Professional Documents
Culture Documents
Pro Exchange Administration Understanding On Premises and Hybrid Exchange Deployments 3rd Edition Jaap Wesselius
Pro Exchange Administration Understanding On Premises and Hybrid Exchange Deployments 3rd Edition Jaap Wesselius
https://ebookmeta.com/product/pro-
exchange-2019-and-2016-administration-for-exchange-on-premises-
and-office-365-2nd-edition-michel-de-rooij/
https://ebookmeta.com/product/the-exchange-2nd-edition-john-
grisham/
https://ebookmeta.com/product/international-exchange-of-
information-in-tax-matters-towards-global-transparency-3rd-
edition-oberson/
https://ebookmeta.com/product/deploying-
sharepoint-2019-installing-configuring-and-optimizing-for-on-
premises-and-hybrid-scenarios-1st-edition-vlad-catrinescu/
Management of Foreign Exchange Risk 1st Edition Yew C.
Lum
https://ebookmeta.com/product/management-of-foreign-exchange-
risk-1st-edition-yew-c-lum/
https://ebookmeta.com/product/travel-art-and-collecting-in-south-
asia-vertiginous-exchange-1st-edition-natasha-eaton/
https://ebookmeta.com/product/art-mobility-and-exchange-in-early-
modern-tuscany-and-eurasia-1st-edition-francesco-freddolini/
https://ebookmeta.com/product/across-the-sahara-tracks-trade-and-
cross-cultural-exchange-in-libya-klaus-braun/
https://ebookmeta.com/product/ion-exchange-technology-advances-
in-pollution-control-arup-k-sengupta-editor/
Pro Exchange
Administration
Understanding On-premises and
Hybrid Exchange Deployments
—
Third Edition
—
Jaap Wesselius
Michel de Rooij
Pro Exchange
Administration
Understanding On-premises
and Hybrid Exchange
Deployments
Third Edition
Jaap Wesselius
Michel de Rooij
Pro Exchange Administration: Understanding On-premises and Hybrid
Exchange Deployments, Third Edition
Jaap Wesselius Michel de Rooij
MARKNESSE, Flevoland, The Netherlands VLEUTEN, Utrecht, The Netherlands
Introduction���������������������������������������������������������������������������������������xix
iii
Table of Contents
iv
Table of Contents
v
Table of Contents
vi
Table of Contents
vii
Table of Contents
viii
Table of Contents
ix
Table of Contents
Content Filtering�����������������������������������������������������������������������������������������������591
Anti-spam����������������������������������������������������������������������������������������������������592
Anti-phishing�����������������������������������������������������������������������������������������������598
Preset Security Policies������������������������������������������������������������������������������������605
Directory-Based Edge Blocking (DBEB)������������������������������������������������������������608
Summary����������������������������������������������������������������������������������������������������������609
Chapter 9: Authentication�����������������������������������������������������������������611
Hybrid Modern Authentication��������������������������������������������������������������������������613
Configuring an Enterprise Application���������������������������������������������������������628
Multifactor Authentication���������������������������������������������������������������������������������630
Conditional Access��������������������������������������������������������������������������������������������641
Client Access Rules�������������������������������������������������������������������������������������������648
SMTP AUTH�������������������������������������������������������������������������������������������������������651
Certificate Authentication���������������������������������������������������������������������������������659
Windows Extended Protection��������������������������������������������������������������������������664
PowerShell Serialization Payload Signing���������������������������������������������������������672
Summary����������������������������������������������������������������������������������������������������������675
x
Table of Contents
Split Permissions����������������������������������������������������������������������������������������������725
RBAC Split Permissions�������������������������������������������������������������������������������727
Active Directory Split Permissions��������������������������������������������������������������730
Summary����������������������������������������������������������������������������������������������������������732
xi
Table of Contents
xii
Table of Contents
Index�������������������������������������������������������������������������������������������������911
xiii
About the Authors
Jaap Wesselius is an independent consultant
based in the Netherlands. As a consultant,
Jaap has been working with Exchange Server
since Exchange 5.0 in 1997. After working
for Microsoft, he became an independent
consultant in 2006. For his work in the
(Exchange) community, primarily his blog
on jaapwesselius.com and presentations on
Microsoft events like TechEd and MEC, Jaap has received a Microsoft MVP
award in 2007, an award he still holds in 2023. The first MVP category was
Exchange Server, but over the years that has changed to Office Apps and
Services. Besides working with Exchange, Jaap also works with Office 365,
identity management, privacy, and security. Jaap is 56 years old and married,
has three grown sons, and likes to ride his motorcycle, when possible.
xv
About the Authors
xvi
About the Technical Reviewer
Vikas Sukhija has nearly two decades of IT
infrastructure experience. He is Microsoft
certified and has worked on various Microsoft
and related technologies.
He has been awarded seven times with the
Microsoft Most Valuable Professional title.
Vikas is a lifelong learner, always eager
to explore new technologies and expand
his knowledge. He keeps himself up to date with the latest trends and
developments in the field, ensuring that his reviews reflect the current
best practices and industry standards. His commitment to continuous
improvement and his passion for sharing knowledge make him an
invaluable resource for technical content creators and readers alike.
With a strong foundation in Microsoft technologies, Vikas has
continuously expanded his knowledge and skills throughout his career,
adapting to the ever-evolving landscape of cloud. His deep understanding
of the Microsoft ecosystem, including Windows Server, SQL Server,
Exchange Server, Active Directory, and other technologies, allows him to
provide comprehensive and insightful reviews of technical materials.
Vikas’s passion for automation and scripting led him to specialize
in PowerShell and Python, where he has honed his skills in developing
efficient and robust scripts for various administrative tasks. His expertise
in PowerShell/Python ranges from simple automation scripts to complex
solutions, empowering organizations to streamline their processes and
enhance productivity.
xvii
About the Technical Reviewer
http://TechWizard.cloud
http://SysCloudPro.com
www.facebook.com/TechWizard.cloud
xviii
Introduction
A book about Exchange 2019—that is not something one would expect to
be released, but after all these years, we are still amazed by the amount
of Exchange deployments on-premises. We must admit though that most
deployments are in a hybrid configuration, where mailboxes reside in
Exchange on-premises or in Exchange Online (EXO) or both.
At the same time, we see a lot of old versions of Exchange Server
on-premises, and these are all subject to upgrade anytime soon. Since
Exchange 2019 is the only version that is currently in Microsoft mainstream
support, this is also the version most customers migrate to.
This book is the third version of our Exchange on-premises book, but
we have removed most of the Exchange 2016 content since Exchange
2016 is no longer in mainstream support, so the book only focuses on
Exchange 2019. There is also a strong focus on hybrid scenarios, identity
management, and security. It has the following chapters:
xix
Introduction
xx
Introduction
xxi
Introduction
xxii
PART I
Infrastructure and
Exchange Server
CHAPTER 1
Exchange 2019
Introduction
Exchange Server 4.0 was introduced in 1996, more than 25 years ago! Now,
in 2023, Exchange Server is still around and still alive, despite the massive
migrations to Exchange Online.
I must admit though that for a hybrid configuration, you need at
least one Exchange server on-premises, but lots of customers still have
mailboxes in Exchange Server on-premises. There are also customers that
are legally not allowed to move their data to the cloud, and they must keep
Exchange servers on-premises.
For these customers Microsoft has released its Exchange Server
Roadmap, which you can find on https://bit.ly/ExchRoadmap. This
roadmap outlines that Exchange Server is still alive and that Microsoft is
still investing in Exchange Server.
At the time of writing, mid-2023, the only version of Exchange Server
in mainstream support is Exchange 2019. This means that Microsoft is only
developing new features and bug fixes for Exchange 2019. For Exchange
2016 there are no more developments going on, but Security Updates are
still released for Exchange 2016.
In October 2025, support for both Exchange 2016 and Exchange 2019
will end, and a new version of Exchange Server will be released, at this
moment with codename “Exchange vNext.” If you check the Exchange
Server roadmap on a regular basis, you’ll see upcoming changes for the
product, both Exchange 2019 and Exchange vNext.
Looking back over the years, three real major infrastructural changes
can be identified in Exchange Server:
4
Chapter 1 Exchange 2019 Introduction
5
Chapter 1 Exchange 2019 Introduction
Exchange Server 2013, 2016, and 2019 are very similar and to
some extent compatible. Over the years, there have not been major
infrastructural changes to the product, but more lots of improvements.
The first area of improvement is security with support for Windows
Server Core, TLS 1.2, and blockage of the Exchange Control Panel (ECP)
and Exchange Management Shell (EMS) externally.
Another area of improvement is performance and reliability.
Performance improvement in Exchange Server 2019 is achieved by
modern hardware support (Exchange Server 2019 now supports up to
256 GB memory!), a new search engine (which also improves failover
times), and the MetaCache database (MCDB), a combination of large
JBODs and SSDs.
There are also several client improvements, such as the “Do not
forward” option in meeting invites, improved out-of-office support, and
the option to remove calendar events (using PowerShell), possibly the
most requested feature.
From a security perspective, Microsoft introduced new features, like
Modern Authentication (CU13), the Exchange Emergency Mitigation
Service (EEMS, CU11), or the Windows Antimalware Scan Interface
(AMSI, CU10).
Of course, there are differences between Exchange Server 2013,
2016, and 2019, especially when it comes to features. But these versions
also work together quite well. For example, it is possible to create a
load-balanced array for Exchange servers with all three versions in this
array. It does not matter on which Exchange server a client connection
is terminated; the request is automatically proxied to the correct
Mailbox server. This is extremely useful when upgrading your Exchange
environment from Exchange 2013 or Exchange 2016 to Exchange
Server 2019.
There is one major difference between Exchange Server 2013 on one
hand and Exchange Server 2016 and 2019 on the other hand. Exchange
Server 2013 does have two server roles, the Client Access server role and
6
Chapter 1 Exchange 2019 Introduction
the Mailbox server role. In Exchange Server 2016 and up, these two roles
are combined, and only the Mailbox server role is available. The different
components are still there, but only available in one server role. The Edge
Transport server role is still available in Exchange 2019.
Exchange Server 2019 is targeted toward large enterprise customers.
Smaller customers can still use Exchange Server 2019 or move to Exchange
Online, not surprisingly the Microsoft recommended approach. Exchange
Online contains the latest and greatest features, Exchange Server 2019
is the rock-solid solution for enterprise customers that need a solid on-
premises mail environment.
7
Chapter 1 Exchange 2019 Introduction
This is not a complete list of all available features for the different
CALs. For a complete overview, visit the Microsoft licensing page at
https://bit.ly/X2019Licensing.
8
Chapter 1 Exchange 2019 Introduction
9
Chapter 1 Exchange 2019 Introduction
10
Chapter 1 Exchange 2019 Introduction
11
Chapter 1 Exchange 2019 Introduction
Of course, there are more new features in Exchange 2019, but these are
the most important and interesting ones.
12
Chapter 1 Exchange 2019 Introduction
13
Chapter 1 Exchange 2019 Introduction
14
Chapter 1 Exchange 2019 Introduction
15
Chapter 1 Exchange 2019 Introduction
16
Chapter 1 Exchange 2019 Introduction
The best tool for viewing the three Active Directory partitions is the
ADSI Edit MMC (Microsoft Management Console) snap-in, which is
shown in Figure 1-1.
17
Chapter 1 Exchange 2019 Introduction
18
Chapter 1 Exchange 2019 Introduction
The Active Directory Sites and Services (ADSS) MMC snap-in reads
and writes information from the configuration partition. All changes made
here are visible to all domains in the forest; the same is true for the Active
Directory Domains and Trusts MMC snap-in.
A very powerful tool regarding Active Directory is the Schema MMC
snap-in, which is usually run on the Domain Controller that holds the
schema master role. Using the Schema MMC snap-in, it is possible to
make changes to the Active Directory schema partition.
Domain Controllers also have tools like LDIFDE and CSVDE installed
as part of the AD management tools. These are command-line tools that
can be used to import and export objects into or out of Active Directory.
LDIFDE can also be used to make changes to the Active Directory
schema, and the Exchange 2019 setup application uses the LDIFDE tool
to configure Active Directory for use with Exchange 2019. These tools are
beyond the scope of this book.
When promoting a server to a Domain Controller or when installing
the Remote Server Administration Tools (RSAT) for Active Directory
Directory Services (ADDS), the PowerShell Active Directory module is
installed as well. This module enables Active Directory functionality
in PowerShell, making it possible to manage Active Directory using
PowerShell cmdlets.
19
Chapter 1 Exchange 2019 Introduction
20
Chapter 1 Exchange 2019 Introduction
21
Chapter 1 Exchange 2019 Introduction
22
Chapter 1 Exchange 2019 Introduction
23
Chapter 1 Exchange 2019 Introduction
24
Another random document with
no related content on Scribd:
CHAPTER XIII
THE GREAT TARNOV CRYSTAL