are:

Create an empty container address list named Companies.


Create a new address list for Adventure Works recipients.


Create a new address list for A. Datum recipients.


Verify the new address list is available in Microsoft Office Outlook.


Create a new offline address book for the Adventure Works address list.


Create a GAL for Adventure Works users.


Create the address book policy for the Adventure Works users.

Task 1: Create an empty container address list named Companies


On VAN-EX1, open the Exchange Management Console.


In the Mailbox node of the Organization Configuration work center, create a new address list named
Companies with no recipients.

Task 2: Create a new address list for Adventure Works recipients

Create a new address list Adventure Works in Companies for all recipients with the Company
Adventure Works.

Lab Instructions: Managing Recipient Objects

Task 3: Create a new address list for A. Datum Corporation recipients

Create a new address list A Datum in Companies for all recipients with the Company A. Datum.

Task 4: Verify the new address list is available in Microsoft Office Outlook

Log on to VAN-CL1 as Administrator, and open Outlook.


Verify that the address book contains the address lists for A. Datum and Adventure Works.


Close Outlook.

Task 5: Create a new offline address book for the Adventure Works address list

On VAN-EX1, open Exchange Management Console.


Create a new offline address book named Adventure Works with the Adventure Works address list,
and enable distributions through Web-based distribution and public folders. Use the OAB folder on
VAN-EX1 for Web-based distribution.


Close the Exchange Management Console.

Task 6: Create a global address list for Adventure Works users

At the command prompt, type New-GlobalAddressList Name Adventure Works GAL

IncludedRecipients AllRecipients ConditionalCompany Adventure Works and press Enter.

Task 7: Create the address book policy for the Adventure Works users

In the Exchange Management Console, create a new address book policy with the following

Name: Adventure Works ABP

Global address list: Adventure Works GAL

Offline address book: Adventure Works OAB

Room list: Adventure Works

Address Lists: Adventure Works

Results: After this exercise, you should have created an address list for the A. Datum and Adventure
Works users, and an offline address book for each organization.

Lab Instructions: Managing Recipient Objects

Exercise 4: Performing Bulk Recipient Management Tasks

Your manager left you a number of recipient management tasks to complete for the new Adventure
Works users:

Add a header line to the .csv file exported from the Human Resources (HR) system.

Modify the CreateUsersLab.ps1 script, and import Adventure Works users from a .csv file.

Define mailbox limits for all users in the Adventure Works company.

The main tasks for this exercise are:


Add a header line to the .csv file exported from the Human Resources (HR) system.


Modify the CreateUsersLab.ps1 script to Adventure Works users from a .csv file.


Create the AdventureWorks Organizational Unit in the domain


Run CreateUsersLab.ps1 to Adventure Works users from a .csv file.


Define mailbox limits for all Adventure Works company users.

Task 1: Add a header to the .csv file exported from the Human Resources (HR) system

On VAN-EX1, open D:\Labfiles\Users.csv in Notepad.


Add a header line that defines each column:





Save the changes to Users.csv, and close Notepad.

Task 2: Modify the CreateUsersLab.ps1 script to import Adventure Works users

from a .csv file

Open D:\Labfiles\CreateUsersLab.ps1 in Notepad.


Modify CreateUsersLab.ps1 as required to:


Configure the database to create users as Mailbox Database 1.

Configure the user principal name to be

Place users in the AdventureWorks OU.

Configure the .csv import file to be D:\Labfiles\Users.csv.

Configure the $pwd to be based on the password field in the Users.csv.

Configure the first and last name.

Configure the user principal name (UPN) as first

Configure the alias to be the first name and last name, with no space between the names.

Configure the display name to be the first name and last name, with a space between the names.

Save the changes to CreateUsersLab.ps1, and close Notepad.

Lab Instructions: Managing Recipient Objects

Task 3: Create the AdventureWorks Organizational Unit


Open Active Directory Users and Computers.


Create an OU named AdventureWorks.

Task 4: Run CreateUsersLab.ps1 to import the Adventure Works Users


Open the Exchange Management Shell.


Run D:\Labfiles\CreateUsersLab.ps1.

Task 5: Configure the Settings for the Adventure Works users


Use the Get-User cmdlet to retrieve all users in the AdventureWorks OU, and then pipe the results to
the Set-User cmdlet to set the Company attribute to Adventure Works.


Run Get-Mailbox cmdlet to retrieve a list of all Adventure Works users:



OrganizationalUnit: AdventureWorks

Set mailbox limits by piping the list of mailboxes to the Set-Mailbox cmdlet:

IssueWarningQuota 4GB

ProhibitSendQuota 5GB

Configure the Adventure Works mailboxes to use the Adventure Works ABP address book policy

Results: After this exercise, you should have created all of the additional Adventure Works users with an
Exchange Management Shell script, and then have set the storage quota.

To prepare for the next module

When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:

On the host computer, start Hyper-V Manager.


Right-click the virtual machine name in the Virtual Machines list, and then click Revert.


In the Revert Virtual Machine dialog box, click Revert.


In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.


To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Note Start the VAN-DC1 virtual machine first, and ensure that it is fully started before
starting the other virtual machines.


Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.


Wait for VAN-EX2 to start, and then start VAN-CL1. Connect to the virtual machine.

Lab Instructions: Managing Client Access

Module 4
Lab Instructions: Managing Client Access
Lab A: Configuring Client Access Servers for Outlook Anywhere Access
Exercise 1: Configuring Client Access Servers

Exercise 2: Configuring Outlook Anywhere

Lab B: Configuring Client Access Servers for Outlook Web App

and Exchange ActiveSync
Exercise 1: Configuring Outlook Web App

Exercise 2: Configuring Exchange ActiveSync

Lab Instructions: Managing Client Access

Lab A: Configuring Client Access Servers for Outlook

Anywhere Access

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:

On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.


Ensure that the 10135B-VAN-DC1, 10135B-VAN-EX1, 10135B-VAN-EX2, and the 10135B-VAN-CL1

virtual machines are running.


10135B-VAN-DC1: Domain controller in the domain

10135B-VAN-EX1: Exchange 2010 server in the domain

10135B-VAN-EX2: Exchange 2010 server in the domain

10135B-VAN-CL1: Client computer in the domain

If required, connect to the virtual machines. Log on to VAN-DC1, VAN-EX1, and VAN-EX2 as
Adatum\Administrator, using the password Pa$$w0rd. Do not log on to VAN-CL1 at this point.

Lab Scenario
You are working as a messaging administrator in A. Datum Corporation. Your organization has decided to
deploy Client Access servers so that the servers are accessible from the Internet for a variety of messaging
clients. To ensure that the deployment is as secure as possible, you must secure the Client Access server,
and configure a certificate on the server that will support the messaging client connections. You also need
to configure the server to support Outlook Anywhere connections.

Lab Instructions: Managing Client Access

Exercise 1: Configuring Client Access Servers

As a messaging administrator in A. Datum Corporation, you have deployed the Exchange Server
environment, and you are now working on configuring the Client Access servers. The organization has
decided to use a certificate from the internal CA to secure all client connections to the server. You need to
enable this configuration, and then you need to ensure that Outlook clients can still connect to the server.
The main tasks for this exercise are:

Configure an External Client Access Domain for VAN-EX2.


Prepare a Server Certificate request for VAN-EX2.


Request the certificate from the CA.


Import and assign the IIS Exchange service to the new certificate.


Verify Outlook connectivity to the Exchange Server.

Task 1: Configure an External Client Access Domain for VAN-EX2


On VAN-EX2, open the Exchange Management Console and configure an External Client Access
Domain named


Apply the external domain name just to VAN-EX2.


Verify that the External Client Access Domain was applied to the owa (Default Web Site) virtual

Task 2: Prepare a Server Certificate request for VAN-EX2



On VAN-EX2, run the New Exchange Certificate Wizard using the following configuration options:

Friendly name: ADatum Mail Certificate

Outlook Web App is on the intranet as the server name for all services

Outlook Web App is on the Internet

Exchange ActiveSync is enabled

Autodiscover is used on the Internet

Long URL is used for AutoDiscover

Organization: A Datum

Organization Unit: Messaging

Country/region: Canada

City/locality: Vancouver

State/province: BC

Save the file using the name CertRequest.req.

Lab Instructions: Managing Client Access

Task 3: Request the certificate from the CA


Copy the text of the certificate request file to the clipboard.


Connect to and create a new certificate request using the

contents of the certificate request file. Use an advanced certificate request using a base-64-encoded
CMC or PKCS#10 file. Copy and paste the contents of the CertRequest.req file into the Saved
Request field. Request a Web server certificate.


Download the certificate and save it.


View the certificate. Verify that the certificate includes several subject alternative names, and then
click OK.

Task 4: Assign the IIS Exchange Service to the new certificate


In the Exchange Management console, use the Complete Pending Request Wizard to import the
Adatum Mail certificate.


In the Exchange Management console, use the Assign Services to Certificate Wizard to assign the
Adatum Mail certificate to the Internet Information Services service.

Task 5: Verify Outlook connectivity to the Exchange Server


On VAN-CL1, log on as Molly using the password Pa$$w0rd.


Open Microsoft Outlook 2010, and verify that a profile is automatically created for Molly.


In Microsoft Outlook, click File, and then click Account Settings. Verify that the Outlook profile is
configured to use VAN-EX2 as the mailbox server.

Results: After this exercise, you should have configured the security settings for VAN-EX2 by using the
Security Configuration Wizard, and installed a server certificate from the internal CA on the server. You
should have also verified Outlook client connectivity to the Exchange server.

Exercise 2: Configuring Outlook Anywhere

A. Datum Corporation has several users who are frequently out of the office. These users all have laptop
computers, and they want to use Office Outlook to connect to their Exchange Server mailboxes while in
the office or out of the office. You need to configure the Client Access server to enable Outlook
Anywhere, and then configure a client to connect to the server using RPC over HTTPS. Finally, you need to
verify that the connection works.
The main tasks for this exercise are:

Configure a DNS record for


Configure Outlook Anywhere on VAN-EX2.


Configure the Outlook profile to use Outlook Anywhere.


Verify Outlook Anywhere connectivity.

Lab Instructions: Managing Client Access

Task 1: Configure a DNS record for

On VAN-DC1, create a new host record for using an IP address of

Task 2: Configure Outlook Anywhere on VAN-EX2


On VAN-EX2, verify that the RPC over HTTP Proxy feature is installed.


In the Exchange Management Console, enable Outlook Anywhere for VAN-EX2.


Configure an external host name of, and choose NTLM authentication.


Restart VAN-EX2 and log back on as Administrator with the password Pa$$w0rd.

Task 3: Configure the Outlook profile to use Outlook Anywhere


On VAN-CL1, ensure that you are logged on as Adatum\Molly.


Modify the profile for Molly to connect to Microsoft Exchange using HTTP.


Configure the Exchange Proxy server settings as follows:


Use this URL (https://):

Connect using SSL only: enable (default)

On fast networks, connect using HTTP first, then connect using TCP/IP: enable

On slow networks, connect using HTTP first, then connect using TCP/IP: enable (default)

Proxy authentication setting: NTLM Authentication (default)

Close Outlook.

Task 4: Verify Outlook Anywhere connectivity


On VAN-CL1, open Outlook and verify that you are connected to the Exchange server.


Press and hold Ctrl, and then right-click the Office Outlook icon in the Windows 7 notification area.
Confirm that the Conn column lists HTTPS as the connection method. You may need to click the up
arrow in the Windows 7 notification area to view the Office Outlook icon.


Use the E-mail AutoConfiguration tool to review the settings Autodiscover provided to the client.


Log off VAN-CL1.

Results: After this exercise, you should have enabled Outlook Anywhere on VAN-EX2, and configured a
client profile to use Outlook Anywhere. You also verified the Outlook Anywhere functionality.

To prepare for the next lab

Do not shut down the virtual machines and revert them to their initial state when you finish this lab.
This modules last lab requires the virtual machines for completion.

Lab Instructions: Managing Client Access

Lab B: Configuring Client Access Servers for Outlook Web

App and Exchange ActiveSync

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:

On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.


Ensure that the 10135B-VAN-DC1, 10135B-VAN-EX1, 10135B-VAN-EX2, and the 10135B-VAN-CL1

virtual machines are running:


10135B-VAN-DC1: Domain controller in the domain.

10135B-VAN-EX1: Exchange 2010 server in the domain.

10135B-VAN-EX2: Exchange 2010 server in the domain.

10135B-VAN-CL1: Client computer in the domain.

If required, connect to the virtual machines.

Lab Scenario
To enable client access to the server, your organization has decided to enable both Outlook Web App and
Exchange ActiveSync for its users. However, the security officer at A. Datum Corporation has defined
security requirements for the Outlook Web App and Exchange ActiveSync deployment. Therefore, you
need to enable the security features for both Outlook Web App and Exchange ActiveSync.

Lab Instructions: Managing Client Access

Exercise 1: Configuring Outlook Web App

A. Datum Corporation has several users who work regularly from outside the office. These users should be
able to check their email from any client computer, including client computers located in public areas. To
provide this functionality, you must configure the server settings for Outlook Web App, and configure
Outlook Web App policies. You also need to verify that the settings have been successfully applied.
The main tasks for this exercise are:

Configure IIS to use the Internal CA certificate.


Configure Outlook Web App settings for all users.


Configure an Outlook Web App Mailbox Policy for the Branch Managers.


Verify the Outlook Web App configuration.

Task 1: Configure IIS to use the Internal CA certificate


On VAN-EX2, in Internet Information Services (IIS) Manager, verify that the owa virtual directory
under the Default Web Site is configured to require SSL.


Verify that the Default Web Site is configured to use the Adatum Mail Certificate.

Task 2: Configure Outlook Web App settings for all users


On VAN-EX2, in Exchange Management Console, verify that the owa virtual directory is configured to
use forms-based authentication. Modify the forms-based authentication to use the user name only
and to use the domain automatically.


Disable the Tasks and Rules display for all users.


Use the set-owavirtualdirectory owa (Default Web Site) ForceSaveFileTypes .doc cmdlet to
force all users to save Word documents before opening them.


Use the set-owavirtualdirectory owa (Default Web Site) GzipLevel Off cmdlet to disable GZip


Use the Set-OwaVirtualDirectory -identity Owa (Default Web Site) FilterWebBeaconsAndHtmlForms ForceFilter cmdlet to block all Web beacons and HTML forms.


Use the IISReset /noforce command to restart IIS.

Task 3: Configure an Outlook Web App Mailbox Policy for the branch managers

Create a new Outlook Web App Mailbox policy, and configure the policy with the name Branch
Managers Policy.


Configure the policy to prevent branch managers from changing their password.


Apply the policy to all users in the Branch Managers organization unit (OU).

Lab Instructions: Managing Client Access

Task 4: Verify the Outlook Web App configuration


On VAN-EX1, connect to


Log on to Outlook Web App as Adatum\Sharon using the password Pa$$w0rd. Sharon is not in the
Branch Managers OU.


Verify that the Tasks folder is not displayed in the user mailbox, and that Sharon cannot configure a
new Inbox rule in the ECP.


Connect to OWA again, and log on as Adatum\Johnson using the password Pa$$w0rd. Johnson is
in the Branch Managers OU.


Verify that the Tasks folder is listed in the user mailbox, but that Johnson is not able to change his

Results: After this exercise, you should have configured Outlook Web App on VAN-EX2. This
configuration includes assigning the internal CA certificate to the Default Web Site, and configuring
Outlook Web App settings for all users, as well as for specific users. You also should have verified the
Outlook Web App settings.

Exercise 2: Configuring Exchange ActiveSync

A. Datum Corporation has several users who use Windows Mobile devices to access their mail. You need
ensure that these users can access their mailboxes using Exchange ActiveSync. To ensure that the client
connection is secure, you must configure an Exchange ActiveSync policy, and apply it to a user account.
You will also install a root certificate on the mobile device, and configure SSL security. Lastly, you need to
manage the mobile device as both an administrator and a user using ECP.
The main tasks for this exercise are:

Verify the Exchange ActiveSync virtual directory configuration.


Create a new Exchange ActiveSync mailbox policy.

Task 1: Verify the Exchange ActiveSync virtual directory configuration

On VAN-EX2, in Exchange Management Console, review the configuration for the Microsoft Server
ActiveSync virtual directory on VAN-EX2.

Lab Instructions: Managing Client Access

Task 2: Create a new Exchange ActiveSync mailbox policy


On VAN-EX2, in Exchange Management Console, create a new Exchange ActiveSync Mailbox policy
with the following configuration:

Name: EAS Policy 1

Enable unprovisionable devices

Enable attachments to be downloaded to the device

Require passwords

Enable password recovery


Review the other Exchange ActiveSync Mailbox policy settings.


Apply the Exchange ActiveSync Mailbox policy to Scott MacDonald.

Results: After this exercise, you should have configured the Exchange server environment to support
Exchange ActiveSync. You first verified that Exchange ActiveSync worked, and then enhanced the security
configuration by creating a more secure Exchange ActiveSync Mailbox policy, and by enabling SSL for all
Exchange ActiveSync connections.

To prepare for the next module

When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:

On the host computer, start Microsoft Hyper-V Manager.


Right-click the virtual machine name in the Virtual Machines list, and then click Revert.


In the Revert Virtual Machine dialog box, click Revert.


In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.


To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.


Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.


Wait for VAN-EX1 to start, and then start VAN-EX2. Connect to the virtual machine.

Lab Instructions: Managing Message Transport

Module 5
Lab Instructions: Managing Message Transport
Exercise 1: Configuring Internet Message Transport

Exercise 2: Troubleshooting Message Transport

Exercise 3: Troubleshooting Internet Message Delivery

Lab Instructions: Managing Message Transport

Lab: Managing Message Transport

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:

On the host computer, click Start, point to Administrative Tools, and click Hyper-V Manager.


Ensure that the 10135B-VAN-DC1, 10135B-VAN-EX1, and the 10135B-VAN-EX2 virtual machines are


10135B-VAN-DC1: Domain controller in the domain

10135B-VAN-EX1: Exchange 2010 server in the domain

10135B-VAN-EX2: Exchange 2010 server in the domain

If required, connect to the virtual machines. Log on to VAN-DC1, VAN-EX1 and VAN-EX2 as
Adatum\Administrator, using the password Pa$$w0rd.

Lab Scenario
You are a messaging administrator in A Datum Corporation., which is a large multinational organization
that has offices in London, Tokyo, and Vancouver, which is its headquarters. Your organization has
deployed Exchange Server 2010 in two of its sites. However, all Internet messages should flow through the
main site in Vancouver. As part of your job responsibilities, you need to set up the message transport to
and from the Internet and also ensure that the message flow works within and between the various sites.

Lab Instructions: Managing Message Transport

Exercise 1: Configuring Internet Message Transport

Your organization has deployed Exchange Server 2010 in two of its sites. However, all Internet messages
should flow through the main site. As part of your job responsibilities, you need to set up the message
transport to and from the Internet. You also want to configure the Hub Transport server for anti-spam.
The main tasks for this exercise are:

Configure a Send connector to the Internet.


Configure a Receive connector to accept Internet messages.


Enable anti-spam functionality on the Hub Transport server.


Verify that Internet message delivery works.

To prepare for this lab


On VAN-EX2, click Start, right-click Network, and then click Properties.


Click Change adapter settings.


Right-click Local Area Connection, and then click Properties.


Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.


Change the IP address to, and then click OK. Click Close.


Click the Start button, and then click Restart. In the Comment field, type Lab restart, and then
click OK.


After the system is restarted, log on to VAN-EX2 as Adatum\Administrator, using the password

These preparation steps move VAN-EX2 to a second site defined in AD DS.

Task 1: Configure a Send connector to the Internet


On VAN-EX1, open Exchange Management Console.


Create a new Send Connector with the following configuration:

Name: Internet Send Connector

Use: Internet

Address space: *

Route all messages through

Lab Instructions: Managing Message Transport

Task 2: Configure a Receive connector to accept Internet messages



On VAN-EX1, create a new Receive Connector with the following configuration:

Name: Internet Receive Connector

Use: Custom

Local Network Settings:

Change the configuration on the Internet Receive Connector to enable anonymous users to send
email and to enable verbose logging.

Task 3: Enable anti-spam functionality on the Hub Transport server


On VAN-EX1, open the Exchange Management Shell.


Switch to the c:\Program Files\Microsoft\Exchange Server\v14\scripts directory and use the

install-AntispamAgents.ps1 cmdlet to install the anti-spam agents on the Hub Transport server.


Restart the Microsoft Exchange Transport.


Verify that anti-spam configuration options are now available on VAN-EX1 and at the organization

Task 4: Verify that Internet message delivery works


On VAN-EX1, log on to Outlook Web App as Wei, and then send a message to


From the Toolbox node in the Exchange Management Console, open the Queue Viewer. Check the
queues on VAN-EX1 to verify that the message was delivered.


On VAN-DC1, use Telnet to verify that VAN-EX1 accepts anonymous messages. Use Telnet to send a
message as to

Results: After this exercise, you should have configured message transport to send and receive messages
to and from the Internet using a smart host. You also should have configured anti-spam functionality on a
Hub Transport server.

Exercise 2: Troubleshooting Message Transport

You have successfully installed Exchange Server 2010 in two sites. You now need to make sure that mail
flow is working correctly.
The main tasks for this exercise are:

Check the routing log, and verify that mail delivery works correctly.


Troubleshoot message transport.

Lab Instructions: Managing Message Transport

Task 1: Check the routing log, and verify that mail delivery works correctly

On VAN-EX1, use the Routing Log Viewer to verify that VAN-EX1 is located in the Default-First-SiteName site, and the VAN-EX2 is located in the Site2 site.


Log on to Outlook Web App as Wei, and send an email to Anna, whose mailbox is on VAN-EX2.
Verify that the mail is received and that Anna can respond to the email.

Task 2: Troubleshoot message transport


On VAN-EX1, in Exchange Management Shell, run the d:\ labfiles\Lab05Prep1.ps1 script.


Send another email from Wei to Anna. Verify that the message is not delivered.


Use Queue Viewer to investigate mail flow problems.


Use Telnet to check connectivity from VAN-EX1 to VAN-EX2.


Re-create the receive connector to make mail flow work correctly.


Use Queue Viewer to force an immediate retry of message delivery.


Verify that Anna received the message.

Results: After this exercise, you should have used the Routing Log Viewer to get an overview of your
routing topology. For troubleshooting, you should have used the Queue Viewer and Telnet to investigate
the mail-flow problem.

Exercise 3: Troubleshooting Internet Message Delivery

Your users complain that messages are not sent correctly to the internet. As part of your job
responsibilities, you need to track messages to find out why message flow to the Internet is not working
The main tasks for this exercise are:

Send a message to the Internet, and track it.


Implement user-based message tracking to verify mail delivery.


Troubleshoot Internet message delivery.

Task 1: Send a message to the Internet, and track it

On VAN-EX2, log on to Outlook Web App as Anna and send a message to

Task 2: Implement user-based message tracking to verify mail delivery

Connect to the Exchange Control Panel as Anna, and use the Delivery Reports page to track the
message she sent. Search for messages sent to

Lab Instructions: Managing Message Transport

Task 3: Troubleshoot Internet message delivery


On VAN-EX1, in Exchange Management Shell, verify that the shell is focused on

c:\Program Files\Microsoft\Exchange Server\v14\scripts, and run


On VAN-EX2, send a second message from Anna to


On VAN-EX1, in the Exchange Management Console, in the Toolbox node, access Message


Log on to Exchange Control Panel as Administrator, and track the message that Anna sent. Verify
that the message state is pending.


Use Mail Flow Troubleshooter to troubleshoot mail problems. When starting the Mail Flow
Troubleshooter, choose the option to troubleshoot the Messages are backing up in on one or more
queues on a server. Choose VAN-EX1 as the Exchange Server. Review the information on each wizard
page, and identify the proposed root cause for the issue.


On VAN-DC1, use nslookup to try to locate the MX records for


Configure a smart host in your Send connector.


Verify that the messages are now delivered.

Results: After this exercise, you should have used tools like Mail Flow Troubleshooter, Queue Viewer,
Message Tracking, and nslookup to investigate why messages are not delivered to the Internet.

To prepare for the next module

When you finish the lab, revert the virtual machines back to their initial state by completing the following

On the host computer, start Hyper-V Manager.


Right-click the virtual machine name in the Virtual Machines list, and then click Revert.


In the Revert Virtual Machine dialog box, click Revert.


In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.


To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.


Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.


Wait for VAN-EX1 to start, and then start VAN-SVR1. Connect to the virtual machine.

Lab Instructions: Implementing Messaging Security

Module 6
Lab Instructions: Implementing Messaging Security
Lab A: Configuring Edge Transport Servers and
Forefront Protection 2010 for Exchange Server
Exercise 1: Configuring Edge Transport Servers

Exercise 2: Configuring Forefront Protection 2010 for Exchange Server

Lab B: Implementing Anti-Spam Solutions

Exercise 1: Configuring an Anti-Spam Solution on Edge Transport Servers

Lab Instructions: Implementing Messaging Security

Lab A: Configuring Edge Transport Servers and Forefront

Protection 2010 for Exchange Server

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:

On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.


Ensure that the 10135B-VAN-DC1, 10135B-VAN-EX1, and the 10135B-VAN-SVR1 virtual machines are

10135B-VAN-DC1: Domain controller in the domain

10135B-VAN-EX1: Exchange 2010 server in the domain

10135B-VAN-SVR1: Standalone server


If required, connect to the virtual machines. Log on to VAN-DC1 and VAN-EX1 as

Adatum\Administrator, using the password Pa$$w0rd.


Log on to VAN-SVR1 as Administrator, using the password Pa$$w0rd.


On the host computer, in Hyper-V Manager, click VANSVR1, and in the Actions pane, click Settings.


Click DVD Drive, click Image file, and then click Browse.


Browse to C:\Program Files\Microsoft Learning\10135\Drives, click EXCHANGE2010SP2.ISO, and

then click Open.


Click OK.


On VAN-SVR1, dismiss the Autoplay dialog box.

Lab Instructions: Implementing Messaging Security

Lab Scenario
You are a messaging administrator in A. Datum Corporation, which is a large multinational organization.
Your organization has deployed Exchange Server 2010 internally, and now must extend it so that
everyone within the corporation can send and receive Internet email.
As part of your job responsibilities, you need to set up an Edge Transport server, and then install an
antivirus solution to scan all mail.

Exercise 1: Configuring Edge Transport Servers

Your organization has internally deployed Exchange Server 2010, and now wants to use the Edge
Transport server role to replace an existing smart host. You need to deploy the Edge Transport server role,
and verify that Internet message flow is working.
The main tasks for this exercise are:

Install the Edge Transport Server role.


Configure Edge Synchronization.


Verify that EdgeSync is working and that Active Directory Lightweight Directory Services contains


Verify that Internet message delivery works.

Task 1: Install the Edge Transport Server role


On VAN-SVR1, install the Edge Transport Server role by using the command d:\Setup /mode:install
/role:EdgeTransport in Command Prompt.


Restart VAN-SRV1, logon as Administrator, using the password Pa$$w0rd, and then open Exchange
Management Console.

Task 2: Configure Edge Synchronization


Create a new Edge Subscription on the Edge Transport server by using the New-EdgeSubscription FileName c:\VAN-SVR1.xml cmdlet.


Copy the xml file to C:\ on VAN-EX1.


On VAN-EX1, in the Exchange Management Console, add the edge subscription to the Hub Transport
server by using the following configuration:

Active Directory Site: Default-First-Site-Name

Subscription file: c:\van-svr1.xml

Automatically create a Send connector for this Edge Subscription: checked

Lab Instructions: Implementing Messaging Security

Task 3: Verify that EdgeSync is working and that Active Directory Lightweight
Directory Services contains data

On VAN-EX1, use the Start-EdgeSynchronization cmdlet to force an immediate Edge



Use the Test-EdgeSynchronization -FullCompareMode cmdlet to test Edge Synchronization.


Run the Get-User -Identity Wei | ft Name, GUID cmdlet to obtain the globally unique identifier
(GUID) for Wei Yu.


On VAN-SVR1, open LDP, and then connect to VAN-SVR1 using port 50389.


Open the CN=Recipients,OU=MSExchangeGateway container and verify that Wei Yus GUID is

Task 4: Verify that Internet message delivery works


On VAN-EX1, use Exchange Management Console to configure EdgeSync - Default-First-SiteName to Internet Send Connector to use 10.10. 0.10 as a smart host for email delivery.


Log on to Microsoft Outlook Web App as Adatum\Wei, and send a test message to the Internet to
verify it is working. If you do not receive a non-delivery report, the message has been sent outside the

Results: After this exercise, you should have installed an Edge Transport server role, and configured Edge
Synchronization between a Hub Transport and an Edge Transport server.

Exercise 2: Configuring Forefront Protection 2010 for Exchange Server

Virus prevention is critical to your organizations security. As the messaging administrator, you are
required to install virus scanning software to scan every message and automatically remove viruses. To
implement this functionality, you must install antivirus software and configure it accordingly.
The main tasks for this exercise are:

Install Forefront Protection 2010 for Exchange Server.


Configure Forefront Protection 2010 for Exchange Server.


Verify antivirus functionality.

Task 1: Install Forefront Protection 2010 for Exchange Server


On host computer, attach the c:\Program Files\Microsoft Learning\10135\Drives

\ForeFrontInstall.iso file to the 10135B-VAN-SVR1 virtual machine. Close the Autoplay dialog box.


On VAN-SVR1, install Forefront Protection 2010 for Exchange Server. Accept all defaults, except
choose to enable anti-spam later.

Lab Instructions: Implementing Messaging Security

Task 2: Configure Forefront Protection 2010 for Exchange Server


Open the Microsoft Forefront Server Security Administration Console.


Configure the following antimalware settings:

Scan messages with all engines.

Delete messages with viruses.


On the Policy Management pane, expand Global Settings, and then click Advanced Options.


Configure the following global settings:

Increase the value of Maximum nested depth compressed files to 10 and Maximum nested
attachments to 50.

Configure the Intelligent Engine management as manual.

Change the update schedule for Norman Virus Control to update at 00:30 every day.

Results: After this exercise, you should have installed Forefront Protection 2010 for Exchange Server and
configured it.

To prepare for the next lab

Do not shut down the virtual machines and do not revert them to their initial state when you finish
this lab. The virtual machines are required to complete this modules last lab.

Lab Instructions: Implementing Messaging Security

Lab B: Implementing Anti-Spam Solutions

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:

On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.


Ensure that the 10135B-VAN-DC1, 10135B-VAN-EX1, and the 10135B-VAN-SVR1 virtual machines are


10135B-VAN-DC1: Domain controller in the domain

10135B-VAN-EX1: Exchange 2010 server in the domain

10135B-VAN-SVR1: Standalone server

If required, connect to the virtual machines.

Lab Scenario
You are a messaging administrator in A. Datum Corporation, which is a large multinational organization.
After configuring the Edge Transport server and installing an antivirus solution, you must implement an
anti-spam solution.

Exercise 1: Configuring an Anti-Spam Solution on Edge Transport Servers

In your organization, users complain that they receive too many spam messages in their inbox, and they
want these spam messages automatically moved to the Junk email folder. To limit the number of spam
messages received by your organization, you need to increase the SCL junk threshold value for the
organization and ensure that junk email above a certain rating is rejected. You also want to configure a
Block List Provider.

Lab Instructions: Implementing Messaging Security

The main tasks for this exercise are:


Configure Domain Name System (DNS) for Internet message delivery.


Configure global SCL for junk mail delivery.


Configure content filtering to reject junk messages.


Configure an IP Allow List.


Configure a Block List Provider.

Task 1: Configure Domain Name System (DNS) for Internet message delivery

On VAN-DC1, start DNS Manager.


In the zone, create an MX record for

Task 2: Configure global SCL for junk mail delivery


On VAN-SVR1, configure the content filtering settings to not reject any messages based on
SCL values.


On VAN-EX1, in Exchange Management Shell, use the Set-OrganizationConfig -SCLJunkThreshold 6

cmdlet to configure the global SCL levels.


On VAN-EX1, in the Exchange Management Shell, run d:\labfiles\Lab6Prep.ps1. This script will send
11 messages from VAN-SVR1 with the following SCL ratings.
Mail Sender

SCL Level


Log on to Outlook Web App as Wei and verify that three messages were sent to the user mailbox,
and that eight messages were sent to the Junk E-mail folder.


View the message details for one of the messages to verify the SCL value assigned to the message.

Lab Instructions: Implementing Messaging Security

Task 3: Configure content filtering to reject junk messages


On VAN-SVR1, configure content filtering to reject messages that have a SCL rating greater than or
equal to 7.


On VAN-EX1, run the D:\labfiles\Lab6Prep.ps1 script to send the test messages again.


Log on to Outlook Web App on VAN-EX1 as Wei. Verify that three messages are delivered to the
Inbox and no messages are delivered to the - folder in Weis mailbox. Delete the messages in the

Task 4: Configure an IP Allow List


On VAN-SVR1, configure the IP Allow List to accept connections from


Run the script to send the test messages again.


Verify that all messages are delivered to the Inbox in Weis mailbox. The SCL rating should be -1.

Task 5: Configure a Block List Provider

Configure an IP Block List Provider named Spamhaus that uses as the lookup

Results: After this exercise, you should have configured different SCL levels, and verified the behavior of
junk mail in user mailboxes. You should also have configured a Block List Provider.

To prepare for the next module

When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:

On the host computer, start Hyper-V Manager.


Right-click the virtual machine name in the Virtual Machines list, and then click Revert.


In the Revert Virtual Machine dialog box, click Revert.


In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.


To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.


Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.


Wait for VAN-EX1 to start, and then start VAN-EX2. Connect to the virtual machine.


Wait for VAN-EX2 to start, and then start VAN-EX3. Connect to the virtual machine.

Lab Instructions: Implementing High Availability

Module 7
Lab Instructions: Implementing High Availability
Exercise 1: Deploying a DAG

Exercise 2: Deploying Highly Available Hub Transport and Client Access

Exercise 3: Testing the High Availability Configuration

Lab Instructions: Implementing High Availability

Lab: Implementing High Availability

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:

On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.


Ensure that the 10135B-VAN-DC1, 10135B-VAN-EX1, 10135B-VAN-EX2, and the 10135B-VAN-EX3

virtual machines are running:


10135B-VAN-DC1: Domain controller in the domain.

10135B-VAN-EX1: Exchange 2010 server in the domain.

10135B-VAN-EX2: Exchange 2010 server in the domain.

10135B-VAN-EX3: Exchange 2010 server in the domain.

If required, connect to the virtual machines. Log on to the virtual machines as

Adatum\Administrator, using the password Pa$$w0rd.

Lab Scenario
You are the messaging administrator for A. Datum Corporation. You have completed the basic installation
for three Exchange servers. Now you must complete the configuration so that they are highly available.

Lab Instructions: Implementing High Availability

Exercise 1: Deploying a DAG

You must complete the Mailbox server high availability configuration by creating a DAG and making the
Accounting database highly available.
The main tasks for this exercise are:

Create a DAG named DAG1 by using the Exchange Management Shell.


Create a mailbox database copy of the Accounting database.


Verify successful completion of database copying.


Suspend the database copy on VAN-EX2.

Task 1: Create a DAG named DAG1 by using the Exchange Management Shell

On VAN-EX1, open the Exchange Management Shell.


Use the New-DatabaseAvailabilityGroup cmdlet to create a DAG with the following information:

Name: DAG1

WitnessServer: \\VAN-DC1\FSWDAG1

WitnessDirectory: C:\FSWDAG1

IP Address:


Use the Add-DatabaseAvailabilityGroupServer cmdlet to add VAN-EX1 as a member of DAG1.


On VAN-EX2, open the Exchange Management Console.


On the Database Availability Groups tab, add VAN-EX2 as a member of DAG1.

Task 2: Create a mailbox database copy of the Accounting database


On VAN-EX1, open the Exchange Management Console.


On the Database Management tab, add a mailbox database copy of Accounting to VAN-EX2.

Task 3: Verify successful completion of database copying

On VAN-EX1, view the properties of the Accounting database, and ensure its status is Healthy.

Task 4: Suspend the Accounting database copy on VAN-EX2

On VAN-EX1, suspend the Accounting database copy on VAN-EX2.

Results: After this exercise, you should have created a DAG and a mailbox database copy of the
Accounting database. The Accounting database copy on VAN-EX2 should remain in a suspended state.

Lab Instructions: Implementing High Availability

Exercise 2: Deploying Highly Available Hub Transport and Client Access

The network team used a hardware load balancer to load balance VAN-EX1 and VAN-EX2 for Client
Access connections. They have assigned a load balanced IP address of, and have created a DNS
record for the name Now you must complete the Client Access configuration.
The main tasks for this exercise are:

Create and configure a client access array for


Assign the client access array to the databases.

Task 1: Create and configure a client access array for


On VAN-EX1, open Exchange Management Shell.


Use the New-ClientAccessArray Fqdn Name

Site Default-First-Site-Name cmdlet to create a new client access array named for the Default-First-Site-Name Active Directory site.

Task 2: Assign the client access array to the databases


On VAN-EX1, use the Exchange Management Shell to retrieve a list of all of the databases with the
Get-MailboxDatabase | ft Name, Server, RPC* cmdlet.


Use the Get-MailboxDatabase |Set-MailboxDatabase RpcClientAccessServer cmdlet to assign each database on VAN-EX1 and VAN-EX2 the client access array as the RpcClientAccessServer.


At the PS prompt, use the Get-MailboxDatabase | ft Name, Server, RPC* cmdlet to verify the
correct setting.

Results: At the end of this exercise, you should have created a client access array and assigned it to the

Lab Instructions: Implementing High Availability

Exercise 3: Testing the High Availability Configuration

You have completed the high availability configuration. You now must verify that the high availability
configuration is working properly.
The main tasks for this exercise are:

Create a SMTP connector associated with VAN-EX1 and VAN-EX2.


Stop the SMTP service on VAN-DC1.


Send an email to an internal user and an external SMTP address.


Use Queue Viewer to locate the message in the queue.


Start SMTP service on VAN-DC1 to allow queued message delivery.


Verify that the messages were removed from the shadow redundancy queue.


Verify the copy status of the Accounting database copy and resume the database copy.


Perform a switchover on the Accounting database to make the VAN-EX2 copy active.


Simulate a server failure.

Task 1: Create a SMTP connector associated with VAN-EX1 and VAN-EX2


On VAN-EX2, if required, open Exchange Management Console.


Create an SMTP send connector named Internet Mail, and then configure an address space of * for
the connector.


Add as the Smart host for the connector, and VAN-EX1 and VAN-EX2 as the
source servers.

Task 2: Stop the SMTP server on VAN-DC1

On VAN-DC1, stop the Simple Mail Transfer Protocol (SMTP) service.

Task 3: Send an email to an internal user and an external SMTP address


On VAN-EX1, log on to Outlook Web App as Adatum\Jason with the password Pa$$w0rd.


Create and send a new email addressed to and

Task 4: Use Queue Viewer to locate the message in the queue


On VAN-EX2, open Queue Viewer.


Connect to VAN-EX1 and VAN-EX2 to locate which server queues the email sent from Jason.


Make note of the server where the message is queued.


Examine the shadow redundancy queue on VAN-EX3.

Lab Instructions: Implementing High Availability

Task 5: Start SMTP service on VAN-DC1 to allow delivery of the queued message

On VAN-DC1, open Server Manager.


Start the SMTP service.

Task 6: Verify that the messages were removed from the shadow redundancy queue

On VAN-EX2, open Queue Viewer.


Connect to VAN-EX3, where the message was queued in the shadow redundancy queue, and then
verify that it is no longer queued.

Task 7: Verify the copy status of the Accounting database, and resume the database

On VAN-EX2, open the Exchange Management Console.


View the database copy health on the Suspended copy on VAN-EX2.


Resume the database copy on VAN-EX2, and wait until the copy status is Healthy.

Task 8: Perform a switchover on the Accounting database to make the VAN-EX2

copy active

On VAN-EX2, open the Exchange Management Console.


Verify that the active Accounting database is on VAN-EX1.


Select the Accounting database on VAN-EX2, and then activate the copy.

Task 9: Simulate a server failure


On VAN-EX1, open the Exchange Management Console, and view the status of the Accounting


In Hyper-V Manager, revert 10135B-VAN-EX2.


Verify the Accounting database is now active on VAN-EX1.

Results: After this exercise, you should have verified that the mailbox databases could fail over and switch
between DAG servers, and that Hub Transport shadow redundancy is working properly.

Lab Instructions: Implementing High Availability

To prepare for the next module

When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:

On the host computer, start Hyper-V Manager.


Right-click the virtual machine name in the Virtual Machines list, and then click Revert.


In the Revert Virtual Machine dialog box, click Revert.


In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.


To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it starts fully before
starting the other virtual machines.


Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.


Wait for VAN-EX1 to start, and then start VAN-SVR1. Connect to the virtual machine.

Lab Instructions: Implementing Backup and Recovery

Module 8
Lab Instructions: Implementing Backup and Recovery
Exercise 1: Backing Up Exchange Server 2010

Exercise 2: Restoring Exchange Server Data

Exercise 3: Restoring Exchange Servers (optional)

Lab Instructions: Implementing Backup and Recovery

Lab: Implementing Backup and Recovery

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:

On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.


Ensure that the 10135B-VAN-DC1, 10135B-VAN-EX1, and the 10135B-VAN-SVR1 virtual machines are

10135B-VAN-DC1: Domain controller in the domain

10135B-VAN-EX1: Exchange 2010 server in the domain

10135B-VAN-SVR1: Standalone server


If required, connect to the virtual machines. Log on to VAN-DC1 and VAN-EX1 as

Adatum\Administrator, using the password Pa$$w0rd.


Log on to VAN-SVR1 as Administrator, using the password Pa$$w0rd.


In Microsoft Hyper-V Manager, click VANSVR1, and, in the Actions pane, click Settings.


Click DVD Drive, click Image file, and then click Browse.


Browse to C:\Program Files\Microsoft Learning\10135\Drives, click Exchange2010SP2.iso, and

then click Open.


Click OK.


On VAN-SVR1, close the AutoPlay dialog box.

Lab Instructions: Implementing Backup and Recovery

Lab Scenario
You are a messaging administrator for A. Datum Corporation. Your organization has deployed Exchange
Server 2010. You now want to ensure that all Exchange Server-related data is backed up and that you can
restore not only the full server or database, but also a mailbox or mailbox folder.

Exercise 1: Backing Up Exchange Server 2010

You must create a backup of your Exchange Server 2010 mailbox database to ensure that you can restore
it when necessary.
The main tasks for this exercise are:

Populate a mailbox.


Perform a backup of the mailbox database by using Windows Server Backup.


Delete a message and a mailbox.

Task 1: Populate a mailbox


On VAN-EX1, log on to Parnas mailbox by using Outlook Web App. Use the logon name
Adatum\Parna and the password Pa$$w0rd.


Send a message to George with the subject Message before Backup.


Restart the Microsoft Exchange Information Store service.

Task 2: Perform a backup of the mailbox database by using Windows Server Backup

Use Server Manager to install Windows Server Backup.


Perform a custom backup of the C:\ drive by using a VSS full backup. Store the backup files on

Task 3: Delete messages in mailboxes


Log on to Georges mailbox by using the logon name Adatum\George and the password Pa$$w0rd,
and then delete the message from Parna.


Log on to Parnas mailbox by using the logon name Adatum\Parna and the password Pa$$w0rd,
and then delete all messages from the Sent Items folder.

Results: After this exercise, you should have created a backup of an Exchange Server database, and
deleted messages.

Lab Instructions: Implementing Backup and Recovery

Exercise 2: Restoring Exchange Server Data

Some of your users complain that they are missing messages from their mailboxes. You now need to use
the backup you created to recover their messages.
The main tasks for this exercise are:

Restore the database by using Windows Backup.


Create a recovery database by using the backup files.


Recover a mailbox from the recovery database.

Task 1: Restore the database by using Windows Backup

On VAN-EX1, using Windows Server Backup, recover the Exchange Server databases to an alternate
location: C:\DBBackup.

Task 2: Create a recovery database by using the backup files


On VAN-EX1, create a recovery database by using the restored database in C:\DBBackup. Use the
following command to create the recover database:
New-MailboxDatabase -Name RecoverDB -Server VAN-EX1 -EDBFilePath
c:\DBBackup\C_\Program Files\Microsoft\Exchange Server\V14
\Mailbox\Accounting\Accounting.edb -Logfolderpath c:\DBBackup
\C_\Program Files\Microsoft\Exchange Server\V14\Mailbox


In Exchange Management Shell, switch to the c:\dbbackup\c_\Program Files\Microsoft

\Exchange Server\v14\Mailbox\Accounting directory, enter the following command in the PS
prompt, and then press Enter:
eseutil /R E02 /i /d


Mount the recovery database by using the Mount-Database RecoverDB command.


List all mailboxes that are in the recovery database by using the Get-MailboxStatistics -Database
RecoverDB command.

Task 3: Recover a mailbox from the recovery database


On VAN-EX1, recover a mailbox by using the Restoremailbox -Identity Parna -RecoveryDatabase

RecoverDB cmdlet.


Verify that you restored the message in the Sent Items folder by logging onto Parnas mailbox.


Use the Removemailboxdatabase -Identity RecoverDB command to remove the RecoverDB


Results: After this exercise, you should have created a recovery database, and restored a complete
mailbox from the recovery database to their original locations.

Lab Instructions: Implementing Backup and Recovery

Exercise 3: Restoring Exchange Servers (optional)

After a hard-disk malfunction, one of your Exchange servers no longer is operational. You have a full
backup of the computer and the mailbox databases, so you need to restore everything to a newly
installed computer.
The main tasks for this exercise are:

Shutdown VAN-EX1 and reset the computer account.


Prepare VAN-SVR1 as VAN-EX1.


Install Exchange Server 2010 with the RecoverServer mode.


Recover the mailbox databases from backup.


Test the recovery.

Task 1: Shutdown VAN-EX1, and reset the computer account


In Hyper-V Manager, revert VAN-EX1 to the previous snapshot.


Using Active Directory Users and Computers, reset the VAN-EX1 computer account.

Task 2: Prepare VAN-SVR1 as VAN-EX1


Rename VAN-SRV1 to VAN-EX1.


Join the computer to ADATUM domain.

Task 3: Install Exchange Server 2010 with the RecoverServer mode


On the new VAN-EX1 server, run d:\setup /m:RecoverServer.


In Exchange Management Console, change Database Properties to This database can be

overwritten by a restore for all databases on the VAN-EX1.

Task 4: Recover the mailbox databases from backup

Use Windows Server Backup to recover the Exchange Server databases.

Task 5: Test the recovery


On the restored VAN-EX1, in the Exchange Management Console, mount the mailbox databases and
public folder database.


On VAN-DC1, open Internet Explorer and connect to Log on

as Adatum\Parna with the password Pa$$w0rd, and then verify that the mailbox is accessible and
that all messages have been restored.

Results: After this exercise, you should have recovered a complete Exchange server by using a different
Windows Server, renaming it, installing Exchange Server in /m:RecoverServer mode, and recovering the
Exchange Server database from a backup. You have also tested the recovery.

Lab Instructions: Implementing Backup and Recovery

To prepare for the next module

When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:

On the host computer, start Hyper-V Manager.


Right-click the virtual machine name in the Virtual Machines list, and then click Revert.


In the Revert Virtual Machine dialog box, click Revert.


In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.


To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.


Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.


Wait for VAN-EX1 to start, and then start VAN-EX2. Connect to the virtual machine.


Wait for VAN-EX2 to start, and then start VAN-CL1. Connect to the virtual machine.

Lab Instructions: Configuring Messaging Policy and Compliance

Module 9
Lab Instructions: Configuring Messaging Policy and
Lab A: Configuring Transport Rules, Journal Rules, and Multi-Mailbox
Exercise 1: Configuring Transport Rules

Exercise 2: Configuring Journal Rules and Multi-Mailbox Search

Lab B: Configuring Personal Archives and Retention Policies

Exercise 1: Configuring Personal Archives

Exercise 2: Configuring Retention Policies

Lab Instructions: Configuring Messaging Policy and Compliance

Lab A: Configuring Transport Rules, Journal Rules, and

Multi-Mailbox Search

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:

On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.


Ensure that the 10135B-VAN-DC1, 10135B-VAN-EX1, 10135B-VAN-EX2, and the 10135B-VAN-CL1

virtual machines are running:

10135B-VAN-DC1: Domain controller in the domain.

10135B-VAN-EX1: Exchange 2010 server in the domain.

10135B-VAN-EX2: Exchange 2010 server in the domain.

10135B-VAN-CL1: Client computer in the domain.


If required, connect to the virtual machines. Log on to VAN-DC1, VAN-EX1, and VAN-EX2 as
Adatum\Administrator using the password Pa$$w0rd.


Log on to VAN-CL1 as Adatum\Luca using the password Pa$$w0rd.

Lab Scenario
You are a messaging administrator in A. Datum Corporation. Your organization has deployed Exchange
Server 2010.

Lab Instructions: Configuring Messaging Policy and Compliance

The legal and audit departments at A. Datum provided you with several requirements for implementing
messaging policy and compliance. These requirements include applying rights protection to some
messages sent inside and outside the organization, restricting message flow based on information in
message subjects, and restricting which messages are sent to critical distribution lists. You also must
ensure that you establish a separate and secure mailbox in which to retain all messages that the legal
department sends and receives. Additionally, an auditor must be able to retrieve all messages sent and
received by users with legal hold enabled.

Exercise 1: Configuring Transport Rules

A. Datum Corporation is completing its Exchange Server 2010 deployment and is preparing to implement
messaging policies to manage email messages in transit and in user mailboxes. The project sponsors have
developed the following requirements for transport rules:

All messages sent to users on the Internet must have a disclaimer that the legal department approves.

External messages with the term customer in the message subject or body must be copied to the
CustomerService distribution group unless a member of the CustomerService group sent the

All messages with the words confidential or private in the subject must have the Do Not Forward
AD RMS template applied.

A member of the Marketing group must approve all messages sent to the All Company distribution
list before the message is delivered.

The main tasks for this exercise are:


Create a transport rule that adds a disclaimer to all messages sent to the Internet.


Create a transport rule that for the CustomerService distribution group Enable AD RMS integration
for the organization.


Configure a transport rule that applies the Do Not Forward AD RMS template to all messages with the
words confidential or private in the subject.


Configure a moderated group.


Test the transport rule configuration.

To start the lab, complete the following steps


On VAN-EX1, click Start, point to All Programs, point to Microsoft Exchange Server 2010, and
then click Exchange Management Console.


Expand Microsoft Exchange On-Premises, expand Organization Configuration, and then click
Hub Transport.


In the Actions pane, click New Send Connector.


On the Introduction page, type Internet Connector as the connector name. In the Select the
intended use for this Send connector drop-down list, click Internet, and then click Next.


On the Address space page, click Add.


In the Address field, type *, click OK, and then click Next.

Lab Instructions: Configuring Messaging Policy and Compliance


On the Network settings page, click Route mail through the following smart hosts, and then
click Add.


In the IP address field, type, click OK, and then click Next.


On the Configure smart host authentication settings page, click Next.

10. On the Source Server page, click Next, click New, and then click Finish.

Task 1: Create a transport rule that adds a disclaimer to all messages sent to the

On VAN-EX1, create a new transport rule with the following settings:

Name: Internet E-Mail Disclaimer

Conditions: Sent to users outside the corporation

Actions: Add a disclaimer

Disclaimer text: This e-mail is intended solely for the use of the individual to whom it is

Task 3: Create a transport rule for the CustomerService distribution group

Use the following settings to create a new transport rule that sends a copy of all messages sent to the
Internet with the term customer in the message body or subject to the CustomerService distribution

Name: Customer Service Tracking

Condition: Sent to users outside the organization, and where the subject or message body
contain the word customer

Actions: Send a copy of the message to the CustomerService group

Exceptions: If the message is sent by a member of the CustomerService group

Task 4: Enable AD RMS integration for the organization


On VAN-DC1, grant the Exchange Servers group and the IIS_IUSRS read and execute permission to
the C:\inetpub\wwwroot\_wmcs\certification\ servercertification.asmx file.


Restart IIS on VAN-DC1.


On VAN-EX1, use the set-irmconfiguration InternalLicensingEnabled:$true cmdlet to enable

AD RMS encryption.

Task 5: Configure a transport rule that applies the Do Not Forward AD RMS template
to all messages with the words confidential or private in the subject

Create a new transport rule with the following settings:

Name: Confidential E-Mail Rule

Condition: Where the subject contains the words Confidential or Private

Actions: protect the message with the Do not Forward template

Lab Instructions: Configuring Messaging Policy and Compliance

Task 6: Configure a moderated group


On VAN-EX1, configure the All Company distribution group to require moderation.


Configure Andreas Herbinger as the groups moderator.

Task 7: Test the transport rule configuration


On VAN-CL1, verify that you are logged on as Adatum\Luca, and then open Office Outlook 2007.


Send two messages to The first message should contain no settings, and the
second message should have the term customer in the subject.


On VAN-DC1, open Windows Explorer. Browse to the C:\inetpub\mailroot\queue folder. Open the
first EML file with Notepad. Scroll to the middle of the message, and verify that the disclaimer has
been added to the message.


On VAN-CL1, connect to the Outlook Web App site on VAN-EX1. Log on as Anna. Verify that the
member of the CustomerService group was copied on the message sent by Luca.


In Outlook, create a new message, and send it to the All Company distribution group.


Connect to the Outlook Web App site on VAN-EX1. Log on as Andreas. Approve the message.


In Outlook, verify that the message to the All Company distribution list has arrived.


In Outlook Web App, logged on as Andreas, create a new message with a subject of Private. Send
the message to Luca.


In Outlook, verify that Luca received the message and that it has the Do Not Forward template
applied. Verify that the Forward option is not available on the message.

Results: After this exercise, you should have configured a transport rule that ensures that all messages
sent to users on the Internet includes a disclaimer of which the legal department approves. Additionally,
you should have configured a transport rule that ensures that messages with a Company Confidential
classification are not sent to the Internet, and you should have configured a transport rule that applies the
Do Not Forward AD RMS template to all messages with the words confidential or private in the
subject. Lastly, you should have configured a moderated group by using the All Company distribution

Exercise 2: Configuring Journal Rules and Multi-Mailbox Search

In addition to requirements restricting message flow, the project sponsors at A. Datum Corporation also
have the following requirements for saving messages and enabling auditors to search all mailboxes:

A copy of all messages sent to and from the Executives group will be saved. The journal mailbox
should be accessible only with a special auditor account.

Implement an auditor account that has permission to search all user mailboxes and access the
journaled Executive messages.

Verify that legal hold can be applied to user mailboxes and that messages deleted from mailboxes on
legal hold can be recovered through a discovery search.

Lab Instructions: Configuring Messaging Policy and Compliance

The main tasks for this exercise are:


Create a mailbox for the Executives department journaling messages.


Create a journal rule that saves a copy of all messages sent to and from Executives department


Create and configure the MailboxAuditor account.


Configure legal hold on a mailbox.


Test the journal rule, Multi-Mailbox Search, and legal hold configuration.

Task 1: Create a mailbox for the Executives department journaling messages

Create a new recipient with the following attributes:

First name: Executives Journal Mailbox

User Logon name (User Principal Name): ExecutivesJournal

Password: Pa$$w0rd

Create the mailbox in Mailbox Database 1

Task 2: Create a journal rule that saves a copy of all messages sent to and from
Executives department members

Create a new journal rule with the following attributes:

Rule name: Executives Department Message Journaling

Journal mailbox: Executives Journal Mailbox

Scope: Global

Recipient: Executives distribution group

Task 3: Create and configure the MailboxAuditor account


Create a new recipient with the following attributes:

First name: Mailbox Auditor

User Logon name (User Principal Name): MailboxAuditor

Password: Pa$$w0rd

Create the mailbox in Mailbox Database 1


Grant the Mailbox Auditor account full access to the Executives Journal Mailbox and Discovery
Management Mailbox mailboxes.


Add the Mailbox Auditor account to the Discovery Management Active Directory group.

Task 4: Configure legal hold on a mailbox

On VAN-EX1, in the Exchange Management Console, enable legal hold for George Schallers mailbox.

Lab Instructions: Configuring Messaging Policy and Compliance

Task 5: Test the journal rule and Multi-Mailbox Search configuration


On VAN-CL1, if required, open Outlook.


Create a new message, and then send it to Marcel Truempy. Marcel is a member of the Executives


Connect to Outlook Web App as Marcel, and confirm that the message was delivered. Reply to the


Connect to Outlook Web App as MailboxAuditor. Right-click Mailbox Auditor, and then click Open
Other Users Inbox. Open the Executives Journal Mailbox and verify that the two journaled
messages are in the Inbox.


In Outlook, send a message with the following properties:

To: George;

Subject: Customer Order

Message body: Here is the order for Carol at Contoso. Her customer number is 1111-1111.


Connect to Outlook Web App as George Schaller and purge the message from Luca.


Connect to the Exchange Control Panel as the MailboxAuditor.


Create a new search named Customer Number Discovery. Configure the search to look for the
phrase customer number in George Schaller and Luca Dellamores mailboxes.


Wait until the search finishes, and then in the bottom right pane, click the Open link. In Outlook Web
App, verify that the discovery folder named Customer Number Discovery contains two subfolders
and contains the discovered messages, including the messages deleted by George.

Results: After this exercise, you should have created a mailbox for the Executives department journaling
messages, and then created a journal rule that saves a copy of all messages sent to and from Executives
department members. You also should have created and configured the MailboxAuditor account.

To prepare for the next lab

Do not shut down the virtual machines and revert them to their initial state when you finish this lab.
The virtual machines are required to complete this modules last lab.

Lab Instructions: Configuring Messaging Policy and Compliance

Lab B: Configuring Personal Archives and Retention


Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:

On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.


Ensure that the 10135B-VAN-DC1, 10135B-VAN-EX1, and the 10135B-VAN-CL1 virtual machines are


10135B-VAN-DC1: Domain controller in the domain.

10135B-VAN-EX1: Exchange 2010 server in the domain.

10135B-VAN-EX2: Exchange 2010 server in the domain.

10135B-VAN-CL1: Client computer in the domain.

If required, connect to the virtual machines.

Lab Scenario
You are the messaging administrator for A. Datum Corporation. Your organization has deployed Exchange
Server 2010.
The legal and audit departments at A. Datum provided you with several requirements for implementing
messaging policy and compliance. First, you must enable Personal Archives for all of the users in the
Marketing department. Additional requirements include configuring rules that will ensure that some
messages are retained for an extended period, while other messages are deleted when they expire.

Lab Instructions: Configuring Messaging Policy and Compliance

Exercise 1: Configuring Personal Archives

A. Datum Corporation is also concerned about the number of emails that some users are storing in PST
files. In particular, some members of the Executives and Marketing group have several gigabytes (GB) of
data stored in PST files. To provide these users with larger mailboxes, the project team has agreed to
provide the members of the Executives and Marketing group with archive mailboxes. You need to
configure the mailboxes for these users.
The main tasks for this exercise are:

Create an archive mailbox for all members of the Marketing and Executives groups.


Verify that the archive mailbox was created for members of the Marketing group.

Task 1: Create an archive mailbox for all members of the Marketing group

On VAN-EX1, in the Exchange Management Console, under Recipient Management, click Mailbox.
Sort the mailbox list by organizational unit, select all of the users in the Executives and Marketing
OUs, and then create an archive mailbox for them.

Task 2: Verify that the archive mailbox was created for members of the Marketing

Log on to Outlook Web App as Manoj, and then verify that the archive mailbox was created.

Results: After this exercise, you should have configured archive mailboxes for all members of the
Marketing group.

Exercise 2: Configuring Retention Policies

A. Datum also wants to ensure proper management of messages in the user mailboxes, and automate
message management in user mailboxes. The project sponsors have provided the following requirements:

Items in a users Deleted Items mailbox folder must be permanently deleted after 30 days.

Items in a users mailbox that have no other retention tag applied must be moved to archive after 365

Users in Executives groups must be able to apply a Business Critical tag to specific items in their
mailboxes. These items should be moved to archive after 3 years.

To test this implementation, the executives have approved a pilot project to use retention policies for the
Marketing and Executives groups.
The main tasks for this exercise are:

Create and configure retention tags.


Create and configure retention policies for the Marketing group.


Create and configure retention policies for the Executives group.


Lab Instructions: Configuring Messaging Policy and Compliance

Task 1: Create and configure retention tags


Use the Exchange Management Console to create a retention tag named Adatum Deleted Items,
that removes items from Deleted Items folder after 30 days.


Use the Exchange Management Console to create a retention tag named Adatum
DefaultMoveToArchive that moves items to Archive after 365 days, if they are not tagged with
another retention tag.


Create a retention tag for Personal folders that can be applied to personal items, and that retains
messages for 3 years before moving to archive. Name the tag Adatum BusinessCritical.

Task 2: Create and configure retention policies for the Marketing group

Create a new retention policy by using the Exchange Management Console. Name the retention
policy Marketing Group Retention.


Add the Adatum Deleted Items and Adatum DefaultMoveToArchive retention tags to the
Marketing Group Retention policy.


Apply the Marketing Group Retention policy to mailboxes in the Marketing OU.

Task 3: Create and configure retention policies for the Executives group

Create a new retention policy by using the Exchange Management Console. Name the retention
policy Executive Group Retention.


Use the Exchange Management Console to add the Adatum Deleted Items, Adatum
BusinessCritical, and Adatum DefaultMoveToArchive retention tags to the retention policy.


Apply the Executive Group Retention policy to mailboxes in the Executives OU.

Results: After this exercise, you should have configured Retention Tags and retention policies for the
Marketing and Executives groups.

To prepare for the next module

When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:

On the host computer, start Hyper-V Manager.


Right-click the virtual machine name in the Virtual Machines list, and then click Revert.


In the Revert Virtual Machine dialog box, click Revert.


In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.


To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the 10135B-VAN-DC1 virtual machine first, and ensure that it is fully
started before starting the other virtual machines.


Wait for 10135B-VAN-DC1 to start, and then start 10135B-VAN-EX1. Connect to the virtual machine.


Wait for 10135B-VAN-EX1 to start, and then start 10135B-VAN-EX2. Connect to the virtual machine.

Lab Instructions: Securing Microsoft Exchange Server 2010

Module 10
Lab Instructions: Securing Microsoft Exchange Server 2010
Exercise 1: Configuring Exchange Server Permissions

Exercise 2: Configuring Audit logging

Exercise 3: Configuring a Reverse Proxy for Exchange Server Access

Lab Instructions: Securing Microsoft Exchange Server 2010

Lab: Securing Exchange Server 2010

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:

On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.


Ensure that the 10135B-VAN-DC1, 10135B-VAN-EX1, and the 10135B-VAN-EX2 virtual machines are



10135B-VAN-DC1: Domain controller in the domain

10135B-VAN-EX1: Exchange 2010 server in the domain

10135B-VAN-EX2: Exchange 2010 server in the domain

The 10135B-VAN-TMG and the 10135B-VAN-CL1 virtual machines will be started later in this lab:

10135B-VAN-TMG: Forefront Threat Management Gateway server in the domain

10135B-VAN-EX1: Windows 7 client computer in the domain

If required, connect to the virtual machines. Log on to VAN-DC1 and VAN-EX1 as

Adatum\Administrator, using the password Pa$$w0rd. Do not log on to VAN-EX2 at this point.

Lab Scenario
A. Datum Corporation has deployed Exchange Server 2010. The company security officer has provided
you with a set of requirements to ensure that the Exchange Server deployment is as secure as possible.
The specific concerns included in the requirements include:

Exchange Server administrators should have minimal permissions. This means that, whenever possible,
you should delegate Exchange Server management permissions.

Any configuration changes made to the Exchange server environment should be audited. The audit
logs must be available for inspection by company auditors.

Lab Instructions: Securing Microsoft Exchange Server 2010

The organization must have the option of auditing all non-owner access to user mailboxes. The audit
logs must be available for inspection by company auditors.

Ensure that client connections to the Client Access servers are as secure as possible by deploying a
TMG server.

Exercise 1: Configuring Exchange Server Permissions

A. Datum Corporation has completed the Exchange Server 2010 deployment, and now is working on
integrating Exchange Server and recipient management with their current management practices. To
meet the management requirements, you need to ensure that:

Members of the ITAdmins group can administer individual Exchange servers, but they should not be
able to modify any of the Exchange Server organization settings.

Members of the HRAdmins group must be able to manage mail recipients throughout the entire
organization. They should not be able to manage distribution groups and should not be able to
create new mailboxes.

Members of the SupportDesk group should be able to manage mailboxes and distribution groups for
users in the organization. They should also be able to create new mailboxes.

The main tasks for this exercise are:


Configure permissions for the ITAdmins group.


Configure permissions for the Support Desk and HRAdmins groups.


Verify the permissions.

X Task 1: Configure permissions for the ITAdmins group

On VAN-EX1, in Active Directory Users and Computers, add the ITAdmins group to the Server
Management group.

X Task 2: Configure permissions for HRAdmins and Support Desk groups


On VAN-EX1, open the Exchange Management Shell. Use the following command to create the
HRAdmins role group:


New-RoleGroup Name HRAdmins roles Mail Recipients

Use the following command to create the SupportDesk role group:

New-RoleGroup Name SupportDesk roles Mail Recipients, Mail Recipient Creation,

Distribution Groups


On VAN-EX1, open the Exchange Management Console. Access the Role Based Access Control
(RBAC) User Editor from the Exchange Management Console Toolbox node. Log on as
Adatum\administrator using the password Pa$$w0rd.


Add Anna Lidman to the SupportDesk group.


Add Paul West to the HRAdmins group.

Lab Instructions: Securing Microsoft Exchange Server 2010

X Task 3: Verify the permissions


On VAN-EX2, log on as Shane. Shane is a member of the ITAdmins group. Open Exchange
Management Console and verify that the account has the following permissions:

Can modify the Issue warning at (KB) setting for the Accounting mailbox database.

Cannot modify Hub Transport settings at the organization level. For example, try to modify the
accepted domain settings.

Cannot modify recipient settings. For example, try modifying any properties on one of the


Log off VAN-EX2.


On VAN-EX1, open Internet Explorer and connect to Log on as

Adatum\Anna, and verify that the account has the following permissions:

Can modify mailbox settings for users by using the Exchange Control Panel. For example, try
modifying the department attribute for Andreas Herbinger.

Can modify distribution lists using the Exchange Control Panel. For example, add a group
description for the Accounting group.

Note You cannot create or delete user accounts and mailboxes in Exchange Control Panel.
If you want to test whether Anna can create user accounts and mailboxes, add Anna to the
local Administrators account on VAN-EX2, and log on to VAN-EX2 as Anna. Then open
Exchange Management Console and verify that you can create a mailbox. In a production
environment, you could install the Exchange Management tools on a Windows 7 client

Close Internet Explorer, and open it again and connect to Log on
as Adatum\Paul, and verify that the account has the following permissions:

Can modify mailbox settings for users by using the Exchange Control Panel.

Cannot modify distribution lists using the Exchange Control Panel.

Exercise 2: Configuring Audit logging

You now need to configure audit logging on the shared mailbox.
The main tasks for this exercise are:

Create and configure an mailbox.


Enable audit logging on the mailbox.


Perform SendAs activity on the mailbox.


Verify that the activity is logged.


Verify the administrator audit logging configuration.


Make a change to Michiyo Satos mailbox.


Verify that the change was logged.

Lab Instructions: Securing Microsoft Exchange Server 2010

X Task 1: Create and configure an mailbox


On VAN-EX1, log on as Adatum\Administrator using the password Pa$$w0rd.


In the Exchange Management Console, in Recipient Management, create a new mailbox-enabled

user in the CustomerService OU with the name and logon name of Info, using the password


Grant all users in the CustomerService OU Full Access and SendAs permission to the Info mailbox.

X Task 2: Enable audit logging on the mailbox

Open the Exchange Management Shell, and then run the following cmdlet to enable mailbox audit
logging for the support mailbox:
Set-Mailbox -Identity "Info" -AuditDelegate SendAs,SendOnBehalf
-AuditEnabled $true

X Task 3: Perform SendAs activity on the mailbox


On VAN-EX1, open Outlook Web App by typing in Internet



Log on as Adatum\Anna using the password Pa$$w0rd.


Create a new message, and then send it from the account to Administrator.

X Task 4: Verify that the activity is logged


On VAN-EX1, open Internet Explorer, type, and then log on to

the Exchange Control Panel as Adatum\Administrator using the password Pa$$w0rd.


Open Roles&Auditing, click Auditing, and then run a non-owner mailbox access report for the mailbox. Include a date range from yesterdays date to tomorrows date, and then
select the All non-owners option when running the report.


Verify that the SendAs activity from Task 3 is logged.

X Task 5: Verify the administrator audit logging configuration


On VAN-EX1, open the Exchange Management Shell.


Verify that administrator audit logging is enabled by typing Get- AdminAuditLogConfig.

X Task 6: Make a change to Michiyo Satos mailbox


On VAN-EX1, open the Exchange Management Console, expand Recipient Management, and then
click Mailbox.


Open the Properties dialog box for Michiyo Sato, and change retention period for deleted items
to 20 days. Save changes.

Lab Instructions: Securing Microsoft Exchange Server 2010

X Task 7: Verify that the change was logged


On VAN-EX1, in the Exchange Management Shell, run the following cmdlet:

Search-AdminAuditLog -Cmdlets Set-Mailbox -StartDate 01/01/2012
-EndDate (Tomorrows date)


Verify that you see a result for the event logged from Task 6.

Results: After this exercise, you should have configured audit logging.

X To prepare for the next exercise


On the host computer, in Hyper-V Manager, right-click 10135B-VAN-EX2, click Revert, and then
click Revert.


Start the VAN-TMG and VAN-CL1 virtual machines.


Log on to VAN-TMG as Adatum\Administrator using the password Pa$$w0rd. Do not log on to

VAN-CL1 at this point.

Results: After this exercise, you should have configured and verified permissions in the Exchange Server

Exercise 3: Configuring a Reverse Proxy for Exchange Server Access

A. Datum Corporation has decided to enable users to access their mailboxes remotely by using Outlook
Web App. To provide maximum security for the external clients, A. Datum wants to deploy a Forefront
TMG server as a reverse proxy. You must encrypt all connections to the TMG server, and all connections
from the TMG server to the Client Access server.
The main tasks for this exercise are:

Request a server certificate with multiple storage area networks (SANs) on the Client Access server.


Export the certificate from the Client Access server.


Import the certificate on the TMG server.


Configure an Outlook Web Access publishing rule.


Configure the Client Access server.


Test the Outlook Web App publishing rule.

Lab Instructions: Securing Microsoft Exchange Server 2010

X Task 1: Request a server certificate with multiple SANs on the Client Access server

On VAN-EX1, run the New Exchange Certificate Wizard using the following configuration options:

Friendly name: Adatum Mail Certificate

Outlook Web App: Outlook Web App is on the intranet and uses a host name of

Outlook Web App: Outlook Web App is on the Internet and uses a host name of

Exchange ActiveSync: Enabled and uses a host name of

Autodiscover: Used on the Internet

Long URL: Used for AutoDiscover with a host name of

Organization: A Datum

Organizational Unit: Messaging

Country/region: Canada

City/locality: Vancouver

State/province: BC


Save the file using the name CertRequest.req.


Copy the text of the certificate request file to the clipboard.


Connect to, and create an advanced certificate request using a

certificate request file. Paste the contents of the certificate request file into the Saved Request field.
Request a Web server certificate.


Download the certificate and save it to the C: drive.


In the Exchange Management Console, use the Complete Pending Request Wizard to import the
Adatum Mail certificate.


In the Exchange Management Console, use the Assign Services to Certificate Wizard to assign the
Adatum Mail certificate to Internet Information Services (IIS).

X Task 2: Export the certificate from the Client Access server

On VAN-EX1, in Exchange Management Console, export the certificate to C:\CertExport.pfx.

X Task 3: Import the certificate on the TMG server

On VAN-TMG, use the Certificates MMC to import \\VAN-EX1\c$\CertExport.pfx into the

Computer Personal store.

Lab Instructions: Securing Microsoft Exchange Server 2010

X Task 4: Configure an Outlook Web Access publishing rule


On VAN-TMG, open the Forefront TMG Management console.


In the Firewall Policy node, use the New Exchange Publishing Rule Wizard to create an Exchange
Server publishing rule. Configure the rule with the following settings.



Name: OWA Rule

Exchange version: Exchange Server 2010

Service: Outlook Web Access

Server Connection Security: Use SSL to connect the published Web server or server farm

Internal site name:

Public Name Details page:

Create a new Web Listener with the following settings:

Name: HTTPS Listener

Client Connection Security: Require SSL secured connections with clients

Web Listener IP Addresses: External

Listener SSL Certificates:

Authentication Settings: HTML Form Authentication

Single Sign On Settings: Enabled

SSO domain name:

Configure Authentication Delegation to use Basic authentication.

X Task 5: Configure the Client Access server


On VAN-EX1, in the Exchange Management Console, configure the owa (Default Web Site) and
ecp (Default Web Site) to use the following configuration

External URL: or

Basic authentication

Note During this task, click OK to dismiss any messages that indicate that VAN-EX2 is not

Use the IISReset command to restart the IIS service.

X Task 6: Test the Outlook Web App publishing rule


On the host computer, in Hyper-V Manager, modify the 10135B-VAN-CL1 settings to connect the
network adapter to Private Network 2.


On VAN-CL1, log on as Adatum\Administrator and modify the network adapter settings to use an
IP address of, and a default gateway of

Lab Instructions: Securing Microsoft Exchange Server 2010


Open the c:\windows\system32\drivers\etc\hosts file and add the following line to the file:


Open Internet Explorer, and connect to


Log on as adatum\administrator using the password Pa$$w0rd. Verify that you access the user


In the Outlook Web App window, click Options. Verify that you can connect to the Exchange Control

Results: After this exercise, you should have configured a Forefront Threat Management Gateway server
to enable access to Outlook Web App on the Client Access server. You will also have verified that the
access is configured correctly.

X To prepare for the next module

When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:

On the host computer, start Hyper-V Manager.


Right-click the virtual machine name in the Virtual Machines list, and then click Revert.


In the Revert Virtual Machine dialog box, click Revert.


In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.


To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.


Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.

Lab Instructions: Maintaining Microsoft Exchange Server 2010

Module 11
Lab Instructions: Maintaining Microsoft Exchange Server
Exercise 1: Monitoring Exchange Server 2010

Exercise 2: Troubleshooting Database Availability

Exercise 3: Troubleshooting Client Access Servers

Lab Instructions: Maintaining Microsoft Exchange Server 2010

Lab: Maintaining Exchange Server 2010

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:

On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.


Ensure that the 10135B-VAN-DC1 and the 10135B-VAN-EX1 virtual machines are running:


10135B-VAN-DC1: Domain controller in the domain.

10135B-VAN-EX1: Exchange 2010 server in the domain.

If required, connect to the virtual machines. Log on to the virtual machines as

Adatum\Administrator, using the password Pa$$w0rd.

Lab Scenario
You are the messaging administrator at A. Datum Corporation. You need to configure basic monitoring by
using the Performance and Reliability Monitor. You also must troubleshoot issues with a mailbox database
and a Client Access server.

Lab Instructions: Maintaining Microsoft Exchange Server 2010

Exercise 1: Monitoring Exchange Server 2010

You are the messaging administrator at A. Datum Corporation. You need to configure basic monitoring
using the Performance and Reliability Monitor. Before implementing Microsoft Systems Center Operations
Manager to monitor your Exchange Server 2010 computers, you must create a data collector set to
monitor key performance components that are running on your Mailbox server.
The main tasks for this exercise are:

Create a new data collector set named Exchange Monitoring.


Create a new performance-counter data collector set for monitoring basic Exchange Server


Create a new performance-counter data collector set for monitoring Mailbox server role performance.


Verify that the data collector set works properly.

Task 1: Create a new data collector set named Exchange Monitoring

On VAN-EX1, open the Performance Console, and create a data collector set named Exchange

Task 2: Create a new performance counter data collector set for monitoring basic
Exchange Server performance

Create a performance data collector set named Base Exchange Monitoring.


Add the following performance counters to monitor basic Exchange Server performance on VAN-EX1:



% Processor Time
% User Time
% Privileged Time


Available Megabytes (MB)

Page Reads/sec
Pages Input/sec
Pages Output/sec
Pool Paged Bytes
Transition Pages Repurposed/sec

MSExchange ADAccss
Domain Controllers

LDAP Read Time

LDAP Search Time
LDAP Searches timed out per minute
Long running LDAP operations/Min


Processor Queue Length

Lab Instructions: Maintaining Microsoft Exchange Server 2010

Task 3: Create a new performance counter data collector set for monitoring Mailbox
server role performance

Create a performance data collector set named Mailbox Role Monitoring.


Add the following performance counters to monitor basic Exchange Server performance on VAN-EX1:



Avg.Disk sec/Read
Avg.Disk sec/Transfer
Avg.Disk sec/Write


RPC Averaged Latency

RPC Num Slow Packets
RPC Operations/sec
RPC Requests

MSExchangeIS Mailbox

Messages Queued for Submission

MSExchangeIS Public

Messages Queued for Submission

Task 4: Verify that the data collector set works properly


Start the Exchange Monitoring data collector set and let it run for five minutes.


Stop the Exchange Monitoring data collector set, and then review the latest report.

Results: After this exercise, you should have created a data collector set for monitoring VAN-EX1 that
uses the performance counters that this module recommends.

Exercise 2: Troubleshooting Database Availability

You are the messaging administrator for A. Datum Corporation. After recovering from a hardware failure,
your monitoring software reports that one of the mailbox databases is not mounted. You must
troubleshoot and repair the database problem.
The main tasks for this exercise are:

Identify the scope of the problem.


Review the event logs.


Run the Best Practices Analyzer.


List the probable causes of the problem, and rank the possible solutions if multiple options exist.


Review the database configuration.


Reconfigure and mount the database.

Lab Instructions: Maintaining Microsoft Exchange Server 2010

Before you begin this exercise, complete the following steps:

On VAN-EX1, open a Exchange Management Shell. At the prompt, type

d:\ Labfiles\Lab11Prep2.ps1, and then press Enter.


When prompted, type N, and then press Enter.


Close the Exchange Management Shell.

Task 1: Identify the scope of the problem


On VAN-EX1, open Exchange Management Console.


Identify which, if any, mailbox databases are not mounted.


List the database(s) that are dismounted.

Task 2: Review the event logs


On VAN-EX1, attempt to mount MailboxDB100. Review the warning message, and then click No.


Open the Event Viewer. In the Application Log and System Log, review the events generated, and
make note of any errors.

Task 3: Run the Best Practices Analyzer


On VAN-EX1, run Exchange Best Practices Analyzer. Perform a Health Check scan of just VAN-EX1.


Review the ExBPA report, and note issues identified by the scan that may have an impact on the

Task 4: List the probable causes of the problem, and rank the possible solutions if
multiple options exist

List the problems and possible solutions:


Possible solution

Lab Instructions: Maintaining Microsoft Exchange Server 2010

Task 5: Review the database configuration


On VAN-EX1, open Exchange Management Console and review the database configuration.


Open Windows Explorer, and locate the database files.

Task 6: Reconfigure and mount the database


On VAN-EX1, open Exchange Management Shell and reconfigure the database using the
Move-DatabasePath cmdlet with the ConfigurationOnly parameter.


Mount the database.

Results: After this exercise, you should have used a troubleshooting technique to identify and fix a
Mailbox server problem.

Exercise 3: Troubleshooting Client Access Servers

You are the messaging administrator for A. Datum Corporation. Users report that they cannot log on to
Outlook Web App. You need to determine and then repair the problem.
The main tasks for this exercise are:

Verify the problem by attempting to reproduce the problem.


Review the event logs.


Use the Test cmdlets to verify server health.


List the probable causes of the problem, and rank possible solutions if multiple options exist.


Check the Outlook Web App configuration.


Verify that you resolved the problem.

Before you begin this exercise, complete the following steps:

On VAN-EX1, open Exchange Management Shell. At the prompt, type d:\ Labfiles\Lab11Prep3.ps1,
and then press Enter.


Close the Exchange Management Shell.

Task 1: Verify the problem by attempting to reproduce the problem


Attempt to log on to as Administrator using the password



Make note of the error displayed.

Lab Instructions: Maintaining Microsoft Exchange Server 2010

Task 2: Review the event logs


On VAN-EX1, open Event Viewer, and then review any errors listed in the Application and
System logs.


Make note of any errors.

Task 3: Use the Test cmdlets to verify server health


On VAN-EX1, open the Exchange Management Shell, and run the Test-ServiceHealth cmdlet.


Run the Test-OwaConnectivity URL

/OWA -TrustAnySSLCertificate cmdlet to test Outlook Web App connectivity. Log on as


Review the results of the cmdlets, and then make note of any errors.

Task 4: List the probable causes of the problem, and rank the possible solutions if
multiple options exist

List the problems and possible solutions:


Possible solution

Task 5: Check the Outlook Web App configuration


Open Exchange Management Console, and then review the Outlook Web App configuration
on VAN-EX1.
Note During this task, click OK to dismiss any messages that indicate that VAN-EX2 is not


Take the necessary actions to fix the problem. Run IISReset after fixing the problem.

Lab Instructions: Maintaining Microsoft Exchange Server 2010

Task 6: Verify that you resolved the problem

Attempt to log on to as Adatum\Administrator with the

password Pa$$w0rd.

Results: After this exercise, you should have used a troubleshooting technique to identify and fix a Client
Access server problem.

To prepare for the next module

When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:

On the host computer, start Hyper-V Manager.


Right-click the virtual machine name in the Virtual Machines list, and then click Revert.


In the Revert Virtual Machine dialog box, click Revert.


In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.


To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it starts fully before
starting the other virtual machines.


Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.


Wait for VAN-EX1 to start, and then start VAN-EX2. Connect to the virtual machine.

After making the configuration change, the Exchange Management Console instructs you to restart IIS so
that the new configuration options can be applied.

Lab Answer Key: Deploying Microsoft Exchange Server 2010

Module 1
Lab Answer Key: Deploying Microsoft Exchange Server 2010
Lab A: Installing Exchange Server 2010
Exercise 1: Evaluating Requirements for an Exchange Server Installation

Exercise 2: Preparing for an Exchange Server 2010 Installation

Exercise 3: Installing Exchange Server 2010

Lab B: Verifying an Exchange Server 2010 Installation

Exercise 1: Verifying an Exchange Server 2010 Installation

Lab Answer Key: Deploying Microsoft Exchange Server 2010

Module 1: Deploying Microsoft Exchange Server 2010

Lab A: Installing Exchange Server 2010

Exercise 1: Evaluating Requirements for an Exchange Server Installation
Task 1: Evaluate the Active Directory requirements

On NYC-DC1, click Start, right-click Computer, and then click Properties.


On the System page, in the Windows edition section, verify that the domain controller operating
system is compatible with Exchange Server 2010 requirements.


Close the System page.


Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.


Right-click, and then click Properties.


In the Properties dialog box, verify that the domain and forest functional levels are
compatible with the Exchange Server 2010 requirements.


Click OK, and then close Active Directory Users and Computers.


Click Start, and in the Search box, type adsiedit.msc, and then press Enter.


Right-click ADSI Edit, and then click Connect to.

10. In the Connection Settings dialog box, in the Connection Point section, in the Select a well known
Naming Context list, click Configuration, and then click OK.
11. In the left pane, expand Configuration[], and then click
12. Expand CN=Services, and verify that the CN=Microsoft Exchange has not been created.
13. Close ADSI Edit.

Task 2: Evaluate the DNS requirements


On NYC-SVR1, click Start, and, in the Search box, type cmd, and then press Enter.


At the command prompt, type IPConfig /all, and then press Enter. Verify that the Domain Name
System (DNS) server IP address for the Local Area Connection is


At the command prompt, type Ping Verify that you have network
connectivity with the domain controller.


At the command prompt, type Nslookup, and then press Enter.


At the command prompt, type set type=all, and then press Enter.


At the command prompt, type, and then press Enter. Verify that
a service (SRV) record is returned.


Close the command prompt.

Lab Answer Key: Deploying Microsoft Exchange Server 2010

Task 3: Evaluate the server requirements


On NYC-SVR1, click Start, point to Administrative Tools, and then click Server Manager.


In the left pane, click Features. Verify that no Windows Server 2008 features are installed, including
the Active Directory Domain Services (AD DS) management tools.


In the left pane, click Roles. Verify that no Windows Server 2008 roles are installed.


Click Start, and then point to Administrative Tools.


Verify that Internet Information Services (IIS) Management is not listed.


Click Start, click All Programs, click Accessories, click Windows PowerShell, and then click
Windows PowerShell.


At the PS prompt, type help about_windows_powershell, and then press Enter. Verify that
about_Windows_PowerShell_2.0 is listed. It is installed with Windows PowerShell v2.


Close Windows PowerShell.


Click Start, and then click Control Panel.

10. In the Control Panel, click Programs.

11. In the Programs window, click Programs and Features. Verify that Microsoft Filter Pack 2.0 is
installed. Close the Programs and Features window.
Results: After this exercise, you should have evaluated the requirements for AD DS, DNS, and servers.

Exercise 2: Preparing for an Exchange Server 2010 Installation

Task 1: Install the Windows Server 2008 server roles and features

On NYC-SVR1, in Server Manager, click Features, and then click Add Features.


In the Select Features page, expand Remote Server Administration Tools, expand Role
Administration Tools, expand AD DS and AD LDS Tools, expand AD DS Tools, and then select the
AD DS Snap-Ins and Command-Line Tools check box.


Select the .NET Framework 3.5.1 check box, and then click Add Required Role Services.


Select the RPC over HTTP Proxy check box, and then click Add Required Role Services.


Click Next.


On the Web Server (IIS) page, click Next.


On the Select Role Services page, under Security, select the Digest Authentication check box.


Under Performance, select the Dynamic Content Compression check box.


Under IIS 6 Management Compatibility, select the IIS 6 Management Console check box.

10. Click Next, and then click Install.

11. Click Close.
12. Click Start, point to Administrative Tools, and then click Services.
13. In the Services list, double-click Net.Tcp Port Sharing Service.

Lab Answer Key: Deploying Microsoft Exchange Server 2010

14. In the Net.TCP Port Sharing Service Properties dialog box, in the Startup type drop-down list,
click Automatic, and then click Apply.
15. Click Start, wait for the service to start, click OK, and then close the Services console.

Task 2: Prepare AD DS for Exchange Server 2010 installation

This task requires that the Exchange Server 2010 Service Pack 2 (SP2) is attached to the NYC-SVR1 virtual
machine as a DVD drive. Complete the following steps to attach it:

In the 10135B-NYC-SVR1 on localhost Virtual Machine Connection window, in the File menu, click


Click DVD Drive, and then click Image File.


Click Browse, and then browse to C:\Program Files\Microsoft Learning\10135\Drives. Click

Exchange2010SP2.iso, and then click Open. Click OK.


On NYC-SVR1, click Close to close the AutoPlay dialog box.


On NYC-SVR1, open a Command Prompt.


Type D:\ /PrepareAD /OrganizationName:Contoso, and then press Enter. These tasks
will take about 10 minutes to complete. Make sure that no errors appear.


Close the command prompt window when the tasks are complete.

Results: After this exercise, you should have installed the Windows Server 2008 server roles and features,
and prepared AD DS for an Exchange Server 2010 installation.

Exercise 3: Installing Exchange Server 2010

Task 1: Install Microsoft Exchange Server 2010

Click Start, click Run, type D:\setup.exe, and then click OK.


Steps 1, 2, and 3 are unavailable because they are complete. If the components were not installed,
Exchange Server provides links to download the necessary software.


Click Step 4: Install Microsoft Exchange. The installation begins copying files.


On the Introduction page, click Next to begin Exchange Server 2010 Setup.


On the License Agreement page, click I accept the terms in the license agreement, and then
click Next.


On the Error Reporting page, click No to disable error reporting, and then click Next. You are
disabling error reporting because your virtual machine does not have access to the Internet.


On the Installation Type page, click Typical Exchange Server Installation, select Automatically
install Windows Server roles and features required for Exchange, and then click Next. Note that
this is specific to Exchange Server 2010 SP2.


On the Client Settings page, click Yes to configure Exchange Server for Microsoft Outlook 2003 or
Entourage clients, and then click Next.


On the Configure Client Access server external domain page, click Next.

Lab Answer Key: Deploying Microsoft Exchange Server 2010

10. On the Customer Experience Improvement Program page, click I dont wish to join the program
at this time, and then click Next.
11. Click Install. A readiness check takes place to ensure that Exchange is ready to install on the server.
This check takes several minutes to complete.
12. Click Install again. The installation begins, and takes approximately 15 to 20 minutes to complete.
13. Clear the option Finalize this installation using the Exchange Management Console, and then
click Finish.
14. If prompted to reboot server, click OK.
15. Click Close and Yes to exit Exchange Server 2010 Setup. You are not obtaining the critical updates for
Exchange Server 2010 because the virtual machine does not have Internet connectivity.
16. Restart NYC-SVR1 server. After it restarts, log on as Contoso\Administrator with the password
Results: After this exercise, you should have installed Exchange Server 2010.

Lab Answer Key: Deploying Microsoft Exchange Server 2010

Lab B: Verifying an Exchange Server 2010

Exercise 1: Verifying an Exchange Server 2010 Installation
Task 1: View the Exchange Server services

On NYC-SVR1, click Start, point to Administrative Tools, and then click Services.


Scroll down the list of services, and click the Microsoft Exchange Active Directory Topology
service. Review the service description.


Review the status of the remaining Exchange Server services. Ensure that all services that are set for
automatic startup are running.


Close Services.

Task 2: View the Exchange Server folders


Click Start, and then click Computer.


Browse to C:\Program Files\Microsoft\Exchange Server\V14. This list of folders includes

ClientAccess, Mailbox, and TransportRoles. These three roles were installed as part of the typical


Open TransportRoles. The Hub Transport server role uses these folders.


Close Windows Explorer.

Task 3: Create a new user, and send a test message


If necessary, click Start, point to All Programs, click Microsoft Exchange Server 2010, and then
click Exchange Management Console.


In the left pane, click Microsoft Exchange On-Premises( Wait for the
initialization to finish, and then click OK to acknowledge that the server is unlicensed.


Expand Microsoft Exchange On-Premises and click Recipient Configuration. Notice that a
mailbox for the Administrator and a Discovery Search Mailbox are the only mailboxes created by


Right-click Recipient Configuration, and then click New Mailbox. Wait for the New Mailbox Wizard
to start.


Click Next to accept the User Mailbox option.


Click Next to accept the New user option.


In the First name box, type TestUser.


In the User logon name box, type TestUser.


In the Password and Confirm password boxes, type Pa$$w0rd.

10. Click Next.

11. On the Mailbox Settings page, in the Alias box, verify that TestUser is displayed, and then click
Next to accept the mailbox settings.

Lab Answer Key: Deploying Microsoft Exchange Server 2010

12. On the Archive Settings page, click Next.

13. Click New to create the new mailbox.
14. Click Finish.
15. Click Start, point to All Programs, and then click Internet Explorer.
16. In the Address bar, type https://NYC-SVR1/owa, and then press Enter.
17. Click Continue to this website (not recommended) to proceed. It might take some time for
Outlook Web App to appear for the first time.
18. Log on as Contoso\TestUser with a password of Pa$$w0rd.
19. Click OK to accept the default Outlook Web App settings.
20. Click New to create a new message.
21. If warning page appears, click Continue to this website (not recommended).
22. In the To box, type Administrator.
23. In the Subject box, type Test Message, and then click Send.
24. Close Windows Internet Explorer.
25. Click Start, point to All Programs, and then click Internet Explorer.
26. In the Address bar, type https://NYC-SVR1/owa, and then press Enter.
27. Click Continue to the website (not recommended) to proceed.
28. Log on as Contoso\Administrator with a password of Pa$$w0rd.
29. Click OK to accept the default Outlook Web App settings.
30. Double-click the message from TestUser to read it.
31. Close the message from TestUser.
32. Close Internet Explorer.

Task 4: Run the Exchange Server Best Practices Analyzer tool


In Exchange Management Console, in the left pane, click Toolbox.


In the center pane, double-click Best Practices Analyzer.


Click Do not check for updates on startup. You do this because your virtual machine does not have
Internet access.


Click I dont want to join the program at this time.


Click Go to the Welcome screen.


Click Select options for a new scan.


Click Connect to the Active Directory server.


In the Enter an identifying label from this scan box, type Post-Installation Test.


Review the options, and then click Start scanning.

10. When the scan is complete, click the View a report of this Best Practices scan link.
11. On the Critical Issues tab, click Offline address book replica not found. This gives you the option
to get information about how to fix the problem or hide the message.

Lab Answer Key: Deploying Microsoft Exchange Server 2010

12. Click Tell me more about this issue and how to resolve it. This opens the Microsoft Exchange
Server Best Practices Analyzer Help, and provides specific information about the warning and
troubleshooting it.
13. Close Exchange Server Best Practices Analyzer Help.
14. Close the Exchange Server Best Practices Analyzer Tool.
Results: After this exercise, you should have verified the successful installation of Exchange Server 2010 by
viewing the Exchange Server services and folders. You should also have created a new user and sent a test
message to that user. Finally, you should have used the Exchange Server Best Practices Analyzer tool to
view information about any installation issues.

To prepare for the next module

When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:

On the host computer, start Hyper-V Manager.


Right-click the virtual machine name in the Virtual Machines list, and then click Revert.


In the Revert Virtual Machine dialog box, click Revert.


In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.


To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.


Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.


Wait for VAN-EX1 to start, and then start VAN-EX3. Connect to the virtual machine.

Lab Answer Key: Configuring Mailbox Servers

Module 2
Lab Answer Key: Configuring Mailbox Servers
Exercise 1: Configuring Mailbox Databases

Exercise 2: Configuring Public Folders

Lab Answer Key: Configuring Mailbox Servers

Module 2: Configuring Mailbox Servers

Lab: Configuring Mailbox Servers

Exercise 1: Configuring Mailbox Databases
Task 1: Create a new database for the Executive mailboxes

On VAN-EX1, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Console.


In the Console Tree, expand Microsoft Exchange, expand Microsoft Exchange On-Premises,
expand Organization Configuration, and then click Mailbox.


In the Content pane, select the Database Management tab.


In the Actions pane, click New Mailbox Database.


In the New Mailbox Database Wizard, type Executive in the Mailbox database name field, and then
click Browse.


In the Select Mailbox Server dialog box, select VAN-EX1, and then click OK.


Click Next.


In the Database file path field, type C:\Mailbox\Executive\Executive.edb.


In the Log folder path field type C:\Mailbox\Executive.

10. Click Next.

11. Click New.
12. Click Finish.

Task 2: Configure the Executive mailbox database with appropriate limits


In the Content pane, select the Database Management tab, right-click on the Executive database,
and then click Properties.


Click the Limits tab.


Type 850 for Issue warning at (MB).


Uncheck Prohibit send at (MB).


Type 1024 for Prohibit send and receive at (KB).


Click OK.

Task 3: Move the existing Accounting database to a new location


In the Content pane, select the Database Management tab, and then select the Accounting


In the Actions pane, click Move Database Path.


In the Move Database Path Wizard, in the Database file path field, type

Lab Answer Key: Configuring Mailbox Servers


In the Log folder path field type C:\Mailbox\Accounting\.


Click Move.


Click Yes.


Click Finish.


Close the Exchange Management Console.

Results: After this exercise, you should have created a new database, set the specified limits, and moved
the existing Accounting database to a new folder.

Exercise 2: Configuring Public Folders

Task 1: Check Executives public folder statistics

On VAN-EX3, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Console.


In the Console Tree, expand Microsoft Exchange, expand Microsoft Exchange On-Premises, and
then click Toolbox.


In the Content pane, double-click Public Folder Management Console.


If you are not connected, then in the Actions pane, click Connect to a Server, and then in the
Connect to Server dialog box, click Browse.


In the Select Public Folder dialog box, select VAN-EX1, click OK, and then click Connect.


In the Console Tree, expand Public Folders, and then select Default Public Folders.


In the Content pane, right-click Executives, and then choose Properties.


On the General tab, note the Total Items and Size of the items in the public folder.


Click OK.

10. Leave the Public Folder Management Console running.

Task 2: Create a public folder database on VAN-EX3


On VAN-EX3, in the Exchange Management Console, expand Organization Configuration, and then
click Mailbox.


In the Content pane, select the Database Management tab.


In the Actions pane, click New Public Folder Database.


On the New Public Folder Database page, type PF-VAN-EX3 in the Public Folder database name
field, and then click Browse.


In the Select Mailbox Server dialog box, select VAN-EX3, and then click OK.


Click Next.


In the Database file path field, type C:\Mailbox\PF-VAN-EX3\PF-VAN-EX3.edb.


In the Log folder path field, type C:\Mailbox\PF-VAN-EX3\.

Lab Answer Key: Configuring Mailbox Servers


Click Next.

10. Click New.

11. Click Finish.

Task 3: Add a replica of the Executives public folder on VAN-EX3


In the Console Tree for the Public Folder Management Console, expand Public Folders, and then
select Default Public Folders.


In the Content pane, right-click Executives, and then choose Properties.


Click the Replication tab.


Under Replicate content to these public folder databases, click Add.


Select PF-VAN-EX3, and then click OK.


Click OK to close the Executives Properties dialog box. If an error occurs, wait 5 minutes and try

It can take as much as 15 minutes for replication to complete.

Task 4: Verify replication between VAN-EX1 and VAN-EX3


Click Public Folders, in the Actions pane, click Connect to a Server, and then in the Connect to
Server dialog box, click Browse.


In the Select Public Folder Servers dialog box, select VAN-EX3, click OK, and then click Connect.


In the Console Tree, expand Public Folders, and then select Default Public Folders.


In the Content pane, right-click Executives, and then choose Properties.

Note If the Executives folder is not visible, you may need to wait for the hierarchy
replication to finish. Wait five minutes, and refresh the view. If the folder is still not visible,
shut down the Public Folder Management Console, and open it again. Use the steps above
to connect to VAN-EX3.


On the General tab, note the Total Items and Size of the items in the public folder.


Click OK.


Close the Public Folder Management Console.


Close the Exchange Management Console.

Results: After this exercise, you should have created a new public folder database on VAN-EX3 and added
replicas for each public folder.

Lab Answer Key: Configuring Mailbox Servers

To prepare for the next module

When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:

On the host computer, start Hyper-V Manager.


Right-click the virtual machine name in the Virtual Machines list, and then click Revert.


In the Revert Virtual Machine dialog box, click Revert.


In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.


To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.


Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.


Wait for VAN-EX1 to start, and then start VAN-CL1. Connect to the virtual machine.

Lab Answer Key: Managing Recipient Objects

Module 3
Lab Answer Key: Managing Recipient Objects
Exercise 1: Managing Recipients

Exercise 2: Configuring E-Mail Address Policies

Exercise 3: Configuring Address Lists

Exercise 4: Performing Bulk Recipient Management Tasks


Lab Answer Key: Managing Recipient Objects

Module 3: Managing Exchange Recipients

Lab: Managing Exchange Recipients

Exercise 1: Managing Recipients
Task 1: Create and configure a mailbox called Adventure Works Questions

On VAN-EX1, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Console.


In the Console Tree, expand Microsoft Exchange On-Premises, expand Recipient Configuration,
and then click Mailbox.


In the Actions pane, click New Mailbox.


Choose User Mailbox, and then click Next.


Choose New user, and then click Next.


Complete the following information:

Name: Adventure Works Questions

User logon name (User Principal Name): AdventureWksQ

Password: Pa$$w0rd

Confirm password: Pa$$w0rd


Click Next.


Type AdventureWksQ as the Alias. Select the Specify the mailbox database rather than using a
database automatically selected check box, and click Browse.


Click Mailbox Database 1, click OK, and then click Next.

10. Click Next.

11. Click New.
12. Click Finish.
13. In the Results pane, select the Adventure Works Questions mailbox, and then in the Actions pane,
click Properties. On the Organization tab, in the Company field, type Adventure Works, and then
click OK.
14. In the Results pane, select the Adventure Works Questions mailbox, and then in the Actions pane,
click Manage Full Access Permission.
15. In the Manage Full Access Permission Wizard, click Add.
16. In the Select User or Group dialog box, choose George Schaller, and then click OK.
17. Click Manage.
18. Click Finish.

Lab Answer Key: Managing Recipient Objects

Task 2: Create a resource mailbox, and configure auto-accept settings for the

In the Console Tree, under Recipient Configuration, click Mailbox.


In the Actions pane, click New Mailbox.


In the New Mailbox Wizard, select Room Mailbox, and then click Next.


Verify New user is selected, and then click Next.


Complete the following information:

Name: ProjectRoom

User logon name (User Principal Name): ProjectRoom


Click Next.


Type ProjectRoom as the Alias. Select the Specify the mailbox database rather than using a
database automatically selected check box, and then click Browse.


Click Mailbox Database 1, click OK, and then click Next.


Click New, and then click Finish.

10. In the Results pane, click ProjectRoom, and in the Actions pane, click Properties.
11. Click the Resource General tab.
12. Select the Enable the Resource Booking Attendant check box. If you do not enable this option, the
resource will not process meeting requests, even if you configure other settings.
13. On the Organization tab, configure the Company name as Adventure Works.
14. Click OK.

Task 3: Move George Schallers mailbox to the VAN-EX1\Mailbox Database 1


In the console tree, under Recipient Configuration, click Mailbox.


Click the George Schaller mailbox, and then in the Actions pane, click New Local Move Request.


In the New Local Move Request Wizard, click Browse.


Click Mailbox Database 1, and then click OK.


Click Next.


Verify that Skip the mailbox is selected, and then click Next.


Click New.


Click Finish.


In the console tree, click Move Request to verify the move request is complete.
Note If the mailbox move fails, and the error indicates that no Mailbox Replication Service
is available, start the Microsoft Exchange Mailbox Replication service, and try the mailbox
move again.

Lab Answer Key: Managing Recipient Objects

Task 4: Create and configure a mail-enabled contact for Ian Palangio at

Woodgrove Bank

In the Console Tree, under Recipient Configuration, click Mail Contact.


In the Actions pane, click New Mail Contact.


Verify that New contact is selected.


Click Next.


Complete the following information:

First Name: Ian

Last name: Palangio

Alias: IanPalangioWB


To set the e-mail address, click Edit.


In the E-mail address box, type, and then click OK.


Click Next.


Click New.

10. Click Finish.

Task 5: Create a moderated distribution list for the Adventure Works Project, and
delegate an administrator

In the console tree, under Recipient Configuration, click Distribution Group.


In the Actions pane, click New Distribution Group.


Verify New group is selected.


Click Next.


Under Group Type, verify that Distribution is selected.


Complete the following information:

Name: Adventure Works Project

Alias: AdventureWorksProject


Click Next.


Click New.


Click Finish.

10. In the Work pane, select the Adventure Works Project group.
11. In the Actions pane, click Properties.
12. Click the Members tab.
13. Click Add, and then select the following users by holding down CTRL:

George Schaller

Ian Palangio

Lab Answer Key: Managing Recipient Objects

Wei Yu

Paul West

14. Click OK.

15. Click the Mail Flow Settings tab.
16. Select Message Moderation, and then click Properties.
17. Select the Messages sent to this group have to be approved by a moderator check box.
18. In the Specify group moderators section, click Add.
19. Select George Schaller, and then click OK.
20. Click OK.
21. Click OK.

Task 6: Create a room list distribution group for the Adventure Works
meeting rooms

On VAN-EX1, if required, open the Exchange Management Shell.


At the command prompt, type $Members=Get-User -Filter {(RecipientTypeDetails -eq

"RoomMailbox") -and (Company -eq "Adventure Works")} and press Enter.


At the command prompt, type New-DistributionGroup -Name "Adventure Works Conference

Rooms" -RoomList -Members $Members and press Enter.

Task 7: Verify that changes were completed successfully


On VAN-CL1, verify that you are logged in as Administrator.


Open Microsoft Outlook 2010.


In the toolbar, click the down arrow next to New Items, and then click Meeting.


Choose a meeting Start time for tomorrow at 1:00 PM.


Click the To button.

Note If you receive an error message when you click To, click Cancel. Start or restart the
Microsoft Exchange Address Book Service on VAN-EX1, and then try this step again.


Select the Adventure Works Project group, and then click Required. Click OK.


In the Room Finder pane, under Show a room list, click Adventure Works Conference Rooms.
Note If the room list is not available, close the meeting request, and close Outlook. Wait a
few minutes, and then try this task again.


Under Choose an available room, click ProjectRoom.


Type Project Kickoff as the subject.

10. Click Send.

Lab Answer Key: Managing Recipient Objects

11. Close Outlook.

12. Log off from VAN-CL1.
13. On VAN-EX1, click Start, click All Programs, and then click Internet Explorer.
14. Type in the Address bar.
15. Log on to Microsoft Outlook Web App as Adatum\George with a password of Pa$$w0rd. Click OK.
16. Double-click the message with the subject of Project Kickoff.
17. Click the Accept check mark. Choose to send the response now.
18. Close Windows Internet Explorer.
Results: At the end of this exercise, you should have completed all of the assigned tasks, including
creating a mailbox, creating a resource mailbox, moving a mailbox, creating a contact, and creating a
moderated distribution group.

Exercise 2: Configuring E-Mail Address Policies

Task 1: Create an e-mail address policy for Adventure Works users

On VAN-EX1, in the Exchange Management Console, expand Organization Configuration, and then
select Hub Transport.


In the Actions pane, click New E-mail Address Policy.


In the New E-Mail Address Policy Wizard, type Adventure Works as the policy name.


Click Browse.


Click in the Select Organizational Unit dialog box, and then click OK.


Verify that All recipient types is selected, and then click Next.


In the Step 1 box, select the Recipient is in a Company check box.


In the Step 2 box, click specified.


In the Specify Company dialog box, type Adventure Works, and then click Add.

10. Click OK.

11. In the New E-Mail Address Policy dialog box, click Next.
12. Click Add. In the SMTP E-mail Address dialog box, click First name.last name (john.smith).
13. Click Select the accepted domain for the e-mail address, click Browse, click, and then click OK.
14. Click OK.
15. Click Next.
16. Verify Immediately is selected, and then click Next.
17. Click New.
18. Click Finish.

Lab Answer Key: Managing Recipient Objects

Task 2: Verify that addresses are applied correctly


In the Console Tree, under Recipient Configuration, click Mailbox.


In the Results pane, double-click George Schaller.


In the Properties dialog box for George Schaller, click the E-Mail Addresses tab, and view the
current email addresses that are assigned.


Click the Organization tab.


Type Adventure Works for the Company, and then click Apply.


Click the E-Mail Addresses tab, and view the current email addresses that are assigned. Microsoft
Exchange should have assigned the new email address when the company
change was made.


Click OK.

Results: At the end of this exercise, you should have created an email address policy for Adventure Works

Exercise 3: Configuring Address Lists

Task 1: Create an empty-container address list named Companies

On VAN-EX1, in Exchange Management Console, under Organization Configuration, click Mailbox.


In the Results pane, click the Address lists tab.


In the Actions pane, click New Address List.


In the Name box, type Companies.


Click Next.


Select None under Include these recipient types.


Click Next.


Click New.


Click Finish.

Task 2: Create a new address list for Adventure Works recipients


In the console tree, under Organization Configuration, click Mailbox.


In the Results pane, click the Address Lists tab.


In the Actions pane, click New Address List.


In the Name box, type Adventure Works.


Click Browse.


In the Select Address List dialog box, select Companies, and then click OK.


Click Next.

Lab Answer Key: Managing Recipient Objects


Verify that All recipient types is selected, and then click Next.


In the Step 1 box, select the Recipient is in a Company option.

10. In the Step 2 box, click specified.

11. In the Specify Company dialog box, type Adventure Works, and then click Add.
12. Click OK.
13. Click Preview, and then click OK.
14. Click Next.
15. Verify Immediately is selected, and then click Next.
16. Click New.
17. Click Finish.

Task 3: Create a new address list for A. Datum Corporation recipients


In the console tree, under Organization Configuration, click Mailbox.


In the Results pane, click the Address lists tab.


In the Actions pane, click New Address List.


In the Name box, type A. Datum.


In the Display name box, type A. Datum.


Click Browse.


In the Select Address dialog box, click Companies, and then click OK.


Click Next.


Verify that All recipient types is selected, and then click Next.

10. In the Step 1 box, check Recipient is in a Company.

11. In the Step 2 box, click specified.
12. In the Specify Company dialog box, type A. Datum, and then click Add.
13. Click OK.
14. Click Preview, and then click OK.
15. Click Next.
16. Verify Immediately is selected, and then click Next.
17. Click New.
18. Click Finish.

Task 4: Verify the new address list is available in Microsoft Office Outlook

On VAN-CL1, log on as Administrator with a password of Pa$$w0rd.


Open Outlook 2010.


On the Home tab, click Address Book.

Lab Answer Key: Managing Recipient Objects


Under Address Book, click the down arrow to display the options. You can see that under All
Address Lists, the Companies container is listed and includes the address lists Adventure Works and
A. Datum.


Close all open windows, and close Outlook.

Task 5: Create a new offline address book for the Adventure Works address list

On VAN-EX1, in Exchange Management Console, under Organization Configuration, click Mailbox,

and then click the Offline Address Book tab.


In the Actions pane, click New Offline Address Book.


In the Name box, type Adventure Works.


Click Browse, select VAN-EX1, and then click OK.


Clear the Include the default Global Address List check box.


Select the Include the following address lists check box.


Click Add, expand Companies, click Adventure Works, and then click OK.


Click Next.


Select Enable Web-based Distribution and Enable public folder distribution.

10. Click Add, and in the Microsoft Exchange dialog box, click OK.
11. Click OAB (Default Web Site), click OK, and then click Next.
12. Click New, and then click Finish.

Task 6: Create a global address list for Adventure Works users


On VAN-EX1, if required, open the Exchange Management Shell.


At the command prompt, type New-GlobalAddressList Name Adventure Works GAL

IncludedRecipients AllRecipients ConditionalCompany Adventure Works and press Enter.

Task 7: Create the address book policy for the Adventure Works users

In the Actions pane of the Exchange Management Console, click New Address Book Policy.


In the Name field, type Adventure Works ABP.


Beside Global address list, click Browse, click Adventure Works GAL and click OK.


Beside Offline address book, click Browse, click Adventure Works and click OK.


Beside Room list, click Browse, click Adventure Works and click OK.


Under Address Lists, click Add.


Expand Companies, click Adventure Works, and click OK.


Click New, and click Finish.

Results: At the end of this exercise, you should have created an address list for the A. Datum and
Adventure Works users, and an offline address book for each organization.


Lab Answer Key: Managing Recipient Objects

Exercise 4: Performing Bulk Recipient Management Tasks

Task 1: Add a header to the .csv file exported from the Human Resources (HR)

On VAN-EX1, click Start, point to All Programs, click Accessories, and then click Notepad.


Click the File menu, click Open.


Change the Files of Type to All Files.


Browse to D:\Labfiles\Users.csv, and then click Open.


At the top of the file, replace Add Header Here with FirstName,LastName,Password. The
Import-CSV cmdlet uses this header to name each column of imported information. You then can
reference these names to view and manipulate information.
Note Ensure that you replace the entire top line in the file, including the commas. After
your edits, the first line should be FirstName,LastName,Password.


Click the File menu, and then click Save.


Close Notepad.

Task 2: Modify the CreateUsersLab.ps1 script to import Adventure Works users from
a .csv file

Click Start, point to All Programs, click Accessories, and then click Notepad.


Click the File menu, click Open.


Change the Files of Type to All Files.


Select D:\Labfiles\CreateUsersLab.ps1, and then click Open.


In Section 1, define $db as Mailbox Database 1.


In Section 1, define $upndom as


In Section 1, define $ou as Adventureworks.


In Section 1, define $csvFile as D:\Labfiles\Users.csv.


In Section 4, replace all instances of property1 with firstname.

10. In Section 4, replace all instances of property2 with lastname.

11. In Section 4, replace property3 with password.
12. Click the File menu, and then click Save.
13. Close Notepad.

Task 3: Create the AdventureWorks Organizational Unit


On VAN-EX1, click Start, click All Programs, click Administrative Tools, and then click Active
Directory Users and Computers.


In the Console Tree right-click, expand New and click Organizational Unit.

Lab Answer Key: Managing Recipient Objects


In the New Object Organizational Unit dialog in the Name box type AdventureWorks.


Click OK.


Task 4: Run CreateUsersLab.ps1 to import the Adventure Works Users


On VAN-EX1, if required, start the Exchange Management Shell.


Type D:\Labfiles\CreateUsersLab.ps1 and press Enter.

Task 5: Configure the Settings for the Adventure Works users


In the Exchange Management Shell, run Get-User OrganizationalUnit AdventureWorks |

Set-User Company Adventure Works


Run Get-Mailbox OrganizationalUnit Adventureworks.


Run: Get-Mailbox OrganizationalUnit Adventureworks | Set-Mailbox

IssueWarningQuota 4GB ProhibitSendQuota 5GB.


Run Get-Mailbox OrganizationalUnit Adventureworks | Set-Mailbox

AddressBookPolicy Adventure Works ABP.

Results: After this exercise, you should have created all of the additional Adventure Works users with an
Exchange Management Shell script and configure the mailbox properties.

To prepare for the next module

When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:

On the host computer, start Hyper-V Manager.


Right-click the virtual machine name in the Virtual Machines list, and then click Revert.


In the Revert Virtual Machine dialog box, click Revert.


In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.


To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.


Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.


Wait for VAN-EX1 to start, and then start VAN-EX2. Connect to the virtual machine.


Wait for VAN-EX2 to start, and then start VAN-CL1. Connect to the virtual machine.

Lab Answer Key: Managing Client Access

Module 4
Lab Answer Key: Managing Client Access
Lab A: Configuring Client Access Servers for Outlook Anywhere Access
Exercise 1: Configuring Client Access Servers

Exercise 2: Configuring Outlook Anywhere

Lab B: Configuring Client Access Servers for Outlook Web App

and Exchange ActiveSync
Exercise 1: Configuring Outlook Web App

Exercise 2: Configuring Exchange ActiveSync

Lab Answer Key: Managing Client Access

Module 4: Managing Client Access

Lab A: Configuring Client Access Servers for

Outlook Anywhere Access
Exercise 1: Configuring Client Access Servers
Task 1: Configure an external client access domain for VAN-EX2

On VAN-EX2, open the Exchange Management Console.


Expand Microsoft Exchange On-Premises. In the left pane, expand Server Configuration, and
then click Client Access.


In the Actions pane, click Configure External Client Access Domain.


On the Configure External Client Access Domain page, type as the domain
name, and then click Add.


In the Select Client Access Server dialog box, click VAN-EX2, and then click OK.


Click Configure. In the Microsoft Exchange dialog box, click Yes, and then click Finish.


In the results pane, click VAN-EX2, and then in the work pane, double-click owa (Default Web Site).


On the General tab, verify that the External URL field has been changed to, and then click OK.

Task 2: Prepare a Server Certificate request for VAN-EX2


In the left pane, click Server Configuration. In the results pane, click VAN-EX2.


In the Actions pane, click New Exchange Certificate to open the New Exchange Certificate Wizard.


On the Introduction page, type Adatum Mail Certificate as the friendly name for the certificate,
and then click Next.


On the Domain Scope page, click Next.


On the Exchange Configuration page, expand Client Access server (Outlook Web App), and then
select both the Outlook Web App is on the Intranet and Outlook Web App is on the Internet
check boxes. Verify that is displayed in the second text box.


Expand Client Access server (Exchange ActiveSync), and then verify that Exchange Active Sync is
enabled check box is selected.


Expand Client Access server (Web Services, Outlook Anywhere, and Autodiscover). Enter as the external host name.


Ensure that both the Autodiscover used on the Internet check box and the Long URL option are
selected. In the Autodiscover URL to use field, delete all entries except for,
and then click Next.


On the Certificate Domains page, click Next.

Lab Answer Key: Managing Client Access

10. On the Organization and Location page, enter the following information:

Organization: A Datum

Organization Unit: Messaging

Country/region: Canada

City/locality: Vancouver

State/province: BC

11. Click Browse, type CertRequest as the File name, and then click Save.
12. Click Next, click New, and then click Finish.

Task 3: Request the certificate from the CA


Click the Folder icon in the task bar, and click Documents.


Right-click CertRequest.req, and then click Open.


In the Windows dialog box, click Select a program from a list of installed programs, and then
click OK.


In the Open with dialog box, click Notepad, and then click OK.


In the CertRequest.req Notepad window, click Ctrl+A to select all the text, and then click Ctrl+C to
copy and save the text to the clipboard. Close Notepad.


Click Start, click All Programs, and then click Internet Explorer.


Connect to


Log on as Administrator using a password of Pa$$w0rd.


On the Welcome page, click Request a certificate.

10. On the Request a Certificate page, click advanced certificate request.

11. On the Advanced Certificate Request page, click Submit a certificate request by using
a base-64-encoded CMC or PKCS#10 file, or submit a renewal request by using a
base-64-encoded PKCS#7 file.
12. On the Submit a Certificate Request or Renewal Request page, click in the Saved Request field,
and then press Ctrl+V to paste the certificate request information into the field.
13. In the Certificate Template drop-down list box, click Web Server, and then click Submit. Click Yes.
14. On the Certificate Issued page, click Download certificate.
15. In the File Download dialog box, click Save.
16. In the Download complete dialog box, click Open.
17. In the Certificate dialog box, on the Details tab, click Subject Alternative Name. Verify that the
certificate includes several Subject Alternative Names, and then click OK.

Lab Answer Key: Managing Client Access

Task 4: Import and assign the Internet Information Services (IIS) Exchange Service to
the New Certificate

In the Exchange Management console, click Server Configuration.


Click ADatum Mail Certificate, and in the Actions pane, click Complete Pending Request.


On the Complete Pending Request page, click Browse.


Under Favorites, click Downloads.


Click certnew.cer and click Open.


Click Complete, and then click Finish.


In the Exchange Management console, click Server Configuration.


In the results pane, click VAN-EX2. In the bottom pane, click Adatum Mail Certificate.


In the Actions pane, click Assign Services to Certificate.

10. On the Select Servers page, verify that VAN-EX2 is listed, and then click Next.
11. On the Select Services page, select the Internet Information Services check box, click Next, click
Assign, and then click Finish.

Task 5: Verify Microsoft Office Outlook connectivity to the Microsoft Exchange


On VAN-CL1, log on as Molly using the password Pa$$w0rd.


Click Start, click All Programs, click Microsoft Office, and then click Microsoft Outlook 2010.


On the Microsoft Outlook 2010 Startup page, click Next.


On the E-Mail Accounts page, click Next.


On the Auto Account Setup page, click Next.


On the Configuring page, click Finish.

Note If Outlook cannot connect to the server, ensure that all of the Microsoft Exchange
Server services on VAN-EX2 do indeed start if they are set to Automatic start. Start all
services that have not started, and try connecting again.


In the User Name dialog box, click OK.


On the Help Protect and Improve Microsoft Office page, click Dont make changes, and then
click OK.


In Microsoft Outlook, click File.

10. Click Account Settings, and then click Account Settings.

11. Click and then click Change.
12. Verify that the user mailbox is located on VAN-EX2, click Cancel, and then click Close.
13. Close Outlook.

Lab Answer Key: Managing Client Access

Exercise 2: Configuring Outlook Anywhere

Task 1: Configure a Domain Name System (DNS) record for

On VAN-DC1, click Start, point to Administrative Tools, and then click DNS.


In DNS Manager, in the left pane, expand Forward Lookup Zones, and then expand


Right-click, and then click New Host (A or AAAA).


In the New Host dialog box, in the Name box, type mail. In the IP Address box, type,
and then click Add Host.


Click OK to close the prompt, and then click Done. Close DNS Manager.

Task 2: Configure Outlook Anywhere on VAN-EX2


On VAN-EX2, click Start, point to Administrative Tools, and then click Server Manager.


Click Features. In the Features list, verify that the RPC over HTTP Proxy feature is listed.


On VAN-EX2, if required, open the Exchange Management Console.


In the Exchange Management Console, expand Server Configuration, and then click Client Access.


Click VAN-EX2, and in the Actions pane, click Enable Outlook Anywhere.


On the Enable Outlook Anywhere page, in the External host name field, type
Under Client authentication method, click NTLM authentication, and then click Enable.


On the Completion page, click Finish.


Close all open windows, and then restart VAN-EX2.

Task 3: Configure the Outlook profile to use Outlook Anywhere


On VAN-CL1, ensure that you are logged on as Adatum\Molly.


Click Start, and then click Control Panel. In the Search field, type Mail. Right-click Mail, and then
click Open.


In the Mail Setup - Outlook dialog box, click E-mail Accounts.


In the E-mail Accounts dialog box, click, and then click Change.


On the Server Settings page, click More Settings.


In the Microsoft Exchange dialog box, on the Connection tab, select Connect to Microsoft
Exchange using HTTP, and then click Exchange Proxy Settings.


In the Microsoft Exchange Proxy Settings dialog box, complete the following information:


Use this URL (https://):

Connect using SSL only: enable (default)

On fast networks, connect using HTTP first, then connect using TCP/IP: enable

On slow networks, connect using HTTP first, then connect using TCP/IP: enable (default)

Proxy authentication setting: NTLM Authentication (default)

Click OK, and then click OK again to close the Microsoft Exchange dialog box.

Lab Answer Key: Managing Client Access


On the Server Settings page, click Next.

10. On the Congratulations! page, click Finish.

11. On the E-mail Accounts page, click Close, and then click Close again to close the Mail Setup Outlook dialog box.

Task 4: Verify the Outlook Anywhere connectivity


Wait until VAN-EX2 finishes restarting, and then log on as Administrator using the password


On VAN-CL1, open Microsoft Outlook 2010.


Verify that the Outlook connection indicator states Connected to Microsoft Exchange.
Note If Outlook cannot connect to the server, and you get an error message, first ensure
that all of the Exchange Server services on VAN-EX2 that are set to Automatic start are
started. Start all services that have not started, and then click Retry in Outlook window.


Press and hold Ctrl, and then right-click the Office Outlook icon in the Windows 7 operating
system notification area. You may need to click the up arrow in the Windows 7 notification area to
view the Office Outlook icon.


Click Connection Status. Confirm that the Conn column lists HTTPS as the connection method.


Click Close.


Press and hold Ctrl, and then click the Outlook icon in the Windows task bar notification area. Click
Test E-mail AutoConfiguration.


In the Password field, type Pa$$w0rd.


Clear the Use Guessmart and Secure Guessmart Authentication check boxes.

10. Click Test. View the information displayed on the Results tab.
11. Click the Log tab to view how the client completed Autodiscover.
12. Close the Test E-mail AutoConfiguration dialog box.
13. Close Microsoft Outlook, and then log off VAN-CL1.

To prepare for the next lab

Do not shut down the virtual machines or revert them to their initial state when you finish this lab.
The virtual machines are required to complete the last lab in this module.

Lab Answer Key: Managing Client Access

Lab B: Configuring Client Access Servers for

Outlook Web App and Exchange
Exercise 1: Configuring Outlook Web App
Task 1: Configure IIS to use the Internal CA certificate

On VAN-EX2, click Start, point to Administrative Tools, and then click Internet Information
Services (IIS) Manager.


Expand VAN-EX2 (ADATUM\Administrator), expand Sites, expand Default Web Site, and then
click owa.


In the center pane, and under IIS, double-click SSL Settings. Notice that secure sockets layer (SSL) is
required by default.


Under Sites, click Default Web Site, and in the Actions pane, click Bindings.


In the Site Bindings dialog box, click https, and then click Edit.
Note In Site Bindings dialog box you will see two instances of https. You should click on
instance that has asterisk (*) in the IP Address field.


In the SSL Certificate drop-down list, verify that Adatum Mail Certificate is selected


Click OK, click Close, and then close the IIS Manager.

Task 2: Configure Outlook Web App settings for all users


Click Start, point to All Programs, click Microsoft Exchange Server 2010, and then click Exchange
Management Console.


In the console tree, expand Microsoft Exchange On-Premises, expand Server Configuration, and
then click Client Access.


In the work pane, select VAN-EX2, and in the result pane, right-click owa (Default Web Site), and
then click Properties.


Click the Authentication tab, and verify that Use forms-based authentication is selected.


Under Logon Format, click User name only, and then click Browse.


Click, and then click OK.


Click the Segmentation tab, click Tasks, and then click Disable. Click Rules, and then click Disable.
Click OK twice.


Open the Exchange Management Shell. At the PS prompt, type set-owavirtualdirectory owa
(Default Web Site) ForceSaveFileTypes .doc, and then press Enter.


Type set-owavirtualdirectory owa (Default Web Site) GzipLevel Off, and then press Enter.

10. Type Set-OwaVirtualDirectory -identity Owa (Default Web Site) FilterWebBeaconsAndHtmlForms ForceFilter, and then press Enter.

Lab Answer Key: Managing Client Access

11. Type IISReset /noforce, and then press Enter. If you get a message that the service did not start,
open the Services Microsoft Management Console (MMC), and start the World Wide Web Publishing
12. Close the Exchange Management Shell.

Task 3: Configure an Outlook Web App Mailbox Policy for the Branch Managers

On VAN-EX2, in Exchange Management Console, expand Organization Configuration, and then

click Client Access.


In the Actions pane, click New Outlook Web App Mailbox Policy.


In the New Outlook Web App Mailbox Policy page, type Branch Managers Policy as the policy


In the list of features, click Change Password, and then click Disable.


Click New, and then click Finish.


Right-click Branch Managers Policy, and then click Properties.


On the Public Computer File Access tab, clear all check boxes.


On the Private Computer File Access tab, clear all check boxes, and then click OK.


Under Recipient Configuration, click Mailbox.

10. Click the Organization Unit column heading to sort the view by organization units (OU).
11. Select all the users in the Branch Managers OU, right-click, and then click Properties.
12. On the Mailbox Features tab, click Outlook Web App, and then click Properties.
13. Select the Outlook Web App mailbox policy check box, and then click Browse.
14. Click Branch Managers Policy, and then click OK four times.

Task 4: Verify the Outlook Web App configuration


On VAN-EX1, open Windows Internet Explorer.


In the address field, type, and then press Enter.


Log on to Outlook Web App as Adatum\Sharon using the password Pa$$w0rd. Sharon is not in the
Branch Managers OU. Click OK.


Verify that the Tasks folder is not displayed in the user mailbox.


On the Outlook Web App page, click Options. Click the See All Options link.


On the Organize E-Mail tab, verify that you cannot create a new Inbox rule. Close Internet Explorer.


Open Internet Explorer.


In the address field, type, and then press Enter.


Log on to Outlook Web App as Adatum\Johnson using the password Pa$$w0rd. Johnson is in the
Branch Managers OU. Click OK.

10. Verify that the Tasks folder is listed in the user mailbox.

Lab Answer Key: Managing Client Access

11. On the Outlook Web App page, click Options. Click the See All Options link.
12. In the left pane, click Settings. Notice that you do not have an option to change passwords. Close
Internet Explorer.

Exercise 2: Configuring Exchange ActiveSync

Task 1: Verify the Exchange ActiveSync virtual directory configuration

On VAN-EX2, in the Exchange Management Console, expand Server Configuration, and then click
Client Access.


In the result pane, click VAN-EX2, and in the work pane, click the Exchange ActiveSync tab.


Right-click Microsoft-Server-ActiveSync, and then click Properties.


Review the information on the General tab.


Click the Authentication tab. Notice that Basic authentication is enabled. This is acceptable, because
you typically would use SSL to secure the credentials in transit.


Click OK.

Task 2: Create a new Exchange ActiveSync mailbox policy


On VAN-EX2, if required, open the Exchange Management Console.


In the console tree, expand Organization Configuration, and then click Client Access.


In the Actions pane, click New Exchange ActiveSync Mailbox Policy.


In the Mailbox policy name box, type EAS Policy 1.


Select the Allow non-provisionable devices check box. Confirm that the Allow attachments to be
downloaded to device option is selected.


Select the Require password check box.


Select the Enable password recovery check box. This will enable users to recover their Windows
Mobile password through the Exchange Control Panel (ECP).


Click New to create the mobile mailbox policy.


Read the completion summary, and then click Finish. Notice the Exchange Management Shell
command that was used to create the new mobile mailbox policy.

10. Right-click EAS Policy 1, and then click Properties. Notice that the General tab has additional
11. Click the Password tab. Notice the additional password-option list that was not available when
creating the mobile mailbox policy.
12. On the Sync Settings tab, review the configuration options.
13. On the Device tab, review the configuration options.
14. On the Device Applications tab, review the configuration options. To implement these settings, you
must have an Enterprise Client Access License for each mailbox.
15. On the Other tab, review the options for allowing or blocking specific applications, and then click OK.


Lab Answer Key: Managing Client Access

16. In the console tree, expand Recipient Configuration, and then click Mailbox.
17. In the result pane, right-click Scott MacDonald, and then click Properties.
18. Click the Mailbox Features tab, click Exchange ActiveSync, and then click Properties.
19. In the Exchange ActiveSync Properties dialog box, click Browse.
20. Select EAS Policy 1, and then click OK.
21. Click OK twice to save and apply the changes.

To prepare for the next module

When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:

On the host computer, start Hyper-V Manager.


Right-click the virtual machine name in the Virtual Machines list, and then click Revert.


In the Revert Virtual Machine dialog box, click Revert.


In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.


To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important: Start the VAN-DC1 virtual machine first, and ensure that it is fully started before
starting the other virtual machines.


Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.


Wait for VAN-EX1 to start, and then start VAN-EX2. Connect to the virtual machine.

Lab Answer Key: Managing Message Transport

Module 5
Lab Answer Key: Managing Message Transport
Exercise 1: Configuring Internet Message Transport

Exercise 2: Troubleshooting Message Transport

Exercise 3: Troubleshooting Internet Message Delivery

Lab Answer Key: Managing Message Transport

Module 5: Managing Message Transport

Lab: Managing Message Transport

Exercise 1: Configuring Internet Message Transport
To prepare for this lab

On VAN-EX2, click Start, right-click Network, and then click Properties.


Click Change adapter settings.


Right-click Local Area Connection, and then click Properties.


Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.


Change the IP address to, and then click OK. Click Close.


Click the Start button, and then click Restart. In the Comment field, type Lab restart, and then click


After the system is restarted, log on to VAN-EX2 as Adatum\Administrator, using the password
Note These preparation steps move VAN-EX2 to a second site defined in Active
Directory Domain Services (AD DS).

Task 1: Configure a Send connector to the Internet


On VAN-EX1, click Start, point to All Programs, point to Microsoft Exchange Server 2010, and
then click Exchange Management Console.


In Exchange Management Console, expand Microsoft Exchange On-Premises, expand

Organization Configuration, and then click Hub Transport.


In the Hub Transport pane, click the Send Connectors tab.


In the Actions pane, click New Send Connector.


In the New Send Connector window, in the Name box, type Internet Send Connector.


In the Select the intended use for this Send connector list, click Internet, and then click Next.


On the Address space page, click Add.


In the Address space(for example, field, type *, click OK, and then click Next.


On the Network settings page, click Route mail through the following smart hosts, click Add,
and then click Fully qualified domain name (FQDN).

10. In the Fully qualified domain name (FQDN) box, type, click OK, and then
click Next.
11. On the Configure smart host authentication settings page, click Next.
12. On the Source Server page, ensure that VAN-EX1 is listed, and then click Next.
13. On the New Connector page, click New, and then click Finish.

Lab Answer Key: Managing Message Transport

Task 2: Configure a Receive connector to accept Internet messages


In the Microsoft Exchange Server Exchange Management Console, expand Server Configuration,
click Hub Transport, and then in the Hub Transport pane, click VAN-EX1.


In the Actions pane, click New Receive Connector.


In the New Receive Connector window, in the Name box, type Internet Receive Connector.


In the Select the intended use for this Receive connector list, click Custom, and then click Next.


On the Local Network settings page, click Next.


On the Remote Network settings page, click the red X to delete the entry, and then click Add.


In the Address or address range box, type, click OK, and then click Next.


On the New Connector page, click New, and then click Finish.


In the VAN-EX1 pane, double-click Internet Receive Connector.

10. In the Internet Receive Connector window, on the General tab, in the Protocol logging level list,
click Verbose.
11. On the Permission Groups tab, select the Anonymous users check box, and then click OK.

Task 3: Enable anti-spam functionality on the Hub Transport server


In Exchange Management Console, expand Server Configuration, click Hub Transport, and then
click VAN-EX1 in the Hub Transport pane.


In the VAN-EX1 pane, verify that only the Receive Connectors tab is available.


Click Start, point to All Programs, point to Microsoft Exchange Server 2010, and then click
Exchange Management Shell.


At the PS prompt, type cd c:\Program Files\Microsoft\Exchange Server\v14\scripts, and then

press Enter.


At the PS prompt, type .\install-AntispamAgents.ps1, and then press Enter.


Type Restart-Service MSExchangeTransport, and then press Enter. Wait for the Transport Service to
finish restarting.


In Exchange Management Console, expand Server Configuration, click Hub Transport, click
Refresh in Hub Transport Actions pane, and then click VAN-EX1 in the Hub Transport pane.


In the VAN-EX1 pane, click the Anti-Spam tab.


Expand Organization Configuration, click Hub Transport, and then click the Anti-spam tab.

Task 4: Verify that Internet message delivery works


On VAN-EX1, start Windows Internet Explorer, and connect to



Log on as Adatum\Wei with the password Pa$$w0rd.


On the Microsoft Outlook Web App page, click OK.

Lab Answer Key: Managing Message Transport


Create and send a new email to with the subject Test Mail to Internet. Close
Internet Explorer.


Switch to Exchange Management Console.


On the left pane, expand Microsoft Exchange On-Premises, and then click Toolbox.


In the Toolbox pane, double-click Queue Viewer.


On the Queues tab, verify that the queue has a Message Count of 0.
Note If the message queue is not empty, verify that the Simple
Mail Transfer Protocol (SMTP) service is running on VAN-DC1.


On VAN-DC1, click Start, point to All Programs, point to Accessories, and then click Command

10. At the command prompt, type telnet van-ex1 smtp, and then press Enter.
11. Type helo, and then press Enter.
12. Type mail from:, and then press Enter.
Response: 250 2.1.0 Sender OK
13. Type rcpt, and then press Enter.
Response: 250 2.1.5 Recipient OK
14. Type data, and then press Enter.
Response: 354 Start mail input; end with <CRLF>.<CRLF>
15. Type Subject: Test from Internet, and then press Enter.
16. Press the PERIOD key, and then press Enter.
17. Type Quit, and then press Enter.
18. On VAN-EX1, start Internet Explorer, and connect to
19. Log on as Adatum\Wei with the password Pa$$w0rd.
20. Verify that the mail with the subject Test from Internet mail has arrived in the Junk Email folder.
Close Internet Explorer.
Results: After this exercise, you should have configured Internet message transport by configuring Send
and Receive connectors, enabling anti-spam functionality, and verifying Internet message delivery.

Exercise 2: Troubleshooting Message Transport

Task 1: Check the routing log, and verify that mail delivery works correctly

On VAN-EX1, in Exchange Management Console, click Toolbox.


In the Toolbox pane, under Mail flow tools, double-click Routing Log Viewer.


In the Routing Log Viewer window, select the File menu, and then click Open log file.


In the Open Routing Table Log File dialog box, click Browse server files.

Lab Answer Key: Managing Message Transport


In the Open dialog box, select the latest RoutingConfig#... file, and then click Open.


On the Active Directory Sites & Routing Groups tab, expand the Active Directory sites until you see
the Exchange Servers in their respective sites.


Start Internet Explorer, and connect to


Log on as Adatum\Wei with the password Pa$$w0rd.


Create and send a new email to Anna, with the subject Test Mail to VAN-EX2.

10. On VAN-EX2, start Internet Explorer, and connect to

11. Log on as Adatum\Anna with the password Pa$$w0rd.
12. On the Microsoft Outlook Web App page, click OK.
13. Reply to the mail Test Mail to VAN-EX2 from Wei.
14. Switch back to VAN-EX1, and check the Inbox in Microsoft Outlook Web App to see if the mail has

Task 2: Troubleshoot message transport


On VAN-EX1, in Exchange Management Shell, type d:\labfiles\Lab05Prep1.ps1, and then

press Enter.


On VAN-EX1, in Internet Explorer, create and send a new email to Anna with the subject Another
Test Mail to VAN-EX2. Close Internet Explorer.


Switch to VAN-EX2, and in Outlook Web App, check the Inbox to see if the mail has arrived.


Switch to VAN-EX1, and in Exchange Management Console, click Toolbox.


In the Toolbox pane, under Mail flow tools, double-click Queue Viewer.


On the Queues tab, double-click site2 to open the queue.


Verify that the message that Wei sent to Anna is listed in the queue. Then click the Queues tab.


On the Queues tab, click Site2, and scroll to the right to view the Last Error column.


Read the Last Error message of that Queue.

10. Click Start, point to All Programs, point to Accessories, and then click Command Prompt.
11. At the command prompt, type telnet van-ex2 smtp, and then press Enter. Verify that you receive a
Connect failed error.
12. On VAN-EX2, open the Exchange Management Console. Expand Microsoft Exchange On-Premises,
expand Server Configuration, click Hub Transport, and then click VAN-EX2 in the Hub Transport
13. On the Receive Connectors tab, notice that only the Client VAN-EX2 connector exists. This is the
reason the server does not accept a port 25 connection.
14. In the Actions pane, click New Receive Connector.
15. In the New Receive Connector window, in the Name box, type Internal VAN-EX2.
16. In the Select the intended use for this Receive connector list, click Internal, and then click Next.
17. On the Remote Network settings page, click Next.

Lab Answer Key: Managing Message Transport

18. On the New Connector page, click New, and then click Finish.
19. Switch to VAN-EX1, and in Exchange Management Console, click Toolbox.
20. In the Toolbox pane, under Mail flow tools, double-click Queue Viewer.
21. Right-click site2, and then click Retry to force an immediate retry of the message delivery. Verify that
the queue now has a message count of 0.
22. Switch to VAN-EX2, and check Annas Inbox in Outlook Web App to see that the message is now
Results: After this exercise, you should have verified routing logs, and used the other troubleshooting
tools in Exchange Server to troubleshoot message transport.

Exercise 3: Troubleshooting Internet Message Delivery

Task 1: Send a message to the Internet, and track it

On VAN-EX2, open Outlook Web App, and from Annas mailbox, create and send a new email to with the subject Test Mail to Internet from VAN-EX2.

Task 2: Implement user-based message tracking to verify mail delivery


On VAN-EX2, in Outlook Web App, click Options, then click See All Options to open the Exchange
Control Panel.


On the left pane, click Organize E-Mail, and then click the Delivery Reports tab.


Click Search.


In the Search Results pane, select the message you sent to, and then click Details.


Verify that is the message was sent to a server outside the organization. Close Internet Explorer.

Task 3: Troubleshoot Internet message delivery


On VAN-EX1, in Exchange Management Shell, type d:\labfiles\Lab05Prep2.ps1, and then

press Enter.


On VAN-EX2, start Internet Explorer, and connect to


Log on as Adatum\Anna with the password Pa$$w0rd.


Create and send a new email to with the subject Another Mail to Internet
from VAN-EX2.


On VAN-EX1, in Exchange Management Console, click Toolbox.


In the Toolbox pane, under Mail flow tools, double-click Message Tracking. An Internet Explorer
window opens with Outlook Web App running.


Log on as adatum\administrator with the password Pa$$w0rd. If the Choose the language you
want to use page appears, click OK.


In the Select what to manage drop down list, click My Organization. Click Reporting.

Lab Answer Key: Managing Message Transport


On the Delivery Reports tab, in the Mailbox to search field, click Browse, select Anna Lidman in
the Select Mailboxes to Search window, and then click OK.

10. Click Search.

11. In the Search Results window, select the message with the subject Another Mail to Internet from
VAN-EX2, and then click Details.
12. In the middle pane of the Delivery Report window, notice that the Status of the message is Pending.
13. Review the Delivery Report pane as it lists every route the message has taken in the Exchange
Organization. At the end of the list, you will see the reason why the message is pending.
14. Click Close in the Delivery Report pane.
15. In Exchange Management Console, click Toolbox.
16. In the Toolbox pane, under Mail flow tools, double-click Mail Flow Troubleshooter.
17. On the Updates and Customer Feedback page, click Do not check for updates on startup and
I dont want to join the program at this time. Click Go to Welcome Screen.
18. On the Exchange Mail Flow Troubleshooter page, in the Enter an identifying label for this
analysis text box, type Internet Message Delivery Failure.
19. Under What symptoms are you seeing?, click Messages are backing up in one or more queues
on a server. Click Next.
20. On the Enter Server and User Information page, enter the following information, and then click

Exchange Server Name: VAN-EX1

Global Catalog Server Name: VAN-DC1

21. On the Basic Server Information page, review the information, and then click Next.
22. On the Initial Queue Analysis Results page, click the displayed item, review the information, and
then click Next.
23. On the Remote Delivery Queue(s) Initial Analysis Results page, review the information, scroll
down, and then click Next.
24. On the DNS Availability Check Results, review the information, and then click Next.
25. On the DNS Record Analysis Results, review the information, and then click Next.
26. On the Remote Delivery Queue(s) DNS Records Analysis Results, notice that the wizard has
identified a possible root cause, and then click Next.
27. On the Remote Delivery Queue(s) Connectivity Test Results page, review the information, and
then click Next.
28. On the Remote Delivery SMTP Instance Configuration Analysis Results page, click Next.
29. On the Remote SMTP Service Diagnosis Results page, click Next.
30. On the Remote Delivery Queue(s) Message Tracking Log Analysis Results page, click Next.
31. On the Remote Delivery Queue(s) SMTP Commands Analysis Results page, click Next.
32. On the Third-Party Application Analysis Results, click Next.

Lab Answer Key: Managing Message Transport

33. On the View results page, click the Root Causes tab, review the displayed information, and then
close the Troubleshooting Assistant.
34. Switch to VAN-DC1, click Start, point to All Programs, point to Accessories, and then click
Command Prompt.
35. At the command prompt, type nslookup, and then press Enter.
36. Type set querytype=MX, and then press Enter.
37. Type, and then press Enter. The query will timeout, which indicates that the domain
name cannot be resolved. This means that the host cannot directly resolve a Domain Name System
(DNS) domain and has to use a smart host to send a message to the internet.
38. On VAN-EX1, in Exchange Management Console, expand Organization Configuration, and then
click Hub Transport.
39. On the Send Connectors tab, double-click Internet Send Connector.
40. Click the Network tab, select Route mail through the following smart hosts, and then click Add.
41. In the Add smart host dialog box, in the Fully qualified domain name (FQDN) box, type, click OK, and then click OK again.
42. In Exchange Management Console, click Toolbox.
43. In the Toolbox pane, under Mail flow tools, double-click Queue Viewer.
44. Right-click, and then click Retry to force message delivery retry. Make sure that
message is not in queue anymore.
Results: After this exercise, you should have identified and resolved issues in Internet message delivery by
using the Exchange Server troubleshooting tools such as Message Tracking and Mail Flow Troubleshooter.

To prepare for the next module

When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:

On the host computer, start Hyper-V Manager.


Right-click the virtual machine name in the Virtual Machines list, and then click Revert.


In the Revert Virtual Machine dialog box, click Revert.


In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.


To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.


Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.


Wait for VAN-EX1 to start, and then start VAN-SVR1. Connect to the virtual machine.

Lab Answer Key: Implementing Messaging Security

Module 6
Lab Answer Key: Implementing Messaging Security
Lab A: Configuring Edge Transport Servers and
Forefront Protection 2010 for Exchange Server
Exercise 1: Configuring Edge Transport Servers

Exercise 2: Configuring Forefront Protection 2010 for Exchange Server

Lab B: Implementing Anti-Spam Solutions

Exercise 1: Configuring an Anti-Spam Solution on Edge Transport Servers

Lab Answer Key: Implementing Messaging Security

Module 6: Implementing Messaging Security

Lab A: Configuring Edge Transport Servers

and Forefront Protection 2010 for Exchange
Exercise 1: Configuring Edge Transport Servers
Task 1: Install the Edge Transport Server role

On VAN-SVR1, click Start, point to All Programs, point to Accessories, and then click Command


At the command prompt, type d:\Setup /mode:install /role:EdgeTransport, and then press Enter.
Wait for the installation to finish. The installation will take approximately eight to 10 minutes.


At the command prompt, type Exit, and then press Enter.


Restart VAN-SVR1 and logon as Administrator, using the password Pa$$w0rd.


Click Start, point to All Programs, point to Microsoft Exchange Server 2010, and then click
Exchange Management Console.


In the Microsoft Exchange window, click OK.


In Exchange Management Console, in the left pane, click Edge Transport.

Task 2: Configure Edge Synchronization


On VAN-SVR1, click Start, point to All Programs, point to Microsoft Exchange Server 2010, and
then click Exchange Management Shell.


In Exchange Management Shell, at the command prompt, type New-EdgeSubscription -FileName

c:\VAN-SVR1.xml, and then press Enter. In the Confirm text, enter Y, and then press Enter.


Click Start, and in the search box, type \\van-ex1\c$, and then press Enter.


Copy c:\VAN-SVR1.xml to the VAN-EX1\c$. Remember, that in real-world scenarios, it would be a

security violation if you are able to copy the EdgeSubscription file directly from the Edge Transport
server to the Hub Transport server. Normally, you would use a universal serial bus (USB) device or
other means to copy the file.


On VAN-EX1, click Start, point to All Programs, point to Microsoft Exchange Server 2010, and
then click Exchange Management Console.


In Exchange Management Console, click Microsoft Exchange On-Premises, expand Organization

Configuration, and then click Hub Transport.


In the Hub Transport pane, click the Edge Subscriptions tab.


In the Actions pane, click New Edge Subscription.


In the New Edge Subscription window, beside Active Directory Site, click Browse. Select DefaultFirst-Site-Name as Active Directory Domain Services site, and then click OK.

Lab Answer Key: Implementing Messaging Security

10. Beside Subscription file, click Browse. Browse to the C:\ click VAN-SVR1.XML click Open, make
sure Automatically create a Send connector for this Edge Subscription is checked, and then
click New.
11. On the Completion page, click Finish.

Task 3: Verify that EdgeSync is working and that Active Directory Lightweight
Directory Services contains data

On VAN-EX1, click Start, point to All Programs, point to Microsoft Exchange Server 2010, and
then click Exchange Management Shell.


In Exchange Management Shell, at the command prompt, type Start-EdgeSynchronization, and

then press Enter.


At the command prompt, type Test-EdgeSynchronization -FullCompareMode, and then

press Enter.


Ensure that the result displayed includes SyncStatus: Normal, otherwise you need to wait for another
minute and run Test-EdgeSynchronization again.


At the command prompt, type Get-User -Identity Wei | ft Name, GUID, and then press Enter.


Write down the first eight characters of the globally unique identifier (GUID) in your notes.


Switch to VAN-SVR1, click Start, point to All Programs, point to Accessories, and then click
Command Prompt.


At the command prompt, type LDP, and then press Enter.


In the LDP window, click Connection on the menu bar, and then click Connect.

10. In the Connect window, type VAN-SVR1 in the Server box, type 50389 in the Port box, and then
click OK.
11. Click Connection on the menu bar, and then click Bind.
12. In the Bind window, in the Bind type pane, click Bind as currently logged on user, and then
click OK.
13. Click View on the menu bar, and then click Tree.
14. In the Tree View dialog box, clear any entry in the BaseDN field, and then click OK.
15. In the LDP window, in the left pane, double-click OU=MSExchangeGateway to expand it.
16. Double-click CN=Recipients,OU=MSExchangeGateway.
17. By using the GUID you entered in previous steps, you can locate the recipient. It starts with
CN=<GUID>. After you find it, double-click the recipient GUID, and review the data that is available
for this recipient. Close LDP.

Task 4: Verify that Internet message delivery works


On VAN-EX1, in Exchange Management Console, expand Organization Configuration, and then

click Hub Transport.


Click the Send Connectors tab.

Lab Answer Key: Implementing Messaging Security


Double-click EdgeSync - Default-First-Site-Name to Internet.


Click the Network tab, click Route mail through the following smart hosts, and then click Add.


In the IP address field, type, and then click OK twice.


In Exchange Management Shell, type Start-EdgeSynchronization, and then press Enter.


At the command prompt, type Exit, and then press Enter.


Start Windows Internet Explorer, and connect to


Log on as Adatum\Wei using the password Pa$$w0rd.

10. On the Microsoft Outlook Web App page, click OK.

11. Create and send a new e-mail to with the subject Test Mail to Internet.
12. Verify that you do not get a non-delivery report message.
Results: After this exercise, you should have installed an Edge Transport server role, and configured Edge
Synchronization between a Hub Transport and an Edge Transport server.

Exercise 2: Configuring Forefront Protection 2010 for Exchange Server

Task 1: Install Forefront Protection 2010 for Exchange Server

On the host computer, in the Hyper-V Manager Microsoft Management Console (MMC), right-click
the 10135B-VAN-SVR1 virtual machine, and then click Settings.


In the Settings for 10135B-VAN-SVR1 dialog box, in the Hardware section, expand IDE
Controller 1, and then click DVD Drive.


In the details pane, click Image file, and type C:\Program Files\Microsoft Learning\10135
\Drives\ForeFrontInstall.iso in the field, and then click OK.


On VAN-SVR1, close the Autoplay dialog box. Click Start, in the Search field, type D:\, and then
press Enter.


In Windows Explorer, double-click forefrontexchangesetup.exe.


In the Setup Wizard window, on the License Agreement page, click I agree to the terms of the
license agreement and privacy statement, and then click Next.


On the Service Restart page, click Next.


On the Installation Folders page, click Next.


On the Proxy Information page, click Next.

10. On the Antispam Configuration page, click Enable antispam later, and then click Next.
11. On the Microsoft Update page, click I dont want to use Microsoft Update, and then click Next.
12. On the Customer Experience Improvement Program page, click Next.
13. On the Confirm Settings page, click Next. Wait for the installation to finish. It will take about five
14. On the Installation Results page, click Finish. Close Windows Explorer.

Lab Answer Key: Implementing Messaging Security

Task 2: Configure Forefront Protection 2010 for Exchange Server


On VAN-SVR1, click Start, point to All Programs, point to Microsoft Forefront Server Protection,
and then click Forefront Protection for Exchange Server Console.


In the Evaluation License Notice window, click OK.


In the Forefront Protection 2010 for Exchange Server Administrator Console window, in the left pane,
click Policy Management.


In the Policy Management pane, under Antimalware, click Edge Transport.


On the Antimalware - Edge Transport page, in the Engines and Performance pane, select the Scan
with all engines option.


In the Scan Actions pane, in the Action list in the Virus row, select Delete.


On the Antimalware - Edge Transport page, click Save.


In the Policy Management pane, expand Global Settings, and then click Advanced Options.


On the Global Settings - Advanced Options page, in the Threshold Levels pane, increase the value
of Maximum nested depth compressed files to 10 and Maximum nested attachments to 50.

10. Under Intelligent Engine Management, in the Engine management list, select Manual.
11. In the Update scheduling table, click Norman Virus Control, and then click Edit Selected Engines
12. In the Edit Selected Engine dialog box, in the Update frequency pane, verify that the Check for
updates every check box is selected, type 00:30 in the box, and then click Apply and Close.
13. On the Global Settings - Advanced Options page, click Save.
14. In the Policy Management pane, expand Global Settings, and then click Scan Options.
15. On the Global Settings - Scan Options page, in the Scan Targets Transport pane, under Target
types, clear Internal, and then click Save.
16. Close the Microsoft Forefront Protection 2010 for Exchange Server Administrator Console.
Results: After this exercise, you should have installed and configured Forefront Protection 2010 for
Exchange Server on the Edge Transport server.

To prepare for the next lab

Do not shut down the virtual machines and revert them to their initial state when you finish this lab.
The virtual machines are required to complete this modules last lab.

Lab Answer Key: Implementing Messaging Security

Lab B: Implementing Anti-Spam Solutions

Exercise 1: Configuring an Anti-Spam Solution on Edge Transport Servers
Task 1: Configure Domain Name System (DNS) for Internet message delivery

On VAN-DC1, click Start, point to All Programs, point to Administrative Tools, and click DNS.


Expand Forward Lookup Zones, and then click


Right-click, and then click New Mail Exchanger (MX).


In the New Resource Record dialog box, in the Fully qualified domain name (FQDN) of mail
server box, type


Click OK, and close DNS Manager.

Task 2: Configure global SCL for junk mail delivery


On VAN-SVR1, click Start, point to All Programs, point to Microsoft Exchange Server 2010, and
then click Exchange Management Console.


In Exchange Management Console, click Edge Transport.


In the Edge Transport pane, select VAN-SVR1, and then click the Anti-spam tab.


In the Anti-spam pane, double-click Content Filtering.


In the Content Filtering Properties window, click the Action tab.


In the Action tab, clear the Reject messages that have an SCL rating greater than or equal to
check box, and then click OK.


On VAN-EX1, click Start, point to All Programs, point to Microsoft Exchange Server 2010, and
then click Exchange Management Shell.


In Exchange Management Shell, type Set-OrganizationConfig -SCLJunkThreshold 6, and then

press Enter.


At the PS prompt, type D:\labfiles\Lab6Prep.ps1, and then press Enter. This will send 11 messages
with the following spam confidence level (SCL) ratings:
Mail sender

SCL level

Lab Answer Key: Implementing Messaging Security

Mail sender

SCL level

10. On VAN-EX1, start Internet Explorer, and connect to

11. Log on as Adatum\Wei using the password Pa$$w0rd.
12. In the Mail pane, click Inbox. You should see three new messages in the Inbox. If not, wait for another
minute until they arrive. You see the mails because their SCL rating is 6, and not above.
13. In the Inbox pane, double-click the message from
14. In the message window, click Message Details on the toolbar.
15. In the Message details window, identify the SCL level of this message by looking for
X-MS-Exchange-Organization-SCL in the Internet Mail Headers box. You should find
X-MS-Exchange_Organization-SCL:6 which indicates an SCL rating of 6. Then click Close to close
Message Details. Close the message window.
16. In the Mail pane, click Junk E-Mail. You should see eight new messages in the Junk E-Mail folder that
have been identified as junk mail as their SCL level was more than six. You can verify this by looking
at the Message Details of the messages.
17. Delete all messages in the Inbox and Junk E-Mail folders.

Task 3: Configure content filtering to reject junk messages


On VAN-SVR1, click Start, point to All Programs, point to Microsoft Exchange Server 2010, and
then click Exchange Management Console.


In Exchange Management Console, click Edge Transport.


In the Edge Transport pane, select VAN-SVR1, and then click the Anti-spam tab.


In the Anti-spam pane, double-click Content Filtering.


In the Content Filtering Properties window, click the Action tab.


In the Action tab, select the Reject messages that have an SCL rating greater than or equal to
check box, configure it to 7, and then click OK.


On VAN-EX1, in Exchange Management Shell, type: D:\labfiles\Lab6Prep.ps1 and then press Enter.
This will send the 11 messages again, but notice that the Content Filter agent rejects all messages as
spam if they have a SCL level of 7 or more. Thus, only three messages will reach Weis Inbox, and the
other messages should not be delivered to the users Junk E-Mail folder.


On VAN-EX1, start Internet Explorer, and connect to


Log on as Adatum\Wei using the password Pa$$w0rd.

Lab Answer Key: Implementing Messaging Security

10. In the Mail pane, click Inbox. Notice the three new messages in the Inbox.
11. To delete all messages in the Inbox, select them, and then click Delete.

Task 4: Configure an IP Allow List


On VAN-SVR1, in Exchange Management Console, click the Anti-spam tab.


In the Anti-spam pane, double-click IP Allow List.


In the IP Allow List Properties window, click the Allowed Addresses tab.


On the Allowed Addresses tab, click Add.


In the Add Allowed IP Address window, type in the Address or address range box, and
then click OK.


On the Allowed Address tab, click OK.


On VAN-EX1, in Exchange Management Shell, type: D:\ labfiles\Lab6Prep.ps1, and then press Enter.


On VAN-EX1, start Internet Explorer, and connect to


Log on as Adatum\Wei using the password Pa$$w0rd.

10. In the Mail pane, click Inbox. You should see 11 new messages in the Inbox.
11. Double-click one message, and review the Message Detail. The SCL rating should be -1. When the
sending SMTP server is added to the IP Allow List, content filtering is not applied to the messages.
12. To delete all messages in the Inbox, select them, and then click Delete.

Task 5: Configure a Block List Provider


On VAN-SVR1, in Exchange Management Console, click the Anti-spam tab.


In the Anti-spam pane, double-click IP Block List Providers.


In the IP Block List Properties window, click the Providers tab.


On the Providers tab, click Add.


In the Add IP Block List Provider window, type Spamhaus in the Provider name box, type in the Lookup domain box, and then click OK twice.

Results: After this exercise, you should have configured different SCL levels, and verified the behavior of
junk mail in user mailboxes. You should also have configured a Block List Provider.

Lab Answer Key: Implementing Messaging Security

To prepare for the next module

When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:

On the host computer, start Hyper-V Manager.


Right-click the virtual machine name in the Virtual Machines list, and then click Revert.


In the Revert Virtual Machine dialog box, click Revert.


In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.


To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.


Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.


Wait for VAN-EX1 to start, and then start VAN-EX2. Connect to the virtual machine.


Wait for VAN-EX2 to start, and then start VAN-EX3. Connect to the virtual machine.

Lab Answer Key: Implementing High Availability

Module 7
Lab Answer Key: Implementing High Availability
Exercise 1: Deploying a DAG

Exercise 2: Deploying Highly Available Hub Transport and Client Access

Exercise 3: Testing the High Availability Configuration

Lab Answer Key: Implementing High Availability

Module 7: Implementing High Availability

Lab: Implementing High Availability

Exercise 1: Deploying a DAG
Task 1: Create a DAG named DAG1 by using the Microsoft Exchange
Management Shell

On VAN-EX1, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Shell.


At the PS prompt, type New-DatabaseAvailabilityGroup Name DAG1 WitnessServer VAN-DC1

-WitnessDirectory C:\FSWDAG1 -DatabaseAvailabilityGroupIPAddress, and then
press Enter. You can ignore the warning message.


At the PS prompt, type Add-DatabaseAvailabilityGroupServer DAG1 MailboxServer VAN-EX1,

and then press Enter.


On VAN-EX2, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Console.


In the Console Tree, expand Microsoft Exchange On-Premises, expand Organization

Configuration, and then click Mailbox.


In the Results pane, click the Database Availability Groups tab.


In the Work pane, on the Database Availability Groups tab, right-click DAG1, and then click
Manage Database Availability Group Membership from the context menu.


In the Manage Database Availability Group Membership Wizard, click Add.


In the Select Mailbox Server dialog box, click VAN-EX2, and then click OK.

10. In the Manage Database Availability Group Membership Wizard, click Manage to complete the
changes, wait for the installation to finish, and then click Finish to close the wizard.

Task 2: Create a mailbox database copy of the Accounting database


On VAN-EX1, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Console.


In the Console Tree, expand Microsoft Exchange On-Premises, expand Organization

Configuration, and then click Mailbox.


In the Results pane, click the Database Management tab.


In the Results pane, click Accounting, and then in the Actions pane, click Add Mailbox
Database Copy.


In the Add Mailbox Database Copy Wizard, click Browse to select the server to which to add
the copy.


In the Select Mailbox Server dialog box, click VAN-EX2, and then click OK.

Lab Answer Key: Implementing High Availability


In the Add Mailbox Database Copy Wizard, click Add to create the copy of the Accounting
mailbox database.


Review the results, and then click Finish.

Task 3: Verify successful completion of database copying


In the Results pane, click the Database Management tab, and then click Accounting.


In the bottom Work pane, view the Copy Status column for each database copy.


Click the Accounting entry that has a Healthy copy status, right-click it, and then choose Properties
from the context menu.


View the Status, Copy queue length, and Replay queue length on the General tab, and then click
on the Status tab.


On the Status tab, view the Seeding, Latest available log time, Last inspected log time, Last
copied log time, and Last replayed log time properties, and then click OK.

Task 4: Suspend the Accounting database copy on VAN-EX2


In the Results pane, on the Database Management tab, click Accounting.


In the bottom Work pane, view the Copy Status column for each database copy.


Click the Accounting entry that has a Healthy copy status, right-click on it, and then choose
Suspend Database Copy from the context menu.


In the Suspend Mailbox Database Copy dialog box, type Software Updates being applied, and
then click Yes.


In the bottom Work pane, view the Copy Status column for each database copy. The copy status will
turn to Suspended.

Results: After this exercise, you should have created a DAG and a mailbox database copy of the
Accounting database. The Accounting database copy on VAN-EX2 should remain in a suspended state.

Exercise 2: Deploying Highly Available Hub Transport and Client Access

Task 1: Create and configure a client access array for

On VAN-EX1, in the Exchange Management Shell, at the PS prompt, type New-ClientAccessArray

Fqdn Name Site Default-First-Site-Name, and
then press Enter.

Task 2: Assign the client access array to the databases


At the PS prompt, type Get-MailboxDatabase | ft Name, Server, RPC*, and then press Enter.


At the Exchange Management Shell prompt, type Get-MailboxDatabase |Set-MailboxDatabase

RpcClientAccessServer, and then press Enter.


At the PS prompt, type Get-MailboxDatabase | ft Name, Server, RPC*, and then press Enter.

Results: At the end of this exercise, you should have created a client access array and assigned it to the

Lab Answer Key: Implementing High Availability

Exercise 3: Testing the High Availability Configuration

Task 1: Create a SMTP connector associated with VAN-EX1 and VAN-EX2

On VAN-EX2, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Console.


In the Console Tree, expand Microsoft Exchange On-Premises, expand Organization

Configuration, and then click on Hub Transport.


Click the Send Connectors tab, and then in the Actions pane, click New Send Connector.


In the Name box, type Internet Mail.


In the Select the intended use for this Send connector drop-down menu, select Internet, and then
click Next.


On the Address space page, click Add.


In the SMTP Address space dialog box, in the Address space box, type *, click OK, and then click
Next on the Address space page.


On the Network Settings page, click Route mail through the following smart hosts, and then
click Add.


In the Add smart host dialog box, click Fully qualified domain name (FQDN).

10. In the Fully qualified domain name (FQDN) box, type, and then click OK.
11. On the Network settings page, click Next.
12. On the Configure smart host authentication settings page, ensure None is selected, and then
click Next.
13. On the Source server page, click Add.
14. On the Select Hub Transport or Subscribed Edge Transport Server dialog box, hold the Ctrl key,
click VAN-EX1 and VAN-EX2, and then click OK.
15. On the Source server page, click Next.
16. Click New to create the connector, and then click Finish to close the wizard.

Task 2: Stop the SMTP server on VAN-DC1


On VAN-DC1, click Server Manager from the quick launch bar.


In the Console Tree, expand Configuration, and then click Services.


In the Results pane, click Simple Mail Transfer Protocol (SMTP), and then in the Actions pane,
under Simple Mail Transfer Protocol (SMTP) click More Actions, and then click Stop.

Task 3: Send an email to an internal user and an external SMTP address


On VAN-EX1, open Windows Internet Explorer, and connect to



Log on as Adatum\Jason with a password of Pa$$w0rd. Jasons mailbox is on VAN-EX3.


On the Microsoft Outlook Web Access (OWA) language and time zone settings page, click OK.

Lab Answer Key: Implementing High Availability


Click New to create a new email message.


In the To box, type;;.


In the Subject box, type Shadow Redundancy.


In the message body, type Test email, and then click Send.


Close Windows Internet Explorer.

Task 4: Use Queue Viewer to locate the message in the queue


On VAN-EX2, in the Exchange Management Console, click Toolbox.


In the Results pane, double-click Queue Viewer.


On the Queues tab, locate the entry with as the next hop domain. If the
message is not visible, then complete the following steps:

Click Connect to Server in the Actions pane.


On the Connect to Server dialog box, click Browse.


On the Select Exchange Server dialog box, click VAN-EX1, click OK, and then click Connect.


On the Queues tab, locate the entry with the as the next hop domain.


In the Actions pane, click Connect to Server.


On the Connect to Server dialog box, click Browse.


On the Select Exchange Server dialog box, click VAN-EX3, click OK, and then click Connect.


Click the Queues tab, and then click Create Filter.


In the first drop-down menu, select Delivery Type.


In the second drop-down menu, select Equals.

10. In the third drop-down menu, select Shadow Redundancy.

11. Click Apply Filter.
12. Examine the shadow-redundancy queue contents.
13. Click on the Messages tab, and then click Create Filter.
14. In the first drop-down menu, select From Address.
15. In the second drop-down menu, select Equals.
16. In the third drop-down menu, type
17. Click Apply Filter.
18. Examine the message in the VAN-EX3\Shadow queue.

Task 5: Start SMTP service on VAN-DC1 to allow delivery of the queued message

On VAN-DC1, in Server Manager, expand Configuration, and then click on Services.


In the Results pane, click Simple Mail Transport Protocol (SMTP), and then in the Actions pane,
under Simple Mail Transfer Protocol (SMTP), click More Actions, and then click Start.

Lab Answer Key: Implementing High Availability

Task 6: Verify that the messages were removed from the shadow redundancy queue

On VAN-EX2, in the Queue Viewer, verify that you are connected to VAN-EX3.


Click the Queues tab, and verify that the Shadow Redundancy filter is still being applied.


Examine the contents of the shadow redundancy queue.

Note You may need to wait a few minutes for the message to be removed from the
Shadow redundancy queue.

Task 7: Verify the copy status of the Accounting database, and resume the database

On VAN-EX1, in the Exchange Management Console, locate the Console Tree, expand Organization
Configuration, and then click Mailbox.


In the Results pane, click the Database Management tab, and then click Accounting.


In the bottom Work pane, view the Copy Status column for each database copy, click the Accounting
entry that has a Suspended copy status, right-click on it, and then choose Properties from the
context menu.


View the Status, Copy queue length, and Replay queue length on the General tab, and then click
on the Status tab.


On the Status tab, view the Seeding, Latest available log time, Last inspected log time, Last
copied log time, and Last replayed log time properties, and then click OK.


Click the Accounting entry that has a Suspended copy status, right-click on it, and then choose
Resume Database Copy from the context menu.


On the Resume Mailbox Database Copy dialog box, click Yes.


Wait until the copy status of the Accounting database copy on VAN-EX2 is Healthy. You may need to
refresh the display.

Task 8: Perform a switchover on the Accounting database to make the VAN-EX2

copy active

In the bottom Work pane, view the Copy Status column for each database copy, click the Accounting
entry that has a Healthy copy status, right-click on it, and then choose Activate Database Copy
from the context menu.


In the Activate Database Copy dialog box, verify None is selected, and then click OK.

Task 9: Simulate a server failure


On VAN-EX1, in the Results pane, click the Database Management tab. Wait until the Accounting
database copy status for VAN-EX1 is Healthy.


In Hyper-V Manager, select 10135B-VAN-EX2, and then click Revert in the Actions pane. In the
Revert Virtual Machine dialog box, click Revert.


View the status of the Accounting database in the Results pane. The database copy on VAN-EX1 will
change to a Mounted status, and the database copy on VAN-EX2 will have a ServiceDown status.

Results: After this exercise, you should have verified that the mailbox databases could fail over and switch
between DAG servers, and that Hub Transport shadow redundancy is working properly.

Lab Answer Key: Implementing High Availability

To prepare for the next module

When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:

On the host computer, start Hyper-V Manager.


Right-click the virtual machine name in the Virtual Machines list, and then click Revert.


In the Revert Virtual Machine dialog box, click Revert.


In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.


To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it starts fully before
starting the other virtual machines.


Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.


Wait for VAN-EX1 to start, and then start VAN-SVR1. Connect to the virtual machine.

Lab Answer Key: Implementing Backup and Recovery

Module 8
Lab Answer Key: Implementing Backup and Recovery
Exercise 1: Backing Up Exchange Server 2010

Exercise 2: Restoring Exchange Server Data

Exercise 3: Restoring Exchange Servers (optional)

Lab Answer Key: Implementing Backup and Recovery

Module 8: Implementing Backup and Recovery

Lab: Implementing Backup and Recovery

Exercise 1: Backing Up Exchange Server 2010
Task 1: Populate a mailbox

On VAN-EX1, click Start, point to All Programs, and then click Internet Explorer.


In the Address bar, type, and then press Enter.


Log on as Adatum\Parna with the password Pa$$w0rd.


Click OK to accept the default Microsoft Outlook Web App settings.


Click New to create a new message.


In the To box, type George; Parna.


In the Subject box, type Message before Backup, and then click Send.


Close Windows Internet Explorer.


On VAN-EX1, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Shell.

10. At the PS prompt, type Restart-Service MSExchangeIS, and then press Enter.

Task 2: Perform a backup of the mailbox database by using Windows Server Backup

On VAN-EX1, click Start, click Administrative Tools, and then click Server Manager.


In Server Manager, click Features, and then on the Features Summary pane, click Add Features.


In the Add Features Wizard, expand Windows Server Backup Features, click Windows Server
Backup, and then click Next.


On the Confirm Installation Selections page, click Install. When the installation finishes, click Close.


Click Start, click Administrative Tools, and then click Windows Server Backup.


In Windows Server Backup, on the Actions pane, click Backup Once.


In the Backup Once Wizard, on the Backup Options page, select Different options, and then click


On the Select Backup Configuration page, select Custom, and then click Next.


On the Select Items for Backup page, click Add items, check Local disk (C:) in the Select Items
window, and then click OK.

10. On the Select Items for Backup page, click Advanced Settings, click on the VSS Settings tab, select
VSS full Backup, click OK, and then click Next.
11. On the Specify Destination Type page, select Remote shared folder, and then click Next.
12. On the Specify Remote Folder page, in the Location field, type \\VAN-DC1\Backup, and then click

Lab Answer Key: Implementing Backup and Recovery

13. On the Confirmation page, click Backup. The backup will take approximately 15 to 20 minutes.
14. On the Backup Progress page, click Close.

Task 3: Delete messages in mailboxes


Click Start, point to All Programs, and then click Internet Explorer.


In the Address bar, type, and then press Enter.


Log on as Adatum\George with the password Pa$$w0rd.


Click OK to accept the default Outlook Web App settings.


Right-click the message with the subject Message before Backup, and then click Delete.


In the left pane, right-click Deleted Items, and then click Empty Deleted Items.


In the Empty Deleted Items box, click Yes.


Close Internet Explorer.


Open Internet Explorer and connect to, and then press Enter.

10. Log on as Adatum\Parna with the password Pa$$w0rd.

11. Click Sent Items, and delete all messages in the folder.
12. In the left pane, right-click Deleted Items, and then click Empty Deleted Items.
13. In the Empty Deleted Items box, click Yes.
14. Close Internet Explorer.
Results: After this exercise, you should have created a backup of an Exchange Server database, and
deleted messages.

Exercise 2: Restoring Exchange Server Data

Task 1: Restore the database using Windows Backup

On VAN-EX1, click Start, click Administrative Tools, and then click Windows Server Backup.


In Windows Server Backup, on the Actions pane, click Recover.


In the Recovery Wizard, on the Getting Started page, select This server (VAN-EX1), and then click


On the Select Backup Date page, click Next.


On the Select Recovery Type page, select Applications, and then click Next.


On the Select Application page, select Exchange, and then click Next.


On the Specify Recovery Options page, click Recover to another location, click Browse, expand
Computer, click Local Disk (C:), click Make New Folder, enter DBBackup, click OK, and then click

Lab Answer Key: Implementing Backup and Recovery


On the Confirmation page, click Recover.


On the Recovery Progress page, wait until the restore is completed, and then click Close. Close
Windows Server Backup.

Task 2: Create a recovery database by using the backup files


On VAN-EX1, at the Exchange Management Shell prompt, type New-MailboxDatabase

-Name RecoverDB -Server VAN-EX1 -EDBFilePath c:\DBBackup\C_\Program Files
\Microsoft\Exchange Server\V14\Mailbox\Accounting\Accounting.edb -Logfolderpath
c:\DBBackup\C_\Program Files\Microsoft\Exchange Server\V14\Mailbox\Accounting
-Recovery, and then press Enter.


At the Exchange Management Shell prompt, type cd c:\dbbackup\c_\Program Files

\Microsoft\Exchange Server\v14\Mailbox\Accounting, and then press Enter.


At the Exchange Management Shell prompt, type eseutil /R E02 /i /d, and then press Enter.


At the Exchange Management Shell prompt, type Mount-Database RecoverDB, and then
press Enter.


At the Exchange Management Shell prompt, type Get-MailboxStatistics-Database RecoverDB,

and then press Enter.

Task 3: Recover a mailbox from the recovery database


At the Exchange Management Shell prompt, type Restore-Mailbox -Identity Parna

-RecoveryDatabase RecoverDB, and then press Enter.


At the Confirm prompt, type Y, and then press Enter.


Click Start, point to All Programs, and then click Internet Explorer.


In the Address bar, type, and then press Enter.


Log on as Adatum\Parna with the password Pa$$w0rd.


Verify that the deleted message is available in the Sent Items folder.


Close Internet Explorer.


At the Exchange Management Shell prompt, type Remove-Mailboxdatabase -Identity RecoverDB,

and then press Enter. Type Y, and then press Enter.

Results: After this exercise, you should have created a recovery database, and restored a complete
mailbox from the recovery database to their original locations.

Exercise 3: Restoring Exchange Servers (optional)

Task 1: Shutdown VAN-EX1, and reset the computer account

On the host computer, open Microsoft Hyper-V Manager, right-click 10135B-VAN-EX1, and then
click Revert.


In the Revert Virtual Machine dialog box, click Revert.

Lab Answer Key: Implementing Backup and Recovery


On VAN-DC1, click Start, point to Administrative Tools, and then click Active Directory Users and


Click, in results pane click Computers.


In the right pane, right-click VAN-EX1, click Reset Account, and then in the Active Directory
Domain Services dialog box, click Yes, and then click OK.


Close Active Directory Users and Computers.

Task 2: Prepare VAN-SVR1 as VAN-EX1


On VAN-SVR1, click Start, right-click Computer, and then click Properties.


In the System window, in the Computer name, domain, and workgroup settings pane, click Change


On the Computer Name tab, click Change.


In the Computer Name/Domain Changes dialog box, in the Computer name field, type VAN-EX1,
and then click OK.


In the System Properties dialog box, click OK, click Close, and then click Restart Now to restart the


After the computer restarts, log on as Administrator using the password Pa$$w0rd.


Click Start, right-click Computer, and then click Properties.


In the System window, in the Computer name, domain, and workgroup settings pane, click Change


On the Computer Name tab, click Change.

10. Under Member of, click Domain, type, and then click OK.
11. In the Computer Name/Domain Changes dialog box, in the User name field, type Administrator.
12. In the Password field, type Pa$$w0rd, and then click OK.
13. In the Computer Name/Domain Changes dialog box, click OK, and then click OK again.
14. In the System Properties dialog box, click OK, click Close, and then click Restart Now to restart the
15. After the computer restarts, log on as adatum\Administrator using the password Pa$$w0rd.

Task 3: Install Exchange Server 2010 with the RecoverServer mode


On VAN-SRV1, click Start, click Run, and then in the Open box, type d:\setup /m:RecoverServer,
and then press Enter. The installation takes approximately 15 minutes.


Click Start, point to All Programs, point to Microsoft Exchange Server 2010, and then click
Exchange Management Console.


In Exchange Management Console, click Microsoft Exchange On-Premises (,

expand Organization Configuration, and then click Mailbox.


In the Mailbox pane, on the Database Management tab, right-click Accounting, and then click

Lab Answer Key: Implementing Backup and Recovery


In Accounting Properties, click on the Maintenance tab, click This database can be overwritten by
a restore, and then click OK.


Repeat steps 4 and 5 for Mailbox Database 1.


In the Mailbox pane, on the Database Management tab, right-click Public Folder Database 1, and
then click Properties.


In Public Folder Database 1 Properties, on the General tab, click This database can be overwritten
by a restore, and then click OK.

Task 4: Recover the mailbox databases from backup


On VAN-SVR1, click Start, click All Programs, click Administrative Tools, and then click Windows
Server Backup.


In Windows Server Backup, on the Actions pane, click Recover.


In the Recovery Wizard, on the Getting Started page, select A backup stored on another location,
and then click Next.


On the Specify Location Type page, click Remote shared folder, and then click Next.


On the Specify Remote Folder page, type \\van-dc1\backup, and then click Next.


On the Select Backup Date page, click Next.


On the Select Recovery Type page, select Applications, and then click Next.


On the Select Application page, select Exchange, and then click Next.


On the Specify Recovery Options page, click Recover to original location, and then click Next.

10. On the Confirmation page, click Recover.

11. On the Recovery Progress page, click Close.

Task 5: Test the recovery


On VAN-SVR1, in Exchange Management Console, under Organization Configuration, click



In the Mailbox pane, on the Database Management tab, check if the Accounting database is
mounted. If it is not mounted, right-click Accounting, and then click Mount Database.


If required, mount Mailbox Database 1 and Public Folder Database 1.


On VAN-DC1, click Start, point to All Programs, and then click Internet Explorer.


In the Address bar, type, and then press Enter.


Click Continue to this website (not recommended).


Log on as Adatum\Parna with a password of Pa$$w0rd, and then click OK.


Verify that the mailbox is accessible.

Results: After this exercise, you should have recovered a complete Exchange server by using a different
Windows Server, renaming it, installing Exchange Server in /m:RecoverServer mode, and recovering the
Exchange Server database from a backup. You have also tested the recovery.

Lab Answer Key: Implementing Backup and Recovery

To prepare for the next module

When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:

On the host computer, start Microsoft Hyper-V Manager.


Right-click the virtual machine name in the Virtual Machines list, and then click Revert.


In the Revert Virtual Machine dialog box, click Revert.


In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.


To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it starts fully before
starting the other virtual machines.


Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.


Wait for VAN-EX1 to start, and then start VAN-EX2. Connect to the virtual machine.


Wait for VAN-EX2 to start, and then start VAN-CL1. Connect to the virtual machine.

Lab Answer Key: Configuring Messaging Policy and Compliance

Module 9
Lab Answer Key: Configuring Messaging Policy and
Lab A: Configuring Transport Rules, Journal Rules, and Multi-Mailbox
Exercise 1: Configuring Transport Rules

Exercise 2: Configuring Journal Rules and Multi-Mailbox Search

Lab B: Configuring Personal Archives and Retention Policies

Exercise 1: Configuring Personal Archives

Exercise 2: Configuring Retention Policies

Lab Answer Key: Configuring Messaging Policy and Compliance

Module 9: Configuring Messaging Policy and Compliance

Lab A: Configuring Transport Rules, Journal

Rules, and Multi-Mailbox Search
Exercise 1: Configuring Transport Rules
To start the lab, complete the following steps

On VAN-EX1, click Start, point to All Programs, point to Microsoft Exchange Server 2010, and
then click Exchange Management Console.


Expand Microsoft Exchange On-Premises, expand Organization Configuration, and then click
Hub Transport.


In the Actions pane, click New Send Connector.


On the Introduction page, type Internet Connector as the connector name. In the Select the
intended use for this Send connector drop-down list, click Internet, and then click Next.


On the Address space page, click Add.


In the Address field, type *, click OK, and then click Next.


On the Network settings page, click Route mail through the following smart hosts, and then
click Add.


In the IP address field, type, click OK, and then click Next.


On the Configure smart host authentication settings page, click Next.

10. On the Source Server page, click Next, click New, and then click Finish.

Task 1: Create a transport rule that adds a disclaimer to all messages sent to
the Internet

On VAN-EX1, in the Exchange Management Console, expand Organization Configuration, click

Hub Transport, and then click New Transport Rule.


On the Introduction page, in the Name box, type Internet E-Mail Disclaimer, and then click Next.


On the Conditions page, in the Step 1: Select condition(s) area, select the sent to users that are
inside or outside the organization, or partners check box.


In the Step 2: Edit the rule description by clicking an underlined value area, click Inside the


In the Select scope dialog box, under Scope, click Outside the organization, and then click OK.


On the Conditions page, click Next.


On the Actions page, in the Step 1: Select Action(s) area, select append disclaimer text and
fallback to Action if unable to apply.


In the Step 2: Edit the rule description by clicking an underlined value area, click disclaimer text.


In the Specify disclaimer text box, type This e-mail is intended solely for the use of the
individual to whom it is addressed. and then click OK.

Lab Answer Key: Configuring Messaging Policy and Compliance

10. On the Actions page, click Next.

11. On the Exceptions page, click Next, review the rule description, click New, and then click Finish.

Task 2: Create a transport rule for the CustomerService distribution group


On VAN-EX1, in the Exchange Management Console, in the Actions pane, click New Transport Rule.


On the Introduction page, in the Name box, type Customer Service Tracking, and then click Next.


On the Conditions page, in the Step 1: Select condition(s) area, select the sent to users that are
inside or outside the organization, or partners check box.


In the Step 2: Edit the rule description by clicking an underlined value area, click Inside the


In the Select scope dialog box, under Scope, click Outside the organization, and then click OK.


On the Conditions page, in the Step 1: Select condition(s) area, select the when the Subject field
or message body contains specific words check box.


In the Step 2: Edit the rule description by clicking an underlined value area, click specific words.


In the Specify words dialog box, type Customer, click Add, and then click OK.


On the Conditions page, click Next.

10. On the Actions page, in the Step 1: Select Action(s) area, select the copy the message to
addresses check box.
11. In the Step 2: Edit the rule description by clicking an underlined value area, click addresses.
12. In the Specify recipients dialog box, click Add, click CustomerService, and then click OK.
13. On the Exceptions page, select the except when the message is from a member of distribution
14. In the Step 2: Edit the rule description by clicking an underlined value area, click distribution
15. In the Select Mail-Enabled Group dialog box, click CustomerService, and then click OK twice.
16. On the Exceptions page, click Next, review the rule description, click New, and then click Finish.

Task 3: Enable AD RMS integration for the organization


On VAN-DC1, open Windows Explorer, browse to C:\inetpub\wwwroot\_wmcs\certification,

right-click servercertification.asmx, and then click Properties.


In the Server Certification.asmx Properties dialog box, on the Security tab, click Edit.


In the Permissions for Server Certification.asmx dialog box, click Add.


In the Select Users, Computers, Service Accounts, or Groups dialog box, click Object Types, select
the Computers check box, and then click OK.


In the Enter the object names to select field, type Exchange Servers , and then click OK.


Click Add. In the Enter the object names to select field, type IIS_IUSRS, and then click OK three

Lab Answer Key: Configuring Messaging Policy and Compliance


On VAN-DC1, open a command prompt, type IISReset, and then press Enter. Wait for the service to
restart, and then close the command prompt.


On VAN-EX1, in the Exchange Management Shell, at the PS prompt, type

set-irmconfiguration InternalLicensingEnabled $true, and then press Enter. This cmdlet enables
AD RMS encryption for messages sent inside the organization.

Task 4: Configure a transport rule that applies the Do Not Forward AD RMS template
to all messages with the words confidential or private in the subject

On VAN-EX1, in the Exchange Management Console, under Organization Configuration, click Hub


In the Actions pane, click New Transport Rule.


On the Introduction page, in the Name field, type Confidential E-Mail Rule.


Verify that Enable Rule is selected, and then click Next.


On the Conditions page, under Step 1, select the when the Subject field contains specific words
check box.


Under Step 2, click the specific words link.


In the Specify words dialog box, type Confidential, click Add, type Private, click Add, and then
click OK.


Click Next.


On the Actions page, under Step 1, select rights protect message with RMS template.

10. Under Step 2, click the RMS Template link.

11. In the Select RMS template dialog box, click Do not Forward, and then click OK.
12. Click Next twice, click New, and then click Finish.

Task 5: Configure a moderated group


On VAN-EX1, in the Exchange Management Console, under Recipient Configuration, click

Distribution Group.


In the middle pane, right-click All Company, and then click Properties.


On the Mail Flow Settings tab, double-click Message Moderation.


In the Message Moderation dialog box, select the Messages sent to this group have to be
approved by a moderator check box.


Under Specify group moderators, click Add.


In the Select Recipient Entire Forest dialog box, click Andreas Herbinger, and then click OK
three times.

Task 6: Test the transport rule configuration


On VAN-CL1, open Microsoft Outlook 2010.


Create a new message, and then send it to

Lab Answer Key: Configuring Messaging Policy and Compliance


Create another message to Carol, with a subject of Customer Information and then send the


On VAN-DC1, open Windows Explorer. Browse to C:\inetpub\mailroot\queue folder. Double-click

the first EML file in the folder.


In the Windows dialog box, click Select a program from a list of installed programs, and then
click OK. Click Notepad, and then click OK.


Scroll to the middle of the message, and verify that the disclaimer has been added to the message.


On VAN-CL1, open Windows Internet Explorer and connect to

Log on as Adatum\Anna, using the password Pa$$w0rd. Anna is a member of the CustomerService
distribution group. Click OK.


Verify that a copy of second message sent by Luca is in the Inbox. Close Internet Explorer.


In Outlook, create a new message, and then send it to the All Company distribution group.

10. Open Windows Internet Explorer, and connect to Log on as

Adatum\Andreas using the password Pa$$w0rd. Click OK.
11. Double-click the email message to open it, and then click Approve.
12. In Outlook, verify that the message to the All Company distribution list has arrived.
13. In Outlook Web App, create a new message with a subject of Private. Send the message to Luca.
14. Close Internet Explorer.
15. In Outlook, verify that Luca received the message with the subject Private. If prompted for
credentials, enter Luca as the user name and Pa$$w0rd as the password. Double-click the message
and wait for AD RMS to be configured on the computer. Verify that the message has the Do Not
Forward template applied. Verify that the Forward option is not available on the message.
Results: After this exercise, you should have configured a transport rule that ensures that all messages
sent to users on the Internet include a disclaimer of which the legal department approves. Additionally,
you should have configured a transport rule that sends a copy of all messages with customer information
to the CustomerService group, and you should have configured a transport rule that applies the Do Not
Forward AD RMS template to all messages with the words confidential or private in the subject. Lastly,
you should have configured a moderated group using the All Company distribution group.

Exercise 2: Configuring Journal Rules and Multi-Mailbox Search

Task 1: Create a mailbox for the Executives department journaling messages

On VAN-EX1, in the Exchange Management Console, click Recipient Configuration.


In the Actions pane, click New Mailbox to start the New Mailbox Wizard.


On the Introduction page, ensure that User Mailbox is selected, and then click Next.


On the User Type page, click Next.


On the User Information page, type the following information:

First name: Executives Journal Mailbox

User Logon name (User Principal Name): ExecutivesJournal

Password: Pa$$w0rd

Confirm password: Pa$$w0rd

Lab Answer Key: Configuring Messaging Policy and Compliance


Click Next.


On the Mailbox Settings page, type ExecutivesJournal as the Alias.


Select the Specify the mailbox database rather than using a database automatically accepted
check box, click Browse, click Mailbox Database 1, click OK, and then click Next.


On the Archive Settings page, click Next.

10. On the New Mailbox page, click New, and then click Finish.

Task 2: Create a journal rule that saves a copy of all messages sent to and from
Executives department members

In the Exchange Management Console, in the Organization Configuration work area, click
Hub Transport.


In the Actions pane, click New Journal Rule to start the New Journal Rule Wizard.


On the New Journal Rule page, in the Rule name box, type Executives Department Message


Beside Send Journal reports to e-mail address, click Browse, click Executives Journal Mailbox,
and then click OK.


Under Scope, ensure Global all messages is selected.


Select the Journal messages for recipient check box, and then click Browse.


In the Select Recipient dialog box, click Executives, and then click OK.


On the New Journal Rule page, click New, and then click Finish.

Task 3: Create and configure the MailboxAuditor account


On VAN-EX1, in the Exchange Management Console, click Recipient Configuration.


In the Actions pane, click New Mailbox to start the New Mailbox Wizard.


On the Introduction page, ensure that User Mailbox is selected, and then click Next.


On the User Type page, click Next.


On the User Information page, type the following information:

First name: Mailbox Auditor

User Logon name (User Principal Name): MailboxAuditor

Password: Pa$$w0rd

Confirm password: Pa$$w0rd


Click Next.


On the Mailbox Settings page, type MailboxAuditor as the Alias.


Select the Specify the mailbox database rather than using a database automatically accepted
check box, click Browse, click Mailbox Database 1, click OK, and then click Next.


On the Archive Settings page, click Next.

Lab Answer Key: Configuring Messaging Policy and Compliance

10. On the New Mailbox page, click New, and then click Finish.
11. In the recipient list, click Executives Journal Mailbox, and then click Manage Full Access
12. On the Manage Full Access Permission page, click Add, click Mailbox Auditor, and then click OK.
13. Click Manage, and then click Finish.
14. On VAN-DC1, open Active Directory Users and Computers, and then in the Microsoft Exchange
Security Groups OU, double-click the Discovery Management group.
15. In the Discovery Management Properties dialog box, on the Members tab, click Add.
16. Type Mailbox Auditor, and then click OK twice.

Task 4: Configure legal hold on a mailbox


Double-click George Schaller. On the Mailbox Settings tab, double-click Messaging Records


Select the Enable Litigation Hold check box, and then click OK three times.

Task 5: Test the journal rule and Multi-Mailbox Search configuration


On VAN-CL1, if required, open Outlook.


Create a new message, and then send it to Marcel Truempy. Marcel is a member of the Executives


Open Internet Explorer, and then connect to Log on as

Adatum\Marcel with the password Pa$$w0rd. Confirm that the message from Luca arrived. Reply to
the message, and then close Internet Explorer.


Open a new instance of Internet Explorer, and then connect to

Log on as Adatum\MailboxAuditor with the password Pa$$w0rd.


In the left pane, right-click Mailbox Auditor, and then click Open Other Users Inbox.


Type Executives Journal Mailbox, and then click OK twice. Under Executives Journal Mailbox,
click Inbox. Verify that the two journaled messages are in the mailbox. Close Internet Explorer.


In Outlook, create and send a new message with the following configuration:

To: George;

Subject: Customer Order

Message body: Here is the order for Carol at Contoso. Her customer number is 1111-1111.


Open Internet Explorer, and then connect to Log on to

Outlook Web App as Adatum\George, with the password, Pa$$w0rd.


Click the message from Luca, and then click Delete.

10. Click the Deleted Items folder, and then click Empty.
11. Under George Schaller, right-click the Deleted Items folder, and then click Recover Deleted Items.
12. Click the message, and then click the Delete button. Click OK to permanently delete the message,
and close all Internet Explorer Windows.

Lab Answer Key: Configuring Messaging Policy and Compliance

13. Open Internet Explorer, and connect to Outlook Web App. Log on as MailboxAuditor. Click
Options, and then click See All Options.
14. In the Select what to manage drop-down list, ensure that My Organization is listed.
15. In the left pane, click Mail Control, and then under Multi-Mailbox Search, click New.
16. In the Keywords box, type Customer Number.
17. Expand Mailboxes to Search.
18. Under Select the mailboxes to search, click Add. In the Select Mailbox window, click Luca
Dellamore, and then click Add. Click George Schaller, click Add, and then click OK.
19. Expand Search Name and Storage Location.
20. In the Search name field, type Customer Number Discovery.
21. Click Copy the search results to the destination mailbox.
22. Next to Select a mailbox in which to store the search results, click Browse.
23. In the Select Mailbox window, click Discovery Search Mailbox, and then click OK.
24. Select the Send me an e-mail when the search is done check box, and then click Save.
25. Wait until the search finishes, and then in the bottom right pane, click the Open link.
26. In the Outlook Web App window, click OK.
27. In the Navigation pane, notice the new discovery folder named Customer Number Discovery.
Expand the folder.
28. Note the two folders created that correspond to the mailboxes added to the search criteria.
29. Expand Luca Dellamore, expand Primary Mailbox, expand Sent Items, and then verify that the
email was discovered using the search criteria.
30. Expand George Schaller, expand Primary Mailbox, expand Inbox, and then verify that the email
was discovered using the search criteria.
31. Close Internet Explorer.
Results: After this exercise, you should have created a mailbox for the Executives department journaling
messages, and then created a journal rule that saves a copy of all messages sent to and from Executives
department members. You also should have created and configured the MailboxAuditor account.

To prepare for the next lab

Do not shut down the virtual machines and revert them to their initial state when you finish this lab.
The virtual machines are required to complete this modules last lab.

Lab Answer Key: Configuring Messaging Policy and Compliance

Lab B: Configuring Messaging Records

Management and Personal Archives
Exercise 1: Configuring Personal Archives
Task 1: Create an archive mailbox for all members of the Marketing group

On VAN-EX1, in the Exchange Management Console, click Recipient Management, and then
click Mailbox.


In the Results pane, click the Organization Unit heading to sort the mailbox list by OU.


Select all of the mailboxes in the Executives and Marketing OUs, right-click, click Enable Archive,
and then click OK.

Task 2: Verify that the archive mailbox was created for members of the Marketing

Open Internet Explorer, and then connect to Log on as

Adatum\Manoj with the password Pa$$w0rd. Click OK. Verify that the archive mailbox is visible
through Outlook Web App.

Results: After this exercise, you should have configured archive mailboxes for all members of the
Marketing group.

Exercise 2: Configuring Retention Policies

Task 1: Create and configure retention tags

On VAN-EX1, in the Exchange Management Console, expand Organization Configuration, and then
click Mailbox.


In the Actions pane, click New Retention Policy Tag.


In the Tag name field, type Adatum - Deleted Items.


In the Tag Type drop-down list, select Deleted Items.


In the Age limit for retention (days) field, type 30.


In Action to take when the age limit is reached, select Permanently Delete.


In the Comments field, type Deleted Items are purged after 30 days.


Click New, and then click Finish.


In the Actions pane, click New Retention Policy Tag.

10. In the Tag name field, type Adatum DefaultMoveToArchive.

11. In the Tag Type drop-down list, select All other folders in the mailbox.
12. In the Age limit for retention (days) field, type 365.
13. In Action to take when the age limit is reached, select Move To Archive.
14. In the Comments field, type Messages are moved to the archive after one year.


Lab Answer Key: Configuring Messaging Policy and Compliance

15. Click New, and then click Finish.

16. In the Actions pane, click New Retention Policy Tag.
17. In the Tag name field, type Adatum Business Critical.
18. In the Tag Type drop-down list, select Personal Tag.
19. In the Age limit for retention (days) field, type 1095.
20. In Action to take when the age limit is reached, select Move To Archive.
21. In the Comments field, type Business critical messages are moved to the archive after
three years.
22. Click New, and then click Finish.

Task 2: Create and configure retention policies for the Marketing group

On VAN-EX1, in the Exchange Management Console, expand Organization Configuration, and then
click Mailbox.


In the Actions pane, click New Retention Policy.


In the Name field, type Marketing Group Retention, and then click Add.


Select both the Adatum DefaultMoveToArchive and Adatum - Deleted Items tags, click OK, and
then click Next.


On the Select Mailboxes page, click Add.


In Select Mailbox Entire Forest, click Scope menu, and then click Modify Recipient Picker


Click View all recipients in specified organizational unit, and then click Browse.


Click Marketing, and then click OK twice.


After the scope changes, select all users in the list, and then click OK.

10. Click Next, click New, and then click Finish.

Task 3: Create and configure retention policies for the Executives group

On VAN-EX1, in the Exchange Management Console, expand Organization Configuration, and then
click Mailbox.


In the Actions pane, click New Retention Policy.


In the Name field, type Executive Group Retention, and then click Add.


Select the Adatum DefaultMoveToArchive, Adatum Business Critical and Adatum - Deleted
Items tags, click OK, and then click Next.


On the Select Mailboxes page, click Add.


In Select Mailbox Entire Forest, click Scope menu, and then click Modify Recipient Picker


Click View all recipients in specified organizational unit, and then click Browse.

Lab Answer Key: Configuring Messaging Policy and Compliance


Click Marketing, and then click OK twice.


After the scope changes, select all users in the list, and then click OK.


10. Click Next, click New, and then click Finish.

Results: After this exercise, you will have configured Retention Tags and retention policies for the
Marketing and Executives groups.

To prepare for the next module

When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:

On the host computer, start Hyper-V Manager.


Right-click the virtual machine name in the Virtual Machines list, and then click Revert.


In the Revert Virtual Machine dialog box, click Revert.


In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.


To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.


Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.


Wait for VAN-EX1 to start, and then start VAN-EX2. Connect to the virtual machine.

Lab Answer Key: Securing Microsoft Exchange Server 2010

Module 10
Lab Answer Key: Securing Microsoft Exchange Server 2010
Exercise 1: Configuring Exchange Server Permissions

Exercise 2: Configuring Audit logging

Exercise 3: Configuring a Reverse Proxy for Exchange Server Access

Lab Answer Key: Securing Microsoft Exchange Server 2010

Module 10: Securing Microsoft Exchange Server 2010

Lab 10: Securing Exchange Server 2010

Exercise 1: Configuring Exchange Server Permissions
Task 1: Configure permissions for the ITAdmins group

On VAN-EX1, open Active Directory Users and Computers.


Expand, click Microsoft Exchange Security Groups, and then double-click Server


On the Members tab, click Add.


In the Enter the object names to select field, type ITAdmins, and then click OK twice.

Task 2: Configure permissions for HRAdmins and Support Desk groups


On VAN-EX1, open the Exchange Management Shell. In the Exchange Management Shell, at the PS
prompt, type the following command, and then press Enter:


New-RoleGroup Name HRAdmins roles Mail Recipients

At the PS prompt, type the following command, and then press Enter:

New-RoleGroup Name SupportDesk roles Mail Recipients, Mail Recipient Creation,

Distribution Groups


On VAN-EX1, open the Exchange Management Console.


Expand Microsoft Exchange On-Premises, and then click Toolbox.


Double-click Role Based Access Control (RBAC) User Editor.


Log on as Adatum\administrator using the password Pa$$w0rd.


Click SupportDesk, and then click Details.


Under Members, click Add.


On the Select Member page, select Anna Lidman, click Add, and then click OK.

10. Click Save.

11. Click HRAdmins, and then click Details.
12. Under Members, click Add.
13. On the Select Member page, select Paul West, click Add, click OK, and then click Save.
14. Close Windows Internet Explorer

Task 3: Verify the permissions


On VAN-EX2, log on as Shane using the password Pa$$w0rd.


Open the Exchange Management Console, and then click Yes.

Lab Answer Key: Securing Microsoft Exchange Server 2010


In the Exchange Management Console, expand Microsoft Exchange On-Premises, expand

Organization Configuration, click Mailbox, and in the Results pane, double-click the Accounting
mailbox database.


On the Limits tab, clear the Issue warning at (MB) check box, and then click OK.


Under Organization Configuration, click Hub Transport. Verify that many of the tabs normally
shown in this view are not available. On the Accepted Domains tab, double-click
Verify that you cannot modify the settings, and then click Cancel.


Expand Recipient Configuration, click Mailbox, double-click one of the mailboxes, verify that you
cannot modify the mailbox properties, and then click Cancel.


Log off on VAN-EX2.


On VAN-EX1, open Internet Explorer, and connect to


Log on as Adatum\Anna using a password of Pa$$w0rd, and then click OK.

10. On the Mailboxes tab, click Andreas Herbinger, and then click Details.
11. Click Organization, in the Department field, type IT, and then click Save.
12. Click Distribution Groups. Click Accounting, and then click Details. Verify that you can modify the
group properties by typing a group description, and then clicking Save. Close Internet Explorer.
Note You cannot create or delete user accounts and mailboxes in Exchange Control Panel.
If you want to test whether Anna can create user accounts and mailboxes, add Anna to the
local Administrators account on VAN-EX2, and log on to VAN-EX2 as Anna. Then open
Exchange Management Console and verify that you can create a mailbox. In a production
environment, you could install the Exchange Management tools on a Windows 7 client
13. On VAN-EX1, open Internet Explorer, and connect to
14. Log on as Adatum\Paul using the password Pa$$w0rd, and then click OK.
15. On the Mailboxes tab, click Franz Kohl, and then click Details.
16. Click Organization, in the Department field, type Customer Service, and then click Save.
17. Verify that the Distribution Groups tab is not visible. Close Internet Explorer.
Results: After this exercise, you should have configured and verified permissions in the Exchange Server

Exercise 2: Configuring Audit Logging

Task 1: Create and configure an mailbox

On VAN-EX1, in the Exchange Management Console, expand Microsoft Exchange On-Premises,

expand Recipient Configuration, and then click Mailbox.


In the Actions pane, click New Mailbox.


On the Introduction page, click Next.


On the User Type page, click Next.

Lab Answer Key: Securing Microsoft Exchange Server 2010


On the User Information page, fill in the following information, and then click Next.

Select the Specify the organizational unit rather than using the default one, click Browse,
click CustomerService, and then click OK.

Name: Info

User logon name (User Principal Name): Info

Password and confirm password: Pa$$w0rd


On the Mailbox Settings page, click Next.


Click Next twice, click New, and then click Finish.


Right-click Info, and then click Manage Full Access Permission.


Click Add, click Adatum\CustomerService, click OK, and then click Manage, and then click Finish.

10. Repeat the above steps for the Manage Send As Permission.

Task 2: Enable audit logging on the mailbox


On VAN-EX1, open the Exchange Management Shell.


In the Exchange Management Shell, run the following cmdlet:

Set-Mailbox -Identity "Info" -AuditDelegate SendAs,SendOnBehalf
-AuditEnabled $true


Minimize the Exchange Management Shell.

Task 3: Perform SendAs activity on the mailbox


On VAN-EX1, open Internet Explorer, and then connect to


Log on as Adatum\Anna using the password Pa$$w0rd. If the Regional Settings page appears,
click OK.


Click New, and then in the Untitled Message window, click Options.


Click Show From, and then click OK.


In the From field, delete Anna Lidman, and then type


In the To field, type administrator.


In the Subject field, type test message.


In the message body, write some text, and then click Send.


Close Microsoft Outlook Web App.

Note If you get an error message that Anna does not have permission to send as the Info
mailbox, stop and restart the Microsoft Exchange Information Store service on VAN-EX2,
and repeat this task.

Lab Answer Key: Securing Microsoft Exchange Server 2010

Task 4: Verify that the activity is logged


On VAN-EX1, open Internet Explorer, and then connect to


Log on as Adatum\Administrator using the password Pa$$w0rd.Click Roles and Auditing.


Click Auditing.


Click Run a non-owner mailbox access report.


In the Start date field, enter yesterdays date.


In the End date field, enter tomorrows date.


Click Select Mailboxes.


Find the Info mailbox, click Add, and then click OK.


In the Search for access by drop-down list, select All non-owners, and then click Search.

10. Verify that in the Search Results box, the Info mailbox appears, and that in the Details box, there is a
description of the activity that you performed in Task 3.
11. Click Close
12. Exit the Exchange Control Panel.

Task 5: Verify the administrator audit logging configuration


On VAN-EX1, restore the Exchange Management Shell, and run the following cmdlet:


In the results list, verify that AdminAuditLogEnabled is set to True. Review the other values in
the list.


Minimize the Exchange Management Shell.

Task 6: Make a change to Michiyo Satos mailbox


On VAN-EX1, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Console.


Expand Recipient Configuration, click Mailbox, find Michiyo Sato on the list in the central pane,
right-click Michiyo Sato, and then select Properties.


Click the Mailbox Settings tab, click Storage Quotas, and then click Properties.


In the Deleted Item retention section, clear the Use mailbox database defaults check box, and
then in the Keep deleted items for (days) field, type 20.


Click OK twice.


Minimize the Exchange Management Console.

Lab Answer Key: Securing Microsoft Exchange Server 2010

Task 7: Verify that the change was logged


On VAN-EX1, restore the Exchange Management Shell, and run the following cmdlet:
Search-AdminAuditLog -Cmdlets Set-Mailbox -StartDate 01/01/2011 -EndDate (Tomorrows
date using the mm/dd/yyyy format)


Review the results, and ensure they contain the action performed in Task 6. You might also see logs
about other actions on this account.
Note If no results are returned when you search the administrator audit log, wait a few
minutes and repeat this task. It can take up to five minutes for the change to appear in the
audit log.

To prepare for the next exercise


On the host computer, in Hyper-V Manager, right-click 10135B-VAN-EX2, click Revert.


In the Revert Virtual Machine dialog box, click Revert.


Start the VAN-TMG and VAN-CL1 virtual machines.


Log on to VAN-TMG as Adatum\Administrator, using the password Pa$$w0rd. Do not log on to

VAN-CL1 at this point.

Results: After this exercise, you should have configured audit logging.

Exercise 3: Configuring a Reverse Proxy for Exchange Server Access

Task 1: Request a server certificate with multiple storage area networks (SANs) on
the Client Access server

On VAN-EX1, in the Exchange Management Console, click Server Configuration.


In the Actions pane, click New Exchange Certificate to open the New Exchange Certificate Wizard.


On the Introduction page, type Adatum Mail Certificate as the friendly name for the certificate,
and then click Next.


On the Domain Scope page, click Next.


On the Exchange Configuration page, expand Client Access server (Outlook Web App), select the
Outlook Web App is on the Intranet check box, and then type in the
domain name box.


Select the Outlook Web App is on the Internet check box, and then type in the
second text box.


Expand Client Access server (Exchange ActiveSync), and then verify that the Exchange Active
Sync is enabled check box is selected. Type as the domain name.


Expand Client Access server, (Web Services, Outlook Anywhere, and Autodiscover), and then
enter as the external host name.

Lab Answer Key: Securing Microsoft Exchange Server 2010


Ensure that both the Autodiscover used on the Internet check box and the Long URL options are
selected. In the Autodiscover URL to use field, delete all entries except for, and then click Next.

10. On the Certificate Domains page, click Next.

11. On the Organization and Location page, enter the following information:

Organization: A Datum

Organizational Unit: Messaging

Country/region: Canada

City/locality: Vancouver

State/province: BC

12. Click Browse, type CertRequest as the File name, and then click Save.
13. Click Next, click New, and then click Finish.
14. Click the Folder icon in the task bar, and then click Documents.
15. Right-click CertRequest.req, and then click Open.
16. In the Windows dialog box, click Select a program from a list of installed programs, and then
click OK.
17. In the Open with dialog box, click Notepad, and then click OK.
18. In the CertRequest.req Notepad window, select Ctrl+A to select all of the text, select Ctrl+C to save
the text to the clipboard, and then close Notepad.
19. Click Start, click All Programs, and then click Internet Explorer.
20. Connect to
21. Log on as Adatum\administrator using the password Pa$$word.
22. On the Welcome page, click Request a certificate.
23. On the Request a Certificate page, click advanced certificate request.
24. On the Advanced Certificate Request page, click Submit a certificate request by using a base64-encoded CMC or PKCS#10 file, or submit a renewal request by using a base-64-encoded
CMC or PKCS#7 file.
25. On the Submit a Certificate Request or Renewal Request page, click in the Saved Request field,
and then press Ctrl+V to paste the certificate request information into the field.
26. In the Certificate Template drop-down list, click Web Server, and then click Submit.
27. In the Web Access Confirmation dialog box, click Yes.
28. On the Certificate Issued page, click Download certificate.
29. In the File Download dialog box, click Save as.
30. In the Save As dialog box, browse to the C: drive, and then click Save.
31. Close Internet Explorer.

Lab Answer Key: Securing Microsoft Exchange Server 2010

32. In the Exchange Management Console, click Adatum Mail Certificate, and then click Complete
Pending Request.
33. On the Complete Pending Request page, click Browse.
34. Browse to the C: drive, click certnew.cer, click Open, click Complete, and then click Finish.
35. On the Exchange Certificates tab, click Adatum Mail Certificate, and then click Assign Services
to Certificate.
36. On the Select Servers page, click Next.
37. On the Select Services page, select the Internet Information Services check box, click Next, click
Assign, and then click Finish.

Task 2: Export the certificate from the Client Access server


On VAN-EX1, right-click Adatum Mail Certificate, and then click Export Exchange Certificate.


On the Introduction page, click Browse, and then browse to drive C.


Type CertExport.pfx as the file name, and then click Save.


In the Password field, type Pa$$w0rd, click Export, and then click Finish.

Task 3: Import the certificate on the Microsoft Forefront Threat Management

Gateway (TMG) server

On VAN-TMG, click Start. In the Search box, type MMC, and then press Enter.


On the File menu, click Add/Remove Snap-in.


On the Add or Remove Snap-ins page, click Certificates, and then click Add.


Click Computer account, click Next, click Finish, and then click OK.


Expand Certificates, right-click Personal, point to All Tasks, and then click Import.


On the Certificate Import Wizard page, click Next.


On the File to Import page, type \\VAN-EX1\C$\CertExport.pfx, and then click Next.


On the Password page, type Pa$$w0rd in the Password field, and then click Next.


On the Certificate Store page, click Next, and then click Finish.

10. Click OK, and then close Console1 without saving changes.

Task 4: Configure an Outlook Web Access publishing rule


On VAN-TMG, click Start, point to All Programs, click Microsoft Forefront TMG, and then click
Forefront TMG Management.


Expand Forefront TMG (VAN-TMG), and then click Firewall Policy.


On the Firewall Policy Tasks pane, on the Tasks tab, click Publish Exchange Web Client Access.


On the Welcome to the New Exchange Publishing Rule Wizard page, type OWA Rule, and then
click Next.

Lab Answer Key: Securing Microsoft Exchange Server 2010


On the Select Services page, in the Exchange version list, click Exchange Server 2010, select the
Outlook Web Access check box, and then click Next.


On the Publishing Type page, click Next.


On the Server Connection Security page, ensure that Use SSL to connect the published Web
server or server farm is configured, and then click Next.


On the Internal Publishing Details page, in the Internal site name text box, type, and then click Next.


On the Public Name Details page, ensure that This domain name (type below) is configured in the
Accept requests for drop-down list. In the Public name box, type, and then click

10. On the Select Web Listener page, click New.

11. On the Welcome to the New Web Listener Wizard page, type HTTPS Listener, and then click
12. On the Client Connection Security page, ensure that Require SSL secured connections with
clients is selected, and then click Next.
13. On the Web Listener IP Addresses page, select the External check box, and then click Next.
14. On the Listener SSL Certificates page, click Select Certificate.
15. In the Select Certificate dialog box, click, click Select, and then click Next.
16. On the Authentication Settings page, accept the default of HTML Form Authentication, and then
click Next.
17. On the Single Sign On Settings page, type as the single sign-on (SSO) domain name,
click Next, and then click Finish.
18. On the Select Web Listener page, click Next.
19. On the Authentication Delegation page, accept the default of Basic authentication, and then
click Next.
20. On the User Sets page, accept the default, and then click Next.
21. On the Completing the New Exchange Publishing Rule Wizard page, click Finish.
22. Click Apply twice to apply the changes, and then click OK when the changes have been applied.

Task 5: Configure the Client Access server


On VAN-EX1, in the Exchange Management Console, expand Server Configuration, and then click
Client Access.
Note During this task, click OK to dismiss any messages that indicate that VAN-EX2 is not


On the Outlook Web App tab, double-click owa (Default Web Site).


In the External URL box, type


Lab Answer Key: Securing Microsoft Exchange Server 2010


On the Authentication tab, click Use one or more standard authentication methods, select the
Basic Authentication (password is sent in clear text) check box, and then click OK twice.


On the Exchange Control Panel tab, double-click ecp (Default Web Site).


In the External URL box, type


On the Authentication tab, click Use one or more standard authentication methods, select the
Basic Authentication (password is sent in clear text) check box, and then click OK twice.


Open the Exchange Management Shell. At the PS prompt, type IISReset, and then press Enter.
Note If you receive a message stating that the service did not start, start the World Wide
Web service in the Services console.

Task 6: Test the Outlook Web App publishing rule


On the host computer, in Hyper-V Manager, right-click 10135B-VAN-CL1, and then click Settings.


Click Legacy Network Adapter, and in the Network drop-down list, click Private Network 2, and
then click OK.


On VAN-CL1, log on as Adatum\Administrator using the password Pa$$w0rd.


Open the Control Panel, and then click View network status and tasks.


Click Change adapter settings.


Right-click Local Area Connection 3, and then click Properties.


Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.


Change the IP address to, change the Default Gateway to, click OK, and
then click Close. Close the Control Panel.


Click Start, and in the search field, type notepad c:\windows\system32\drivers\etc\hosts, and
then press Enter.

10. At the bottom of the hosts file, type, and then save and close the file.
11. Open Internet Explorer, and then connect to
12. Log on as adatum\administrator using the password Pa$$w0rd, and then verify that you access the
user mailbox.
13. In the Microsoft Outlook Web App window, click Options. Verify that you can connect to the
Exchange Control Panel.
14. Close Internet Explorer.
Results: After this exercise, you should have configured a Forefront Threat Management Gateway server
to enable access to Outlook Web App on the Client Access server. You also will have verified that the
access is configured correctly.

Lab Answer Key: Securing Microsoft Exchange Server 2010


To prepare for the next module

When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:

On the host computer, start Hyper-V Manager.


Right-click the virtual machine name in the Virtual Machines list, and then click Revert.


In the Revert Virtual Machine dialog box, click Revert.


In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.


To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it starts fully before
starting the other virtual machines.


Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.

Lab Answer Key: Maintaining Microsoft Exchange Server 2010

Module 11
Lab Answer Key: Maintaining Microsoft Exchange Server
Exercise 1: Monitoring Exchange Server 2010

Exercise 2: Troubleshooting Database Availability

Exercise 3: Troubleshooting Client Access Servers

Lab Answer Key: Maintaining Microsoft Exchange Server 2010

Module 11: Maintaining Microsoft Exchange Server 2010

Lab: Maintaining Exchange Server 2010

Exercise 1: Monitoring Exchange Server 2010
Task 1: Create a new data collector set named Exchange Monitoring

On VAN-EX1, click Start, click Administrative Tools, and then click Performance Monitor.


In the Navigation pane, expand Data Collector Sets, and then click User Defined.


Click on the Action menu, click New, and then click Data Collector Set.


In the Create new Data Collector Set Wizard, in the Name box, type Exchange Monitoring, select
Create manually (Advanced), and then click Next.


Select the Performance Counter check box, and then click Finish.

Task 2: Create a new performance counter data collector set for monitoring basic
Exchange Server performance

In the Performance Monitor, in the Navigation pane, expand Data Collector Sets, expand User
Defined, click Exchange Monitoring, click the Action menu, click New, and then click Data


In the Create New Data Collector Wizard, in the Name box, type Base Exchange Monitoring, select
Performance counter data collector, and then click Next.


Click Add.


In the Available counters object list, expand Processor, and then click % Processor Time. Press and
hold Ctrl, click % User Time, click % Privileged Time, and then click Add.


In the Available counters object list, expand Memory, and then click Available Mbytes. Press and
hold Ctrl, click Page Reads/sec, click Pages Input/sec, click Pages/sec, click Pages Output/sec,
click Pool Paged Bytes, click Transition Pages Repurposed/sec, and then click Add.


In the Available counters object list, expand MSExchange ADAccess Domain Controllers, and
then click LDAP Read Time. Press and hold Ctrl, click LDAP Search Time, click LDAP Searches
timed out per minute, click Long running LDAP operations/Min, and then click Add.


In the Available counters object list, expand System, click Processor Queue Length, and then
click Add.


Click OK.


In the Create New Data Collector Wizard, in the Sample interval box, type 1, and then in the Units
dropdown menu, select Minutes, and then click Finish to create the data collector set.

Lab Answer Key: Maintaining Microsoft Exchange Server 2010

Task 3: Create a new performance counter data collector set for monitoring Mailbox
server role performance

In the Reliability and Performance Monitor, in the Navigation pane, click Exchange Monitoring, click
the Action menu, click New, and then click Data Collector.


In the Create New Data Collector Wizard, in the Name box, type Mailbox Role Monitoring, select
Performance counter data collector, and then click Next.


Click Add.


In the Available counters object list, expand LogicalDisk, and then click Avg.Disk sec/Read. Press
and hold Ctrl, click Avg.Disk sec/Transfer, click Avg.Disk sec/Write, and then click Add.


In the Available counters object list, expand MSExchangeIS, and then click RPC Averaged Latency.
Press and hold Ctrl, click RPC Num. of Slow Packets, click RPC Operations/sec, click RPC Requests,
and then click Add.


In the Available counters object list, expand MSExchangeIS Mailbox, click Messages Queued for
Submission, and then click Add.


In the Available counters object list, expand MSExchangeIS Public, click Messages Queued for
Submission, and then click Add.


Click OK.


In the Create New Data Collector Wizard, in the Sample interval box, type 1, and in the Units dropdown menu, select Minutes, and then click Finish to create the data collector set.

Task 4: Verify that the data collector set works properly


In the Reliability and Performance Monitor, in the Navigation pane, click Exchange Monitoring, click
the Action menu, and then click Start.


After at least five minutes, click the Action menu, and then click Stop.


In the Navigation pane, expand Reports, expand User Defined, expand Exchange Monitoring, click
VAN-EX1_DateTime, and then review the report.


Close the Performance Monitor.

Results: After this exercise, you should have created a data collector set for monitoring VAN-EX1 that
uses the performance counters that this module recommends.

Exercise 2: Troubleshooting Database Availability

Before you begin this exercise, complete the following steps:

On VAN-EX1, open an Exchange Management Shell. At the prompt, type

d:\ Labfiles\Lab11Prep2.ps1, and then press Enter.


When prompted, type N, and then press Enter.


Close the Exchange Management Shell.

Lab Answer Key: Maintaining Microsoft Exchange Server 2010

Task 1: Identify the scope of the problem


On VAN-EX1, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Console.


In the Console Tree, expand Microsoft Exchange On-Premises, expand Organization

Configuration, and then click Mailbox.


In the Work pane, click the Database Management tab, and then view the list of databases, noting
that MailboxDB100 is dismounted.

Task 2: Review the event logs


In the Work pane, right-click MailboxDB100, and then click Mount database. Review the warning
message, and then click No.


On VAN-EX1, click Start, click All Programs, click Administrative Tools, and then click Event


In Event Viewer, in the Navigation pane, expand Windows Logs, click on Application, and then in
the Content pane, review recent events. Click recent events that have a source from one of the
MSExchange services, and then review the details of the error in the lower half of the Content pane.


In the Navigation pane, click on System, and then in the Content pane, review recent events. No
notable events are present.


Close Event Viewer.

Task 3: Run the Best Practices Analyzer


On VAN-EX1, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Console.


In the Console Tree, expand Microsoft Exchange On-Premises, and then expand Toolbox.


In the Work pane, double-click Best Practices Analyzer.


In the Microsoft Exchange Best Practice Analyzer, if prompted, select Do not check for updates on
startup, select I dont want to join the program at this time, and then click Go to the Welcome


On the Welcome to the Exchange Best Practices Analyzer page, click Select options for a new


On the Connect to Active Directory page, click Connect to the Active Directory server.


On the Start a new Best Practices scan page, in the Enter an indentifying label for this scan box,
type VAN-EX1 Scan, and then click Unselect all.


In the Specify the scope for this scan box, select VAN-EX1, verify that Health Check is selected,
and then click Start scanning to start the best practices scan process.


On the Scanning completed page, click View a report of this Best Practices scan. Verify that there
are no errors listed that may have caused this issue.

Lab Answer Key: Maintaining Microsoft Exchange Server 2010

Task 4: List the probable causes of the problem, and rank the possible solutions, if
multiple options exist

List the problems and possible solutions:


Possible solution

Disk errors are preventing access to the


Replace disks and restore from backup.

Database path is incorrect because of storage


Change storage or database configuration.

Task 5: Review the database configuration


On VAN-EX1, in Exchange Management Console, under Organization Configuration, click Mailbox.


In the Work pane, click the Database Management tab, and then right-click on MailboxDB100, and
select Properties.


Identify the database file location, by examining value of Database path on General tab. Click


Click Start, click All Programs, click Accessories, and then click Windows Explorer.


In the Navigation pane, expand Computer, expand Local Disk (C:), expand Program Files, expand
Microsoft, expand Exchange Server, expand V14, expand Mailbox. Verify that the MailboxDB100NewPath folder does not exist.


In the Navigation pane, click MailboxDB100 and locate the database files. This is the actual location
of the database files. The configuration is pointing to the wrong path.


Close Windows Explorer.

Task 6: Reconfigure and mount the database


On VAN-EX1, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Shell.


In the Exchange Management Shell, type the follow cmdlet, and then press Enter.
Move-DatabasePath MailboxDB100 LogFolderPath C:\Program Files\Microsoft\Exchange
Server\V14\Mailbox\MailboxDB100 EdbFilePath C:\Program Files\Microsoft\Exchange
Server\V14\Mailbox\MailboxDB100\MailboxDB100.edb ConfigurationOnly force


Type Y, and then press Enter.


In the Exchange Management Shell, type Mount-Database MailboxDB100, and then press Enter.


Close Exchange Management Shell.

Results: After this exercise, you should have used a troubleshooting technique to identify and fix a
Mailbox server problem.

Lab Answer Key: Maintaining Microsoft Exchange Server 2010

Exercise 3: Troubleshooting Client Access Servers

Before you begin this exercise, complete the following steps:

On VAN-EX1, open Exchange Management Shell. At the prompt, type d:\ Labfiles\Lab11Prep3.ps1,
and then press Enter.


Close the Exchange Management Shell.

Task 1: Verify the problem by attempting to reproduce the problem


On VAN-EX1, open Windows Internet Explorer, and connect to


Note the error displayed in the browser: HTTP Error 401.2 Unauthorized.

Task 2: Review the event logs


On VAN-EX1, click Start, click All Programs, click Administrative Tools, and then click Event


In Event Viewer, in the Navigation pane, expand Windows Logs, click Application, and then in the
Content pane, review recent events. There is nothing substantial to point to the problem.


In the Navigation pane, click System, and then in the Content pane, review recent events.


Close Event Viewer.

Task 3: Use the Test cmdlets to verify server health


On VAN-EX1, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Shell.


In the Exchange Management Shell, type Test-ServiceHealth, and then press Enter. Verify that the
output does not return any errors.


In the Exchange Management Shell, type

Test-OwaConnectivity URL -TrustAnySSLCertificate, and
then press Enter.


In the Windows PowerShell Credential Request dialog box, in the User name box, type
Adatum\Administrator, and in the Password box, type Pa$$w0rd, and then click OK.


Note the authentication errors.


Close Exchange Management Shell.

Lab Answer Key: Maintaining Microsoft Exchange Server 2010

Task 4: List the probable causes of the problem, and rank the possible solutions if
multiple options exist

List the problems and possible solutions:


Possible solution

Internet Information Server (IIS) Configuration is not

configured correctly.

Modify the IIS configuration.

Microsoft Outlook Web App authentication is not

configured correctly.

Modify Outlook Web App authentication


Task 5: Check the Outlook Web App configuration


On VAN-EX1, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Console.


In the Console Tree, expand Microsoft Exchange On-Premises, expand Server Configuration, and
then click Client Access.
Note During this task, click OK to dismiss any messages that indicate that VAN-EX2 is not


In the upper portion of the Work pane, click VAN-EX1, and then in the lower portion of the Work
pane, select the Outlook Web App tab. Right-click owa (Default Web Site), and then click


In the owa (Default Web Site) Properties dialog box, click the Authentication tab, select Use
forms-based authentication, and then click OK.


Review the Microsoft Exchange Warning, and then click OK.


Click Start, click All Programs, click Accessories, and then click Command Prompt.


At the command prompt, type iisreset, and then press Enter.

Note If you receive an error indicating that the service did not start, start the World Wide
Web Service in Services management console.


Close the command prompt.

Task 6: Verify that you resolved the problem


Open Internet Explorer, and connect to


Log on to Outlook Web App as Adatum\Administrator using the password Pa$$w0rd.


Confirm that Administrator can now access Outlook Web App, and then close Internet Explorer.

Results: After this exercise, you should have used a troubleshooting technique to identify and fix a Client
Access server problem.

Lab Answer Key: Maintaining Microsoft Exchange Server 2010

To prepare for the next module

When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:

On the host computer, start Hyper-VManager.


Right-click the virtual machine name in the Virtual Machines list, and then click Revert.


In the Revert Virtual Machine dialog box, click Revert.


In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.


To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it starts fully before
starting the other virtual machines.


Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.


Wait for VAN-EX1 to start, and then start VAN-EX2. Connect to the virtual machine.

You might also like