www.microsoft.com/exchange/library
Author: Exchange Documentation Team
What's New in
Exchange Server 2003
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in
this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not
give you any license to these patents, trademarks, copyrights, or other intellectual property.
Microsoft, Active Directory, ActiveSync, ActiveX, FrontPage, Outlook, Windows, Windows Server, and Windows NT are either
registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Chapter 1.....................................................................................3
Overview of Exchange 2003......................................................3
Exchange 2003 Test Environments........................................ ....................3
Operating Systems.............................................................................. .4
Coexistence and Upgrade from Previous Versions................................4
What Features Have Been Removed................................................. .........5
Connectors for Lotus cc:Mail and MS Mail............................................5
Real-Time Collaboration Features.......................................... ...............5
M: Drive................................................................... ............................6
Key Management Service................................................................ .....6
Chapter 2.....................................................................................7
Client Features..........................................................................7
Outlook Improvements...................................................... ........................7
Cached Exchange Mode and Synchronization Improvements .............7
Outlook Performance Monitoring............................................... .........10
RPC over HTTP.......................................................... .........................10
Outlook Web Access Improvements................................................ .........19
Outlook Web Access Versions ...................................................... ......19
Logon and Logoff Improvements............................................... .........29
New User Interface........................................................................... ..32
Support for Rules.................................................. .............................41
Spelling Checker...................................................... ..........................42
Tasks............................................................................... ...................44
Message Signatures......................................................... ..................46
Viewing User Properties........................................... ..........................47
Easier Removal of Recipients....................................... ......................48
Adding a Sender or Recipient to Contacts .........................................48
Selecting a Default Font......................................................... ............49
Reply Header and Body Not Indented................................................49
ii What's New in Exchange Server 2003
Web Beacon Blocking ............................................................... .........49
Blocking Attachments ............................................... ........................50
Junk E-mail Filtering.............................................. .............................51
Sensitivity and Reply/Forward InfoBars..............................................51
Item Window Size........................................................................... ....51
Meeting Requests.............................................................................. .52
Composing Messages to Recipients From the Address Book..............52
Improved Performance............................................................ ...........53
Outlook Web Access Compression..................................................... .53
S/MIME Support......................................................................... .........54
Mobile Services for Exchange.............................................. ....................66
Exchange ActiveSync......................................................... ................67
Outlook Mobile Access .......................................... ............................69
Chapter 3...................................................................................74
Administration Features..........................................................74
New Mail-Enabled Objects for Managing Recipients.................................75
InetOrgPerson............................................................. .......................75
Query-Based Distribution Groups..................................... ..................77
Improved Ability to Restrict Submissions to Users and Distribution Lists
(Restricted Distribution Lists).................................................................. .88
Enhanced Exchange Features on User Properties ...................................90
Moving Mailboxes in Exchange System Manager.....................................92
Enhancements to Queue Viewer.................................................... ..........93
Disabling Outbound Mail................................................ ....................95
Setting the Queue Viewer Refresh Rate ............................................96
Finding Messages.................................................................. .............96
Viewing Additional Information About a Queue..................................98
Viewing Previously Hidden Queues ...................................................99
Improved Public Folder Referral.......................................... ...................101
Improved Public Folder Interfaces.................................................. ........102
Manually Starting Replication ...................................... .........................104
Microsoft Exchange Public Folder Migration Tool....................................105
Mailbox Recovery Center.................................................... ...................106
Improved Message Tracking ................................................................ ..110
Enhanced Control of Message Tracking Logs in Exchange System
Manager................................................................................... ........110
Enhanced Message Tracking Capabilities.........................................111
Including Bcc Recipients in Archived Messages.....................................112
Step 1: Enabling Archiving on a Mailbox Store.................................113
Table of Contents iii
Step 2: Setting the Registry Key .................................................... ..113
Step 3: Restarting Services........................................... ...................114
Chapter 4.................................................................................115
Performance and Scalability Features...................................115
Improved Distribution List Membership Caching............................... .....115
Suppressing Out of Office Messages to Distribution List Members......... 116
Enhanced DNS-Based Internet Mail Delivery....................................... ...116
Improved Outlook Synchronization Performance ..................................117
Improved Outlook Web Access Performance................................ ..........118
Monitoring Outlook Client Performance.................................................118
Link State Improvements.............................................................. .........120
Virtual Address Space Improvements ...................................................120
Changing the MTA File Directory Location Using System Manager.........122
Changing the SMTP Mailroot Directory Location Using System Manager
........................................................................................... ...................122
Tuning Exchange 2003 ..................................................................... .....123
Removing Exchange 2000 Tuning Parameters................................ ..123
Chapter 5.................................................................................127
Reliability and Clustering Features........................................127
Reliability Features................................................... .............................127
Improved Virtual Memory Management...........................................128
Mailbox Recovery Center.................................. ...............................129
Recovery Storage Group.......................................... ........................130
Improved Error Reporting...................................................... ...........130
Clustering Features......................................................................... .......133
Support For Up to Eight-Node Clusters................................... ..........135
Support for Volume Mount Points ................................... .................136
Improved Failover time..................................... ...............................136
Security Improvements..................................................... ...............137
Checking Clustering Prerequisites....................................... .............140
Exchange 2003 Cluster Requirements................................. ..................140
Exchange Server 2003 Setup Requirements....................................140
Upgrading an Exchange 2000 Cluster and Exchange Virtual Server to
Exchange 2003 ......................................................................... ............141
Chapter 6.................................................................................143
Transport and Message Flow Features...................................143
Link State Improvements.............................................................. .........144
Improved Link State Availability ....................................... ...............145
iv What's New in Exchange Server 2003
Link State Improvements for Oscillating Connections......................145
Configuring Cross-Forest SMTP Mail Collaboration.................................145
Enabling Cross-Forest Authentication......................................... ......147
Enabling Cross-Forest Collaboration by Resolving Anonymous Mail. 151
Internet Mail Wizard......................................................................... ......157
Configuring an Exchange Server to Send Internet Mail....................158
Configuring an Exchange Server to Receive Internet Mail................168
Configuring an Exchange Server to Send and Receive Internet Mail 177
Configuring a Dual-Homed Exchange Server for Internet Mail.........190
DSN Diagnostic Logging and DSN Codes...............................................204
Configuring DSN Diagnostic Logging......................................... .......205
DSN Codes Available in Exchange Server 2003................................206
Moving the X.400 (MTA) and SMTP Queue Directory Locations..............208
Connection Filtering.................................................................... ...........210
How Connection-Filtering Rules Work................................. ..............211
How Block List Providers Match Offending IP Addresses...................211
Understanding Block List Provider Response Codes.........................212
Specifying Exceptions to the Connection Filter Rule.........................213
Enabling Connection Filtering...................................................... .....214
Inbound Recipient Filtering............................................ ........................222
Enabling Recipient Filtering................................................... ...........222
Understanding How Enabled Filters Are Applied ...................................225
Improved Ability to Restrict Submissions to an SMTP Virtual Server......228
Improved Ability to Restrict Relaying on an SMTP Virtual Server...........229
Chapter 7.................................................................................231
Storage Features...................................................................231
Shadow Copy Backup .............................................. .............................231
Using Shadow Copy Backup............................................ .................232
Recovery Storage Group.......................................... ........................232
Microsoft Exchange Mailbox Merge Wizard............................................237
Improved Public Folder Store Replication..................................... ..........237
Improved Virus Scanning API ............................................. ...................238
Chapter 8.................................................................................239
Development Features..........................................................239
New Development Technologies...................................... ......................239
Managed Wrappers for SMTP and Transport Sinks............................241
Supported Development Technologies............................................ .......241
Data Access Methods........................................................ ...............241
Table of Contents v
Events and Notifications................................... ...............................242
Application Technologies.................................................... ..............242
Monitoring................................................................................ ........242
Specialized Programs........................................................ ...............242
Developing .NET Applications for Exchange Server 2003......................243
Active Directory Classes and Attributes.................................. ...............243
Deprecated Exchange Development Technologies................................. 243
Deprecated MAPI Technologies......................................... .....................244
Chapter 9.................................................................................245
Deployment Features............................................................245
New Exchange 2003 Deployment Features........................................... .245
Exchange Server Deployment Tools.................................................246
ADC Tools........................................................................ .................246
Microsoft Exchange Public Folder Migration Tool..............................247
Exchange Server 2003 Setup Improvements...................................248
Installing Exchange System Management Tools Only.......................250
Windows Server 2003 Benefits ....................................................... .251
Prerequisites.............................................................................. ............252
Hardware Requirements.............................................................. .....252
File Format Requirements................................................................. 252
Operating System Requirements.....................................................252
Upgrading Front-End Servers................................ ...........................255
Upgrading Active Directory Connector.............................................256
Removing Mobile Information Server Components...........................256
Required Components for Mobility Support......................................257
Removing Instant Messaging, Chat, ccMail, MSMail, and Key
Management Service Components................................................. ..257
Third-Party Software....................................................................... ..257
Installing Exchange 2003 or Upgrading from Exchange 2000................258
Upgrading from Exchange 5.5 to Exchange 2003 .................................258
Appendix
..............................................................................................260
Appendix.................................................................................261
Exchange 2003 Schema Changes.........................................261
Introduction
This document provides important information about using Microsoft® Exchange Server 2003.
The purpose of this document is to outline the new features in Exchange Server 2003 and provide
the basic information necessary to begin using these new features. This is not a comprehensive
document about Exchange, but a guide for getting started with testing and running
Exchange 2003.
This document supplements the release notes document (releasenotes.htm), and should be read
only after reviewing the release notes. The release notes contain critical information about known
issues with Exchange 2003.
This document is designed to benefit Exchange administrators who will be testing and deploying
Exchange 2003. Furthermore, this document assumes that you have an excellent working
knowledge of Exchange 2000 Server. It is structured based on Exchange components;
specifically, each chapter explains what the new component features are and how to begin using
them.
Provide feedback about this document to exchdocs@microsoft.com.
Updated Chapters
The following chapters are updated:
• Chapter 2 "Client Features." Added clarifications to "Steps to Enable RPC over HTTP"
section. Added information about non-SSL configurations, as well as clarifications to the
"Configuring the RPC Proxy Server to Use Specified Ports" Section.
• Chapter 3, "Administration Features." Updated description of the failed message retry queue.
2 What's New in Exchange Server 2003
• Chapter 4, "Performance and Scalability Features" Updated the "Log Buffers" and "Max
Open Tables" sections. This information clarifies that edits are done using ADSI edit, and
specifies the location of the object to be modified.
• Chapter 5, "Reliability and Clustering Features." Updated the "Exchange 2003 Cluster
Requirements" and "Exchange 2003 Setup Requirements" sections. This information
includes references to more in-depth resources and steps to upgrade an Exchange 2000
cluster and Exchange Virtual Server to Exchange 2003.
• Chapter 7, "Storage Features." Updated the procedure "To restore a mailbox store to the
Recovery Storage Group."
• Chapter 9, "Deployment Features." Expanded the "Exchange Server Deployment Tools"
section. Updated location of the Public Folder Migration Tool. Consolidated the sections
"Windows Server 2003" and "Upgrading Windows 2000 Server to Windows Server 2003"
into a new section "Upgrading the Operating Systems."
C H A P T E R 1
Microsoft® Exchange Server 2003 builds on the Microsoft Exchange 2000 Server code base,
providing many new features and improvements in areas such as reliability, manageability, and
security.
Exchange Server 2003 is the first Exchange release designed to work with Microsoft Windows
Server™ 2003. Running Exchange 2003 on Windows Server 2003 provides several benefits, such
as improved memory allocation, reduced Microsoft Active Directory® directory service
replication traffic, and rollback of Active Directory changes. Running Exchange 2003 on
Windows Server 2003 also allows you to take advantage of new features, such as the Volume
Shadow Copy service and cross-forest Kerberos authentication. Exchange 2003 also runs on
Microsoft Windows® 2000 Server Service Pack 3 (SP3) or later.
Exchange 2003 works with Microsoft Office Outlook® 2003 to provide a range of improvements,
such as cached mode synchronization, client-side performance monitoring, and support for RPC
over HTTP (which allows users to connect directly to their Exchange server over the Internet
without needing to establish a virtual private network (VPN) tunnel).
When combined with Windows Server 2003 and Outlook 2003, Exchange 2003 provides a
robust, feature-rich end-to-end messaging system that is both scalable and manageable.
Operating Systems
Exchange 2003 runs on Windows Server 2003 and Windows 2000 Server SP3 or later.
Exchange 2003 has been optimized to run on Windows Server 2003; in fact, several
Exchange 2003 features require Windows Server 2003 functionality.
Exchange 2003 is supported in all Active Directory forest environments: native Windows 2000,
native Windows Server 2003, or mixed Windows 2000 and Windows Server 2003 forests. When
running in an environment with Windows 2000 domain controllers and global catalog servers,
the domain controllers and global catalog servers that Exchange 2003 uses must all be running
Windows 2000 SP3 or later. This requirement affects both Exchange 2003 servers and the
Exchange 2003 version of Active Directory Connector (ADC). ADC does not work with domain
controllers or global catalog servers that are running a version of Windows 2000 earlier than SP3.
Note
Although Exchange 2000 SP2 and later is supported in an environment with Windows
Server 2003 domain controllers and global catalog servers, Exchange 2003 is the
first version of Exchange that is supported when running on Windows Server 2003.
Exchange 2000 is not supported on Windows Server 2003.
M: Drive
The Exchange store (which uses the \\.\BackOfficeStorage\ namespace) has traditionally been
mapped to the M: drive on an Exchange server. M: drive mapping provided file system access to
the Exchange store. The M: drive is disabled, by default, in Exchange 2003. You can still use the
file system to interact with the Exchange store, but you must enter the path directly using the
\\.\BackOfficeStorage\ namespace. For example, to view the contents of the mailbox store on an
Exchange server in the mail.adatum.com domain, you would type the following at a command
prompt:
dir \\.\BackOfficeStorage\mail.adatum.com\mbx
The reason for removing the M: drive mapping is because, in some cases, the mailbox store
would become corrupted from file system operations, such as running a file-level virus scanner
on the M: drive or running file backup software on the drive. For Exchange 2000, you should
consider disabling the M: drive-mapping feature. For information about how to disable this
feature, see Microsoft Knowledge Base article 305145, "HOW TO: Remove the IFS Mapping for
Drive M in Exchange 2000 Server" (http://support.microsoft.com/?kbid=305145).
Client Features
This chapter focuses on the new client features for accessing Microsoft® Exchange Server 2003.
In addition to taking advantage of new Microsoft Office Outlook® 2003 features, Exchange 2003
includes an improved Microsoft Outlook Web Access client, as well as new built-in mobile
device support.
Outlook Improvements
Outlook 2003, in conjunction with Exchange 2003, offers many enhancements. This section
discusses these enhancements, including Outlook 2003 improvements and new features.
6. On the Exchange Server Settings page, select the Use local copy of Mailbox check box
(Figure 2.1).
Figure 2.1 The Exchange Server Settings page in the E-mail Accounts
wizard
7. Click Next, and then click Finish to save the changes to your local profile.
Kerberos Authentication
Exchange 2003 and Outlook 2003 can now use Kerberos authentication to authenticate users to
Exchange 2003 servers. If your network uses Microsoft Windows Server™ 2003 domain
controllers, your users can authenticate cross-forest to the domain controllers in trusted forests,
thereby allowing user accounts and Exchange servers to exist in different forests.
Exchange 2003 uses Kerberos delegation when sending user credentials between an Exchange
front-end server and Exchange back-end servers. In previous versions of Exchange, when users
used applications such as Outlook Web Access, Exchange used Basic authentication to send the
user's credentials between an Exchange front-end server and Exchange back-end servers. As a
result, companies had to use a security mechanism such as IPSec to encrypt the information.
10 What's New in Exchange Server 2003
• Option 2 Position the Exchange 2003 front-end server acting as an RPC Proxy server in
the perimeter network.
For more information about the two options for deploying RPC over HTTP, see Chapter 4 in the
book Planning an Exchange 2003 Messaging System
(http://www.microsoft.com/exchange/library).
Chapter 2: Client Features 11
Option 1: Using ISA Server in the Perimeter Network and Positioning
the RPC Proxy Server in the Corporate Network
This is the recommended option. By using ISA Server in the perimeter network to route RPC
over HTTP requests and positioning the Exchange front-end server in the corporate network, you
only need to open port 80 or port 443 on the internal firewall for Outlook 2003 clients to
communicate with Exchange. Figure 2.2 illustrates this deployment scenario.
Figure 2.2 Deploying RPC over HTTP using ISA Server as a reverse proxy
server in the perimeter network
When located in the perimeter network, the ISA server is responsible for routing RPC over HTTP
requests to the Exchange front-end server acting as an RPC Proxy server. In this scenario, the
RPC Proxy server uses specified ports to communicate with other servers that use RPC over
HTTP.
Figure 2.3 Deploying RPC over HTTP on the Exchange front-end server in the
perimeter network
For information about how to configure RPC over HTTP deployment options 1 and 2, see
"Deploying RPC over HTTP" later in this chapter. Again, in this scenario, the RPC Proxy server
uses specified ports to communicate with other servers that use RPC over HTTP.
• All Exchange 2003 servers that will be accessed with Outlook 2003 clients using RPC over
HTTP.
• The Exchange 2003 front-end server acting as the RPC Proxy server.
• The global catalog server used by Outlook 2003 clients and the Exchange 2003 servers
configured to use RPC over HTTP.
Exchange 2003 must be installed on all Exchange servers that are used by the computer
designated as the RPC proxy server. Additionally, all client computers running Outlook 2003
must also be running Microsoft Windows XP Service Pack 1 (SP1) or later with the "Windows
XP Patch: RPC Updates Needed for Exchange Server 2003 Beta"
(http://go.microsoft.com/fwlink/?LinkId=16687) update installed.
3. In RPC Properties, on the Directory Security tab, in the Authentication and access
control pane, click Edit.
Note
RPC over HTTP does not allow anonymous access.
4. Under Authenticated access, select the check box next to Basic authentication (password
is sent in clear text), and then click OK.
5. To save your settings, click Apply, and then click OK.
Your RPC virtual directory is now set to use Basic authentication.
If you plan to use SSL, skip the following procedure For non-SSL configurations, however, the
RPC proxy server must be configured to allow non-SSL sessions to be forwarded. The non-SSL
sessions are able to be forwarded by adding a specific registry value to the server.
Warning
Incorrectly editing the registry can cause serious problems that may require you to
reinstall your operating system. Problems resulting from editing the registry
incorrectly may not be able to be resolved. Before editing the registry, back up any
valuable data.
3. In the details pane, right-click and add a new DWORD Value named AllowAnonymous,
and then right-click it and choose Modify.
4. In Edit DWORD Value, in the Value data box, enter 1.
The RPC proxy server is now configured to allow requests to be forwarded without the
requirement to first establish an SSL-encrypted session. The setting to enforce authenticated
requests is still controlled in the Authentication and access control settings.
For more information about configuring computers to use RPC over HTTP, see the MSDN®
topic "Configuring Computers for RPC over HTTP"
(http://go.microsoft.com/fwlink/?LinkId=19313).
To configure the RPC Proxy server to use the specified default ports for RPC
over HTTP
The following ports are the required ports for RPC over HTTP.
3. In the details pane, right-click the ValidPorts subkey, and then click Modify (Figure 2.4).
In the registry key, continue to list all servers in the corporate network with which the RPC
Proxy server will need to communicate.
Important
To communicate with the RPC Proxy server, all servers accessed by the Outlook
client must have set ports. If a server, such as an Exchange public folder server,
has not been configured to use the specified ports for RPC over HTTP
communication, the client will not be able to access the server.
To configure the global catalog servers to use specific ports for RPC over
HTTP
1. On the global catalog server, start Registry Editor (regedit).
2. Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\NTDS\Parameters
3. From the Edit menu, point to New, and then click Multi-String value.
4. In the details pane, create a multi-string value with the name NSPI interface protocol
sequences.
5. Right-click the NSPI interface protocol sequences multi-string value, and then click
Modify.
6. In Edit String, in the Value data box, type ncacn_http:6004
7. Restart the global catalog server.
Logon/Logoff Improvements
Logon page New customized form for Yes, with choice of Yes, but only
logging on to Outlook Web using Outlook Web allows use of
Access—includes cookie- Access Basic. Outlook Web
based validation where the Access Basic.
Outlook Web Access cookie
is invalid after user logs out
or is inactive for predefined
amount time.
20 What's New in Exchange Server 2003
User interface updates New color scheme, Yes, plus new View Yes, but only
reorganized toolbars. menu, default user one color
interface font, and scheme is
bidirectional available.
support.
Item window status A status bar is now available Yes No. Items do
bar on item windows so a user not open in a
can see URL of hyperlinks in separate
e-mail messages. To view the window,
URL, move the pointer over however the
the hyperlink. status bar is still
available.
Chapter 2: Client Features 21
View Improvements
Navigation Improvements
Global Address List Property sheets now display Yes. Available in Yes; only
Properties sheets name, address, and phone received items, draft available in
information for resolved items, Check received items
Global Address List (GAL) Names dialog box, and draft items.
users. and Find Names
dialog box.
Send mail from Find Users can send new messages Yes No
Names to addresses found in the
Find Names dialog box when
it is opened from an e-mail
view.
Open Find Names Users can open Find Names Already available in Yes
from message from a message and use it to previous versions of
add new recipients to a draft Outlook.
message; also used to add
recipients to a contact
distribution list.
Auto signature Users can create a signature Yes, HTML-based Yes, plain text
that is automatically included formatting; also on- formatting; no
in e-mail messages. demand insertion. on-demand
insertion.
Read receipts Users can use or ignore read- Yes. Users can also Yes. Users are
receipt requests. send receipts even not able to l
when the option is send receipts
set to ignore when option is
requests. set to ignore
requests.
No indenting replies The reply header and reply Yes Yes. Outlook
body are no longer indented. Web Access
Basic never
indented.
Rules Improvements
Task Improvements
Personal tasks Users can create and manage Yes Yes, but no
personal tasks and receive reminders.
reminders for these items.
Calendar Improvements
Performance Improvements
Bytes over the wire Fewer bytes sent over the Yes Yes
wire from server to browser.
Additionally, when data is
sent from the server to
browser during initial logon
has been reorganized to speed
up rendering the Inbox.
Compression support Administrators can configure Yes, when accessed Depends on the
compression support for with Internet browser.
Outlook Web Access and Explorer 6 SP1 +
provide a performance Q328970 or later.
improvement of nearly 50
percent for most actions on
slow network connections.
If you upgrade an Exchange 2000 server that was modified to use a browser's language setting,
Exchange 2003 will continue to function in the same manner. Table 2.3 lists the language groups
and respective character sets.
Table 2.3 Outlook Web Access language group and character sets
Baltic iso-8859-4
Cyrillic koi8-r
Greek iso-8859-7
Hebrew windows-1255
Japanese iso-2022-jp
Korean ks_c_5601-
1987
Thai windows-874
Turkish iso-8859-9
Vietnamese windows-1258
If you expect Outlook Web Access users in your organization to send mail frequently, you can
modify registry settings so that users who are running Internet Explorer 5 or later can use UTF-8
encoded UNICODE characters to send mail.
Warning
Incorrectly editing the registry can cause serious problems that may require you to
reinstall your operating system. Problems resulting from editing the registry
incorrectly may not be able to be resolved. Before editing the registry, back up any
valuable data.
28 What's New in Exchange Server 2003
Browser Support
Outlook Web Access Basic supports any browser that is fully compliant with the HTML 3.2 and
European Computer Manufacturers Association (ECMA) script standards. However, because
some browsers are not fully compliant with these standards, it is recommended that you use
Internet Explorer 5.01 or later, or Netscape Navigator 4.7 or later. These browsers have been
tested with Outlook Web Access.
In addition, Outlook Web Access has been optimized for screen resolutions of 800x600.
Using Pocket Outlook with Microsoft Exchange Server ActiveSync® and/or Outlook Mobile
Access is recommended for devices with a small screen size, such as the Pocket PC 2002 device.
Using Outlook Mobile Access is recommended for hand-held mobile devices with limited screen
sizes. For more information about Outlook Mobile Access and built-in mobile device support for
Exchange, see "Mobile Services for Exchange" later in this chapter.
Chapter 2: Client Features 29
Warning
Incorrectly editing the registry can cause serious problems that may require you to
reinstall your operating system. Problems resulting from editing the registry
incorrectly may not be able to be resolved. Before editing the registry, back up any
valuable data.
To set the Outlook Web Access Forms Based Authentication public cookie
timeout value
1. Start Registry Editor (regedit).
2. Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\MSExchangeWeb\OWA
3. From the Edit menu, point to New, and then click DWORD Value.
4. In the details pane, name the new value PublicClientTimeout.
5. Right-click the PublicClientTimeout Dword value, and then click Modify.
6. In Edit DWORD Value, under Base, click Decimal.
7. In the Value Data box, type a value (in minutes) between 1 and 432000.
8. Click OK.
To set the Outlook Web Access Forms Based Authentication trusted
computer cookie timeout value
1. Start Registry Editor (regedit).
2. Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\MSExchangeWeb\OWA
3. From the Edit menu, point to New, and then click DWORD Value.
4. In the details pane, name the new value TrustedClientTimeout
5. Right-click the TrustedClientTimeout Dword value, and then click Modify.
6. In Edit DWORD Value, under Base, click Decimal.
7. In the Value Data box, type a value (in minutes) between 1 and 432000.
8. Click OK.
Figure 2.6 New Outlook Web Access interface (Outlook Web Access
Premium)
Chapter 2: Client Features 33
Reading Pane
The improved Reading Pane (previously called the Preview Pane in Outlook) displays the e-mail
message in the right pane. Essentially, the Reading Pane enhances readability and provides the
user with more information on the page.
Users can easily switch to the classic bottom Reading Pane or turn the pane off entirely. Reading
Pane options are accessed on the Toolbar by clicking the Show/Hide Reading Pane button.
Note
The Reading Pane is not available with Outlook Web Access Basic.
34 What's New in Exchange Server 2003
• From
• Subject
• Received
• Importance
• Attachments
Message Flagging
In Outlook Web Access, you can now flag messages for follow-up. The new flag column appears
to the right of the message list and allows users to flag a message, mark a flag as complete, or
clear a flag. Six flag colors are supported (Figure 2.9).
Shortcut Menus
Shortcut menus are now available in Outlook Web Access. You can right-click on messages,
folders, and other objects to display shortcut menus from which you can select relevant
commands (Figure 2.10).
Note
This feature is not available with Outlook Web Access Basic.
• Open
• Reply
• Reply to all
• Forward
• Follow Up
• Flag Complete
• Clear Flag
• Mark as Unread
• Create Rule
• Delete
• Move/Copy to Folder
• Update Folder
• Open
• Open in New
• Move/Copy
• Delete
• Rename
• New Folder
Notifications
If you configured Outlook Web Access to notify you of new e-mail or reminders, the Navigation
Pane now notifies you when new items arrive in your Inbox or active reminders are waiting to be
dismissed or set to snooze. To configure notifications, click Options, and then select the
appropriate options under Messaging Options and Reminder Options.
Note
This feature is not available with Outlook Web Access Basic.
Public Folders
Public folders are now displayed in their own window. In the Navigation Pane, click Public
Folders to launch a new browser window that contains only public folders.
Note
This feature is not available with Outlook Web Access Basic.
Log Off
The Log Off feature has been moved from the Navigation Pane. It is now located on the right
side of the toolbar.
Keyboard Shortcuts
Outlook Web Access now supports more keyboard shortcuts. Table 2.4 lists the supported
shortcuts.
Note
This feature is not available with Outlook Web Access Basic.
Inbox View
Check spelling F7
Tasks View
Right-to-Left Layout
Outlook Web Access now supports right-to-left layouts in the Arabic and Hebrew versions of the
client. Note that the only Internet Explorer 6 and later supports both Arabic and Hebrew.
Note
This feature is not available with Outlook Web Access Basic.
Spelling Checker
Outlook Web Access now includes a spelling checker. The spelling checker is built into
Exchange 2003, so users do not need to run any client-side code or download additional
software.
The spelling checker feature is available whenever users compose a message. The following
languages are supported for Exchange 2003:
• English (Australia)
• English (Canada)
• English (United Kingdom)
• English (United States)
• French
• German (post-reform)
• German (pre-reform)
Chapter 2: Client Features 43
• Italian
• Korean
• Spanish
Users select the language for the spelling checker to use. When spelling checker is first run, users
are prompted to select the preferred language. The language can also be configured at any time.
Note
This feature is not available with Outlook Web Access Basic.
Tasks
The version of Outlook Web Access that shipped with Exchange 2000 did not support tasks.
Although you could view existing tasks, they were displayed as e-mail messages and could not
be edited. In Exchange 2003, Outlook Web Access now supports tasks (Figure 2.13). You can
create and manage new tasks or manage tasks that have already been created in Outlook.
Chapter 2: Client Features 45
Message Signatures
With Outlook Web Access for Exchange Server 2003, you can create a personal signature that
can be added to outgoing messages automatically or inserted into individual messages manually.
To customize your signature, you can modify the font color, style, and alignment.
Note
You can only have text for signatures in Outlook Web Access Basic.
• First Name
• Initials
• Last Name
• Display Name
• Alias
• Address
• City
• State
• Postal Code
• Country/Region
• Title
• Company
• Department
• Office
• Phone
• Mobile Phone
• Whether the user has a valid Digital ID for receiving encrypted messages (available when
S/MIME is installed)
Simple SMTP addresses or addresses from the Contacts folder still display the same information
(display name and SMTP address) that was available in previous versions of Outlook Web
Access.
48 What's New in Exchange Server 2003
To help protect your privacy, links to images, sounds, or other external content in
this message have been blocked. Click here to unblock content.
50 What's New in Exchange Server 2003
If users know that message is legitimate, they can click Click here to unblock content. Users
can delete a message without triggering beacons that alert a sender of junk mail to send more
junk mail.
To disable this option, on the Options page, under Privacy and Junk E-mail Prevention, clear
the Block external content in HTML e-mail messages check box.
Blocking Attachments
Outlook Web Access now provides the following attachment-blocking features:
Blocking Outlook Web Access users from accessing certain file type
attachments
This feature is particularly useful in stopping Outlook Web Access users from opening
attachments at public Internet terminals, which could potentially compromise corporate
security. Furthermore, to allow Outlook Web Access users who are working in their offices
or connected to the corporate network from home to open and read attachments,
administrators can allow full intranet access to attachments.
If an attachment is blocked, a warning message indicating that the user cannot open the
attachment appears in the InfoBar of the e-mail message.
By default, blocking certain file types attachments is enabled on all new Exchange 2003
installations.
Blocking Outlook Web Access users from sending or receiving attachments
with specific file extensions that could contain viruses.
This feature matches attachment-blocking functionality in Outlook. For received messages, a
warning message indicating that an attachment is blocked appears in the InfoBar of the e-
mail message. For sent messages, Outlook Web Access does not allow users to upload any
files with extensions that appear on the block list.
Warning
Incorrectly editing the registry can cause serious problems that may require you to
reinstall your operating system. Problems resulting from editing the registry
incorrectly may not be able to be resolved. Before editing the registry, back up any
valuable data.
3. From the Edit menu, point to New, and then click DWORD Value.
4. In the details pane, name the new value DisableAttachments.
5. Right-click DisableAttachments, and then click Modify.
Chapter 2: Client Features 51
6. In Edit DWORD Value, under Base, click Decimal.
7. In the Value data box, type one of the following numbers:
• Enter the value 0 if you want to allow all attachments.
• Enter the value 1 if you want to disallow all attachments.
• Enter the value 2 if you want to allow attachments from only back-end servers.
8. Click OK.
Meeting Requests
Outlook Web Access includes several new meeting request features.
Setting Reminders
You can now set reminders on meeting requests you have received. With a meeting request open,
select the Reminder check box, select the length of time from the Reminder list, and then click
Save and Close.
Note
This feature is not available with Outlook Web Access Basic.
Improved Performance
By reducing the amount of information that must travel from the server to the browser, the speed
of Outlook Web Access has been increased. Also, to speed up the logon experience, the order in
which scripts and other essential files for Outlook Web Access are downloaded to the browser at
first logon has been improved.
Overall, even with the enhanced user interface and multitude of new features, Outlook Web
Access should seem faster, especially over slow connections, and appear far more responsive to
user interactions.
Compression Description
Setting
Using data compression, your users can see performance increases of up to fifty percent on
slower network connections, such as traditional dial-up access.
54 What's New in Exchange Server 2003
1. The Exchange server that users authenticate against for Outlook Web Access must be
running Windows Server 2003.
2. Your user's mailboxes must be on Exchange 2003 servers. (If you have a mixed deployment
of Exchange mailboxes, you can create a separate virtual server on your Exchange server
just for Exchange 2003 users and enable compression on it.)
3. Client computers must be running Internet Explorer version 6 or later; the computers must
also be running Windows XP or Windows 2000, with the following security update installed:
328970, "Cumulative Patch for Internet Explorer"
(http://go.microsoft.com/fwlink/?LinkId=16694).
Note
If a user does not have a supported browser for compression, the client will still
behave normally.
4. You may need to enable HTTP 1.1 support through proxy servers for some dialup
connections. (HTTP 1.1 support is required for compression to function properly.)
To enable data compression
1. Start Exchange System Manager: Click Start, point to All Programs, point to Microsoft
Exchange, and then click System Manager.
2. In the details pane, expand Servers, expand the server you want, and then expand Protocols.
3. Expand HTTP, right-click Exchange Virtual Server, and then click Properties.
4. In Exchange Virtual Server Properties, on the Settings tab, under Outlook Web Access,
use the Compression list to select the compression level you want (None, Low, or High).
5. Click Apply, and then click OK.
S/MIME Support
Secure/Multipurpose Internet Mail Extensions (S/MIME) increases the security of Internet e-mail
by enabling digital signing of messages as well as message encryption. Digital signatures
provide authentication, non-repudiation, and data integrity. Message encryption provides
confidentiality and data integrity.
Outlook Web Access in Exchange 2000 did not support signed and encrypted e-mail. Now, with
the new Microsoft Outlook Web Access S/MIME ActiveX® control, users can digitally sign and
encrypt e-mail messages. The S/MIME control works in conjunction with any X.509v3-based
public key infrastructure (PKI) to provide the signing and encryption capabilities.
Chapter 2: Client Features 55
In most cases, before enabling S/MIME support with Outlook Web Access, you should have a
good understanding of cryptography and PKI, for example Windows 2000 or Windows
Server 2003 PKI. For information about cryptography and Windows PKI, see the technical article
Cryptography and PKI Basics (http://go.microsoft.com/fwlink/?LinkId=15060).
Trust Verification
Trust verification refers to the act of determining whether a public certificate comes from a
trusted source. There are two ways a trust is established between a sender and a recipient:
• The first is by virtue of having the certificate issued by the same trusted root CA. In this
scenario, the trust chain, or hierarchy, on the sender's certificate is derived from the same
root CA as the recipient's issuing CA.
• The second is by means of an explicit trust. In this scenario, a user opens a public certificate
and selects an option to trust the issuing CA explicitly.
Outlook and Outlook Express perform trust verifications from the user's desktop. For Outlook
Web Access clients, however, the Exchange servers perform the verification on behalf of the
clients. In both cases, the logic is the same: in cases where the trust chain is included in the mail,
on some public certificates, the trust chain (or hierarchy) is specified; in cases where the trust
chain is not specified, trust verification is done while traversing the CRL hierarchy.
Because the Exchange server performs the trust validation on behalf of Outlook Web Access
S/MIME clients, for each CA with which users interact, you may have to add the appropriate
trusted CAs to the machine account certificate store on the Exchange server .If users exchange
S/MIME e-mail messages through Outlook Web Access in the following cases, you must add
trusted CAs to the Exchange server computer's certificate store:
Certificate Enrollment
For users to be able to sign or encrypt outgoing messages, they must first be issued certificates,
referred to as digital IDs, which support the signature and encryption security functions. A single
certificate may provide both functions, or a separate certificate may provide each function. The
necessary certificates are issued by a CA, which generates the necessary public and private key
pair needed for encryption and decryption. The public key is then stored in Active Directory,
which allows other users to encrypt messages intended for the user, while the private key is
typically stored locally on the user's computer or on a smart card. The process of obtaining a
certificate from a CA is called "enrollment."
Existing Topology
This procedure assumes that you have the following topology configured:
To request a certificate
1. Browse to http://ca-server/certsrv where ca-server is the name of the Windows Server 2003
Enterprise CA.
Note
You can also use the Certificates snap-in in Microsoft Management Console
(MMC) to request a certificate.
To export a certificate
Note
Key Management Service certificates are commonly used in Outlook for S/MIME.
Because Key Management Service certificates can only be exported in the Outlook
format, Outlook must be installed.
1. On the computer that has the certificate installed, open Microsoft Management Console
(MMC): At a command prompt, type MMC.
2. Click File, and then click Add/Remove Snap-in.
3. In Add/Remove Snap-in, on the Standalone tab, click Add.
4. In Add Standalone Snap-in, click Certificates, and then click Add.
5. In Certificates Snap-in, click My user account, and then click Finish.
6. In MMC, expand Certificates - Current User, expand Personal, and then click
Certificates.
Chapter 2: Client Features 63
7. In the details pane, right-click the certificate you want, point to All Tasks, and then click
Export (Figure 2.15).
To import a certificate
1. From the computer on which the certificate is to be installed, browse to the .pfx file that was
exported (for example on a floppy disk). Right-click the file, and then click Install PFX.
2. On the Welcome to the Certificate Import Wizard page, click Next.
3. On the File to Import page, click Next.
4. On the Password page, in the Password box, type the password for the private key, and then
click Next. Because you already have an exported copy, you do not have to make the key
exportable.
64 What's New in Exchange Server 2003
5. On the Certificate Store page, select Automatically select the certificate store based on
the type of certificate, and then click Next.
6. Complete the remaining steps in the wizard.
The certificate is now installed on the new computer.
Exchange ActiveSync
Exchange 2003 now includes the ability to use Pocket PC 2002 devices to synchronize Exchange
data with Exchange ActiveSync. By default, when you install Exchange, all of your users are
enabled for synchronization.
By synchronizing a device to an Exchange server, your users can access their Exchange
information without having to be constantly connected to a mobile network. Specifically, users
can use their mobile carrier connection to synchronize their Exchange information to their Pocket
PC Phone Edition or Smartphone device and then access this information while offline.
• Up-to-date notifications
• Delivery to user-specified SMTP addresses
Up-to-Date Notifications
Future mobile devices will be able to receive notifications that are sent to the device. These
notifications will be able to initiate synchronization between a user's device and their Exchange
mailbox.
For more information about how to install Exchange, see Chapter 9, "Deployment Features."
Device Rendering
Language
1. Configure your Exchange 2003 front-end server for Outlook Mobile Access.
2. Configure user devices to use a mobile connection.
3. Inform your users how to use Outlook Mobile Access.
Each of these steps is detailed in the following sections.
4. At the Network Log On screen, enter your user name, password, and domain in the spaces
provided, and then tap OK.
The Outlook Mobile Access home page opens, and you can select to read, reply, or forward e-
mail, view calendar appointments, and browse or create contacts and tasks. Additionally, from
the Outlook Mobile Access home page, you can also select options under preferences, such as
default language and time zone.
C H A P T E R 3
Administration Features
Microsoft® Exchange Server 2003 includes several new features that make Exchange
administration easier and more efficient. From new recipient management features to an
improved Queue Viewer, Exchange 2003 offers significant improvements over previous versions
of Exchange.
Table 3.1 lists the Exchange 2003 feature enhancements discussed in this chapter.
Feature Description
Feature Description
Public Folders • New and improved public folder administration interface such as the
Status tab and the Replication tab. Improved search capability to
search all public folders.
• You can create a list of specific servers among which public folder
referrals are allowed.
• Microsoft Exchange Public Folder Migration Tool (pfMigrate) is a new
Microsoft Windows® script file (.wfs) that allows you to create replicas
of your system folders and public folders on the new Exchange 2003
server.
Mailbox • Using the new Mailbox Recovery Center, you can perform recovery or
Recovery Center export operations on multiple disconnected mailboxes at one time.
Message • You have greater control in Exchange System Manager over your
Tracking Center message tracking log files.
• You can now track messages after categorization.
InetOrgPerson
The InetOrgPerson object is used in several non-Microsoft LDAP and X.500 directory services to
represent people within an organization. Support for InetOrgPerson in Exchange 2003 makes
migrations from other LDAP directories to Active Directory more efficient. InetOrgPerson
objects in Active Directory can be either mailbox-enabled or mail-enabled.
The InetOrgPerson object in Active Directory is derived from the user class; it functions like a
user object and conforms to the LDAP standard. Furthermore, InetOrgPerson can be used as a
76 What's New in Exchange Server 2003
security principal, just like the user class. Active Directory now includes InetOrgPerson in
queries for users. Active Directory provides support for the InetOrgPerson object class, as well as
its associated attributes, which are defined in RFC 2798. For more information about RFC 2798,
see http://www.ietf.org/.
Note
You can create an InetOrgPerson only if you are running a Microsoft Windows
Server™ 2003 domain controller. InetOrgPerson can be mail-enabled or mailbox-
enabled only in a native Exchange 2003 topology.
Creating an InetOrgPerson
The procedures to create a mailbox-enabled or mail-enabled InetOrgPerson are the same as
creating a user object. The following procedure describes how to create an InetOrgPerson.
To create an InetOrgPerson
1. Click Start, point to All Programs, point to Microsoft Exchange, and then click Active
Directory Users and Computers.
2. In the console tree, navigate to the container where you want to create the InetOrgPerson,
right-click the container, point to New, and then click InetOrgPerson.
Chapter 3: Administration Features 77
1. An e-mail message is submitted to the submission queue through the Exchange store driver
or through SMTP.
2. The categorizer, a transport component responsible for address resolution, determines that
the recipient is a query-based distribution group.
3. The categorizer sends the LDAP query request to the global catalog server.
4. The global catalog server executes the query and returns the set of addresses that match the
query.
78 What's New in Exchange Server 2003
5. After receiving the complete set of addresses matching the query, the categorizer generates a
recipient list containing all the users.
Note
The categorizer must have the complete set of recipients before it can submit
the message to routing; therefore if an error occurs during the expansion of the
query-based distribution group to its individual recipients, the categorizer must
restart the process.
6. After the categorizer sends the complete, expanded list of recipients to routing, the standard
message delivery process continues, and the e-mail message is delivered to the users'
mailboxes.
If a dedicated expansion server (a single server responsible only for expanding distribution
groups) is used for query-based distribution groups, the process is slightly different. In this case,
rather than sending a query to the global catalog server for expansion (as in Step 4), the message
is first routed to the dedicated expansion server. After the message arrives at the expansion
server, the expansion takes place, and the delivery follows the same process described above.
Modifying Exchange 2000 SP3 Servers For Use With Windows 2000
Global Catalog Servers
Use the following procedure to configure an Exchange 2000 SP3 server for improved reliability
in organizations where query-based distribution groups will be expanded with Windows 2000
global catalogs.
Warning
Incorrectly editing the registry can cause serious problems that may require you to
reinstall your operating system. Problems resulting from editing the registry
incorrectly may not be able to be resolved. Before editing the registry, back up any
valuable data.
Chapter 3: Administration Features 79
3. In the details pane, right-click, point to New, and then click DWORD Value.
4. Type DynamicDLPageSize for the name.
5. Right-click DynamicDLPageSize, and then click Modify.
6. In Edit DWORD Value, under Base, click Decimal.
7. Under Value Data, type 31, and then click OK
5. In the Apply filter to recipients in and below box, the parent container that the query-based
distribution group will be run against is displayed. If necessary, click Change to select
another container (Figure 3.2).
• To create your own criteria for the query, click Customize filter, and then click
Customize. Some attributes available for selection in the query are not replicated to the
global catalog server. Because the query executes against available attributes on the
global catalog server, if you pick attributes that do not exist on the global catalog server,
the query returns an empty set of this attribute. The following attributes are not available
on the global catalog server:
82 What's New in Exchange Server 2003
- Assistant
- Comment
- Direct Reports
- Division
- E-Mail Address (Others)
- Employee ID
- Generational Suffix
- Home Address
- Home Drive
- Home Folder
- ILS Settings
- International ISDN Number
- International ISDN Number (Others)
- Logon Workstations
- Member Of
- Middle Name
- Telex Number
- Telex Number (others)
- Title
7. Click Next to see a summary of the query-based distribution group you are about to create.
8. Click Finish to create the query-based distribution group. The new query-based distribution
group displays under the container you selected in Step 5.
9. Right-click the query-based distribution group you just created, and then click Properties.
Chapter 3: Administration Features 83
10. To view the query results, click the Preview tab and then verify that the correct recipients
are included in the distribution group.
Important
Using the Preview tab is strongly recommended. Some attributes available for
inclusion in the query are not replicated to the global catalog server. When you
click the Preview tab, the query executes against the available attributes on the
global catalog server. You can use the tab to ensure that all attributes you select
are available on the global catalog server. If the attributes are not available on
the global catalog server, the query returns an empty preview pane.
Note
To execute the query, the Preview tab uses the security context of the user that
is currently logged on. When the query based distribution group forms its
membership, it uses the security context of the Exchange server account. For
this reason, the results displayed on the Preview tab may vary from the actual
results when the query is run.
Active Directory Users and Computers provides an easy way to format the LDAP query with
standard attributes, without requiring specific knowledge of LDAP. For example, you can select
all mailboxes under the organizational unit or even customize the query to select all mailboxes
under the organizational unit that exist on a particular server.
Additionally, after you construct a query, the Preview tab in the query's Properties provides the
information necessary to ensure that your query functions properly. As mentioned earlier, you can
ensure that all attributes selected for the query are available on the global catalog server. You can
also use the Preview tab to learn how long a query takes to execute and, based on this time, you
can if you want to break up the query into smaller queries for better performance and faster
delivery times.
• You can only use query-based distribution groups in a pure Exchange 2003 environment or
in a native mode environment with Exchange 2000 and Exchange 2003, where all
Exchange 2000 servers are running Service Pack 3.
• When creating distribution groups that span domains, use universal groups in multi-domain
environments. Although you can add query-based distribution groups to global distribution
groups, domain local and global security groups and can contain any of these groups;
membership in these types of groups is not replicated to global catalog servers in other
domains. Use universal distribution groups in situations where distribution spans a multi-
domain environment.
• When combining query-based distribution groups into an aggregate group, combine
them in a universal group. Only universal groups are available on global catalog servers
across domains.
84 What's New in Exchange Server 2003
• When building query-based distribution groups, you should only include universal
groups if you want the membership to be available in all domains in a multi-domain
environment.
• Index the attributes used in the query. Indexing greatly improves the performance of the
query and reduces the time required to expand the distribution group and deliver the e-mail
message to the intended recipients. For more information about indexing attributes, see
Microsoft Knowledge Base article, 313992, "HOW TO: Add an Attribute to the Global
Catalog in Windows 2000" (http://support.microsoft.com/?kbid=313992).
• If the filter string contains bad formatting or incorrect LDAP syntax, then the global catalog
server will not execute the query. Use Active Directory Users and Computers to create your
query, which can help prevent you from constructing an incorrect query. You can also use the
Preview tab in the query's Properties to view the result of the query; this will confirm the
validity and desired results of the query. If you create a query-based distribution group based
on an incorrect LDAP query, a user who sends a message to the query-based distribution
group will receive a non-delivery report (NDR) with the code 5.2.4; furthermore, if
categorizer logging is enabled, one of two events are logged with event identifiers of 6024 or
6025.
• Always use the Preview tab to ensure that the attributes you include in your query are
available on the global catalog server.
• If the filter string is well formatted but no results are produced, then the sender will not
receive an NDR. This is the same behavior that results when a message is sent to an empty
distribution group. As mentioned earlier, use the Preview tab in Active Directory Users and
Computer to confirm the desired result of your query.
• Use Exchange System Manager in a security context that has the same permissions for
reading objects in Active Directory as the Exchange server. It is important to note that
Exchange System Manager runs in the security context of the user who is currently logged
in. If an administrator is running Exchange System Manager and has lower security
privileges than the Exchange server, it is possible that the query will show a subset of the
actual results on the Preview tab. The preview pane only shows the Active Directory objects
that the administrator has permission to read. When a message is sent to the query-based
distribution group, however, the categorizer runs with the Exchange server permissions.
Assuming the Exchange server has permissions for all of the objects in the query, the query
returns the correct results.
• Issues arise when a base distinguished name is deleted. Query-based distribution expansion
relies on its base distinguished name referring to a valid container in the directory. If a
query-based distribution group's base distinguished name container is deleted, the
categorizer cannot execute the query, and the sender receives an NDR with the code 5.2.4. If
categorizer logging is enabled, an event ID of 6024 or 6025 is logged. For example, suppose
you created a Sales container within the Users container for all Sales employees and then
used the Sales container to build a query-based distribution group. If you deleted the Sales
container, the query would no longer work.
Chapter 3: Administration Features 85
For example, assume you want to create a query-based distribution group that includes all
Marketing employees or all employees located in the Paris office. If you create a query-based
distribution group with an LDAP query that contains all Marketing employees and all Paris
employees, the query only returns users who are in both groups—any user who is not a member
of both groups is excluded. To achieve OR functionality (thereby including members of either
group), you must create two query-based distribution groups, one for Marketing employees and
one for Paris employees; then you must combine the two groups to create a new distribution
group (not a query-based distribution group) that contains the two groups as members. To do this,
you would perform the following steps:
1. Create a query-based distribution group called Marketing for all Marketing employees.
2. Create a query-based distribution group called Paris employees for all employees in the
Paris office.
3. Create a distribution group and add the query-based distribution groups—Marketing and
Paris employees—as members of this group.
Important
You cannot add query-based distribution groups as members of a distribution
group the same way you add users to a group. You must right-click the
distribution group, and then click Add Exchange Query-based Distribution
Groups.
Use the following procedure to add query-based distribution groups as members of a standard
distribution group.
86 What's New in Exchange Server 2003
Option 3
Instead of using a single large query-based distribution group, create smaller query-based
distribution groups and combine them in a standard distribution group.
Suppose you want to create a query-based distribution group called All employees with one
hundred thousand users. Divide the group into the following smaller query-based
distribution groups, and then combine these groups into a single standard distribution group:
Use the following procedures to set submission restrictions on users and distribution lists
respectively.
b. Leave From authenticated users only cleared. If you leave this check box cleared, the
following options are implemented as such:
- Click From everyone to allow anyone to send to this user. This includes anonymous
users from the Internet.
- Click Only from to specify a select set of users or groups that can send to this user.
Click Add to specify the users or groups you want.
- Click From everyone except to allow everyone but a select set of users or groups to
send to this user. Click Add to specify the list of users or groups you want. These users
or groups can be authenticated users or anonymous users.
b. Leave From authenticated users only cleared. If you leave this check box cleared, the
following options are implemented as such:
- Click From everyone to allow anyone to send to this distribution list. This includes
anonymous users from the Internet.
- Click Only from to specify a select set of users or groups that can send to this group.
Click Add to specify the users or groups you want.
90 What's New in Exchange Server 2003
- Click From everyone except to allow everyone but a select set of users or groups to
send to this distribution group. Click Add to specify the list of users or groups you
want. These users or groups can be authenticated users or anonymous users.
Moving Mailboxes in
Exchange System Manager
Exchange Task Wizard provides an improved method for moving mailboxes. You can now select
as many mailboxes as you want and then, using the task scheduler, schedule the move to occur at
some point in the future. You can also use the scheduler to cancel any unfinished moves at a
selected time. For example, you can schedule a large move to start at midnight on Friday and
automatically terminate at 6:00 A.M. on Monday, thereby ensuring that your server's resources
are not being tapped during regular business hours. Using the wizard's multithreaded capabilities,
you can move up to four mailboxes simultaneously.
Note
The following procedure describes how to move mailboxes from Exchange System
Manager. You can also move mailboxes from Active Directory Users and Computers.
To move mailboxes
1. Start Exchange System Manager: Click Start, point to All Programs, point to Microsoft
Exchange, and then click System Manager.
Chapter 3: Administration Features 93
2. In the console tree, expand Servers, expand the server from which you want to move
mailboxes, expand First Storage Group, expand Mailbox Store, and then click Mailboxes.
3. In the details pane, right-click the user or users you want, and then click Exchange Tasks.
4. On the Welcome to the Exchange Task Wizard page, click Next.
5. On the Available Tasks page, click Move Mailbox, and then click Next.
6. On the Move Mailbox page, to specify the new destination for the mailbox, in the Server
list, select a server, and then, in the Mailbox Store list, select a mailbox store. Then click
Next.
7. Under If corrupted messages are found, click the option you want, and then click Next.
Note
If you decide to skip corrupted items, these items are lost permanently when the
mailbox is moved. To avoid data loss, back up the source database before
moving mailboxes.
8. On the Task Schedule page, in the Begin processing tasks at list, select the date and time
for the move. If you want to cancel any unfinished moves at a certain time, in the Cancel
tasks that are still running after list, select the date and time. Click Next to start the
process.
9. On the Completing the Exchange Task Wizard page, verify that the information is correct,
and then click Finish.
Note
You can also run multiple instances of the Move Mailbox wizard.
Enhancements to Queue
Viewer
In Exchange 2003, Queue Viewer is enhanced to improve the monitoring of message queues. For
example, you can now view X.400 and STMP queues in Queue Viewer, rather than from their
respective protocol nodes. Other enhancements include:
• Disabling outbound mail Queue Viewer includes a new option called Disable Outbound
Mail, which allows you to disable outbound mail from all SMTP queues.
• Setting the refresh rate You can use the Settings option to set the refresh rate of the
queues.
• Finding messages You can search for messages based on the sender, recipient, and
message state using Find Messages.
• Viewing additional information You can click a specific queue to view additional
information about that queue.
94 What's New in Exchange Server 2003
• Viewing previously hidden queues Queue Viewer in Exchange 2003 exposes three queues
that were not visible in Exchange 2000: DSN messages pending submission, Failed
message retry queue, and Messages queued for deferred delivery
Each of these enhancements is discussed later in this section.
Chapter 3: Administration Features 95
Finding Messages
You can use the Find Messages option to search for messages by specifying search criteria such
as the sender or recipient, and the message state (such as frozen). You can also specify the
number of messages you want your search to return.
Chapter 3: Administration Features 97
To find messages
1. Start Exchange System Manager: Click Start, point to All Programs, point to Microsoft
Exchange, and then click System Manager.
2. Navigate to Queue Viewer by performing one of the following steps:
• If you do not have routing or administrative groups defined: Expand Servers, expand
the server you want, and then click Queues.
• If you have administrative groups defined: Expand Administrative Groups, expand
<Administrative Group Name>, expand Servers, expand the server you want, and then
click Queues.
3. In the details pane, click the queue in which you want to search for messages, and then click
Find Messages (Figure 3.6).
5. Click Find Now to begin the search. The results of the search are displayed under Search
Results.
6. To stop a search, click Stop. To begin a new search, click New Search (this resets the Find
Messages dialog box to its default settings).
• Troubleshooting information
• Information about errors returned from Exchange specific extensions to the SMTP
service, (for example, errors due to remote server connection problems)
• Information about queue availability (for example, if the SMTP service has not started)
To view additional information about a queue
1. Start Exchange System Manager: Click Start, point to All Programs, point to Microsoft
Exchange, and then click System Manager.
2. Navigate to Queue Viewer by performing one of the following steps:
• If you do not have administrative groups defined: Expand Servers, expand the server
you want, and then click Queues.
• If you have administrative defined: Expand Administrative Groups, expand
<Administrative Group Name>, expand Servers, expand the server you want, and then
click Queues.
3. In the details pane, click the queue you want. Any additional information for that queue
appears under Additional queue information at the bottom of the details pane.
Chapter 3: Administration Features 99
Table 3.2 lists the new queues, their descriptions, and possible reasons for message accumulation
in each queue.
DSN Contains delivery Messages can accumulate in this queue if the Microsoft
messages status notifications Exchange Information Store service is unavailable or not
pending (DSN), also known as running, or if problems exist with IMAIL Exchange store
submission non-delivery reports, component, which is the component that performs
that are ready to be message conversion.
delivered by
Check the event log for possible errors with the Microsoft
Exchange.
Exchange Information Store service.
Note
The following
operations are
unavailable for this
queue:
• Delete All
Messages (no
NDR)
• Delete All
Messages (NDR)
100 What's New in Exchange Server 2003
Use costs to prioritize servers in the referral list. Higher-cost servers are used only if lower-cost
servers are not available.
Figure 3.7 New tabs available for viewing public folder information
Content tab
Use this tab to view the contents of a public folder in Exchange System Manager. You no
longer have to open a separate client application to view public folder content.
Chapter 3: Administration Features 103
Find tab
Use this tab to search for public folders within the selected public folder or public folder
hierarchy. You can specify a variety of search criteria, such as the folder name or age.
Note
The Find tab is available at the top-level hierarchy level as well as the folder
level.
Status tab
Use this tab to view the status of a public folder, including information about servers that
have a replica of the folder and the number of items in the folder.
Replication tab
Use this tab to view replication information about the folder.
To view the content of a public folder using Exchange System Manager
1. Start Exchange System Manager: Click Start, point to All Programs, point to Microsoft
Exchange, and then click System Manager.
2. If administrative groups are displayed, expand Administrative Groups, and then expand the
group you want to work with.
3. Expand Folders, expand the appropriate top-level hierarchy, and then click the public folder
whose content you want to view.
4. In the details pane, click the Content tab.
5. If prompted for a user name and password, type the user name and password of an account
that has permission to view the folder contents. The folder contents, displayed in a manner
similar to Outlook Web Access, will be listed in the details pane.
To search for a public folder
1. Start Exchange System Manager: Click Start, point to All Programs, point to Microsoft
Exchange, and then click System Manager.
2. If administrative groups are displayed, expand Administrative Groups, and then expand the
group you want to work with.
3. Expand Folders, expand the appropriate top-level hierarchy, and then click the public folder
that may contain the folder that you want.
4. In the details pane, click the Find tab.
5. To identify the folder you want, fill in the appropriate criteria:
• If you know part of the folder name, you can type that information in the Name
contains box.
• If you know that a particular user or group has certain permissions on the folder, click
Permissions, and then fill in the user or group name and specify the permissions. Then
click OK to return to the Find tab.
• If you know that the folder is replicated to certain servers, click Replicated to, and then
select the appropriate server. Then click OK to return to the Find tab.
104 What's New in Exchange Server 2003
• If you know that the folder was created or modified within a certain date range, in the
Specify folder list, click Modified or Created, and then use the Begin date and End
date lists to specify the date range.
• If you know when the folder was created, in the Folder Age list, click days or older,
days or newer, or days, and then, in the Folder age box, type the appropriate number
of days.
6. Click Find Now.
To view the server and public folder store information for a public folder, or
the size and number of items the folder contains
1. Start Exchange System Manager: Click Start, point to All Programs, point to Microsoft
Exchange, and then click System Manager.
2. If administrative groups are displayed, expand Administrative Groups, and then expand the
group you want to work with.
3. Expand Folders, expand Public Folders (or the hierarchy you want to work with), and then
click the public folder whose status you want to view.
4. In the details pane, click the Status tab to view the information.
To view the replication information for a public folder
1. Start Exchange System Manager: Click Start, point to All Programs, point to Microsoft
Exchange, and then click System Manager.
2. If administrative groups are displayed, expand Administrative Groups, and then expand the
group you want to work with.
3. Expand Folders, expand Public Folders (or the hierarchy you want to work with), and then
click the public folder whose status you want to view.
4. In the details pane, click the Replication tab to view the information.
To specify a mailbox store to work with if you are running Exchange System
Manager on Windows 2000 Server
1. Start Exchange System Manager: Click Start, point to Programs, point to Microsoft
Exchange, and then click System Manager.
2. In the console tree, expand Tools, right-click Mailbox Recovery Center (Figure 3.8), and
then click Add Mailbox Store.
Chapter 3: Administration Features 107
3. In Add mailbox store(s), click the mailbox store you want, and then click Add. You can add
multiple mailbox stores in this manner.
4. Click OK to add the store. After the store has been added, the details pane will list any
disconnected mailboxes in that store.
3. In Add mailbox store(s), specify the following criteria for identifying the mailbox store and
the mailboxes you want to work with:
• In the Enter the object names to select box, type the name of the mailbox store you
want to work with.
• To limit the search to a certain part of Active Directory, click Locations, select a
directory container, and then click OK to return to the Add mailbox store(s) dialog
box.
Note
If you are unsure about which mailbox store you need, click Advanced, specify
the criteria, and then click Find now to locate the mailbox store. Select the
appropriate mailbox store, and then click OK to return to the Add mailbox
store(s) dialog box.
4. Click OK to add the store. After the store has been added, the details pane lists any
disconnected mailboxes in that store.
To export mailbox properties
1. After adding the appropriate mailbox store to the Mailbox Recovery Center, in the details
pane, right-click the mailbox you want to export, and then click Export. You can select
multiple mailboxes simultaneously.
2. To identify the information you want to export, as well as the destinations to which you want
to export it, follow the instructions in the Mailbox Export wizard.
To associate users with the mailboxes
1. After adding the appropriate mailbox store to the Mailbox Recovery Center, in the details
pane, right-click the mailbox you want to match to a user (or group), and then click Find
Match. You can select multiple mailboxes simultaneously.
2. In the Mailbox Matching wizard, click Next, and then click Finish to identify and accept
matches.
3. If a mailbox matches more than one user (or if no match exists), right-click that mailbox, and
then click Resolve Conflicts. Follow the instructions in the Mailbox Conflict Resolution
wizard to identify a single matching user.
Note
When resolving conflicts, you can only select one mailbox at a time.
• When using Exchange System Manager, you have greater control over your message
tracking log files. Exchange 2003 automatically creates a shared directory to the
message tracking logs and allows you to change the location of the message tracking
logs.
• You can now track messages after categorization (which is the phase where users are
located and distribution groups are expanded into individual recipients) and during the
routing process.
3. In <Server Name> Properties, on the General tab, select the Enable Message Tracking
check box (Figure 3.9).
Figure 3.9 The General tab in the <Server Name> Properties dialog
box
4. In the Log file directory box, click Change to change the log file directory.
5. In Message Tracking Log File Directory, select the directory where you want to store
message tracking logs, and then click OK (Figure 3.10).
Figure 3.10 The Message Tracking Log File Directory dialog box
3. On each server that you set the registry key, restart the following services:
• IIS Admin Service (IISADMIN)
• Microsoft Exchange MTA Stacks service (MSExchangeMTA)
• Microsoft Exchange Information Store service (MSExchangeIS)
Each of these steps is detailed in the following sections.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\MSExchangeTransport\Parameters\JournalBCC.
Warning
Incorrectly editing the registry can cause serious problems that may require you to
reinstall your operating system. Problems resulting from editing the registry
incorrectly may not be able to be resolved. Before editing the registry, back up any
valuable data.
To enhance the performance and scalability of your Exchange organization, Microsoft® Exchange
Server 2003 provides the following new or improved features:
Improved Outlook
Synchronization Performance
Exchange 2003 improves the end-user experience for Outlook 2003 users. For detailed
information about how Exchange 2003 improves performance for Outlook 2003, see "Outlook
Improvements" in Chapter 2.
The following are improvements to Exchange Server 2003 and Outlook 2003 communication:
Table 4.1 lists the RPC-related operations that you can monitor using Microsoft Operations
Manager. For information about using Microsoft Operations Manager, see
http://www.microsoft.com/mom and http://www.microsoft.com/exchange/mom.
Counter Description
Client: RPCs attempted The total number of RPC requests attempted by the users (since
the Exchange store was started).
Client: RPCs succeeded The total number of successful RPC requests sent by the Outlook
client (since the Exchange store was started).
Client: RPCs failed The total number of failed RPC requests (since the Exchange
store was started).
Client: RPCs failed: Server The number of failed RPC requests (since the Exchange store was
unavailable started) due to the "Server Unavailable" RPC error.
Client: RPCs failed: Server The number of failed RPC requests (since the Exchange store was
too busy started) due to the "Server Too Busy" RPC error.
Client: RPCs failed: all The number of failed RPC requests (since the Exchange store was
other errors started) due to all other RPC errors.
Client: RPCs attempted / The rate of RPC requests attempted by the user.
sec
Client: RPCs failed / sec: The rate of failed RPC requests (since the Exchange store was
Server unavailable started) due to the "Server Unavailable" RPC error.
Client: RPCs failed / sec: The rate of failed RPC requests (since the Exchange store was
Server too busy started) due to the "Server Too Busy" RPC error.
Client: RPCs failed / sec: all The rate of failed RPC requests (since the Exchange store was
other errors started) due to all other RPC errors.
120 What's New in Exchange Server 2003
Counter Description
Client: Total reported The total latency (in seconds) for all RPC requests (since the
latency Exchange store was started).
Client: Latency > 2 sec The rate of successful RPC requests with latencies > 2 seconds.
RPCs / sec
Client: Latency > 5 sec The rate of successful RPC requests with latencies > 5 seconds.
RPCs / sec
Client: Latency > 10 sec The rate of successful RPC requests with latencies > 10 seconds.
RPCs / sec
HKEY_LOCAL_MACHINE\SYSTEM\
Path CurrentControlSet\Services\
MSExchangeIS\ParametersSystem\
Type REG_DWORD
Setting 1
122 What's New in Exchange Server 2003
In Exchange 2003, you can now use Exchange System Manager to change the location of the
MTA database. To do this, use the General tab in the X.400 Properties dialog box. For more
information about how to change the location of the MTA database, see "Moving the X.400
(MTA) and SMTP Queue Directory Locations" in Chapter 6.
Log Buffers
If you previously tuned the msExchESEParamLogBuffers parameter manually [for example, to
9000 (an Exchange 2000 SP2 recommendation), or 500 (an Exchange 2000 SP3
recommendation)], clear the manual tuning. Exchange 2003 uses a default value of 500.
Previously, Exchange 2000 used a default value of 84.
To return this setting to the default setting of <Not Set>, open the following parameter in ADSI
Edit, and then click Clear.
Location: CN=Configuration/CN=Services/CN=Microsoft Exchange/CN=<Exchange
Organization Name>/CN=Administrative Groups/CN=<Administrative Group
Name>/CN=Servers/CN=<Server Name>/CN=Information Store>/CN=<Storage
Group Name>
Parameter: msExchESEParamLogBuffers
126 What's New in Exchange Server 2003
This chapter provides information about some of the significant updates related to Microsoft®
Exchange Server 2003 reliability and clustering. For complete information about how to ensure
your Exchange 2003 environment is reliable with or without implementing Exchange clustering,
see "Planning for Reliability" in the book Planning an Exchange Server 2003 Messaging System
(http://www.microsoft.com/exchange/library).
Reliability Features
To increase the reliability of your Exchange organization, Exchange 2003 offers the following
new or improved features:
Virtual memory management
The virtual memory improvements to Exchange 2003 reduce memory fragmentation and
increase server availability.
Mailbox Recovery Center
The new Mailbox Recovery Center makes it easy to perform simultaneous recovery or
export operations on multiple disconnected mailboxes.
Recovery Storage Group
The new Recovery Storage Group is a specialized storage group that can exist alongside the
regular storage groups in Exchange. Essentially, the Recovery Storage Group provides
flexibility in restoring mailboxes and mailbox databases.
Error reporting
The error-reporting component is improved in Exchange 2003. Exchange error reporting
allows you to send information about any failures that may occur to Microsoft. Microsoft
then uses that information to determine and prioritize potential updates to future product
versions.
This section discusses each of these features in detail.
128 What's New in Exchange Server 2003
Counter Description
VM Largest Displays the size (in bytes) of the largest free block of virtual memory. This
Block Size counter is a line that slopes downward as virtual memory is consumed. When this
counter drops below 32 MB, Exchange 2000 logs a warning in the event log
(Event ID=9582) and logs an error if it drops below 16 MB. It is important to
monitor this counter to ensure that it stays above 32 MB.
VM Total Displays the total number of free virtual memory blocks that are greater than or
16MB Free equal to 16 MB. This line forms a pyramid as you monitor it. It starts with one
Blocks block of virtual memory greater than 16 MB and progresses to smaller blocks
greater than 16 MB. Monitoring the trend on this counter should allow a system
administrator to predict when the number of 16 MB blocks is likely to drop
below 3, at which point restarting all the services on the node is recommended.
VM Total Displays the total number of free virtual memory blocks, regardless of size. This
Free Blocks line forms a pyramid as you monitor it. This counter can be used to measure the
degree to which available virtual memory is being fragmented. The average block
size is the Process\Virtual Bytes\STORE instance divided by MSExchangeIS\VM
Total Free Blocks.
Chapter 5: Reliability and Clustering Features 129
Counter Description
VM Total Displays the sum (in bytes) of all the free virtual memory blocks that are greater
Large Free than or equal to 16 MB. This line slopes downward as memory is consumed.
Block Bytes
When you monitor these counters, pay close attention that VM Total Large Free Block Bytes
always exceeds 32 MB. For non-clustered servers, if VM Total Large Free Block Bytes drops
below 32 MB, restart the services on that server. For clustered servers, if a node in the cluster
drops below 32 MB, fail over the Exchange Virtual Servers, restart all of the services on the
node, and then fail back the Exchange Virtual Servers.
If the virtual memory for your Exchange 2003 server becomes excessively fragmented, the
MSExchangeIS service logs the following events (Examples 1 and 2).
Example 1 Warning that is logged if the largest free block is smaller than 32
MB.
EventID=9582
Severity=Warning
Facility=Perfmon
Language=English
The virtual memory necessary to run your Exchange server is fragmented in such
a way that performance may be affected. It is highly recommended that you
restart all Exchange services to correct this issue.
Example 2 Error that is logged if the largest free block is smaller than 16
MB.
EventID=9582
Severity=Error
Facility=Perfmon
Language=English
The virtual memory necessary to run your Exchange server is fragmented in such
a way that normal operation may begin to fail. It is highly recommended that
you restart all Exchange services to correct this issue.
For more information about System Monitor and Event Viewer, see the Microsoft Windows
Server™ 2003 online documentation.
Figure 5.1 Warning message that displays after a fatal Exchange System
Manager error occurs
Similarly, when fatal service-related errors occur that relate to Exchange, a dialog box appears
that provides and option to send a report to Microsoft (Figure 5.2).
Chapter 5: Reliability and Clustering Features 131
Figure 5.2 The Microsoft Event Reporting dialog box that displays after
service-related errors occur
Note
By default, a service-related fatal error does not immediately initiate an error
reporting prompt. Instead, the prompt for service-related errors appears the next
time you log on to the server.
The error report is sent to Microsoft over a secure HTTPS connection, and usually consists of a
10 to 50 KB compressed file. The error report is known as a minidump file. For detailed
technical information about how the information in a minidump file is gathered and sent, see the
technical article Using Dr. Watson (http://go.microsoft.com/fwlink/?LinkId=15183).
For general information about error reporting, see the technical article Find Solutions to Office
XP Errors with Microsoft Error Reports
(http://go.microsoft.com/fwlink/?LinkId=15186).
Exchange 2000 SP2 and SP3 supported the standard error reporting dialog box that provided
administrators with the option to send error reports to Microsoft. Exchange 2003 supports the
same error reporting functionality included in Exchange 2000 SP3, including the following new
features:
• Exchange service-related errors (that occur close to each other in time), are queued and then
presented to the administrator in a single list.
Note
For information about how you can configure Exchange to automatically send
service-related errors to Microsoft without requiring the administrator to use the
error reporting dialog box, see "Configuring Exchange to Automatically Send
Service-Related Error Reports" later in this section.
132 What's New in Exchange Server 2003
• Corporate Error Reporting (CER) is now supported. CER is a tool designed for
administrators to manage error reports created by the Microsoft Windows® Error Reporting
client, as well as error-reporting clients shipped with applications. For information about
installing and using CER, see the Corporate Error Reporting page of the Windows Online
Crash Analysis Web site (http://go.microsoft.com/fwlink/?LinkId=15195).
• Additional support for Exchange Setup errors (including queuing the errors so they are all
presented to the administrator in a single list after Setup completes).
• Improved support for errors relating to the Recipient Update Service. In Exchange 2003,
critical errors relating to the Recipient Update Service (for example, access violations that
occur when Recipient Update Service attempts to update a recipient object) now
immediately generate a Microsoft Error Reporting error message that allows you to send
information about the error to Microsoft. This is important, because RUS-related errors leave
the System Attendant in an unstable state.
These Recipient Update Service-related error reports are a significant improvement over
Exchange 2000. In Exchange 2000, any Recipient Update Service-related errors resulted in
an event being written to the Event Log. As a result, administrators were not immediately
notified of the errors.
3. In <Server Name> Properties>, On the General tab, select the Automatically send fatal
service errors information to Microsoft check box (Figure 5.3).
Figure 5.4 Dialog box confirming that you want to automatically send
service-related fatal error information to Microsoft.
Clustering Features
This section provides information about some of the significant updates related to
Exchange 2003 clustering. For complete information about Exchange 2003 clustering, see the
134 What's New in Exchange Server 2003
following references available in the Exchange Server 2003 Technical Documentation Library
(http://www.microsoft.com/exchange/library):
• For planning information, read the section "Using Server Clusters" in the book Planning an
Exchange Server 2003 Messaging System.
• For deployment information, see "Deploying Exchange 2003 in a Cluster" in the book
Exchange Server 2003 Deployment Guide.
• For administration information, see "Managing Exchange Server Clusters" in the book
Exchange Server 2003 Administration Guide.
Exchange 2003 provides the following new or improved clustering features:
Support for up-to eight nodes
Exchange has added support for up to 8-node active/passive clusters when using Windows
Server 2003 Enterprise Edition or Windows Server 2003 Datacenter Edition.
Support for volume mount points
Exchange has added support for the use of volume mount points when using Windows
Server 2003 Enterprise Edition or Windows Server 2003 Datacenter Edition.
Improved failover performance
Exchange has improved clustering performance by reducing the amount of time it takes a
server to failover to a new node
Improved security
Exchange cluster servers are now more secure. For example, the Exchange 2003 permissions
model has changed.
Improved prerequisite checking
Exchange performs more prerequisite checks to help ensure your cluster servers are
deployed and configured properly.
This section discusses each of these features in detail.
Chapter 5: Reliability and Clustering Features 135
Any server in the Windows 2000 Exchange Server 2003, Standard Edition None
Server or Window Server 2003
families
Windows 2000 Server or Windows Exchange Server 2003, Standard Edition None
Server 2003, Standard Edition or Exchange Server 2003, Enterprise
Edition
If a failover occurs, this improved hierarchy allows the Exchange mailbox stores, public folder
stores, and Exchange protocol services to start simultaneously. As a result, all Exchange
resources (except the System Attendant service) can now start and stop simultaneously, thereby
improving failover time. Additionally, if the Exchange store stops, it is no longer dependent on
other services to restart.
Another benefit is the reduction of downtime resulting from an Exchange Virtual Server failover.
This reduction can save several minutes, which is significant when you consider that the average
failover time for an Exchange Virtual Server running on Windows 2000 was only three to eight
minutes (depending on the number of users hosted by the Exchange Virtual Server).
Security Improvements
Exchange 2003 clustering includes the following security features:
• Permission improvements
• Kerberos enabled by default
138 What's New in Exchange Server 2003
• If the Exchange Virtual Server is the first Exchange Virtual Server in the Exchange
organization, the cluster administrator's account and the Cluster Service account must each
be a member of a group that has the Exchange Full Administrator role applied at the
organization level.
• If the Exchange Virtual Server is not the first Exchange Virtual Server in the organization,
the cluster administrator's account and the Cluster Service account must each be a member
of a group that has the Exchange Full Administrator role applied at the administrative group
level.
• If the Exchange virtual server is the first Exchange Virtual Server in the organization, the
cluster administrator must be a member of a group that has the Exchange Full Administrator
role applied at the organization level.
• If the Exchange virtual server is not the first Exchange Virtual Server in the organization,
you must use an account that is a member of a group that has the Exchange Full
Administrator role applied at the administrative group level.
However, depending on the mode in which your Exchange organization is running (native mode
or mixed mode), and depending on your topology configuration, your cluster administrators must
have the following additional permissions:
Chapter 5: Reliability and Clustering Features 139
• When your Exchange organization is in native mode, if the Exchange virtual server is in a
routing group that spans multiple administrative groups, then the cluster administrator must
be a member of a group that has the Exchange Full Administrator role applied at all the
administrative group levels that the routing group spans. For example, if the Exchange
Virtual Server is in a routing group that spans the First Administrative Group and Second
Administrative Group, the cluster administrator must use an account that is a member of a
group that has the Exchange Full Administrator role applied at First Administrative Group
and must also be a member of a group that has the Exchange Full Administrator role applied
at Second Administrative Group.
Note
Routing groups in Exchange native-mode organizations can span multiple
administrative groups. Routing groups in Exchange mixed-mode organizations
cannot span multiple administrative groups.
• In topologies such as parent/child domains where the cluster server is the first Exchange
server in the child domain, the cluster administrator must be a member of a group that has
the Exchange Administrator role or greater applied at the organization level to be able
specify the server responsible for Recipient Update Service in the child domain.
• System-wide requirements that define how you should configure Domain Name System
(DNS).
• Server-specific requirements that define which Windows operating systems are supported
with specific types of cluster deployments.
• Network configuration requirements that help ensure proper communication between the
nodes of your cluster.
For complete information about these requirements, see "Cluster Requirements" in the book
Exchange Server 2003 Deployment Guide
(http://www.microsoft.com/exchange/library).
Area Requirements
Other • Only servers running Exchange 2000 SP3 or later can be upgraded to
Exchange 2003. If your servers are running previous versions of
Exchange, you must first upgrade to Exchange 2000 SP3 or later.
• You must upgrade your cluster nodes one at a time.
• The Cluster service must be initialized and running.
• If there are more than two nodes, the cluster must be active/passive. If
there are two nodes or fewer, active/active is allowed.
If running • Windows 2000 SP4 or Windows 2000 SP3 with hotfix 329938 is
Windows 2000 required.
To obtain Windows 2000 SP4, go to the Windows 2000 Service Packs
Web site (http://go.microsoft.com/fwlink/?LinkId=18353).
• To obtain the Windows 2000 SP3 hotfix, see the Microsoft Knowledge
Base article 329938, "Cannot Use Outlook Web Access to Access an
Exchange Server Installed on a Windows 2000 Cluster Node"
(http://support.microsoft.com/?kbid=329938).
Microsoft® Exchange Server 2003 introduces several new features and functionality to improve
transport and message flow. This chapter explains the following topics:
Link state improvements
This section explains how link state improvements reduce the amount of link state
information that is replicated throughout the Exchange organization, thereby reducing
performance impact.
Cross-forest authentication configuration
Because Exchange 2003 prevents spoofing or forging e-mail addresses, you must perform
specific configuration steps to enable cross-forest authentication. This section shows you
how to enable cross-forest authentication.
Internet Mail Wizard
Exchange 2003 provides a new version of Internet Mail Wizard to guide you through the
process of configuring Internet mail delivery in your organization. This section explains how
to use the wizard to set up Internet mail delivery.
Delivery status notification (DSN) diagnostic logging and codes
Exchange 2003 now provides diagnostic logging for delivery status notifications (DSNs) and
implements some new DSN codes. This section explains how to configure DSN diagnostic
logging and explains the new DSN codes available in Exchange 2003.
Support for moving X.400 (MTA) and SMTP queue directories
In Exchange 2003, you can use Exchange System Manager to change the location where
your SMTP and X.400 queue data is stored. This section explains how to use Exchange
System Manager to move your queue directory.
Connection filtering
Exchange 2003 supports connection filtering based on block lists. This section explains how
connection filtering works, and how you can set it up on your Exchange server.
Recipient filtering
Exchange 2003 also supports recipient filtering so you can filter e-mail messages that are
addressed to users who are not in the Microsoft Active Directory® directory service or e-mail
messages that are addressed to well-defined recipients indicative of unsolicited commercial
mail.
144 What's New in Exchange Server 2003
How enabled filters are applied
This section explains how filters and restrictions are applied during an SMTP session.
Improved ability to restrict submission to an SMTP virtual server
This section explains how you can restrict submissions based on security groups in
Exchange 2003.
Improved ability to restrict relaying on an SMTP virtual server
This section explains how you can restrict relaying based on security groups in
Exchange 2003.
Exchange 2003 also provides the following other features that enhance transport and mail flow:
• A new type of distribution group called query-based distribution groups allow you to use an
LDAP query to dynamically build membership in the distribution groups. For more
information, see "Query-Based Distribution Groups" and "Improved Message Tracking" in
Chapter 3.
• You can now set restrictions on who can send mail to a distribution list. For more
information, see "Improved Ability to Restrict Submissions to Users and Distribution Lists
(Restricted Distribution Lists)" in Chapter 3.
• You can now track messages after categorization (which is the phase where users are located
and distribution groups are expanded into individual recipients) and during the routing
process. You can also use Exchange System Manager to move message-tracking logs. For
more information, see "Improved Message Tracking" in Chapter 3.
• Improvements to Queue Viewer. More queues are exposed, so you can more easily diagnose
problems with mail flow. For more information, see "Enhancements to Queue Viewer" in
Chapter 3.
• With the archiving feature available on a mailbox store, you can archive all recipients,
including those on the Bcc line. For more information, see "Including Bcc Recipients in
Archived Messages" in Chapter 3.
Configuring Cross-Forest
SMTP Mail Collaboration
To prevent spoofing (forging identities) Exchange 2003 requires authentication before a sender's
name is resolved to its display name in the global address list (GAL). Therefore, in an
organization that spans two forests, a user who sends mail from one forest to another forest is not
authenticated; furthermore, the user's name is not resolved to a display name in the GAL, even if
the user exists as a contact in the destination forest.
To enable cross-forest mail collaboration in Exchange 2003, additional configuration steps are
required to resolve contacts outside your organization to their display names in Active Directory.
You have two options to enable the resolution of these contacts:
• Option 1 (recommended) Use authentication so that users who send mail from one forest
to another are authenticated users, and their names are resolved to their display names in the
GAL.
• Option 2 Restrict access to the SMTP virtual server that is used for cross-forest
collaboration, and then configure Exchange to resolve anonymous e-mail. This
configuration is supported, but not recommended. By default, in this configuration, the
Exch50 message properties, which are the extended properties of a message, are not
persisted when mail is sent from one forest to another.
146 What's New in Exchange Server 2003
To understand the benefits of configuring cross-forest mail collaboration, consider the following
scenarios of anonymous mail submission and cross-forest authenticated mail submission.
Scenario: Anonymous Mail Submission
E-mail addresses are not resolved if the submission is anonymous. Therefore, when an
anonymous user who attempts to spoof (forge) an internal user's identity sends mail, the return
address does not resolve to its display name in the global address list (GAL).
Example:
Kim Akers is a legitimate internal user at Northwind Traders. Her display name in the GAL is
Kim Akers, and her e-mail address is kim@northwindtraders.com.
To send mail, Kim must be authenticated. Because she is authenticated, the intended recipients of
Kim's mail see that the sender is Kim Akers. In addition, the properties of Kim Akers are
displayed as her GAL entry. However, if Ted Bremer attempts to forge Kim's address by using
kim@northwindtraders.com in the From line and then sending the mail to the Exchange 2003
server at Northwind Traders, the e-mail address is not resolved to Kim's display name because
Ted did not authenticate. Therefore, when this e-mail message displays in Microsoft Office
Outlook®, the sender address appears as kim@northwindtraders.com; it does not resolve to
Kim Akers, as authenticated mail from Kim does.
Scenario: Cross-Forest Mail Delivery
Consider a company that spans two forests: the Adatum forest and the Fabrikam forest. Both
these forests are single domains forests with domains of adatum.com and fabrikam.com
respectively. To allow cross-forest mail collaboration, all users in the Adatum forest are
represented as contacts in the Fabrikam forest's Active Directory. Likewise, all users in the
Fabrikam forest are represented as contacts in Adatum forest's Active Directory.
If a user in the Adatum forest sends mail to Fabrikam forest, and the mail is submitted over an
anonymous connection, the sender's address is not resolved, despite the fact the sender exists as a
contact in the Active Directory and in the Outlook GAL. This is because a user in the Adatum
forest is not an authenticated user in Fabrikam forest.
Example:
Kim Akers is a mail user in the Adatum forest—her e-mail address is kim@adatum.com, and her
Outlook GAL display name is Kim Akers. Adam Barr is a user in the Fabrikam forest—his e-
mail address is abarr@fabrikam. com, and his Outlook GAL display name is Adam Barr. Because
Adam is represented as an Active Directory contact in the Adatum forest, Kim can view Adam's
e-mail address and resolve it to the display name of Adam Barr in the Outlook GAL. When Adam
receives mail from Kim, Kim's address is not resolved; instead of seeing Kim's display name as it
appears in the GAL, Adam sees her unresolved e-mail address of kim@adatum.com. Because
Kim sent mail as an anonymous user, her e-mail address did not resolve. Although Kim is
authenticated when sending mail, the connection between the two forests is not authenticated.
Chapter 6: Transport and Message Flow Features 147
To ensure that senders in one forest can send mail to recipients in another forests, and to ensure
that their e-mail addresses resolve to their display names in the GAL, you should enable cross-
forest mail collaboration. The following sections explain the two options available for
configuring mail collaboration between two forests.
1. Create an account in the Fabrikam forest that has Send As permissions. (For all users in the
Adatum forest, a contact exists in the Fabrikam forest as well; therefore this account allows
Adatum users to send authenticated mail.) Configure these permissions on all Exchange
servers that will accept incoming mail from Adatum.
2. On an Exchange server in the Adatum forest, create a connector that requires authentication
using this account to send outbound mail.
Similarly, to set up cross-forest authentication from the Fabrikam forest to Adatum forest, repeat
these steps, creating the account in Adatum and the connector in Fabrikam.
2. On each Exchange server that will accept incoming connections from the connecting forest,
configure Send As permissions for this account.
Note
Be careful when creating the password policy. If you set the password to expire,
ensure that you have a policy in place that changes the password before its
expiration date. If the password for this account expires, cross-forest
authentication will fail.
a. Start Exchange System Manager: Click Start, point to All Programs, point to
Microsoft Exchange, and then click System Manager.
b. In the console tree, expand Servers, right-click an Exchange server that will accept
incoming connections from the connecting forest, and then click Properties.
c. In <Server Name> Properties, on the Security tab, click Add.
d. In Select Users, Computers, or Groups, add the account you just created, and then
click OK.
e. On the Security tab, under Group or user names, select the account.
f. Under Permissions, next to Send As, select the Allow check box (Figure 6.1).
Perform the following steps to resolve contacts for Adatum users to their display names in the
Fabrikam forest:
1. Create a connector in the Adatum forest that connects to the Fabrikam forest.
2. On the receiving bridgehead server in the Fabrikam forest, restrict access to the SMTP
virtual server by IP address. By doing this, you can ensure that only servers from the Adatum
forest can send mail to this server.
3. On the SMTP virtual server that hosts the connector, enable the Resolve anonymous e-mail
setting.
152 What's New in Exchange Server 2003
4. Change a registry key to ensure that the extended message properties (Exch50 properties)
are persisted across the forests. Otherwise, you can lose important message information.
After you complete these steps, all users who send mail from the Adatum forest to the Fabrikam
forest will resolve to their display names in the Fabrikam GAL. Next, you need to repeat steps 1
through 3 for the Fabrikam forest.
The following procedures show you how to:
5. Click Add to select a local bridgehead server and SMTP virtual server to host the connector
(Figure 6.6).
7. In Internet Address Space Properties, type the domain of the forest to which you want to
connect, and then click OK. In this example, because the connector is sending from the
Adatum forest to the Fabrikam forest, the address space matches the domain for the forest,
fabrikam.com (Figure 6.7).
To configure Exchange to accept the extended message properties, you can enable a registry key
on the receiving bridgehead server or on the SMTP virtual server that resides on the bridgehead.
Enabling the registry key on the Exchange server configures all SMTP virtual servers on the
Exchange server to accept extended properties.
When Internet Mail Wizard runs, it creates a log file (Exchange Internet Mail Wizard.log) of all
the configuration changes it makes, including whether or not these changes were successful. The
wizard saves this log file to the My Documents folder of the user who runs the wizard.
158 What's New in Exchange Server 2003
The following sections explain how to use Internet Mail Wizard to:
To run Internet Mail Wizard and configure your server to send Internet mail
1. Start Exchange System Manager: Click Start, point to All Programs, point to Microsoft
Exchange, and then click System Manager.
2. In the console tree, right-click your Exchange organization, and then click Internet Mail
Wizard. The Welcome page appears (Figure 6.8).
4. On the Prerequisites for Internet Mail page, read the requirements, ensure that you have
completed the tasks listed, and then click Next (Figure 6.9).
• You have registered your company's SMTP domain or domains with an Internet
registrar.
• The Exchange server that you want to configure for Internet e-mail has an Internet IP
address assigned to it.
• DNS is correctly configured. Your DNS server must have a mail exchanger (MX) record
pointing to the Internet IP address of your Exchange server and your DNS server must
be able to resolve external Internet names.
Note
For information about how to configure DNS, see Microsoft Knowledge Base
article 315982, "HOW TO: Configure DNS Records for Your Web Site in
Windows 2000" (http://support.microsoft.com/?kbid=315982).
160 What's New in Exchange Server 2003
5. On the Server Selection page, in the Server list, select the Exchange server you want to
configure to send Internet e-mail (Figure 6.10).
As noted on the Server Selection page, you cannot run Internet Mail Wizard if any of the
following conditions exist on your server:
7. On the Wizard in Progress page, Internet Mail Wizard checks your server configuration to
ensure that the server meets all necessary prerequisites. After the wizard checks these
conditions, the results display under Report (Figure 6.11).
8. On the Internet E-mail Functions page, you can specify whether you want this server to
send Internet e-mail, receive Internet e-mail, or send and receive Internet e-mail. To
configure your server to send Internet mail, select the Send Internet e-mail check box
(Figure 6.12).
9. Click Next.
Chapter 6: Transport and Message Flow Features 163
10. On the Outbound Bridgehead Server page, under SMTP virtual server, ensure that the
Exchange server and SMTP virtual server designated as the bridgehead are displayed
(Figure 6.13). By default, the Internet Mail Wizard creates an SMTP connector on this server
with the address space that you specify so that all mail destined to this address space is
routed through this connector.
12. If the Open Relay Configuration page displays, your server is configured to allow open
relay (Figure 6.14). With open relaying, external users can use your server to send
unsolicited commercial mail, which may result in other legitimate servers blocking mail
from your Exchange server.
Note
This page displays only if your SMTP virtual server is configured to allow open
relay. If your SMTP virtual server does not allow open relay, this page does not
display.
• Click Route all mail through the following smart host if you want to send mail to a
smart host that assumes responsibility for DNS resolution and mail delivery. Then, in
the Host name or IP address of the smart host box, type either a fully qualified
domain name or an IP address for the smart host.
17. On the External Domain Name System (DNS) page (Figure 6.16), configure your SMTP
virtual server to use an external DNS server: Click Add, and then, in Enter an IP address,
type the IP address of the external DNS server you want to use.
Important
The external DNS server must have the ability to resolve external or Internet
addresses.
23. When the Completing the Internet Mail Wizard page displays, select the View detailed
report when this wizard closes check box to view the log file, and then click Finish
(Figure 6.19).
Note
Internet Mail Wizard writes the log file to the My Documents folder of the user
running the wizard. The exact location displays on the Completing the
Internet Mail Wizard page.
To run Internet Mail Wizard and configure your server receive Internet mail
1. Start Exchange System Manager: Click Start, point to All Programs, point to Microsoft
Exchange, and then click System Manager.
Chapter 6: Transport and Message Flow Features 169
2. In the console tree, right-click your Exchange organization, and click Internet Mail
Wizard. The Welcome to the Internet Mail Wizard page appears (Figure 6.20).
• You have registered your company's SMTP domain or domains with an Internet
registrar.
• The Exchange server that you want to configure for Internet e-mail has an Internet IP
address assigned to it.
• DNS is correctly configured. Your DNS server must have a mail exchanger (MX) record
pointing to the Internet IP address of your Exchange server and your DNS server must
be able to resolve external Internet names.
Note
For information about how to configure DNS, see Microsoft Knowledge Base
article 315982, "HOW TO: Configure DNS Records for Your Web Site in
Windows 2000" (http://support.microsoft.com/?kbid=315982).
5. On the Server Selection page, under Server, select the Exchange server you want to
configure to receive Internet e-mail (Figure 6.22).
As noted on the Server Selection page, you cannot run Internet Mail Wizard if any of the
following conditions exist on your server:
8. On the Internet E-mail Functions page, you can specify whether you want this server to
send Internet e-mail, receive Internet e-mail, or send and receive Internet e-mail. To
configure your server to receive Internet mail, select the Receive Internet e-mail check box
(Figure 6.24).
9. Click Next.
Chapter 6: Transport and Message Flow Features 173
10. To accept Internet mail, your SMTP virtual server must allow anonymous access. If your
server is not configured to allow anonymous access, the Anonymous Access Configuration
page displays (Figure 6.25). If this page displays, leave the default option, Enable
anonymous access, so your server can accept incoming mail from the Internet.
Note
This page displays only if your SMTP virtual server is not configured to allow
anonymous access. If your SMTP virtual server allows anonymous access, this
page does not display.
The SMTP domains for which you want to receive Internet mail are configured in Exchange
System Manager in Recipient Policies. You must have a recipient policy configured for
every SMTP domain for which you want to accept Internet mail, and Exchange must be
authoritative for this domain. If you created multiple recipient policies in Exchange System
Manager, you cannot use the wizard to create additional recipient policies. In this case, if
you need to add or modify recipient policies, you must use Exchange System Manager.
14. If the Open Relay Configuration page displays, your server is configured to allow open
relay (Figure 6.27). With open relaying, external users can use your server to send
unsolicited commercial mail, which may result in other legitimate servers blocking mail
from your Exchange server.
Note
This page displays only if your SMTP virtual server is configured to allow open
relay. If your SMTP virtual server does not allow open relay, this page does not
display.
16. The Configuration Summary page displays the configuration options you selected, as well
as the location of the Internet mail log file where the configuration settings will be saved
(Figure 6.28). Review these options carefully.
18. When the Completing the Internet Mail Wizard page displays, select the View detailed
report when this wizard closes check box to view the log file, and then click Finish
(Figure 6.29).
Note
Internet Mail Wizard writes the log file to the My Documents folder of the user
running the wizard. The exact location displays on the Completing the
Internet Mail Wizard page.
To run the Internet Mail Wizard and configure your server to send and
receive Internet mail
1. Start Exchange System Manager: Click Start, point to All Programs, point to Microsoft
Exchange, and then click System Manager.
178 What's New in Exchange Server 2003
2. In the console tree, right-click your Exchange organization, and then click Internet Mail
Wizard. The Welcome to the Internet Mail Wizard page appears (Figure 6.30).
• You have registered your company's SMTP domain or domains with an Internet
registrar.
• The Exchange server that you want to configure for Internet e-mail has an Internet IP
address assigned to it.
• DNS is correctly configured. Your DNS server must have a mail exchanger (MX) record
pointing to the Internet IP address of your Exchange server and your DNS server must
be able to resolve external Internet names.
Note
For information about how to configure DNS, see Microsoft Knowledge Base
article 315982 "HOW TO: Configure DNS Records for Your Web Site in
Windows 2000" (http://support.microsoft.com/?kbid=315982).
5. On the Server Selection page, under Server, select the Exchange server that you want to
configure to send and receive Internet e-mail (Figure 6.32).
As noted on the Server Selection page, you cannot run Internet Mail Wizard if any of the
following conditions exist on your server:
8. On the Internet E-mail Functions page, you can specify whether you want the server to
send Internet e-mail, receive Internet e-mail, or send and receive Internet e-mail
(Figure 6.34). To configure your server to send and receive e-mail, select both the Receive
Internet e-mail and Send Internet e-mail check boxes. The wizard creates an SMTP
connector so you can send mail to all external address or to specified addresses.
9. Click Next.
182 What's New in Exchange Server 2003
10. To accept Internet mail, your SMTP virtual server must allow anonymous access. If your
server is not configured to allow anonymous access, the Anonymous Access Configuration
page displays. (Figure 6.35). If this page displays, leave the default option, Enable
anonymous access, so your server can accept incoming mail from the Internet.
Note
This page displays only if your SMTP virtual server is not configured to allow
anonymous access. If your SMTP virtual server allows anonymous access, this
page does not display.
If you have created multiple recipient policies in Exchange System Manager, you cannot use
the wizard to create additional recipient policies. In this case, if you need to add or modify
your recipient policies, you must use Exchange System Manager.
14. On the Outbound Bridgehead Server page, ensure that the Exchange server and SMTP
virtual server designated as the bridgehead are displayed (Figure 6.37). Internet Mail Wizard
will create an SMTP connector on this server with the address space of *, so that all mail
destined to Internet addresses is routed through this connector.
• Click Route all mail through the following smart host if you want to send mail to a
smart host that assumes responsibility for DNS resolution and mail delivery. Then, in
the Host name or IP address of the smart host box, type either a fully qualified
domain name or an IP address for the smart host.
21. On the External Domain Name System (DNS) page (Figure 6.40), configure your SMTP
virtual server to use an external DNS server: Click Add, and then, in Enter an IP address,
type the IP address of the external DNS server you want to use.
Important
The external DNS server must have the ability to resolve external or Internet
addresses.
25. The Configuration Summary page displays the configuration options you selected, as well
as the location of the Internet mail log file where the configuration settings will be saved
(Figure 6.42). Review these options carefully.
27. When the Completing the Internet Mail Wizard page displays, select the View detailed
report when this wizard closes check box to view the log file, and then click Finish
(Figure 6.43).
Note
Internet Mail Wizard writes the log file to the My Documents folder of the user
running the wizard. The exact location displays on the Completing the
Internet Mail Wizard page.
2. In the console tree, right-click your Exchange organization, and then click Internet Mail
Wizard. The Welcome to the Internet Mail Wizard page appears (Figure 6.44).
• You have registered your company's SMTP domain or domains with an Internet
registrar.
• The Exchange server that you want to configure for Internet e-mail has an Internet IP
address assigned to it.
• DNS is correctly configured. Your DNS server must have a mail exchanger (MX) record
pointing to the Internet IP address of your Exchange server and your DNS server must
be able to resolve external Internet names.
Note
For information about how to configure DNS, see Microsoft Knowledge Base
article 315982, "HOW TO: Configure DNS Records for Your Web Site in
Windows 2000" (http://support.microsoft.com/?kbid=315982).
5. On the Server Selection page, under Server, select the Exchange server that you want to
configure to send and receive Internet e-mail (Figure 6.46).
As noted on the Server Selection page, you cannot run Internet Mail Wizard if any of the
following conditions exist on your server:
8. On the Internet E-mail Functions page, you can specify whether you want this server to
send Internet e-mail, receive Internet e-mail, or send and receive Internet e-mail
(Figure 6.48). To configure your server to send and receive e-mail, select both the Receive
Internet e-mail and Send Internet e-mail check boxes. The wizard creates an SMTP
connector so you can send mail to all external address or to specified addresses.
9. Click Next.
Chapter 6: Transport and Message Flow Features 195
10. On the Configure Your Server page, under Configure the dual-homed Internet gateway
topology, click Yes to configure a dual-homed gateway server (Figure 6.49). Internet Mail
Wizard then configures one SMTP virtual server to accept incoming mail using the Internet
IP address and a second SMTP virtual server to send mail using an intranet IP address.
Note
To configure a server as a dual-homed gateway, your server must have static IP
addresses assigned to each network interface card. Otherwise, the Yes button is
unavailable.
12. On the Create two SMTP virtual servers page, create two SMTP virtual servers and assign
each one the proper IP address (Figure 6.50).
• In the Internet SMTP virtual server IP list, assign an Internet IP address to the SMTP
virtual server that accepts incoming Internet e-mail. To send mail to your users, external
SMTP servers must be able to connect to your SMTP virtual server that accepts
incoming Internet mail; therefore you must assign an Internet IP address to your SMTP
virtual server.
• In the Default SMTP virtual server IP (Intranet IP) list, assign an intranet IP to the
SMTP virtual server that sends Internet mail. You must assign an intranet IP address to
this server to allow only your authenticated internal users to send Internet mail using the
SMTP virtual server.
13. Click Next
14. On the SMTP Domains for Inbound Mail page, under SMTP domains, all the existing
recipient policies for SMTP addresses configured in your Exchange organization are
displayed (Figure 6.51). Ensure that all the SMTP domains for which you want to accept
Internet mail are displayed.
The address displayed in bold is the primary SMTP address, and this address displays as the
return address on your users' outgoing mail.
Chapter 6: Transport and Message Flow Features 197
The SMTP domains for which you want to receive Internet mail are configured in Exchange
System Manager in Recipient Policies. You must have a recipient policy configured for
every SMTP domain for which you want to accept Internet mail, and Exchange must be
authoritative for this domain.
If you created multiple recipient policies in Exchange System Manager, you cannot use the
wizard to create additional recipient policies. In this case, if you need to add or modify your
recipient policies, you must use Exchange System Manager.
16. On the Outbound Bridgehead Server page, under SMTP virtual server, ensure that the
Exchange server and SMTP virtual server designated as the bridgehead are displayed
(Figure 6.52). By default, the Internet Mail Wizard creates an SMTP connector on this server
with an address space of *, so that all mail destined to Internet addresses is routed through
this connector.
17. If the Open Relay Configuration page displays, your server is configured to allow open
relay (Figure 6.53). With open relaying, external users can use your server to send
unsolicited commercial mail, which may result in other legitimate servers blocking mail
from your Exchange server.
Note
This page displays only if your SMTP virtual server is configured to allow open
relay. If your SMTP virtual server does not allow open relay, this page does not
display.
• Click No if your DNS server cannot resolve Internet (external addresses). The wizard
then guides you through the process of configuring an external DNS server that your
SMTP virtual server will use to resolve external addresses.
• Click Route all mail through the following smart host if you want to send mail to a
smart host that assumes responsibility for DNS resolution and mail delivery. Then, in
the Host name or IP address of the smart host box, type either a fully qualified
domain name or an IP address for the smart host.
22. On the External Domain Name System (DNS) page (Figure 6.55), configure your SMTP
virtual server to use an external DNS server: Click Add, and then, in Enter an IP address,
type the IP address of the external DNS server you want to use.
Important
The external DNS server must have the ability to resolve external or Internet
addresses.
26. The Configuration Summary page displays the configuration options you selected, as well
as the location of the Internet mail log file where the configuration settings will be saved
(Figure 6.57). Review these options carefully.
28. When the Completing the Internet Mail Wizard page displays, select the View detailed
report when this wizard closes check box to view the log file, and then click Finish
(Figure 6.58).
Note
Internet Mail Wizard writes the log file to the My Documents folder of the user
running the wizard. The exact location displays on the Completing the
Internet Mail Wizard page.
4.2.2 In Exchange 2000, this delivery status notification is Check the mailbox storage and
generated when the recipient's mailbox exceeds its the queue storage quota limit.
storage limit.
On Windows 2000 and Microsoft Windows
Server™ 2003, this message is generated when the
storage size of the drop directory (a directory where
messages can be placed for delivery) exceeds the
SMTP virtual server disk quota. The disk quota of the
SMTP virtual server is 11 times the maximum
message size on the virtual server. If no maximum
size is specified, the disk quota defaults to 22 MB. If
the disk space is within one maximum message size of
the quota or if the disk space reaches 2 MB is no
maximum message is defined, Exchange assumes that
the incoming message will exceed the disk quota, and
then issues the DSN.
Chapter 6: Transport and Message Flow Features 207
4.4.9 This indicates a temporary routing error or bad Routing detects these
routing configuration. Possible causes are: situations, and Exchange
returns DSNs.
• Someone configured an SMTP connector using
DNS (rather than a smarthost) and added a non- • To remedy the first
SMTP address space, such as an X.400 address, scenario, configure the
to this connector. SMTP connector to use a
smarthost, instead of DNS,
• Someone created a routing group, and a recipient
to resolve the non-SMTP
in this routing group was supposed to receive
address space.
mail. A routing group connector using DNS was
used to bridge the routing group, and then this • To remedy second
administrative or routing group was removed. scenario, ensure that you
Therefore, any mail sent to this routing group was moved all users in the
sent in the MSGWIA.X500 format (the address removed administrative
encapsulation used for non-SMTP addresses); group or routing group to a
DNS does not recognize this format. valid group.
5.3.0 Exchange 2003 can operate without the message Check your routing topology.
transfer agent (MTA). If mail was mistakenly sent to Use the Winroute tool to ensure
the MTA, then Exchange returns this DSN to the that the routes are properly
sender. This condition is enforced only if you have replicated between servers and
disabled the MTA service and used specific registry routing groups.
settings to disable the MTA/StoreDriver. A default
configuration strands the misrouted mail on the MTA
queues.
208 What's New in Exchange Server 2003
5.7.1 General access denied, sender access denied—The Check system privileges and
sender of the message does not have the privileges attributes for the contact and
necessary to complete delivery. retry the message. Also, for
other potential known issues,
Possible causes include:
ensure that you are running
• The sender of the message does not have the Exchange 2000 Service Pack 1
privileges necessary to complete delivery. or later.
In Exchange 2003, check the
• You are trying to relay your mail through another permissions on the distribution
Exchange 2000 server, and the server does not list to see if it is a restricted
permit you to relay. The remote server returns a distribution list.
5.7.1 code.
• The recipient may have mailbox delivery
restrictions enabled (for example, if a recipient's
mailbox delivery restriction is configured to
receive mail from a distribution list only, non-
member's mail is rejected, and this DSN code is
returned).
• New in Exchange 2003: An anonymous user
attempted to send mail to recipients or
distribution list that accept mail only from an
authenticated SMTP session.
3. In X.400 Properties, under Message Queue Directory, click Modify (Figure 6.59).
Connection Filtering
Exchange Server 2003 supports connection filtering based on block lists. Connection filtering
leverages external-based services that list known sources of unsolicited e-mail sources, dial-up
user accounts, and servers open for relay (based on IP addresses). Connection filtering
compliments third-party content filter products. This feature allows you to check an incoming IP
address against a block list provider's list for the categories you want to filter. If a match is found
on the block list provider's list, SMTP issues a "550 5.x.x" error in response to the RCPT TO
command, and a customized error response is issued to the sender. (The RCPT TO command is
the SMTP command that the connecting server issues to identify the intended message recipient.)
Furthermore, you can use several connection filters and prioritize the order in which each filter is
applied.
With connection filtering, you can do the following:
• Set up connection filtering rules that check with a block list service provider for the
following:
• IP addresses of known senders of unsolicited commercial e-mail
• Servers configured for open relay
• Dial-up user account lists
Chapter 6: Transport and Message Flow Features 211
• Configure global accept and deny lists. A global accept list is a list of IP addresses from
which you will always accept mail. A global deny list is a list of IP addresses from which
will always deny mail. You can use global accept and deny lists with or without using a
block list service provider.
• Configure a recipient address as exception to all connection filtering rules. You can
configure a recipient address as an exception to all connection-filtering rules. When mail is
sent to this address, it is automatically accepted, even if the sender appears on a block list.
• host not found Indicates that the IP address is not present on its block list
• 127.0.0.x A response status code indicating that a match for the IP address was found in the
list of offenders. The x varies, depending on your block list provider.
If the incoming IP address is found on the block list, SMTP returns a 5.x.x error in response to the
RCPT TO command (The RCPT TO command is the SMTP command that the connecting server
issues to identify the intended message recipient.)
You can customize the response that is returned to the sender. Additionally, because block list
providers usually contain different offender categories, you can specify the matches you want to
reject. Most block list providers screen for three types of offenders:
• Sources of unsolicited commercial e-mail. These lists are generated from scanning
unsolicited commercial e-mails and adding the source address to the list
• Known open relay servers. These lists are calculated by identifying open relay SMTP servers
on the Internet. The most common reason for an open relay server is mis-configuration by
the system administrator.
• Dial-up user lists. These lists are created from either existing Internet service provider (ISP)
lists that contain IP addresses with dial-up access, or from inspection of addresses that
indicate a probable dial-up connection.
<reverse IP address of the connecting server>.<dns name for the block list
organization> IN A 127. 0.0.x
If this IP address is found on the provider's list, the provider returns a 127.0.0.x status code that
indicates an offending IP address and the type of offense. All block list providers return a
response code of 127.0.0.x, where x indicates the type of offense. This number varies, depending
on the block list provider.
However, if an IP address is a member of two lists, the block list provider adds the values of the
last octet. Therefore, if an IP address is on the list of known relay servers and known sources of
unsolicited e-mails, the block list provider returns a status code of 127.0.7, where 7 is the
combined values of the last octet returned for known sources of unsolicited commercial e-mail
and known relay servers.
Chapter 6: Transport and Message Flow Features 213
If you want to filter against only known sources of unsolicited commercial e-mail, enter a bit
mask value of 0.0.0.3; the block list then filters against any of the possible values, in this case,
127.0.0.3, 127.0.0.5, and 127.0.0.7, and 127.0.0.9.
Table 6.3 lists the bit mask values associated with each of the example status codes.
Table 6.3 Block list status code and corresponding bit mask examples
In the last example ("Known relay server and dial-up user account"), the bit mask 0.0.0.6 returns
a match for an IP address only if it appears on both the known relay server and dial-up user
account lists. It does not return a match if the IP address appears on only one of the two lists. You
cannot use a bit mask to check for a single match in multiple lists.
Note
A bit mask checks only against a single value. If you set a bit mask value that is
returned when an IP address appears on two lists, the mask will match only IP
addresses that appear on both lists. If you want to check for an IP address on either
of two lists, enter the status codes for these settings.
1. Create the connection filter using the Connection Filtering tab in the Message Delivery
Properties dialog box.
2. Apply the filter at the SMTP virtual server level.
Each of these steps is detailed in the following sections.
• Enter the IP address from which you want to accept connections on the global accept list.
• Enter the subnet and mask for the range of IP addresses from which you want to reject
connections on the global deny list.
When the connecting IP address you added to the global accept list attempts to connect to your
Exchange server, Exchange checks the global accept list first. Because Exchange finds a match
for this IP address, the connection is accepted, and Exchange performs no additional connection
filtering checks.
Chapter 6: Transport and Message Flow Features 215
4. To create a connection filter rule, click Add. The Connection Filtering Rule dialog box
displays (Figure 6.65).
• %0 – connecting IP address
• %1 – connection filter rule name
• %2 – the block list provider
For example, if you wanted your custom message to read:
The IP address <IP address> has been blocked by the following block list provider
<block list provider name>
type the following in the customer error message:
The IP address %0 was rejected by block list provider %2.
Chapter 6: Transport and Message Flow Features 219
Exchange replaces %0 with the connecting IP address and %2 with the block list provider.
Note
If you want to include a percent sign (%) in your error message, you must enter
the percent sign twice (%%).
8. To configure which return status codes received from the block list provider you want to
match in this connection filter, click Return Status Code. The Return Status Code dialog
box displays (Figure 6.66).
• Click Match Filter Rule to Any of the Following Responses (this connection filter
rule is matched to returned status codes received from the provider service by
220 What's New in Exchange Server 2003
using the specific values of the return status codes below). Click Add, and in Return
Status Code, type the status code you want to match. For each additional status codes,
click Add, type the code, and then click OK.
10. Click OK.
You can create exceptions to the connection filter rule. Specifically, you can allow message
delivery to specific recipients (for example, to the postmaster), regardless of whether the
connecting IP address is on a block list.
Figure 6.67 The Block List Service Configuration Settings dialog box
2. Click Add.
3. In Add Recipient, type the SMTP address of the recipient for whom you want to accept all
messages, regardless of whether the connecting IP address appears on a block list.
4. Click OK twice.
Chapter 6: Transport and Message Flow Features 221
You can also configure recipient filtering to filter messages sent to specified e-mail address (valid
or invalid) within your organization If a message is sent to any of the specified recipients,
Exchange returns a 5.x.x level error during the SMTP session.
By default, Exchange accepts mail that is destined for any recipient (invalid or valid) and then
sends non-delivery reports (NDRs) for all invalid recipients. Additionally, because unsolicited
mail is typically sent from invalid addresses, Exchange attempts to re-deliver NDRs to non-
existent senders, thereby expending more resources. If you enable recipient filtering, Exchange
no longer expends resources in this manner because invalid recipients are filtered. However,
enabling recipient filtering to resolve recipients in Active Directory can potentially allow
malicious senders to resolve valid e-mail addresses; this is because SMTP sessions issue different
responses for valid and invalid recipients.
Note
Recipient filter rules apply only to anonymous connections. Authenticated users and
Exchange servers bypass these validations.
1. Create the recipient filter using the Recipient Filtering tab in the Message Delivery
Properties dialog box.
2. Apply the filter at the SMTP virtual server level.
Each of these steps is detailed in the following sections.
Chapter 6: Transport and Message Flow Features 223
5. To filter mail that is sent to users who do not exist in Active Directory, select the Filter
recipients who are not in the Directory check box.
Note
Selecting the Filter recipients who are not in the Directory check box can
potentially allow malicious senders to discover valid e-mail addresses in your
Exchange organization.
6. In Identification, select the Apply Recipient Filter check box to apply the filter that you
previously set (Figure 6.70).
• Connection filtering
• Recipient filtering
• Sender filtering
• IP restrictions on a virtual server basis
Although connection filtering, recipient filtering, and sender filtering are all configured in
Message Delivery Properties, they must be enabled on individual SMTP virtual servers. In
contrast, IP restrictions are configured directly on each SMTP virtual server.
This section shows the order in which these filters, when configured and enabled, are checked
during an SMTP session. Filtering and IP restrictions are checked in the following manner.
2. The IP address of the connecting client is checked against the SMTP virtual server's IP
restrictions (configured on the Access tab of the SMTP virtual server Properties):
• If the connecting IP address is on the list of restricted IPs, the connection is immediately
dropped.
• If the connecting IP address is not on the list of restricted IPs, the connection is
accepted.
3. The SMTP client issues an EHLO or HELO command.
4. The SMTP client issues a MAIL FROM: command, similar to the following:
MAL FROM: dylanm@contoso.com
5. The IP address of the SMTP client is then checked against the global accept list (configured
in Exchange System Manager on the Connection Filtering tab in the Message Delivery
Properties dialog box).
• If the connecting IP address is on the global accept list, the global deny list is not
checked. Proceed to Step 7.
• If the connecting IP address is not on the list global accept list, Steps 6 and 7 are
performed.
6. The IP address of the SMTP client is checked against the global deny list (configured in
Exchange System Manager on the Connection Filtering tab in the Message Delivery
Properties dialog box).
• If the IP address of the SMTP client is on the global deny list, the connection is dropped.
• If the IP address of the SMTP client is not on the global deny list, the session continues.
7. Sender filtering checks the sender specified in the MAIL FROM command against its list of
blocked senders (configured in Exchange System Manager on the Sender Filtering tab in
the Message Delivery Properties dialog box).
• If the sender appears on the blocked senders list, one of two things happen, depending
on how sender filtering is configured:
- If sender filtering is configured to drop the connection, the connection is dropped.
- If sending filtering is configured to accept messages without notifying the sender, the
session continues; however, mail is sent to the Badmail directory and not delivered to
the intended recipient.
• If the sender does not appear on the sender-filtering list, the SMTP virtual server issues
a response similar to the following.
250 2.1.0 dylanm@contoso.com...Sender OK
Chapter 6: Transport and Message Flow Features 227
8. The connecting SMTP server issues a RCPT TO command similar to the following:
RCPT TO: kim@example.com
9. The connection filtering rules check the connecting IP address against any block lists
provided by their block list service providers.
• If the IP address of the SMTP client is in the accept list, the connection filter rules are
bypassed. Proceed to Step 10.
• If the IP address of the SMTP client is on a block list service provider's block list, the
SMTP virtual server returns an error code and then sends the customized error message
configured for the connection filtering rule.
• If the IP address of the SMTP client is not on a block list service provider's block list,
the session continues.
10. Connection filtering checks to see if the intended recipient is on the connection filtering
exception list.
• If the recipient is on this list, the communication is accepted, and no other checks are
applied at the RCPT TO command. Proceed to Step 13.
• If the recipient does not appear on the exception list, the recipient is checked against
other filters.
11. If the recipient does not appear on the exception list configured in connection filtering, the
recipient is then checked against any blocked recipients configured in recipient filtering.
• If the recipient is a blocked recipient, the SMTP virtual server returns an invalid
recipient error.
• If the recipient is not a blocked recipient, the session continues.
12. If the recipient is not a blocked recipient, then Active Directory is checked to ensure that the
intended recipient exists in Active Directory.
• If the intended recipient is not a valid recipient that exists in Active Directory, the SMTP
virtual server returns an invalid recipient error.
• If the recipient is a valid recipient that exists in Active Directory, the session continues.
13. For each additional recipient specified in a RCPT TO command, Steps 10 through 12 are
applied.
14. The connecting server then issues a DATA command similar to the following
DATA
To: Kim Akers
From: dylanm@contoso.com<Dylan Miller>
Subject: Mail Message
228 What's New in Exchange Server 2003
15. Sender filtering then checks that the From address does not match a blocked sender.
• If the sender specified in the DATA command is a blocked sender, one of two things
happen:
- If sender filtering is configured to drop the connection, then the SMTP virtual server
returns a 5.1.0 "Sender Denied" error and drops the connection.
- If sending filtering is configured to accept messages without notifying the sender, the
session continues; however, mail is sent to the Badmail directory and not delivered to
the intended recipient.
• If the sender specified in the DATA command is not a blocked sender, the message is
accepted and queued for delivery.
• On Windows 2000 Server, in Select Users, Computers, or Groups, select the group or
user that you want to grant submit permissions, and then click Add.
8. Click OK to return to the Permissions for Submit and Relay dialog box.
9. Under Group or user names, select the group you just added.
10. Under Permissions for <Selected Group>, next to Submit Permission, if necessary, click
Allow to allow the selected user or group to submit mail through this SMTP virtual server.
11. Click OK.
• On Windows 2000 Server, in Select Users, Computers or Groups, select the group or
user that you want to grant submit permissions, and then click Add.
8. Click OK to return to the Permissions for Submit and Relay dialog box.
9. Under Group or user names list, select the group you just added.
10. Under Permissions for <selected group>, next to Submit Permission, if necessary, select
the check box under Allow to allow the selected user or group to submit mail through this
SMTP virtual server.
11. Next to Relay Permissions, select the check box under Allow to permit the selected object
to relay through this SMTP virtual server, or select the check box under Deny to prevent the
selected object from relaying through this connector.
Note
You must allow Submit Permissions if you want to allow Relay Permissions.
Storage Features
Microsoft® Exchange Server 2003 includes many improvements the Exchange store. In general,
these improvements focus on making disaster recovery operations easier and faster and on
streamlining internal processes such as public folder replication.
Specifically, the improvements include the following:
• Support for the new Volume Shadow Copy service, which is available as part of the
Microsoft Windows Server™ 2003 backup API.
• A new type of storage group (the Recovery Storage Group) provides a temporary location
for restored mailbox data. After restoring the mailbox data to the Recovery Storage Group,
you can then merge the data you need with the original mailbox store, whether that means
restoring the entire mailbox store or a few individual mailboxes.
• The Microsoft Mailbox Merge Wizard (Exmerge) is now available for download at the
Exchange Downloads Web site
(http://www.microsoft.com/exchange/2003/updates).
• Public folder replication processes are overhauled and streamlined for more efficient use of
bandwidth.
• The Exchange Virus Scanning Application Programming Interface (VSAPI) is enhanced and
expanded.
• A backup of a volume is produced. This backup reflects the state of that volume at the
instant the backup started, even if the data changes while the backup is in progress. All the
232 What's New in Exchange Server 2003
backup data is internally consistent and reflects the state of the volume at a single point in
time.
• Applications and services are notified that a backup is about to occur. The services and
applications can then prepare for the backup by cleaning up on-disk structures and by
flushing caches and log files.
Important
Exchange supports the Volume Shadow Copy service for normal backups and copy
backups, but not for incremental or differential backups.
• The server housing the storage group is running Exchange 2000 SP3 or later.
• The server housing the storage group is in the same Administrative group as the server
housing the Recovery Storage Group.
• If you are restoring multiple mailbox stores simultaneously, they must all be from a single
storage group.
After you restore a mailbox store to the Recovery Storage Group, use the Exmerge utility to
move the recovered mailbox data from the Recovery Storage Group to the regular storage group.
With this method, you can recover an entire mailbox store (all of the database information,
including the log data) or just a single mailbox. Mailboxes in the Recovery Storage Group are
disconnected and are not accessible to users with mail clients.
Note
You can only use the Recovery Storage Group to recover mailbox stores, not public
folder stores.
Chapter 7: Storage Features 233
3. In Recovery Storage Group Properties, ensure that the file locations specified in the
Transaction log location box and the System path location box are appropriate, and then
click OK. The new Recovery Storage Group will appear in the server's list of storage groups
(Figure 7.1).
2. Click Restore and Manage Media, expand the File list, expand the backup file you want to
use, click the appropriate storage group, and then click the database and log files that you
want to restore.
Important
Make sure that you select only mailbox stores and/or log files. Do not select the
entire storage group, especially if the storage group contains public folder stores.
The restore operation will not succeed if public folder stores are selected.
Figure 7.2 When selecting items to restore, make sure that only
mailbox stores and log files are selected.
3. Click Start Restore.
4. In Restoring Database Store, type the name of a temporary file directory in the Temporary
location box and, if this is the last backup to be restored, select Last Restore Set.
5. Click OK. When the restore process is complete, click Close.
6. In Exchange System Manager, right-click the mailbox store in the Recovery Storage Group,
and then click Mount Store. In the warning dialog box, click Yes.
To merge recovered mailbox data with regular user mailboxes
Note
To complete this procedure, you need the Microsoft Exchange Mailbox Merge Wizard
236 What's New in Exchange Server 2003
(Exmerge). You can download Exmerge from the Exchange Downloads Web site
(http://www.microsoft.com/exchange/2003/updates).
1. After restoring the appropriate mailbox store to the Recovery Storage Group, start Exmerge.
You can start Exmerge from a command prompt by typing %path%\exmerge.
2. Follow the instructions in the wizard to specify the export method, the source server, and the
destination server (when the Recovery Storage Group is on the same server as the original
mailbox store with which you are working, the source server and destination server are the
same).
3. On the Database Selection page, select only the mailbox stores that are in the Recovery
Storage Group, and then click Next.
4. On the Mailbox Selection page, select the mailboxes to restore. You can select individual
mailboxes or multiple mailboxes. When finished, click Next.
5. Specify the appropriate locale (if necessary), and then click Next.
6. On the Target Directory page, click Change Folder. Use the Browse for Folder dialog box
to specify a temporary folder, and then click OK. Click Next.
7. Follow the remaining instructions to finish the wizard and move the mailbox data. The
wizard will copy data from mailboxes in the restored mailbox store and merge it with data in
the corresponding mailboxes in the original mailbox store.
1. Sorts the list according to the lowest transport cost (servers in the same site have priority
over servers in remote sites).
2. For servers with the same transport cost, sorts again according to newest Exchange version.
In previous versions of Exchange, servers running newer Exchange versions are selected
over servers running older versions, regardless of the transport cost. For example, a server in
a remote site running Exchange 2000 would be selected over a local server running
Microsoft Exchange Server version 5.5. In Exchange 2003, transport cost now has greater
importance in the selection criteria.
3. For servers with the same transport cost and Exchange version, sort again according to the
largest number of necessary changes available on the server. In previous versions of
Exchange, a server holding all of the necessary updates is chosen over a server holding only
some of the updates, regardless of transport cost. In Exchange 2003, this preference has been
changed so that if some updates are available on a server with a lower transport cost, that
server is selected to backfill those updates, even if the rest of the updates must be obtained
from other (higher-cost) servers.
As an example of how the new behavior differs from that of all Exchange 2000 Server versions,
consider an Exchange 5.5 deployment of several sites (with multiple servers per site, all
replicating public folders) that must be upgraded to Exchange 2003. Add one Exchange 2003
238 What's New in Exchange Server 2003
server to each site. In each site, the Exchange 2003 server will backfill its public folders from the
local Exchange 5.5 servers, rather than search for a newer server in one of the remote sites.
Development Features
Microsoft® Exchange Server 2003 contains important changes and additions for developers. You
can find complete information about these changes in the Microsoft Exchange Server 2003
Software Development Kit (SDK). In addition, the following sections briefly describe the major
changes.
New Development
Technologies
The following are new development technologies for Exchange Server 2003.
The Windows Management Instrumentation (WMI) providers and classes that ship with
Exchange 2000 Server provide operational status about Exchange servers, queues, links, and so
on, and are intended for use in applications that monitor Exchange.
Exchange Server 2003 includes many new and improved WMI classes that are designed for use
in Exchange management scripts and operator consoles. The new object classes support
managing Exchange stores, public folders, user mailboxes, connectors, queues, links, and so on.
Table 8.1 lists the new WMI classes.
Supported Development
Technologies
The following development technologies are supported on Exchange Server 2003.
Application Technologies
• Exchange Web Forms.
• Exchange 2000 Server workflow.
• Exchange 5.5 routing engine. Samples provided in the Exchange 5.5 Exchange Development
Kit (EDK) are not supported.
Monitoring
• Exchange 2000 Server WMI providers.
Specialized Programs
• Virus Scanning API (VSAPI) version 2.5.
• Backup and Restore API.
Chapter 8: Development Features 243
Deprecated Exchange
Development Technologies
The following Exchange 2000 Server application development-related technologies and features
are removed and are not supported in Exchange Server 2003:
Deprecated MAPI
Technologies
The following MAPI technologies, which formerly shipped with Exchange 2000 Server, are not
available in Exchange Server 2003:
Simple MAPI
Simple MAPI is a wrapper around 12 high-level Extended MAPI functions that enable a
client application to send, address, receive, and reply to messages. On the client, Simple
MAPI is used by Microsoft Office to send mail directly from the application. It is only
intended for use in the Microsoft Windows® environment and offers limited functionality.
Anything that can be done with Simple MAPI can also be done with Extended MAPI.
Common Messaging Calls (CMC)
CMC is a wrapper around 10 Extended MAPI functions and was created to abstract the
complexities of MAPI and to create an API standard that was supported across platforms.
The CMC API was developed in conjunction with the X.400 API Association (XAPIA)
standards organization and is only accessible to C/C++ client developers. Anything that can
be done with CMC can also be done with Extended MAPI.
CDOHTML
Also referred to as CDO 1.2.1 Rendering, this API exposes a set of objects that can be used
by Internet Information Services (IIS) to render CDO 1.2x objects and properties into HTML
output. CDO 1.2.1 Rendering (CDOHTML.DLL) was intended for server-side use only.
C H A P T E R 9
Deployment Features
Whether you are installing a new Exchange organization or upgrading an existing organization,
Microsoft® Exchange Server 2003 introduces several new features that make deployment easier.
Aside from summarizing these new features (including the new deployment tools and setup
features), this chapter provides information about required prerequisites for deploying
Exchange 2003. Furthermore, you will learn how to perform the basic steps necessary for
deploying or upgrading to Exchange Server 2003. For more information about deploying
Exchange 2003 in your organization, see the book Exchange Server 2003 Deployment Guide
(http://www.microsoft.com/exchange/library).
ADC Tools
The Active Directory Connector (ADC) management console now contains an ADC Tools
option. ADC Tools is a collection of wizards and tools that help you set up connection
agreements. Specifically, ADC Tools scans your current Active Directory and Exchange 5.5
directory and organization, and then automatically creates the recommended connection
agreements. The following wizards are included in ADC Tools.
Resource Mailbox Wizard
This wizard identifies Active Directory accounts that match more than one Exchange 5.5
mailbox. Using this wizard, you can match the appropriate primary mailbox to the Active
Directory account and stamp other mailboxes with the NTDSNoMatch attribute, which
designates the mailboxes as resource mailboxes. You can either make these changes online
or export a comma-separated value (.csv) file that you can update and import into the
Exchange 5.5 directory.
Chapter 9: Deployment Features 247
Connection Agreement Wizard
This wizard recommends public folder connection agreements and recipient connection
agreements based on your Exchange 5.5 directory and Active Directory configuration. You
can review the list of recommended connection agreements and select those you want the
wizard to create.
The Exchange Server Deployment Tools lead you through the process of installing Active
Directory Connector and running ADC Tools.
To run pfMigrate
1. In Exchange Server Deployment Tools, on the Welcome to the Exchange Server
Deployment Tools page, click Deploy the first Exchange 2003 server.
2. On the Deploy the First Exchange 2003 Server page, in the Follow this process column,
click Coexistence with Exchange 5.5.
3. On the Coexistence with Exchange 5.5 page, click Phase 3.
4. On the Phase 3. Installing Exchange Server 2003 on the Initial Server page, click Next.
5. On the Install Exchange 2003 on Additional Servers page, click Next.
6. On the Post-Installation Steps page, under Moving System Folders and Public Folders,
click move system folders and public folders, and then follow the steps listed to complete
your public folder migration.
Note
After you run pfMigrate, only the hierarchy of the system folders and public folders is
migrated immediately. You must wait for replication to occur before the contents of
the system folders and public folders are migrated. Depending on the size and
number of system and public folders, as well as your network speed, replication
could take a considerable amount of time.
248 What's New in Exchange Server 2003
4. Run Exchange Setup. On the Component Selection page, set the installation action to
Custom, and then select Microsoft Exchange System Management Tools.
5. After running Setup, disable SMTP Service, World Wide Web Publishing Service, or
NNTP Service if you do not intend to run them on the computer.
Memory Allocation
Exchange Server 2003 benefits from an improved memory allocator in
Windows Server 2003, which decreases the likelihood of running into situations that result in
Virtual Machine (VM) fragmentation. In addition, Exchange customers who have more than
1 GB of memory no longer need to purchase the Advanced Server SKU, which previously
supported the /3GB switch.
Prerequisites
Before you install or upgrade to Exchange Server 2003, ensure that your network and servers
meet the prerequisites described in this section.
Hardware Requirements
The following are the minimum hardware requirements for computers running Exchange
Server 2003:
• System partition
• Partition that stores Exchange binaries
• Partitions containing transaction log files
• Partitions containing database files
• Partitions containing other Exchange files
Active Directory
Exchange 2003 Setup must be able to contact at least one Active Directory server running
Windows 2000 SP3 or later, or Windows Server 2003 within the local Active Directory Site.
Domain controllers and global catalog servers must be running Windows 2000 SP3 or later or
Windows Server 2003 for Exchange Server 2003 to recognize them.
Permissions
In Exchange 2000, the user account that was used to run Setup was required to have Exchange
Full Administrator rights at the organization level. In Exchange Server 2003, although a user with
Exchange Full administrator rights at the organization level must install the first server in a
domain, you can now install additional servers if you have Exchange Full Administrator rights at
the administrative group level.
Although this change allows for a more decentralized administrative model, there are still
instances where higher-level permissions are required. A domain administrator with the
appropriate privileges must manually add the machine account for the server on which you plan
to install Exchange Server 2003 to the Exchange Domain Servers group. In addition, an
administrator with Exchange Full Administrator rights at the organization level must still perform
the following installations and upgrades:
In addition, if you are upgrading an Exchange 5.5 organization to Exchange Server 2003, you are
no longer required to be an Exchange 5.5 Administrator; this is because the option to join an
existing Exchange 5.5 organization occurs during Setup instead of during ForestPrep.
Table 9.2 lists the permissions required to run ForestPrep and DomainPrep and to install
Exchange 2003.
Install Exchange Server 2003 on • Full Exchange Administrator at the organization level
the first server in a domain
• Exchange 5.5 Administrator under the organization,
site, and configuration nodes (if installing into an
Exchange 5.5 site)
• Local Machine Administrator
Chapter 9: Deployment Features 255
Install Exchange Server 2003 on • Full Exchange Administrator at the administrative group
additional servers in the domain level
• Exchange 5.5 Site Administrator (if installing into an
Exchange 5.5 site)
• Local Machine Administrator
Install Exchange Server 2003 on • Exchange Full Administrator at the organization level
a server with SRS enabled
• Local Machine Administrator
In addition, ensure that the required services are running before you upgrade. For Exchange 2003
Setup to run, you must install and enable the following services:
If the following services are disabled, Setup still runs; however, Setup enables these services
automatically:
Third-Party Software
As part of your planning, you should ensure that all third-party software you want to use is
compatible with Exchange Server 2003. Specifically, you should determine whether any
compatibility issues could result from the following new Exchange 2003 features:
• Exchange-aware Antivirus Software New features have been added to the Exchange
Virus Scanning Application Programming Interface (VSAPI) in Exchange 2003.
• Exchange-aware Backup and Restore Software New features have been added to
Backup (such as Restore Groups and Snapshot) in Exchange 2003.
• Exchange-aware Enterprise Management New features and WMI providers have been
added in Exchange 2003.
258 What's New in Exchange Server 2003
This appendix (specifically, the output from an LDF file) lists the Microsoft® Active Directory®
directory service schema changes between Exchange 2000 Server and Exchange Server 2003.
dn: CN=msExchAuthMailDisposition,<SchemaContainerDN>
changetype: add
adminDescription: msExchAuthMailDisposition
adminDisplayName: msExchAuthMailDisposition
attributeID: 1.2.840.113556.1.4.5061
attributeSyntax: 2.5.5.9
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchAuthMailDisposition
name: msExchAuthMailDisposition
oMSyntax: 2
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: 97bPVywePk2W30AghiS6/w==
searchFlags: 0
dn: CN=msExchAuthorizationPersistence,<SchemaContainerDN>
changetype: add
adminDescription: msExchAuthorizationPersistence
adminDisplayName: msExchAuthorizationPersistence
attributeID: 1.2.840.113556.1.4.7000.102.15011
attributeSyntax: 2.5.5.9
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchAuthorizationPersistence
262 What's New in Exchange Server 2003
name: msExchAuthorizationPersistence
oMSyntax: 2
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: a2Gu1sUWzkSycouSOuvjNQ==
searchFlags: 0
dn: CN=msExchBarMessageClass,<SchemaContainerDN>
changetype: add
adminDescription: msExchBarMessageClass
adminDisplayName: msExchBarMessageClass
attributeID: 1.2.840.113556.1.4.7000.102.1064
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: FALSE
lDAPDisplayName: msExchBarMessageClass
name: msExchBarMessageClass
oMSyntax: 64
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: SeVDz+EqD0G4lgLkC5NDcw==
searchFlags: 0
dn: CN=msExchChatMaxConnectionsPerIP,<SchemaContainerDN>
changetype: add
adminDescription: msExchChatMaxConnectionsPerIP
adminDisplayName: msExchChatMaxConnectionsPerIP
attributeID: 1.2.840.113556.1.4.7000.102.8049
attributeSyntax: 2.5.5.9
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchChatMaxConnectionsPerIP
name: msExchChatMaxConnectionsPerIP
oMSyntax: 2
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: a37FKjf3QU6DhnKV3b4F5g==
searchFlags: 0
Appendix: Exchange 2003 Schema Changes 263
dn: CN=msExchChatMaxOctetsToMask,<SchemaContainerDN>
changetype: add
adminDescription: msExchChatMaxOctetsToMask
adminDisplayName: msExchChatMaxOctetsToMask
attributeID: 1.2.840.113556.1.4.7000.102.8050
attributeSyntax: 2.5.5.9
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchChatMaxOctetsToMask
name: msExchChatMaxOctetsToMask
oMSyntax: 2
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: I3vjPYkn9021H/kgzlREWA==
searchFlags: 0
dn: CN=msExchDefaultLoadFile,<SchemaContainerDN>
changetype: add
adminDescription: msExchDefaultLoadFile
adminDisplayName: msExchDefaultLoadFile
attributeID: 1.2.840.113556.1.4.7000.102.15010
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchDefaultLoadFile
name: msExchDefaultLoadFile
oMSyntax: 64
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: fGZnYjTPfUC6EXzIzGjKGw==
searchFlags: 0
dn: CN=msExchDynamicDLBaseDN,<SchemaContainerDN>
changetype: add
adminDescription: msExchDynamicDLBaseDN
adminDisplayName: msExchDynamicDLBaseDN
264 What's New in Exchange Server 2003
attributeID: 1.2.840.113556.1.4.7000.102.12543
attributeSyntax: 2.5.5.1
isMemberOfPartialAttributeSet: TRUE
isSingleValued: TRUE
lDAPDisplayName: msExchDynamicDLBaseDN
name: msExchDynamicDLBaseDN
oMSyntax: 127
oMObjectClass:: KwwCh3McAIVK
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: +Q49dpK9+UGrNH4ynbdu4w==
searchFlags: 0
dn: CN=msExchDynamicDLFilter,<SchemaContainerDN>
changetype: add
adminDescription: msExchDynamicDLFilter
adminDisplayName: msExchDynamicDLFilter
attributeID: 1.2.840.113556.1.4.7000.102.12544
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: TRUE
isSingleValued: TRUE
lDAPDisplayName: msExchDynamicDLFilter
name: msExchDynamicDLFilter
oMSyntax: 64
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: LNO24axr2kijEytYrhxFzg==
searchFlags: 0
dn: CN=msExchEncryptedAnonymousPassword,<SchemaContainerDN>
changetype: add
adminDescription: msExchEncryptedAnonymousPassword
adminDisplayName: msExchEncryptedAnonymousPassword
attributeID: 1.2.840.113556.1.4.7000.102.15009
attributeSyntax: 2.5.5.10
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchEncryptedAnonymousPassword
Appendix: Exchange 2003 Schema Changes 265
name: msExchEncryptedAnonymousPassword
oMSyntax: 4
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: /FXAXT9cb0qjSk28to4q0A==
searchFlags: 0
dn: CN=msExchFolderAffinityCustom,<SchemaContainerDN>
changetype: add
adminDescription: msExchFolderAffinityCustom
adminDisplayName: msExchFolderAffinityCustom
attributeID: 1.2.840.113556.1.4.7000.102.11090
attributeSyntax: 2.5.5.9
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchFolderAffinityCustom
name: msExchFolderAffinityCustom
oMSyntax: 2
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: eiVwULeF1E6y4lH3JmhMWA==
searchFlags: 0
dn: CN=msExchFolderAffinityList,<SchemaContainerDN>
changetype: add
adminDescription: msExchFolderAffinityList
adminDisplayName: msExchFolderAffinityList
attributeID: 1.2.840.113556.1.4.7000.102.11089
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: FALSE
lDAPDisplayName: msExchFolderAffinityList
name: msExchFolderAffinityList
oMSyntax: 64
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: gLySNRcRYkmqUDjG5pu7kQ==
searchFlags: 0
266 What's New in Exchange Server 2003
dn: CN=msExchMailboxFolderSet,<SchemaContainerDN>
changetype: add
adminDescription: msExchMailboxFolderSet
adminDisplayName: msExchMailboxFolderSet
attributeID: 1.2.840.113556.1.4.7000.102.11091
attributeSyntax: 2.5.5.9
isMemberOfPartialAttributeSet: TRUE
isSingleValued: TRUE
lDAPDisplayName: msExchMailboxFolderSet
name: msExchMailboxFolderSet
oMSyntax: 2
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: ukEp19D/jk27hZdxNEDIow==
searchFlags: 0
dn: CN=msExchMaxRestoreStorageGroups,<SchemaContainerDN>
changetype: add
adminDescription: msExchMaxRestoreStorageGroups
adminDisplayName: msExchMaxRestoreStorageGroups
attributeID: 1.2.840.113556.1.4.7000.102.11095
attributeSyntax: 2.5.5.9
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchMaxRestoreStorageGroups
name: msExchMaxRestoreStorageGroups
oMSyntax: 2
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: DqjyPoLqG0KKYqElQ8NBQQ==
searchFlags: 0
dn: CN=msExchOmaAdminExtendedSettings,<SchemaContainerDN>
changetype: add
adminDescription: msExchOmaAdminExtendedSettings
adminDisplayName: msExchOmaAdminExtendedSettings
Appendix: Exchange 2003 Schema Changes 267
attributeID: 1.2.840.113556.1.6.20.1.126
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: TRUE
isSingleValued: FALSE
lDAPDisplayName: msExchOmaAdminExtendedSettings
name: msExchOmaAdminExtendedSettings
oMSyntax: 64
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: DegK5sl6YU6bw5jLwHJqmQ==
searchFlags: 0
dn: CN=msExchOmaAdminWirelessEnable,<SchemaContainerDN>
changetype: add
adminDescription: msExchOmaAdminWirelessEnable
adminDisplayName: msExchOmaAdminWirelessEnable
attributeID: 1.2.840.113556.1.6.20.1.124
attributeSyntax: 2.5.5.9
isMemberOfPartialAttributeSet: TRUE
isSingleValued: TRUE
lDAPDisplayName: msExchOmaAdminWirelessEnable
name: msExchOmaAdminWirelessEnable
oMSyntax: 2
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: vr+nwWsRN0eM2dKe9bNpDg==
searchFlags: 0
dn: CN=msExchOrigMDB,<SchemaContainerDN>
changetype: add
adminDescription: msExchOrigMDB
adminDisplayName: msExchOrigMDB
attributeID: 1.2.840.113556.1.4.7000.102.11093
attributeSyntax: 2.5.5.1
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchOrigMDB
name: msExchOrigMDB
268 What's New in Exchange Server 2003
oMSyntax: 127
oMObjectClass:: KwwCh3McAIVK
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: J2m29yZ3Zk6eqO/fSNZSAQ==
searchFlags: 0
dn: CN=msExchOtherAuthenticationFlags,<SchemaContainerDN>
changetype: add
adminDescription: msExchOtherAuthenticationFlags
adminDisplayName: msExchOtherAuthenticationFlags
attributeID: 1.2.840.113556.1.4.7000.102.2017
attributeSyntax: 2.5.5.9
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchOtherAuthenticationFlags
name: msExchOtherAuthenticationFlags
oMSyntax: 2
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: Z/7HtCO1Lk21bqxXtobH4w==
searchFlags: 0
dn: CN=msExchPreferredBackfillSource,<SchemaContainerDN>
changetype: add
adminDescription: msExchPreferredBackfillSource
adminDisplayName: msExchPreferredBackfillSource
attributeID: 1.2.840.113556.1.4.7000.102.11094
attributeSyntax: 2.5.5.1
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchPreferredBackfillSource
name: msExchPreferredBackfillSource
oMSyntax: 127
oMObjectClass:: KwwCh3McAIVK
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: VOYDXl3YCEmDoWFBBIxcYg==
Appendix: Exchange 2003 Schema Changes 269
searchFlags: 0
dn: CN=msExchRecipTurfListNames,<SchemaContainerDN>
changetype: add
adminDescription: msExchRecipTurfListNames
adminDisplayName: msExchRecipTurfListNames
attributeID: 1.2.840.113556.1.4.7000.102.5070
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: FALSE
lDAPDisplayName: msExchRecipTurfListNames
name: msExchRecipTurfListNames
oMSyntax: 64
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: 4WgKLte9mUiLstbqAHVYxw==
searchFlags: 0
dn: CN=msExchRecipTurfListOptions,<SchemaContainerDN>
changetype: add
adminDescription: msExchRecipTurfListOptions
adminDisplayName: msExchRecipTurfListOptions
attributeID: 1.2.840.113556.1.4.7000.102.5071
attributeSyntax: 2.5.5.9
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchRecipTurfListOptions
name: msExchRecipTurfListOptions
oMSyntax: 2
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: szYLhzXQLUC4c87Qexc3Yw==
searchFlags: 0
dn: CN=msExchRequireAuthToSendTo,<SchemaContainerDN>
changetype: add
adminDescription: msExchRequireAuthToSendTo
270 What's New in Exchange Server 2003
adminDisplayName: msExchRequireAuthToSendTo
attributeID: 1.2.840.113556.1.4.5062
attributeSyntax: 2.5.5.8
isMemberOfPartialAttributeSet: TRUE
isSingleValued: TRUE
lDAPDisplayName: msExchRequireAuthToSendTo
name: msExchRequireAuthToSendTo
oMSyntax: 1
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: O+sz9Vv3s0+y+wjNU3qE0Q==
searchFlags: 0
dn: CN=msExchRestore,<SchemaContainerDN>
changetype: add
adminDescription: msExchRestore
adminDisplayName: msExchRestore
attributeID: 1.2.840.113556.1.4.7000.102.11092
attributeSyntax: 2.5.5.8
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchRestore
name: msExchRestore
oMSyntax: 1
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: TMvtoUVcSk2xKIgDkuncxg==
searchFlags: 0
dn: CN=msExchSASLMechanisms,<SchemaContainerDN>
changetype: add
adminDescription: msExchSASLMechanisms
adminDisplayName: msExchSASLMechanisms
attributeID: 1.2.840.113556.1.4.7000.102.2018
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: FALSE
lDAPDisplayName: msExchSASLMechanisms
Appendix: Exchange 2003 Schema Changes 271
name: msExchSASLMechanisms
oMSyntax: 64
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: tHE12ZrJ/Eyqui2An9aOeQ==
searchFlags: 0
dn: CN=msExchServerBindingsFiltering,<SchemaContainerDN>
changetype: add
adminDescription: msExchServerBindingsFiltering
adminDisplayName: msExchServerBindingsFiltering
attributeID: 1.2.840.113556.1.4.7000.102.5072
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: FALSE
lDAPDisplayName: msExchServerBindingsFiltering
name: msExchServerBindingsFiltering
oMSyntax: 64
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: +t+uYbQ0cEGLq7h5Thy09A==
searchFlags: 0
dn: CN=msExchSmtpConnectionRulesPriority,<SchemaContainerDN>
changetype: add
adminDescription: msExchSmtpConnectionRulesPriority
adminDisplayName: msExchSmtpConnectionRulesPriority
attributeID: 1.2.840.113556.1.4.7000.102.5064
attributeSyntax: 2.5.5.10
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchSmtpConnectionRulesPriority
name: msExchSmtpConnectionRulesPriority
oMSyntax: 4
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: jE/ChpslGU+IuZyURZNhIQ==
searchFlags: 0
272 What's New in Exchange Server 2003
dn: CN=msExchSmtpConnectionTurfListDisplay,<SchemaContainerDN>
changetype: add
adminDescription: msExchSmtpConnectionTurfListDisplay
adminDisplayName: msExchSmtpConnectionTurfListDisplay
attributeID: 1.2.840.113556.1.4.7000.102.5065
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchSmtpConnectionTurfListDisplay
name: msExchSmtpConnectionTurfListDisplay
oMSyntax: 64
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: rAT7c9SyTUqFIHV908kmGg==
searchFlags: 0
dn: CN=msExchSmtpConnectionTurfListDNS,<SchemaContainerDN>
changetype: add
adminDescription: msExchSmtpConnectionTurfListDNS
adminDisplayName: msExchSmtpConnectionTurfListDNS
attributeID: 1.2.840.113556.1.4.7000.102.5067
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchSmtpConnectionTurfListDNS
name: msExchSmtpConnectionTurfListDNS
oMSyntax: 64
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: 5n3uP+XTy0OEWfegcq43iQ==
searchFlags: 0
dn: CN=msExchSmtpConnectionTurfListMask,<SchemaContainerDN>
changetype: add
adminDescription: msExchSmtpConnectionTurfListMask
adminDisplayName: msExchSmtpConnectionTurfListMask
Appendix: Exchange 2003 Schema Changes 273
attributeID: 1.2.840.113556.1.4.7000.102.5069
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchSmtpConnectionTurfListMask
name: msExchSmtpConnectionTurfListMask
oMSyntax: 64
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: r0ECvDidQEyELlHYAlBt5Q==
searchFlags: 0
dn: CN=msExchSmtpConnectionTurfListOptions,<SchemaContainerDN>
changetype: add
adminDescription: msExchSmtpConnectionTurfListOptions
adminDisplayName: msExchSmtpConnectionTurfListOptions
attributeID: 1.2.840.113556.1.4.7000.102.5066
attributeSyntax: 2.5.5.9
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchSmtpConnectionTurfListOptions
name: msExchSmtpConnectionTurfListOptions
oMSyntax: 2
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: YCPmWgURi02KHqLHk7TVfQ==
searchFlags: 0
dn: CN=msExchSmtpConnectionTurfListResponse,<SchemaContainerDN>
changetype: add
adminDescription: msExchSmtpConnectionTurfListResponse
adminDisplayName: msExchSmtpConnectionTurfListResponse
attributeID: 1.2.840.113556.1.4.7000.102.5068
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchSmtpConnectionTurfListResponse
name: msExchSmtpConnectionTurfListResponse
274 What's New in Exchange Server 2003
oMSyntax: 64
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: j9nd7gHay06mXl8Bbx2AMg==
searchFlags: 0
dn: CN=msExchSmtpConnectionWhitelist,<SchemaContainerDN>
changetype: add
adminDescription: msExchSmtpConnectionWhitelist
adminDisplayName: msExchSmtpConnectionWhitelist
attributeID: 1.2.840.113556.1.4.7000.102.5063
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: FALSE
lDAPDisplayName: msExchSmtpConnectionWhitelist
name: msExchSmtpConnectionWhitelist
oMSyntax: 64
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: OkbPhx5WzkWgum1SjxEdIw==
searchFlags: 0
dn: CN=msExchSubmitRelaySD,<SchemaContainerDN>
changetype: add
adminDescription: msExchSubmitRelaySD
adminDisplayName: msExchSubmitRelaySD
attributeID: 1.2.840.113556.1.4.5060
attributeSyntax: 2.5.5.15
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchSubmitRelaySD
name: msExchSubmitRelaySD
oMSyntax: 66
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: zPvO4sHcpUW6uNX0vXiITQ==
searchFlags: 0
Appendix: Exchange 2003 Schema Changes 275
dn:
changetype: modify
replace: schemaUpdateNow
schemaUpdateNow: 1
dn: CN=msExchOmaUser,<SchemaContainerDN>
changetype: add
adminDescription: msExchOmaUser
adminDisplayName: msExchOmaUser
defaultHidingValue: TRUE
defaultSecurityDescriptor: D:S:
governsID: 1.2.840.113556.1.6.20.2.31
lDAPDisplayName: msExchOmaUser
name: msExchOmaUser
objectCategory: CN=ClassSchema,<SchemaContainerDN>
objectClass: classSchema
objectClassCategory: 3
rDNAttID: cn
schemaIdGuid:: dqmgNo3drUqB/aG11AFsqA==
subClassOf: top
mayContain: msExchOmaAdminExtendedSettings
mayContain: msExchOmaAdminWirelessEnable
dn: CN=msExchSmtpConnectionTurfList,<SchemaContainerDN>
changetype: add
adminDescription: msExchSmtpConnectionTurfList
adminDisplayName: msExchSmtpConnectionTurfList
defaultHidingValue: TRUE
defaultSecurityDescriptor: D:S:
governsID: 1.2.840.113556.1.5.7000.62.12010
lDAPDisplayName: msExchSmtpConnectionTurfList
name: msExchSmtpConnectionTurfList
objectCategory: CN=ClassSchema,<SchemaContainerDN>
objectClass: classSchema
objectClassCategory: 1
rDNAttID: cn
276 What's New in Exchange Server 2003
schemaIdGuid:: 6X3qfp4xikCEYONeLJ2jiQ==
subClassOf: top
possSuperiors: msExchSMTPTurfList
mayContain: msExchSmtpConnectionRulesPriority
mayContain: msExchSmtpConnectionWhitelist
dn:
changetype: modify
replace: schemaUpdateNow
schemaUpdateNow: 1
dn: CN=msExchSmtpConnectionTurfListRule,<SchemaContainerDN>
changetype: add
adminDescription: msExchSmtpConnectionTurfListRule
adminDisplayName: msExchSmtpConnectionTurfListRule
defaultHidingValue: TRUE
defaultSecurityDescriptor: D:S:
governsID: 1.2.840.113556.1.5.7000.62.12011
lDAPDisplayName: msExchSmtpConnectionTurfListRule
name: msExchSmtpConnectionTurfListRule
objectCategory: CN=ClassSchema,<SchemaContainerDN>
objectClass: classSchema
objectClassCategory: 1
rDNAttID: cn
schemaIdGuid:: rd+6avbi202YIA2pxH2jLA==
subClassOf: top
possSuperiors: msExchSmtpConnectionTurfList
mayContain: msExchSmtpConnectionTurfListDisplay
mayContain: msExchSmtpConnectionTurfListDNS
mayContain: msExchSmtpConnectionTurfListMask
mayContain: msExchSmtpConnectionTurfListOptions
mayContain: msExchSmtpConnectionTurfListResponse
dn:
changetype: modify
replace: schemaUpdateNow
Appendix: Exchange 2003 Schema Changes 277
schemaUpdateNow: 1
dn: CN=User,<SchemaContainerDN>
changetype: modify
add: auxiliaryClass
auxiliaryClass: msExchOmaUser
dn: CN=msExchDynamicDistributionList,<SchemaContainerDN>
changetype: modify
replace: defaultHidingValue
defaultHidingValue: FALSE
dn: CN=msExchDynamicDistributionList,<SchemaContainerDN>
changetype: modify
replace: defaultSecurityDescriptor
defaultSecurityDescriptor: D:(A;;RP;;;AU)
dn: CN=msExchDynamicDistributionList,<SchemaContainerDN>
changetype: modify
add: possSuperiors
possSuperiors: builtinDomain
dn: CN=msExchDynamicDistributionList,<SchemaContainerDN>
changetype: modify
add: possSuperiors
possSuperiors: domainDNS
dn: CN=msExchDynamicDistributionList,<SchemaContainerDN>
278 What's New in Exchange Server 2003
changetype: modify
add: possSuperiors
possSuperiors: organizationalUnit
dn: CN=TextCountry,<SchemaContainerDN>
changetype: modify
replace: isMemberOfPartialAttributeSet
isMemberOfPartialAttributeSet: TRUE
dn: CN=msExchOtherAuthenticationFlags,<SchemaContainerDN>
changetype: modify
replace: lDAPDisplayName
lDAPDisplayName: msExchOtherAuthenticationFlags
dn: CN=MailRecipient,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchAssistantName
dn: CN=MailRecipient,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchAssistantName
dn: CN=MailRecipient,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchLabeledURI
Appendix: Exchange 2003 Schema Changes 279
dn: CN=MailRecipient,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchLabeledURI
dn: CN=MailRecipient,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchMailboxFolderSet
dn: CN=MailRecipient,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchRequireAuthToSendTo
dn: CN=msExchAdminGroup,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: domainDefAltRecip
dn: CN=msExchCalendarConnector,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchEncryptedPassword
dn: CN=msExchCalendarConnector,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchNotesNotesINI
280 What's New in Exchange Server 2003
dn: CN=msExchCalendarConnector,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchNotesNotesServer
dn: CN=msExchChatUserClass,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchChatMaxConnectionsPerIP
dn: CN=msExchChatUserClass,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchChatMaxOctetsToMask
dn: CN=msExchDynamicDistributionList,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: managedBy
dn: CN=msExchDynamicDistributionList,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchDynamicDLBaseDN
dn: CN=msExchDynamicDistributionList,<SchemaContainerDN>
changetype: modify
Appendix: Exchange 2003 Schema Changes 281
add: mayContain
mayContain: msExchDynamicDLFilter
dn: CN=msExchDynamicDistributionList,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchPurportedSearchUI
dn: CN=msExchExchangeServer,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchFolderAffinityCustom
dn: CN=msExchExchangeServer,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchFolderAffinityList
dn: CN=msExchInformationStore,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchMaxRestoreStorageGroups
dn: CN=msExchMailGateway,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchBarMessageClass
282 What's New in Exchange Server 2003
dn: CN=msExchOrganizationContainer,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: heuristics
dn: CN=msExchPrivateMDB,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchOrigMDB
dn: CN=msExchPrivateMDB,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchRestore
dn: CN=msExchProtocolCfgHTTPServer,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchAuthorizationPersistence
dn: CN=msExchProtocolCfgHTTPServer,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchDefaultLoadFile
dn: CN=msExchProtocolCfgHTTPServer,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchEncryptedAnonymousPassword
Appendix: Exchange 2003 Schema Changes 283
dn: CN=msExchProtocolCfgIMAPContainer,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchSASLMechanisms
dn: CN=msExchProtocolCfgIMAPServer,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchOtherAuthenticationFlags
dn: CN=msExchProtocolCfgPOPContainer,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchSASLMechanisms
dn: CN=msExchProtocolCfgPOPServer,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchOtherAuthenticationFlags
dn: CN=msExchProtocolCfgSMTPServer,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchAuthMailDisposition
dn: CN=msExchProtocolCfgSMTPServer,<SchemaContainerDN>
changetype: modify
add: mayContain
284 What's New in Exchange Server 2003
mayContain: msExchServerBindingsFiltering
dn: CN=msExchProtocolCfgSMTPServer,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchSubmitRelaySD
dn: CN=msExchPublicMDB,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchPreferredBackfillSource
dn: CN=msExchSMTPTurfList,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchRecipTurfListNames
dn: CN=msExchSMTPTurfList,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchRecipTurfListOptions
dn: CN=msExchStorageGroup,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchRestore
dn: CN=OrganizationalPerson,<SchemaContainerDN>
Appendix: Exchange 2003 Schema Changes 285
changetype: modify
add: mayContain
mayContain: employeeNumber
dn: CN=OrganizationalPerson,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchHouseIdentifier
dn: CN=OrganizationalPerson,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchHouseIdentifier
dn:
changetype: modify
replace: schemaUpdateNow
schemaUpdateNow: 1
dn: CN=msExchBackEndVDirURL,<SchemaContainerDN>
changetype: add
adminDescription: msExchBackEndVDirURL
adminDisplayName: msExchBackEndVDirURL
attributeID: 1.2.840.113556.1.4.7000.102.15012
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchBackEndVDirURL
name: msExchBackEndVDirURL
oMSyntax: 64
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
286 What's New in Exchange Server 2003
schemaIdGuid:: toOytD8MWUqeUL6QJiKCMQ==
searchFlags: 0
dn: CN=msExchOmaCarrierAddress,<SchemaContainerDN>
changetype: add
adminDescription: msExchOmaCarrierAddress
adminDisplayName: msExchOmaCarrierAddress
attributeID: 1.2.840.113556.1.6.20.1.139
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchOmaCarrierAddress
name: msExchOmaCarrierAddress
oMSyntax: 64
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: uFjoq689fkCxpjoyPtMzSw==
searchFlags: 0
dn: CN=msExchOmaCarrierType,<SchemaContainerDN>
changetype: add
adminDescription: msExchOmaCarrierType
adminDisplayName: msExchOmaCarrierType
attributeID: 1.2.840.113556.1.6.20.1.145
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchOmaCarrierType
name: msExchOmaCarrierType
oMSyntax: 64
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: rSSzH6MtSEWPWvNEV/ivSg==
searchFlags: 0
dn: CN=msExchOmaCarrierUrl,<SchemaContainerDN>
changetype: add
Appendix: Exchange 2003 Schema Changes 287
adminDescription: msExchOmaCarrierUrl
adminDisplayName: msExchOmaCarrierUrl
attributeID: 1.2.840.113556.1.6.20.1.146
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchOmaCarrierUrl
name: msExchOmaCarrierUrl
oMSyntax: 64
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: jYegrPGJ9UWkj2gLflUFcw==
searchFlags: 0
dn: CN=msExchOmaConfiguration,<SchemaContainerDN>
changetype: add
adminDescription: msExchOmaConfiguration
adminDisplayName: msExchOmaConfiguration
attributeID: 1.2.840.113556.1.6.20.1.137
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchOmaConfiguration
name: msExchOmaConfiguration
oMSyntax: 64
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: xyvh14hCZki8kfDuGJZcFQ==
searchFlags: 0
dn: CN=msExchOmaDeliverer,<SchemaContainerDN>
changetype: add
adminDescription: msExchOmaDeliverer
adminDisplayName: msExchOmaDeliverer
attributeID: 1.2.840.113556.1.6.20.1.144
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: FALSE
288 What's New in Exchange Server 2003
lDAPDisplayName: msExchOmaDeliverer
name: msExchOmaDeliverer
oMSyntax: 64
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: nwAxovKdPUCfvZmAkElyLQ==
searchFlags: 0
dn: CN=msExchOmaDeliveryProviderDN,<SchemaContainerDN>
changetype: add
adminDescription: msExchOmaDeliveryProviderDN
adminDisplayName: msExchOmaDeliveryProviderDN
attributeID: 1.2.840.113556.1.6.20.1.138
attributeSyntax: 2.5.5.1
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: msExchOmaDeliveryProviderDN
name: msExchOmaDeliveryProviderDN
oMSyntax: 127
oMObjectClass:: KwwCh3McAIVK
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: aRoOHyzWBUGZHayv9LB9cQ==
searchFlags: 0
dn: CN=msExchOmaDeviceCapabilityDN,<SchemaContainerDN>
changetype: add
adminDescription: msExchOmaDeviceCapabilityDN
adminDisplayName: msExchOmaDeviceCapabilityDN
attributeID: 1.2.840.113556.1.6.20.1.133
attributeSyntax: 2.5.5.1
isMemberOfPartialAttributeSet: FALSE
isSingleValued: FALSE
lDAPDisplayName: msExchOmaDeviceCapabilityDN
name: msExchOmaDeviceCapabilityDN
oMSyntax: 127
oMObjectClass:: KwwCh3McAIVK
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
Appendix: Exchange 2003 Schema Changes 289
objectClass: attributeSchema
schemaIdGuid:: xL0QBRmbZ02ToY3aBMFVaA==
searchFlags: 0
dn: CN=msExchOmaExtendedProperties,<SchemaContainerDN>
changetype: add
adminDescription: msExchOmaExtendedProperties
adminDisplayName: msExchOmaExtendedProperties
attributeID: 1.2.840.113556.1.6.20.1.143
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: FALSE
lDAPDisplayName: msExchOmaExtendedProperties
name: msExchOmaExtendedProperties
oMSyntax: 64
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: fFO+noL4PUeYC85SICp12A==
searchFlags: 0
dn: CN=msExchOmaFormatter,<SchemaContainerDN>
changetype: add
adminDescription: msExchOmaFormatter
adminDisplayName: msExchOmaFormatter
attributeID: 1.2.840.113556.1.6.20.1.135
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: FALSE
lDAPDisplayName: msExchOmaFormatter
name: msExchOmaFormatter
oMSyntax: 64
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: as0n6Dy2RE2WGngaZ5SaNg==
searchFlags: 0
dn: CN=msExchOmaTranslator,<SchemaContainerDN>
290 What's New in Exchange Server 2003
changetype: add
adminDescription: msExchOmaTranslator
adminDisplayName: msExchOmaTranslator
attributeID: 1.2.840.113556.1.6.20.1.136
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: FALSE
lDAPDisplayName: msExchOmaTranslator
name: msExchOmaTranslator
oMSyntax: 64
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: iljy0B5wSUaTeQYsYrk+9g==
searchFlags: 0
dn: CN=msExchOmaValidater,<SchemaContainerDN>
changetype: add
adminDescription: msExchOmaValidater
adminDisplayName: msExchOmaValidater
attributeID: 1.2.840.113556.1.6.20.1.134
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: FALSE
lDAPDisplayName: msExchOmaValidater
name: msExchOmaValidater
oMSyntax: 64
objectCategory: CN=AttributeSchema,<SchemaContainerDN>
objectClass: attributeSchema
schemaIdGuid:: QAx9qL3LoU26LnBIMvylsQ==
searchFlags: 0
dn:
changetype: modify
replace: schemaUpdateNow
schemaUpdateNow: 1
Appendix: Exchange 2003 Schema Changes 291
dn: CN=msExchOmaCarrier,<SchemaContainerDN>
changetype: add
adminDescription: msExchOmaCarrier
adminDisplayName: msExchOmaCarrier
defaultHidingValue: TRUE
defaultSecurityDescriptor: D:(A;;LCLORPRC;;;AU)
governsID: 1.2.840.113556.1.6.20.2.37
lDAPDisplayName: msExchOmaCarrier
name: msExchOmaCarrier
objectCategory: CN=ClassSchema,<SchemaContainerDN>
objectClass: classSchema
objectClassCategory: 1
rDNAttID: cn
schemaIdGuid:: TNMSh+UnskGXbkgq2MlU5w==
subClassOf: container
mayContain: msExchOmaCarrierAddress
mayContain: msExchOmaCarrierType
mayContain: msExchOmaCarrierUrl
mayContain: msExchOmaConfiguration
mayContain: msExchOmaDeliveryProviderDN
mayContain: msExchOmaExtendedProperties
mayContain: msExchOmaTranslator
dn: CN=msExchOmaConfigurationContainer,<SchemaContainerDN>
changetype: add
adminDescription: msExchOmaConfigurationContainer
adminDisplayName: msExchOmaConfigurationContainer
defaultHidingValue: TRUE
defaultSecurityDescriptor: D:(A;;LCLORPRC;;;AU)
governsID: 1.2.840.113556.1.6.20.2.32
lDAPDisplayName: msExchOmaConfigurationContainer
name: msExchOmaConfigurationContainer
objectCategory: CN=ClassSchema,<SchemaContainerDN>
objectClass: classSchema
objectClassCategory: 1
rDNAttID: cn
schemaIdGuid:: u5oP23AHCU+6ZHmT2RUXtw==
subClassOf: container
mayContain: msExchOmaAdminWirelessEnable
292 What's New in Exchange Server 2003
mayContain: msExchOmaExtendedProperties
dn: CN=msExchOmaContainer,<SchemaContainerDN>
changetype: add
adminDescription: msExchOmaContainer
adminDisplayName: msExchOmaContainer
defaultHidingValue: TRUE
defaultSecurityDescriptor: D:S:
governsID: 1.2.840.113556.1.6.20.2.38
lDAPDisplayName: msExchOmaContainer
name: msExchOmaContainer
objectCategory: CN=ClassSchema,<SchemaContainerDN>
objectClass: classSchema
objectClassCategory: 1
rDNAttID: cn
schemaIdGuid:: IKs9hkD7pEOl4YJbIHEFDw==
subClassOf: container
mayContain: msExchOmaExtendedProperties
dn: CN=msExchOmaDataSource,<SchemaContainerDN>
changetype: add
adminDescription: msExchOmaDataSource
adminDisplayName: msExchOmaDataSource
defaultHidingValue: TRUE
defaultSecurityDescriptor: D:(A;;LCLORPRC;;;AU)
governsID: 1.2.840.113556.1.6.20.2.35
lDAPDisplayName: msExchOmaDataSource
name: msExchOmaDataSource
objectCategory: CN=ClassSchema,<SchemaContainerDN>
objectClass: classSchema
objectClassCategory: 1
rDNAttID: cn
schemaIdGuid:: TYqj3SqXokSSRArLSx000Q==
subClassOf: container
mayContain: msExchOmaConfiguration
mayContain: msExchOmaDeliveryProviderDN
mayContain: msExchOmaDeviceCapabilityDN
mayContain: msExchOmaExtendedProperties
Appendix: Exchange 2003 Schema Changes 293
mayContain: msExchOmaValidater
dn: CN=msExchOmaDeliveryProvider,<SchemaContainerDN>
changetype: add
adminDescription: msExchOmaDeliveryProvider
adminDisplayName: msExchOmaDeliveryProvider
defaultHidingValue: TRUE
defaultSecurityDescriptor: D:S:
governsID: 1.2.840.113556.1.6.20.2.36
lDAPDisplayName: msExchOmaDeliveryProvider
name: msExchOmaDeliveryProvider
objectCategory: CN=ClassSchema,<SchemaContainerDN>
objectClass: classSchema
objectClassCategory: 1
rDNAttID: cn
schemaIdGuid:: DRO/zeLHckWUsPyb5+75Uw==
subClassOf: container
mayContain: msExchOmaConfiguration
mayContain: msExchOmaDeliverer
mayContain: msExchOmaDeviceCapabilityDN
mayContain: msExchOmaExtendedProperties
dn: CN=msExchOmaDeviceCapability,<SchemaContainerDN>
changetype: add
adminDescription: msExchOmaDeviceCapability
adminDisplayName: msExchOmaDeviceCapability
defaultHidingValue: TRUE
defaultSecurityDescriptor: D:(A;;LCLORPRC;;;AU)
governsID: 1.2.840.113556.1.6.20.2.34
lDAPDisplayName: msExchOmaDeviceCapability
name: msExchOmaDeviceCapability
objectCategory: CN=ClassSchema,<SchemaContainerDN>
objectClass: classSchema
objectClassCategory: 1
rDNAttID: cn
schemaIdGuid:: 3/R63xjzLE6sQ75bSJRxHA==
subClassOf: container
mayContain: msExchOmaExtendedProperties
294 What's New in Exchange Server 2003
mayContain: msExchOmaFormatter
dn: CN=msExchOmaDeviceType,<SchemaContainerDN>
changetype: add
adminDescription: msExchOmaDeviceType
adminDisplayName: msExchOmaDeviceType
defaultHidingValue: TRUE
defaultSecurityDescriptor: D:(A;;LCLORPRC;;;AU)
governsID: 1.2.840.113556.1.6.20.2.33
lDAPDisplayName: msExchOmaDeviceType
name: msExchOmaDeviceType
objectCategory: CN=ClassSchema,<SchemaContainerDN>
objectClass: classSchema
objectClassCategory: 1
rDNAttID: cn
schemaIdGuid:: s496ytAhp06vP9FcbffAlA==
subClassOf: container
mayContain: msExchOmaDeviceCapabilityDN
mayContain: msExchOmaExtendedProperties
dn:
changetype: modify
replace: schemaUpdateNow
schemaUpdateNow: 1
dn: CN=msExchOmaConnector,<SchemaContainerDN>
changetype: add
adminDescription: msExchOmaConnector
adminDisplayName: msExchOmaConnector
defaultHidingValue: TRUE
defaultSecurityDescriptor: D:S:
governsID: 1.2.840.113556.1.6.20.2.39
lDAPDisplayName: msExchOmaConnector
name: msExchOmaConnector
objectCategory: CN=ClassSchema,<SchemaContainerDN>
objectClass: classSchema
Appendix: Exchange 2003 Schema Changes 295
objectClassCategory: 1
rDNAttID: cn
schemaIdGuid:: sdDJTUxZfkCn0kJubCDauw==
subClassOf: msExchConnector
mayContain: legacyExchangeDN
mayContain: deliveryMechanism
mayContain: msExchOmaCarrierUrl
mayContain: msExchSourceBridgeheadServersDN
dn:
changetype: modify
replace: schemaUpdateNow
schemaUpdateNow: 1
dn: CN=msExchRestore,<SchemaContainerDN>
changetype: modify
replace: isMemberOfPartialAttributeSet
isMemberOfPartialAttributeSet: TRUE
dn: CN=msExchProtocolCfgHTTPVirtualDirectory,<SchemaContainerDN>
changetype: modify
add: mayContain
mayContain: msExchBackEndVDirURL
dn:
changetype: modify
replace: schemaUpdateNow
schemaUpdateNow: 1