Exchange Core PDF

Contents
Module 1: Deploying and Managing Microsoft Exchange Server 2013 ................................................ 4

Lab: Deploying and Managing Exchange Server 2013 ........................................................................ 4
Exercise 1: Evaluating Requirements and Prerequisites for an Exchange Server 2013 Installation
........................................................................................................................................................ 4
Exercise 2: Deploying Exchange Server 2013 .................................................................................. 4
Exercise 3: Managing Exchange Server 2013 .................................................................................. 6
Module 2: Planning and Configuring Mailbox Servers............................................................................ 7
Lab: Configuring Mailbox Servers ....................................................................................................... 7
Exercise 1: Planning Configuration for Mailbox Servers ................................................................. 7
Exercise 2: Configure Storage on the Mailbox Servers ................................................................... 9
Exercise 3: Creating and Configuring Mailbox Databases ............................................................. 10
Module 3: Managing Recipient Objects ................................................................................................ 12
Lab: Managing Recipient Objects ..................................................................................................... 12
Exercise 1: Configure Trey Research Recipients ........................................................................... 12
Exercise 2: Configure Address Lists and Policies for Trey Research ............................................. 14
Exercise 3: Configure Public Folders for Trey Research ................................................................ 16
Module 4: Planning and Deploying Client Access Servers .................................................................... 17
Lab: Deploying and Configuring a Client Access Server Role ............................................................ 17
Exercise 1: Configuring Certificates for the Client Access Server ................................................. 17
Exercise 2: Configuring Client Access Services Options ................................................................ 19
Exercise 3: Configuring Custom MailTips ...................................................................................... 20
Module 5: Planning and Configuring Messaging Client Connectivity ................................................... 21
Lab: Planning and Configuring Messaging Client Connectivity ......................................................... 21
Exercise 1: Planning Client Connectivity ....................................................................................... 21
Exercise 2: Configuring Outlook Web App and Outlook Anywhere.............................................. 22
Exercise 3: Configuring Exchange ActiveSync ............................................................................... 23
Exercise 4: Publishing Exchange Server 2013 Through TMG 2010 ............................................... 24
Module 6: Planning and Implementing High Availability...................................................................... 27
Lab: Implementing High Availability ................................................................................................. 27
Exercise 1: Creating and Configuring a Database Availability Group............................................ 27
Exercise 2: Deploying Highly Available Client Access Servers ....................................................... 29
Exercise 3: Testing the High-Availability Configuration ................................................................ 30
Module 7: Planning and Implementing Disaster Recovery................................................................... 31
Lab: Implementing Disaster Recovery for Exchange Server 2013 .................................................... 31
Exercise 1: Backing Up Exchange 2013 ......................................................................................... 31
Exercise 2: Restoring Exchange Server 2013 Data ........................................................................ 33

Exercise 3: Exchange Server 2013 Disaster Recovery (Optional) .................................................. 34
Module 8: Planning and Configuring Message Transport .................................................................... 35
Lab: Planning and Configuring Message Transport .......................................................................... 35
Exercise 1: Configuring Message Transport .................................................................................. 35
Exercise 2: Troubleshooting Message Delivery ............................................................................ 36
Exercise 3: Configuring Transport Rules and Data-Loss Prevention Policies ................................ 36
Module 9: Planning and Configuring Message Hygiene ....................................................................... 38
Lab: Planning and Configuring Message Security ............................................................................. 38
Exercise 1: Configure Antimalware Options in Exchange Server 2013 ......................................... 38
Exercise 2: Configuring Anti-Spam Options on Exchange Server .................................................. 39
Exercise 3: Validating Antimalware and Anti-Spam Configuration............................................... 40
Module 10: Planning and Configuring Administrative Security and Auditing ...................................... 42
Lab: Configuring Administrative Security and Auditing .................................................................... 42
Exercise 1: Configuring Exchange Server Permissions .................................................................. 42
Exercise 2: Configuring Audit Logging ........................................................................................... 43
Exercise 3: Configuring RBAC Split Permissions on Exchange Server 2013 .................................. 44
Module 11: Monitoring and Troubleshooting Microsoft Exchange Server 2013 ................................. 45
Lab: Monitoring and Troubleshooting Exchange Server 2013 .......................................................... 45
Exercise 1: Monitoring Exchange Server ....................................................................................... 45
Exercise 2: Troubleshooting Database Availability ....................................................................... 47
Exercise 3: Troubleshooting Client Access Servers ....................................................................... 48
Module 1: Deploying and Managing Microsoft Exchange Server 2013

Lab: Deploying and Managing Exchange Server 2013
Exercise 1: Evaluating Requirements and Prerequisites for an Exchange Server 2013
Installation
Task 1: Evaluate the Active Directory Requirements
1. Sign in to LON-DC1-B as Adatum\Administrator with the password Pa$$w0rd
2. On LON-DC1-B, if necessary, on the task bar, click Server Manager.
3. In Server Manager, click Tools, and then click Active Directory Users and Computers.
4. Right-click Adatum.com, and then click Properties.
5. In the Adatum.com Properties dialog box, verify that the domain and forest functional levels are
compatible with the Exchange Server 2013 requirements. (Note: It should be at least Windows Server
2003)
6. Click OK, and then close Active Directory Users and Computers.
7. Click to the Start screen and then type adsi edit, and then press Enter.
8. Right-click ADSI Edit, and then click Connect to.
9. In the Connection Settings dialog box, in the Connection Point section, in the Select a wellknown
Naming Context list, click Configuration, and then click OK.
10. In the left pane, expand Configuration [LON-DC1.adatum.com], and then click
CN=Configuration,DC=adatum,DC=com.
11. Expand CN=Services, and verify that the CN=Microsoft Exchange has not been created.
12. Close ADSI Edit.
Task 2: Evaluate the DNS requirements
1. Sign in to LON-EX1-B as Adatum\Administrator with the password Pa$$w0rd, on the task bar, click
Windows PowerShell.
2. In the Windows PowerShell window, type IPConfig /all, and then press Enter. Verify that the
Domain Name System (DNS) server IP address for the Local Area Connection is 172.16.0.10.
3. At the command prompt, type Ping LON-DC1.adatum.com and press Enter. Verify that you have
network connectivity with the domain controller.
4. At the prompt, type Nslookup, and then press Enter.
5. At the prompt, type set type=all, and then press Enter.
6. At the prompt, type _ldap._tcp.dc._msdcs.adatum.com, and then press Enter. Verify that
an SRV record for lon-dc1.adatum.com is returned.
7. Close Windows PowerShell.
Exercise 2: Deploying Exchange Server 2013

Task 1: Preparing AD DS for Exchange Server 2013 deployment
1. On LON-DC1-B, in the Virtual Machine Connection window click Media menu, select DVD Drive, and
then click Insert Disk.
2. Navigate to C:\Program Files\Microsoft Learning\20341\Drives\ExchangeServer2013CU1.iso
and click Open.
3. On the task bar, click Windows PowerShell.
4. Type D: and press Enter.
5. Type the following command, and then press Enter:
.\Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms /OrganizationName:Adatum
6. Wait until the process completes.
7. Close Windows PowerShell.
Task 2: Performing Exchange Server 2013 installation on a single server

1. On LON-EX1-B, in the Virtual Machine Connection window, click Media menu, select DVD Drive, and
then click Insert Disk.
2. Navigate to C:\Program Files\Microsoft Learning\20341\Drives\ExchangeServer2013CU1.iso
and click Open.
3. On LON-EX1, open Windows PowerShell window from the task bar.
4. Type the following command to install the Exchange Server 2013 Windows components:
Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-ClusteringMgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model,
Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing,
Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-HttpTracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, WebMgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server,
Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, WindowsIdentity-Foundation, and press Enter. (If you do not want to type this command you can copy the
content of the file cmdlet.txt from C:\ drive.)
5. Wait until installation of Windows components finishes.
6. Close the PowerShell window, and restart the server.
7. Sign in to LON-EX1-B as Adatum\Administrator with the password Pa$$w0rd.
8. From the desktop, open File Explorer and navigate to D: drive.
9. Double-click setup.exe.
10. On the Check for Updates? page, click Dont check for updates right now, and click next. Wait
until setup copies files and initializes the setup process.
11. On the Introduction page, click next.
12. On the License Agreement page, click I accept the terms in the license agreement, and then click
next.
13. On the Recommended Settings page, click next.
14. On the Server Role Selection page, select Mailbox role and Client Access role, and then click next.
15. On the Installation Space and Location page, accept the default values, and click next.
16. On the Malware Protection Settings make sure that No is selected, and then click next.
17. On the Readiness Checks page, ensure that all prerequisites are met, and then click install.
18. Wait until the installation completes. It can take 30 to 40 minutes to finish. On the Setup
Completed
page, click finish.
19. Restart LON-EX1-B and sign in as Adatum\Administrator with the password Pa$$w0rd.
Task 3: Verify Exchange Server installation
1. On LON-EX1-B, open the Server Manager console, and then click Tools.
2. Select Services.
3. Scroll down the list of services, and click the Microsoft Exchange Active Directory Topology
service. Review the service description.
4. Review the status of the remaining Exchange Server services. Ensure that all services that are set
for Automatic startup are running.
5. Close Services.
6. From the task bar, open File Explorer.
7. Browse to C:\Program Files\Microsoft\Exchange Server\V15. This list of folders includes
ClientAccess, Mailbox, and TransportRoles. These roles were installed as part of the typical setup.
8. Close File Explorer.

9. From the Start screen, click Internet Explorer.
10. In the Address bar, type https://lon-ex1.adatum.com/owa, and then press Enter.
11. Sign in as Adatum\Administrator with the password Pa$$w0rd.
12. At the Language and Time zone page, click save.
13. Click new mail.
14. Send an email to Administrator.
15. Verify that the email is received in the inbox.
16. Close Outlook Web App.
Exercise 3: Managing Exchange Server 2013

Task 1: Explore Exchange Server 2013 Administration Center
1. On LON-EX1, from the Start screen, open Internet Explorer, type https://lon-ex1.adatum.com/ecp,
and then press Enter.
2. In the Domain\user name text box type Adatum\Administrator, and type Pa$$w0rd in the Password
field, and then click sign in.
3. In the EAC, click recipients in the left pane, and then click mailboxes in the central pane.
4. Click on the + sign and then click User mailbox.
5. In the new user mailbox window, select Existing user, and then click browse.
6. In the Select User Entire Forest window, select Aidan Delaney, and click ok.
7. In the Alias text box, type AidanD, and click save.
8. Make sure that Aidan Delaney appears in the list of mailboxes.
9. In the recipients node in the Exchange admin center, click groups.
10. Click the arrow next to the + sign.
11. Select Distribution group.
12. In the new distribution group window, type Adatum News in the Display name text box.
13. In the Alias text box, type AdatumNews.
14. Scroll down and make sure that Open is selected in last two sections. Click save.
15. In the upper right corner, click the arrow next to Administrator, and select Sign out.
Task 2: Manage Exchange Server with Exchange Management Shell

1. On LON-EX1, switch to the Start screen, and then click Exchange Management Shell.
2. In Exchange Management Shell, type get-user and press Enter.All users from Adatum.com domain
will be listed.
3. Type enable-mailbox identity Robert, and press Enter.
4. Type Get-Mailbox, and press Enter. You will receive all mailboxes on the server in the list.
5. Type get-mailbox | set-mailbox issuewarningquota 209715200 prohibitsendquota
262144000, and press Enter.
6. Type get-mailbox, and press Enter. Ensure that ProhibitSendQuota is set to 250 MB to all users.
7. Type
Get-User | Where-Object {$_.distinguishedname ilike *ou=IT,dc=adatum,dc=com} | Enable-Mailbox
and press Enter.
8. Ensure that mailboxes for the IT organizational unit are created.
9. Close the Exchange Management Shell window.
Task 3: Explore Outlook Web App
1. On LON-EX1, from the Start screen, open Internet Explorer and type https://lon-ex1.adatum.com
/owa.
2. In the Outlook Web App window, sign as Adatum\Aidan with the password Pa$$w0rd.
3. Click save on the next page.
4. In the Outlook Web App window, click new mail.

5. In the window on the right, send a new email to Administrator.
6. Click on the wheel icon in the upper right corner. Select Options.
7. In the options window, click on groups in the left pane.
8. In the central pane, click the Join button.
9. In the All Groups window, double-click Adatum News.
10. In the Adatum News window, click Join.
11. Close the all groups window.
12. Click on settings in the left pane
13. In the email signature box, type Aidan Delaney, Adatum Corp., and select Automatically include
my signature on messages I send.
14. Click save.
15. Click the arrow in the upper left corner (back).
16. Click on the wheel icon in the upper right corner.
17. Select Change theme.
18. Click on theme of your choice, and then click OK.
19. Close the Internet Explorer window.
Task 4: To prepare for the next module
When you finish the lab, revert the virtual machines back to their initial state. To do this, complete
the following steps:
1. On the host computer, start Hyper-V Manager.
2. In the Virtual Machines list, right-click 20341B-LON-DC1-B, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat steps 2 to 3 for 20341B-LON-EX1-B.
5. In Hyper-V Manager, click 20341B-LON-DC1, and in the Actions pane, click Start.
6. In the Actions pane, click Connect. Wait until the virtual machine starts.
7. Sign in using the following credentials:
o User name: Adatum\Administrator
o Password: Pa$$w0rd
8. Repeat steps 5 to 7 for 20341B-LON-MBX1. When you have successfully signed in to LON-MBX1,
repeat steps 5 to 7 for 20341B-LON-CAS1 and 20341B-LON-CL1.
Module 2: Planning and Configuring Mailbox Servers

Lab: Configuring Mailbox Servers
Exercise 1: Planning Configuration for Mailbox Servers
Task 1: Analyze requirements for the A. Datum Exchange Server deployment
Read the Lab and Exercise scenario. Summarize the requirements from the exercise scenario.
Task 2: Use the Exchange Mailbox Server Role Requirements Calculator
1. On LON-CL1, click the Desktop tile.
2. On the task bar, click File Explorer, navigate to C:\Files and double-click on E2013Calc.xlsm. On the
Security warning, click Enable Content. If the Welcome to Your New Office Wizard launches, click
Next three times and then click All done!.
3. In the E2013Calc, on the Input sheet, enter the values in the following sections:
o Exchange Environment Configuration
Server Multi-Role Configuration (MBX+CAS): No
Server Role Virtualization: Yes
High Availability Deployment: Yes
Number of Mailbox Servers Hosting Active Mailboxes/DAG: 4
Number of Database Availability Groups: 2
o Mailbox Database Copy Configuration

Total Number of HA Database Copy Instances (Includes Active Copy) within DAG: 3
Total number of Lagged Database Copy Instances within DAG: 1
o Exchange Data Configuration
Mailbox Moves/Week Percentage: 2%
LUN Free Space Percentage: 25%
o Tier-1 User Mailbox Configuration
Total Number of Tier-1 User Mailboxes/Environment: 5,000
Projected Mailbox Number Growth Percentage: 5%
Total Send/Receive Capability/Mailbox/Day: 150 messages
Average Message Size (KB): 75
Mailbox Size Limit (MB): 1,024
Personal Archive Mailbox Size Limit (MB): 2,048
Deleted Item Retention Window (Days): 30
Single Item Recovery: Enabled
Calendar Version Storage: Enabled
o Backup Configuration
Backup Methodology: Software VSS Backup/Restore
Backup Frequency: Weekly Full / Daily incremental
Database and Log Isolation Configured: Yes
Backup/Truncation Failure Tolerance: 3
Network Failure Tolerance (Days): 0
o Primary Datacenter Disk Configuration
Database: 1,000 GB, 7.2K RPM SAS 3.5
Log: 500 GB, 7.2K RPM SAS 3.5
Restore LUN: 1500 GB, 7.2K RPM SAS 3.5
Task 3: Analyze output from the Exchange Mailbox Server Role Requirements
Calculator
1. In the E2013Calc, click on the Role Requirements tab.
2. Review the calculated requirements provided in this sheet.
3. Click the Distribution sheet.
4. Click Fail Server for each server. Observe where the databases will be distributed.
5. Click Export DAG Scripts.
6. In the Storage Calculator Export Scripts window, click OK twice.
7. Click the LUN Requirements sheet. Review the calculated requirements provided in this sheet.
8. Click the Backup Requirements sheet. Review calculated requirements provided in this sheet.
9. Click the Replication Requirements sheet. Review the calculated requirements provided in this
sheet.
10. Click the Storage Design sheet. Review the calculated requirements provided in this sheet.
11. Open File Explorer, and navigate to C:\Files.
12. Right-click the CreateMBDatabases.ps1 file, and select Edit. Review the contents of the generated
script.
13. Right-click the CreateMBDatabaseCopies.ps1 file, and select Edit. Review the contents of the
generated script.
14. Right-click the Diskpart.ps1 file, and select Edit. Review the contents of the generated script.
15. Close the Windows PowerShell ISE window.
Task 4: Discuss the solution with the instructor and the class
1. Discuss the solution provided by the Exchange Mailbox Server Role Requirements Calculator with
other students and with the instructor.
2. Change the values on the Input tab of the Exchange Mailbox Server Role Requirements Calculator,
and see how that reflects on the results that this tool provides.
Exercise 2: Configure Storage on the Mailbox Servers

Task 1: Create and Configure iSCSI target and drives
1. On LON-DC1, open Server Manager, click Manage, and then click Add Roles and Features.
2. In the Add Roles and Features Wizard, on the Before you begin page, click Next.
3. On the Select installation type page, click Next.
4. On the Select destination server page, make sure that Select a server from the server pool is
selected, and then click Next.
5. On the Select server roles page, expand File And Storage Services (Installed), expand File and iSCSI
Services (Installed), select the iSCSI Target Server check box, and then click Next.
6. On the Select features page, click Next.
7. On the Confirm installation selections page, click Install.
8. When installation is complete, click Close.
9. On LON-DC1, in Server Manager, in the navigation pane, click File and Storage Services.
10. In the File and Storage Services pane, click iSCSI.
11. In the iSCSI VIRTUAL DISKS pane, click TASKS, and then in the TASKS drop-down list, select New
iSCSI Virtual Disk.
12. In the New iSCSI Virtual Disk Wizard, on the Select iSCSI virtual disk location page, under Storage
location, click C:, and then click Next.
13. On the Specify iSCSI virtual disk name page, in the Name box, type iSCSIDisk1, and then click Next.
14. On the Specify iSCSI virtual disk size page, in the Size box, type 2, make sure GB is selected in the
drop-down list, and then click Next.
15. On the Assign iSCSI target page, click New iSCSI target, and then click Next.
16. On the Specify target name page, in the Name box, type LON-MBX1, and then click Next.
17. On the Specify access servers page, click Add.
18. In the Select a method to identify the initiator dialog box, click Browse. In the Select Computer
window, type LON-MBX1, click Check Names and click OK, and then click OK.
19. On the Specify access servers page, click Next.
20. On the Enable Authentication page, click Next.
21. On the Confirm selections page, click Create.
22. On the View results page, wait until the creation is completed, and then click Close.
iSCSI Virtual Disk.
25. On the Specify iSCSI virtual disk name page, in the Name box, type iSCSIDisk2, and then click Next.
26. On the Specify iSCSI virtual disk size page, in the Size box, type 2, make sure GB is selected in the
drop-down list, and then click Next.
27. On the Assign iSCSI target page, click lon-mbx1, and then click Next.
iSCSI Virtual Disk.
32. On the Specify iSCSI virtual disk name page, in the Name box, type iSCSIDisk3, and then click
Next.
33. On the Specify iSCSI virtual disk size page, in the Size box, type 500, make sure MB is selected in
the drop-down list, and then click Next.
34. On the Assign iSCSI target page, click lon-mbx1, and then click Next.
Task 2: Connect Exchange Server to the storage
1. On LON-MBX1, click the Desktop tile.
2. From the task bar, click Server Manager.
3. In Server Manager, click Tools, and then click iSCSI Initiator.
4. In the Microsoft iSCSI dialog box, click Yes.
5. Click the Discovery tab.
6. Click Discover Portal.
7. In the IP address or DNS name box, type 172.16.0.10, and then click OK.
8. Click the Targets tab.
9. Click Refresh.
10. In the Targets list, select iqn.1991-05.com.microsoft:lon-dc1-lon-mbx1-target, and then click
Connect.
11. Select Add this connection to the list of Favorite Targets, and then click OK two times.
Task 3: Configure storage
1. On LON-MBX1, in Server Manager, click Tools, and then click Computer Management.
2. Expand Storage, and then click Disk Management.
3. Right-click Disk 1, and then click Online.
4. Right-click Disk 1, and then click Initialize disk. In the Initialize Disk dialog box, click OK.
5. Right-click the unallocated space next to Disk 1, and then click New Simple Volume.
6. On the Welcome to the New Simple Volume Wizard page, click Next.
7. On the Specify Volume Size page, click Next.
8. On the Assign Drive Letter or Path page, click Next.
9. On the Format Partition page, in the Volume Label box, type DB1. Select the Perform a quick format
check box, and then click Next.
10. Click Finish. (Note: If the Microsoft Windows window pops up with prompt to format the disk, click
Cancel.)
11. Repeat steps 3 through 10 for Disk 2 and Disk 3. (Note: Use DB2 and Logs for Volume Labels,
respectively.)
12. Close the Computer Management window.
Exercise 3: Creating and Configuring Mailbox Databases

Task 1: Configure Mailbox Settings for the Existing Mailbox Database
1. On LON-MBX1, click to the Start screen, and then click Internet Explorer.
2. In Internet Explorer, type https://lon-cas1.adatum.com/ecp, and press Enter.
4. In the EAC, in the feature pane, click servers.
5. Click the databases tab.
6. Double-click Mailbox Database 1.
7. In the Mailbox database window, click limits.
8. In the Issue a warning at (GB) text box, type 0.9.
9. In the Prohibit send at (GB): text box, type 1.

10. In the Prohibit send and receive at (GB): text box, type 1.3.
11. In the Keep deleted items for (days): text box, type 30.
12. Click save. Minimize the EAC window.
13. On LON-MBX1, click to the Start screen and then click Exchange Management Shell.
14. In the Exchange Management Shell window, type Get-MailboxDatabase and press Enter.
15. See the list of mailbox databases created.
16. In the Exchange Management Shell window, type the following command, and then press Enter:
Move-DatabasePath Identity Mailbox Database 1 EdbFilePath E:\DB1\DB1.edb
LogFolderPath G:\Logs\DB1
17. Type y, and press Enter.

19. Minimize the Exchange Management Shell window.
20. Open File Explorer and navigate to E:\ and open the DB1 folder. Make sure that the database
DB1.edb file is present.
21. Navigate to G:\, and open the folder Logs\DB1. Ensure that the log files are present.
Task 2: Create and configure additional mailbox databases
1. Restore the EAC window.
2. Click servers in the feature pane, and then click the databases tab.
3. Click New.
4. In the Database window, in the Mailbox database text box, type DB2.
5. Click browse.
6. In the Select Server window, select LON-MBX1, and then click OK.
7. In the Database file path text box, type: F:\DB2\DB2.edb.
8. In the Log folder path text box, type G:\Logs\DB2.
9. Make sure that the Mount this database is selected, and then click save. Click ok.
10. Restore the Exchange Management Shell window.
11. In Exchange Management Shell window, type the following:
Set-MailboxDatabase identity DB2 DeletedItemRetention 20.00:00:00
-CircularLoggingEnabled $true ProhibitSendQuota 2.2GB, and then press Enter.
12. Type Dismount-Database identity DB2, and press Enter.

14. Type Mount-Database identity DB2, and press Enter.
15. Leave the Exchange Management Shell window open.
Task 3: Export mailbox data to the .pst file
1. On the LON-MBX1 virtual machine, restore the Exchange Management Shell window.
2. Type New-ManagementRoleAssignment Role "Mailbox Import Export" User Administrator,
3. Close the Exchange Management Shell.
4. From the Start screen, click Exchange Management Shell.
5. Type the following, and then press Enter:
New-MailboxExportRequest -Mailbox aidan -FilePath \\lon-dc1\MailboxExport\aidan.pst
6. Type Get-MailboxExportrequest, and press Enter.

7. Make sure that the status of the request is completed. (If it is not completed, wait for several
minutes, and then repeat step 6.)
8. Switch to LON-DC1. Open File Explorer and then browse to the C:\MailboxExport folder, and make
sure that the aidan.pst file is present.

2. In the Virtual Machines list, right-click 20341B-LON-DC1, and then click Revert.
4. Repeat steps 2 to 3 for 20341B-LON-CAS1, 20341B-LON-MBX1, and 20341B-LON-CL1.
Module 3: Managing Recipient Objects

Lab: Managing Recipient Objects
Exercise 1: Configure Trey Research Recipients
Task 1: Create the Trey Research AD DS objects
1. On LON-CAS1, start Server Manager.
2. Click Tools, and then click Active Directory Module for Windows PowerShell.
3. Type e: and press Enter.
4. Type cd Labfiles\Mod03, and then press Enter.
5. Type .\TreyResearchSetup.ps1, and then press Enter.
6. At the Type the Password prompt, type Pa$$w0rd and press Enter.
7. Close the Active Directory Module for Windows PowerShell window.
8. In Server Manager, click Tools, and then click Active Directory Users and Computers.
9. Expand Adatum.com, expand TreyResearch, and verify that the TreyResearch OU contains child OUs
with user accounts and groups.
10. Close Active Directory Users and Computers.
Task 2: Create the Trey Research mailboxes
1. On LON-CAS1, click to the Start screen, and then click Exchange Management Shell.
2. At the command prompt, type New-MailboxDatabase Name TreyResearchDB Server LONMBX1,and then press Enter.
3. At the command prompt, type Invoke-Command ComputerName LON-MBX1 ScriptBlock
{Restart-Service msexchangeis} and then press Enter.
4. At the command prompt, type Mount-Database id TreyResearchDB, and then press Enter.
5. At the command prompt, type Get-User OrganizationalUnit TreyResearch | Enable-Mailbox
-Database TreyResearchDB.
6. At the command prompt, type Get-Group OrganizationalUnit TreyResearch | EnableDistributionGroup, and then press Enter.
7. On LON-CAS1, open Internet Explorer and connect to https://LON-CAS1.adatum.com

/ecp.
8. Sign in as Adatum\administrator using the password Pa$$w0rd.
9. Click the resources tab.
10. Click New, and then click Room mailbox.
11. Fill in the following information:
o Room name: TR_Room1
o Email address: TR_Room1

o Organizational unit: click browse, click TreyResearch, and then click ok
o Location: Harrow
o Capacity: 20
12. Click Select delegates who can accept or decline booking requests.
13. Click Add, click Charlotte Weiss, click add, and then click ok.
14. Click more options, and under Mailbox database, click browse, click TreyResearchDB, and then click
ok.
15. Click save.
16. In the Exchange Management Shell, type the following command, and then press Enter.
Set-CalendarProcessing id TR_Room1 BookinPolicy AllTreyResearch.
17. On LON-CAS1, in the EAC, in the Features pane, click recipients.

18. Click the shared tab.
19. Click New.
o Display name: TreyResearch Sales
o Organizational unit: TreyResearch\Sales
o Email address: TreyResearchSales
21. Under Full Access, click Add, click TR_Sales, then click add, and then click ok.
22. Click More options.
23. Under Mailbox database, click browse, click TreyResearchDB and then click ok.
24. Click save.
Task 3: Create the Trey Research distribution groups
1. On LON-CAS1, in the EAC, click the groups tab.
2. Click New, and then click Distribution group.
o Display name: Trey_SalesMgrs
o Alias: TreySalesMgrs
o Organizational unit: TreyResearch\Sales
o Members: Florence Flipo, Sidney Higa
o Owner approval is required: Closed
o Choose whether the group is open to leave: Closed
4. Click save.
5. On the groups tab, click New, and then click Distribution group.
o Display name: TreyResearchNews
o Alias: TreyResearchNews
o Organizational unit: TreyResearch
o Members: none
o Owner approval is required: Open
o Choose whether the group is open to leave: Open
7. Click save.
8. On LON-CAS1, in the Exchange Management Shell, type cd E:\Labfiles\Mod03, and then press
Enter.
9. Type $users=import-csv .\TreyResearchIntegrationTeam.csv, and press Enter.
10. Type foreach ($i in $users) {set-mailbox Identity $i.alias CustomAttribute1 TreyResearch
Integration Project Team}, and press Enter.
11. On LON-CAS1, in the EAC, on the groups tab, click New, and then click Dynamic distribution group.
o Display name: TreyIntegration

o Alias: TreyIntegration
o Organizational unit: TreyResearch
o Owner: Administrator
13. Under Members, click Only the following recipient types, and select the Users with Exchange
mailboxes check box.
14. Click add a rule.
15. From the drop-down list, click Recipient container.
16. Click Adatum.com, and then click ok.
18. From the drop-down list, click Custom Attribute 1.
19. In the specify words or phrases page, type TreyResearch Integration Project Team, click Add and
then click ok.
20. Click save.
Exercise 2: Configure Address Lists and Policies for Trey Research

Task 1: Configure TreyResearch.net as an accepted domain
1. On LON-CAS1, in the EAC, click mail flow in the Features pane, and then on the accepted domains
tab, click New.
2. In the new accepted domain window, type TreyResearch as the Name, and TreyResearch.net as the
Accepted domain.
3. Click save.
Task 2: Configure an email address policy for Trey Research users
1. On the email address policies tab, click New.
2. In the new email address policy window, type TreyResearch Email as the Policy name.
3. Under Email address format, click Add.
4. From the Select an accepted domain drop-down list, select TreyResearch.net.
5. Click John.Smith@contoso.com, and then click save.
6. In the new email address policy window, click add a rule.
7. Click Select one, and then click Recipient container.
8. Click TreyResearch, and then click ok.
9. Click save, and then click ok.
10. Click TreyResearch Email. In the Details pane, click Refresh, click Apply, and then click yes.
11. Click close.
Task 3: Configure an address list for TreyResearch users
1. In the EAC, click organization in the Features pane, and then click address lists.
2. On the address lists tab, click New.
3. In the new address list window, type TreyResearch as the Name.
5. In the select one list, click Recipient container.
6. In the select an organizational unit dialog box, click TreyResearch, and click ok.
7. Click save, click ok, and then click Update.
8. Click yes, and then click close.
Task 4: Configure an address book policy for Trey Research users
1. On LON-CAS1, if required, open the Exchange Management Shell.
2. At the command prompt, type the following command, and press Enter.
New-GlobalAddressList -Name TreyResearchGAL -RecipientContainer TreyResearch
Update-GlobalAddressList -id TreyResearchGAL
New-OfflineAddressBook -Name TreyResearchOAB -AddressLists TreyResearch
5. At the command prompt, type the following command, and type Enter.
New-AddressList -Name TreyResearchRooms RecipientContainer TreyResearch -IncludedRecipients Resources
Update-AddressList TreyResearchRooms
Set-OfflineAddressBook -id "TreyResearchOAB" VirtualDirectories LON-CAS1\oab (Default Web Site),LONMBX1\oab (Exchange Back End)
Update-OfflineAddressBook -id "TreyResearchOAB"
New-AddressBookPolicy -Name TreyResearchABP -AddressLists \TreyResearch -OfflineAddressBook
TreyResearchOAB -GlobalAddressList TreyResearchGAL RoomList \TreyResearchRooms
Get-Mailbox -OrganizationalUnit TreyResearch | Set-Mailbox AddressBookPolicy TreyResearchABP
Task 5: Validate the deployment

1. In the EAC, click recipients in the Features pane.
2. Click mailboxes, and then double-click Aaron Nicholls and click the mailbox features tab.
3. Verify that the TreyResearchABP has been assigned to Aarons mailbox under Address Book Policy.
Click cancel.
4. On LON-CL1, sign in as Adatum\Aaron using the password Pa$$w0rd.
5. Right-click on the Start screen, and click All apps.
6. Open Outlook 2013.
7. On the Welcome to Outlook 2013 page, click Next.
8. On the Add an Email Account page, click Next.
9. On the Auto Account Setup page, verify that Aarons information is automatically added, and click
Next.
10. Click Finish, and wait for Outlook to open.
11. In the First things first window, click Ask me later, and click Accept.
12. After Outlook opens, click New Email. In the Untitled Message (HTML) window, click To.
13. Verify that the user can only see users and groups in the TreyResearch OU.
14. Click Trey_SalesMgrs and click To, and then click OK.
15. Type a subject of test and short email message and then click Send.
16. Click the Calendar icon.
17. Click New Meeting.
18. In the Untitled Meeting window, click To.
19. Under Address book drop down box, Select TreyResearch and Click Cindy White, and then click
Required.
20. Under Address Book, click TreyResearchRooms. Click TR_Room1 and click Resources. Click OK.
21. In the Untitled Meeting window, pick a time tomorrow in the Start time box.
22. Type a subject of test meeting and short message and click Send.
23. Review the Meeting Response message and close the message.
24. Open Internet Explorer, and connect to Https://lon-cas1.adatum.com/owa.
25. Sign in as Adatum\Aaron using the password Pa$$w0rd.
26. In the Outlook Web App window, click save.
27. In the Outlook Web App window, click the Settings icon in the top right corner, and click Options.
28. Under options, click groups.
29. Under distribution groups I belong to, click Join.
30. In the all groups dialog box, double-click Trey_SalesMgrs.
31. In the Trey_SalesMgrs dialog box, click Join.
32. Review the error message stating that the group is closed and click ok. Click close.
33. In the all groups dialog box, double-click TreyResearchNews.
34. In the TreyResearchNews dialog box, click Join.
35. Close the all groups dialog box, and verify that Aaron is now a member of the TreyResearchNews
distribution group. Close Internet Explorer.
36. In Outlook 2013, click New Email.
37. In the To box, type treyintegration@adatum.com. Type a subject and short message and click
Send.
38. Open Internet Explorer, and connect to Https://lon-cas1.adatum.com/owa.
39. Sign in as adatum\aidan using the password Pa$$w0rd. Click save.
40. In the Outlook Web App window, verify that Aidan received the message sent to the
treyintegration dynamic distribution group.
Exercise 3: Configure Public Folders for Trey Research

Task 1: Create the public folder mailbox
1. On LON-CAS1, switch to EAC.
2. In the Feature pane, click public folders.
3. Click the public folder mailboxes tab, and then click new public folder mailbox.
4. On the new public folder mailbox page, type PFMBX1 in the Name field.
5. Under Organizational unit, click browse, click TreyResearch, and then click ok.
6. Under Mailbox database, click browse, click TreyResearchDB and then click ok.
7. Click save.
Task 2: Create the public folders
1. Click public folders, and then click New public folder.
2. On the new Public Folder page, in the Name field, type TreyResearch, and then click save.
3. Click TreyResearch, and then click New public folder.
4. In the new public folder window, in the Name field, type Research, and then click save.
Task 3: Configure public folder permissions
1. Click Go to the parent folder.
2. Verify that TreyResearch is listed in the folder list, select the folder, and then under Folder
permissions, click Manage.
3. In the TreyResearch window, click Add.
4. In the public folder permissions window, next to User, click browse.
5. In the Select Recipient window, click TR_IT, and then click ok.
6. Under Permission level, click Owner, and then click save.
7. Select the Apply changes to this public folder and all its subfolders check box.
8. In the TreyResearch window, click Add.
9. In the public folder permissions window, next to User, click browse.
10. In the Select Recipient window, click AllTreyResearch, and then click OK.
11. Under Permission level, click Author, and then click save.
12. Click save and then click close.
Task 4: Validate the public folder deployment

1. On LON-CL1, in Outlook 2013, open the Folders view.
2. Verify that the Public Folders are listed in the left pane.
3. Expand the Public Folders and verify that the TreyResearch and Research public folders are visible.
Note: It can take several minutes for the public folders to appear. If the public folders are not visible,
wait a few minutes, close Outlook 2013 and open it again. If the public folders still do not appear, sign
out on LON-CL1, sign in as Cindy using the password Pa$$w0rd, and open Outlook 2013. Configure the
Outlook profile, and verify the public folder are visible.
repeat steps 5 to 7 for 20341B-LON-CAS1.
Module 4: Planning and Deploying Client Access Servers

Lab: Deploying and Configuring a Client Access Server Role
Exercise 1: Configuring Certificates for the Client Access Server
Task 1: Make a certificate request on Exchange Server
1. On LON-CAS1, open Internet Explorer, type https://lon-cas1.adatum.com/ecp, and press Enter.
2. Sign in as Adatum\administrator with the password Pa$$w0rd.
3. In the EAC, in the left navigation pane, click servers.
4. In the right pane, click certificates tab.
5. Click on the + sign.
6. In the Exchange Certificate Windows Internet Explorer window, in the new Exchange certificate
Wizard, select Create a request for a certificate from a certification authority, and then click next.
7. In the Friendly name for this certificate, type mail.adatum.com, and click next.
8. On the page with the option for using wildcard certificates, do not make any changes, and click
next.
9. Click browse.
10. In the Select a Server window, click LON-CAS1, and click ok.
11. Click next.
12. On the next page, click Outlook Web App (when accessed from the Internet), and then click the
Edit icon.
13. In the Specify the domains for the above Access type, enter mail.adatum.com, and click OK.
14. Repeat steps 12 and 13 for items where <not specified> is in the DOMAIN column.
15. Click next.
16. On the next page, make sure that you have the following names in the list: mail.adatum.com,
lon-cas1.adatum.com, AutoDiscover.Adatum.com, LON-CAS1, and Adatum.com, and then click

next.
17. On the next page, fill in the following fields as follows:
a. Organization name: A.Datum
b. Department name: IT
c. City/Locality: Seattle
d. State/Province: WA
e. Country/Region name: United States
18. Click next.
19. On the next page, type \\lon-cas1\C$\windows\temp\certreq.req, and click finish.
Task 2: Issue a certificate from an internal CA
1. On LON-DC1, in Start, click Certification Authority.
2. In certsrv [Certification Authority (Local)], right-click Adatum-LON-DC1-CA, point to All Tasks, and
then click Stop Service.
3. Right-click Adatum-LON-DC1-CA, point to All Tasks, and then click Start Service.
4. On LON-CAS1, open File Explorer, and navigate to C:\windows\temp.
5. Right-click CertReq.req, and then click Open with.
6. In the Windows dialog box, click Notepad.
7. In the CertReq.req Notepad window, press Ctrl+A to select all the text, and then press Ctrl+C to
copy and save the text to the clipboard. Close Notepad.
8. Click to the Start screen, and then click Internet Explorer.
9. Connect to http://lon-dc1.adatum.com/certsrv.
10. Sign in as Administrator, using the password Pa$$w0rd.
11. On the Welcome page, click Request a certificate.
12. On the Request a Certificate page, click advanced certificate request.
13. On the Advanced Certificate Request page, click Submit a certificate request by using a base64-encoded CMC or PKCS#10 file, or submit a renewal request by using a base-64-encoded
PKCS#7 file.
14. On the Submit a Certificate Request or Renewal Request page, click in the Saved Request field, and
then press Ctrl+V to paste the certificate request information into the field.
15. In the Certificate Template drop-down list box, click Web Server, and then click Submit.
16. On the Certificate Issued page, click Download certificate.
17. In the File Download dialog box, click the arrow next to Save. Select Save As.
18. In the Save As dialog box, click Save.
19. In the Download complete dialog box, click Open.
20. In the Certificate dialog box, on the Details tab, click Subject Alternative Name. Verify that the
certificate includes several subject alternative names, and then click OK.
21. On LON-CAS1, open File Explorer and create new folder called cert on the C:\ drive. Share the
folder, and give Read permission to Everyone.
22. Copy the file certnew.cer from C:\Users\Administrator.ADATUM\Downloads to C:\cert.
Task 3: Assign a certificate to Exchange services
1. On the LON-CAS1, switch to the EAC.
2. Click servers, and then click certificates.
3. Next to Select server, click LON-CAS1.Adatum.com.
4. Click on mail.adatum.com, and then click on the toolbar and select import Exchange certificate.
5. Type \\lon-cas1\cert\certnew.cer and click next.
6. On the next page, click the + sign.
7. Select LON-CAS1, and click add and then click ok.
8. Click finish.
9. Make sure that mail.adatum.com appears in the list.
10. Click on mail.adatum.com, and click the pencil icon on the toolbar.
11. Click services.
12. Select IIS, and click save.
Exercise 2: Configuring Client Access Services Options

Task 1: Configure Client Access server options
1. In the EAC, on LON-CAS1, click servers in the left pane.
2. In the central pane, click virtual directories on the toolbar.
3. In the Select server list, click LON-CAS1.Adatum.com.
4. Click the mechanical key icon on the toolbar.
5. In the configure external access domain window, click the + sign.
6. Click on LON-CAS1, and click add-> button, and then click ok.
7. In the text box below Enter the domain name, type mail.adatum.com, and click save.
8. Click close after the operation completes.
9. In the center pane, click servers.
10. Click on LON-CAS1, and then click the pencil icon on the toolbar.
11. Click on POP3 in the left navigation pane.
12. Set the Logon method to Secure TLS connection.
13. Scroll down, and select More options.
o Set Maximum connections to 100.
o Set Maximum connections from a single IP address to 20.
o Set Maximum connections from a single user to 2.
14. Click save.
15. Click ok on the warning window.
Task 2: Verify authentication options on Client Access server
1. On LON-CAS1, in the EAC, in the servers node, click virtual directories.
2. Review the list of virtual directories for LON-CAS1.
3. Click on the Autodiscover virtual directory, and then click the pencil icon on the toolbar.
4. In the Virtual Directory Windows Internet Explorer window, click authentication.
5. Review the supported and selected options for authentication.
6. Make no changes, and click cancel.
7. Click on ecp virtual directory, and then click the pencil icon on the toolbar.
8. Review the supported and selected options for authentication. Notice that no options are selected.
9. Make no changes, and click Cancel.
10. Click on the PowerShell virtual directory, and then click the pencil icon on the toolbar.
11. In the Virtual Directory Windows Internet Explorer window, click Authentication.
12. Review the supported and selected options for authentication. Notice that no options are
selected.
14. Click on the Microsoft-Server-ActiveSync virtual directory, and then click the pencil icon on the
toolbar.
15. In the Virtual Directory Windows Internet Explorer window, click Authentication.
16. Review the supported and selected options for authentication. Notice that the certificate
authentication options are present in this virtual directory.
18. Click on the OAB virtual directory, and then click the pencil icon on the toolbar.
19. In the Virtual Directory Windows Internet Explorer window, notice that there are no
authentication options for this virtual directory.
Exercise 3: Configuring Custom MailTips

Task 1: Configure MailTips
1. On LON-CAS1, in the EAC, click recipients, and then click mailboxes.
2. In the list of mailboxes, click on April Reagan, and then click on the Edit icon on the toolbar.
3. In the April Reagan window, click MailTip.
4. In the text box, type Test e-mail tip for April, and click save.
5. From the Start screen, click Exchange Management Shell.
6. Type the following, and then press Enter:
Set-Mailbox Identity Aidan Mailtip this is english mail tip MailtipTranslation (FR: Cest la lague francaise)
7. Close the Windows PowerShell window.

Task 2: Test MailTips
1. Open Internet Explorer and type https://lon-cas1.adatum.com/owa.
2. Sign in as Adatum\Don with the password of Pa$$w0rd.
3. On the Language and time zone page, select English, and make no changes to time zone, and then
click Save.
5. Type April in the To field, and press Tab. Make sure that the field is populated with April Reagan.
6. Click in the Subject field. Ensure that email tip has appeared.
7. Click Discard, and click Discard again.
9. Type Aidan in the To field, and press Tab. Make sure that the field is populated with Aidan Delaney.
10. Click in the Subject field. Ensure that E-mail tip has appeared, and that it appears in English.
11. Sign out of OWA.
12. Sign in as Adatum\Amr with the password of Pa$$w0rd.
13. On the Language and time zone page, select Francais (France), and make no changes to time zone,
and then click Save.
14. In the Outlook Web App window, click nouveau message.
15. In A field type Aidan, and press Tab. Make sure that the field is populated with Aidan Delaney.
16. Click in the Objet field. Ensure that E-mail tip has appeared and that it appears in French.
17. Click Ignorer, and click Ignorer again.
18. Sign out.
4. Repeat steps 2 to 3 for 20341B-LON-CAS1 and 20341B-LON-MBX1.
a. User name: Adatum\Administrator
b. Password: Pa$$w0rd
repeat steps 5 to 7 for 20341B-LON-CAS1, 20341B-LON-TMG, and 20341B-LON-CL1.
Module 5: Planning and Configuring Messaging Client Connectivity

Lab: Planning and Configuring Messaging Client Connectivity
Exercise 1: Planning Client Connectivity
Task 1: Propose a solution for client connectivity
1. Which client platforms should you support for internal clients?
For internal clients, you must support the Windows 8 operating system, Outlook 2003, and Outlook
2010. However, since Outlook 2003 is not supported by Exchange Server 2013, it cannot be included
in your client connectivity plan.
2. Which client platforms should you support for external clients?
For external clients, you must support Windows 8 and Outlook 2010 for mobile computers, along with
Windows Phone 7.5, Windows Phone 8, iOS5 and Android 4.0 mobile platforms.
3. What concerns do you have regarding internal clients?
The biggest concern for internal clients is the fact that there is no unique email client software on
client computers.
4. What concerns do you have regarding external clients?
The biggest concern for external clients is security. You have to support multiple platforms connecting
from various locations while maintaining security requirements.
5. How will you address the requirement for client connection encryption?
Client connections to the Client Access server will be encrypted by using SSL.
6. What solution will you propose for internal clients?
Outlook 2010 clients are supported by default. However, clients that are running Outlook 2003
cannot connect to Exchange Server 2013. For these clients, and for clients without Outlook software,
you can propose two solutions:
a. Use the Outlook Web App interface to access their mailboxes.
b. Use the built-in email client in Windows 8 to access their mailboxes by using the ActiveSync
protocol.
7. What solution will you propose for external clients?
External clients with mobile computers will be using Outlook Anywhere, while clients without mobile
computers can use the Outlook Web App interface. Clients with smartphones can connect by using
the ActiveSync protocol if the device operating system supports it.
8. How will you address the requirements for attachment downloading on public computers?
Clients that are connecting from public computers will be using Outlook Web App. To prevent them
from downloading and saving attachments, you can implement Outlook Web App Policy.
9. How do you plan to force security requirements to mobile devices?
Security requirements for mobile devices can be enforced by implementing ActiveSync policies.
Windows Phone, iOS 5, and Android 4.0 support ActiveSync policies. However, you should check if
Symbian devices can support ActiveSync policies; if they cannot, they might not be able to connect.
10. How do you plan to deploy the A. Datum Root CA certificate to client devices (both computers and
smartphones)?
The Root CA certificate is deployed to client computers by using Group Policy. If A. Datum has an
enterprise CA implemented, this is done by default. If it is a standalone CA, you can deploy it manually
in GPO. For mobile devices, you can use configuration utilities to distribute certificates, or you can
send a Root CA certificate file in an email to all users with a smartphone, along with instructions on
how to import it.
11. Is there a way to control hardware features of mobile devices?
Exchange Server 2013 does not support policies for hardware control on mobile devices.
12. Can you implement certificate-based authentication for mobile devices?
Currently, certificate-based authentication is selectively supported. You should check with mobile
platform vendors to see if this feature is supported.
13. How will you implement the requirement for deleting content from a lost mobile device?
For deleting the content on a lost mobile device, you should train users on how to use the Remote
Wipe functionality available in the Exchange Outlook Web App interface.
Exercise 2: Configuring Outlook Web App and Outlook Anywhere

Task 1: Configuring Outlook Web App policies
1. On LON-CAS1, on the Start screen click Internet Explorer.
2. Browse to https://lon-cas1.adatum.com/ecp.
3. Sign in to the EAC as Adatum\Administrator with the password Pa$$w0rd.
4. In the EAC window, click permissions in left navigation pane.
5. In the central pane, click Outlook Web App policies.
6. Click the New icon.
7. In the new Outlook Web App mailbox policy, in the Policy name text box, type External Users
Policy.
8. In the Communication management section, clear the Instant messaging and Text messaging check
boxes.
9. Scroll down and click More options.
10. In the Information management section, clear the Recover deleted items check box.
11. In the Public or shared computer section, clear the Direct file access check box.
12. Click save.
13. In the EAC console, click recipients.
14. Double-click Adam Barr.
15. In the Adam Barr window, click mailbox features in the left navigation pane. In the warning dialog
box, click ok.
16. In the right pane, scroll down to Email Connectivity section, and click View details.
17. In the Outlook Web App mailbox policy window, click browse.
18. Select External Users Policy and click ok, and then click save two times.
19. Click to the Start menu and then click Exchange Management Shell.
20. Type following command: Set-CASMailbox identity Aidan@adatum.com
OwaMailboxPolicy:External Users Policy, and press Enter.
21. In Internet Explorer, in the Exchange admin center, click recipients and then in the central pane
double-click user Brad Sutton.
22. In the Brad Sutton window, on general tab, click More options.
23. In the Custom attributes section, click Edit.
24. In the 1: text box type external and click ok, and then click save.
25. Repeat steps 21 to 24 for users Chad Niswonger and Daniel Durrer.
26. Switch to Exchange Management Shell and type : get-mailbox filter {CustomAttribute1 eq
external} | Set-CASMailbox -OwaMailboxPolicy External Users Policy, and press Enter.
27. Switch back to the EAC.
28. Double-click on Brad Sutton.
29. In the Brad Sutton window, click mailbox features.

30. In the right pane, scroll down to the Email Connectivity section and click View details.
31. Ensure that External Users Policy is applied.
32. Click cancel two times.
33. Repeat the steps 28 to 32 for users Chad Niswonger and Daniel Durrer.
Task 2: Configuring Outlook Anywhere
1. On LON-CAS1, in Exchange admin center, click servers in the left navigation pane.
2. In the central pane, double-click LON-CAS1.
3. In the LON-CAS1 window, click Outlook Anywhere.
4. In the first text box, type mail.adatum.com.
5. Make sure that second text box has the value lon-cas1.adatum.com, and that the third one has a
value Negotiate.
6. Select NTLM in the third option.
7. Click save.
Task 3: Enabling and using Offline Outlook Web App
1. On LON-CL1, click to the desktop, open Internet Explorer and type https://loncas1.adatum.com/owa.
2. Sign in as Adatum\Aidan with the password Pa$$w0rd. Click save.
3. In Outlook Web App window, open the Settings menu next to the user name in the right corner of
the browser, click Offline settings and then click Turn on offline access, and then click OK.
4. Click Next twice, and then press Ctrl+D.
5. In Add a favorite dialog box, click Add.
6. Sign out from Outlook Web App, click OK on offline access is turned on window and close Internet
Explorer.
7. On your host, open Hyper-V Manager.
8. Right-click the 20341B-LON-CL1 machine, and choose Settings.
9. Click on Network Adapter, and then in the Network drop-down box, select Not connected.
10. Click OK. By doing this you temporarily disconnect your client from the network.
11. Switch to the 20341B-LON-CL1 virtual machine.
12. Open Internet Explorer, and from the Favorites menu, choose Aidan Delaney Outlook Web App.
13. When the Outlook Web App window opens, verify that you can access mailbox content.
14. Send a test email to the administrator@adatum.com.
15. On your host, switch to Hyper-V Manager.
16. Right-click the 20341B-LON-CL1 machine and choose Settings.
17. Click on Network Adapter, and then in the Network drop-down box, select Private Network.
Click OK.
18. Wait for 20 to 30 seconds, and then refresh the Outlook Web App window. If a Security Alert
window appears, click Yes, and refresh the Outlook Web App window.
19. On LON-CAS1, open https://lon-cas1.adatum.com/owa, and sign in as Administrator.
20. Verify that you received the email from Aidan that was sent from the offline Outlook Web App.
Exercise 3: Configuring Exchange ActiveSync

Task 1: Plan a mobile device deployment
Because many different device platforms will be accessing your Exchange Server, what are your
main concerns?
The main concern regarding the different device platforms will be their ability to support Exchange
policies. From security perspective, it is required that you can force the password requirements to
mobile devices.
How will you achieve the requirement that settings be consistent on each mobile device?
You can implement a mobile-device mailbox policy to achieve consistent settings.
How will you implement the password requirements on your mobile device?
You will enforce password requirements to all devices that connect to your Exchange by
implementing appropriate policy.
How will you implement the requirements for quarantine?
Requirements for quarantine can be implemented by configuring mobile device access options in the
Exchange Administration Center.
Task 2: Configure mailbox policies for mobile devices
1. On LON-CAS1, switch to Internet Explorer and in the EAC, click mobile, and then click mobile
device mailbox policies.
2. Click the New icon.
3. In the new mobile device mailbox policy window, type Adatum Mobiles for the policy name.
4. Select the This is the default policy check box.
5. Do not select the Allow mobile devices that dont fully support these policies to synchronize
check box.
6. Select the Require a password check box.
7. Select the Require an alphanumeric password check box.
8. Select 2 in the drop-down box called Password must include this many character sets.
9. Select the Minimum password length check box, and type 5 in the text box.
10. Select the Number of sign-in failures before device is wiped check box, and type 4 in the text box.
11. Select the Require sign-in after device has been inactive for, check box and type 5 in the text box.
12. Click save.
Task 3: Configure device access rules
1. On LON-CAS1, in the EAC, click mobile, and then click mobile device access.
2. Click the edit button.
3. In the Exchange ActiveSync access settings window, click Quarantine Let me decide to block or
allow later.
4. In the Quarantine Notification Email Messages section, click the Add icon.
5. In the Select Administrators window, select Administrator, click add, and then click ok.
6. In the text box below, type the following text: Your device is temporary in quarantine. The
Administrator will examine your request and will allow or block your connection according to the policy.
7. Click save.
8. In the Device Access Rules pane, click the New icon.
9. In the new device access rule, in the Device family section, click browse.
10. In the Device Family window, click All families, and then click ok.
11. Under the Only this model section, click browse. Verify that no devices are listed, and then click
cancel. In a production environment, you could expect to see several models listed here.
12. In the new device access rule window, click Quarantine Let me decide to block or allow later.
13. Click cancel.
Exercise 4: Publishing Exchange Server 2013 Through TMG 2010

Task 1: Publish Exchange web-based services through TMG 2010
1. On LON-CAS1, open Windows PowerShell from taskbar, and type mmc.exe and then press Enter.
2. In the Console1 window, open the File menu and then click Add/Remove Snap-in.
3. Click Certificates and then click Add. Select Computer account and click Next.
4. Select Local computer, and then click Finish. Click OK.
5. Expand Certificates, expand Personal, and then click on Certificates.
6. Right-click the certificate Webmail.adatum.com, navigate to All Tasks, and select Export.
7. On the Welcome page, click Next.
8. On the Export Private Key page, select Yes, export the private key and click Next.
9. On the Export File Format page, click Next.
10. On the Security page, select Password and type Pa$$w0rd in both fields. Click Next.
11. On the File to Export page, type C:\CAS1.pfx as the file name, and then click Next.
12. Click Finish. In the pop window click OK. Close Console1 and click No to the Save console settings
to Console1? prompt.
13. Switch to LON-TMG machine.
14. On LON-TMG, click Start. In the Search box, type MMC, and then press Enter.
15. On the File menu, click Add/Remove Snap-in.
16. On the Add or Remove Snap-in page, click Certificates, and then click Add.
17. Click Computer account, click Next, click Finish, and then click OK.
18. Expand Certificates, right-click Personal, point to All Tasks, and then click Import.
19. On the Certificate Import Wizard page, click Next.
20. On the File to Import page, type \\LON-CAS1\C$\CAS1.pfx, and then click Next.
21. On the Password page, type Pa$$w0rd in the Password field, and then click Next.
22. On the Certificate Store page, click Next, and then click Finish.
23. Click OK, and then close Console1 without saving changes.
24. On LON-TMG, click Start, point to All Programs, click Microsoft Forefront TMG, and then click
Forefront TMG Management.
25. Expand Forefront TMG (LON-TMG), and then click Firewall Policy.
26. On the Firewall Policy Tasks pane, on the Tasks tab, click Publish Exchange Web Client Access.
27. On the Welcome to the New Exchange Publishing Rule Wizard page, type OWA Rule, and then
click Next.
28. On the Select Services page, in the Exchange version list, click Exchange Server 2010, select the
Outlook Web Access check box, and then click Next.
29. On the Publishing Type page, click Next.
30. On the Server Connection Security page, ensure that Use SSL to connect the published Web server
or server farm is configured, and then click Next.
31. On the Internal Publishing Details page, in the Internal site name text box, type
LON-CAS1.Adatum.com, and then click Next.
32. On the Public Name Details page, ensure that This domain name (type below) is configured in the
Accept requests for drop-down list. In the Public name box, type webmail.Adatum.com, and then click
Next.
33. On the Select Web Listener page, click New.
34. On the Welcome to the New Web Listener Wizard page, type HTTPS Listener, and then click Next.
35. On the Client Connection Security page, ensure that Require SSL secured connections with clients is
36. On the Web Listener IP Addresses page, select the External check box, and then click Next.
37. On the Listener SSL Certificates page, click Select Certificate.
38. In the Select Certificate dialog box, click Webmail.adatum.com, click Select, and then click Next.
39. On the Authentication Settings page, accept the default of HTML Form Authentication, and then
click Next.
40. On the Single Sign On Settings page, type Adatum.com as the single sign-on (SSO) domain name,
click Next, and then click Finish.
41. On the Select Web Listener page, click Next.
42. On the Authentication Delegation page, accept the default of Basic authentication, and then click
Next.
43. On the User Sets page, accept the default, and then click Next.
44. On the Completing the New Exchange Publishing Rule Wizard page, click Finish.
45. Click Apply twice to apply the changes, and then click OK when the changes have been applied.
46. Switch to the LON-CAS1 machine.
47. Switch to Internet Explorer and in the EAC, click servers in Feature pane.
48. Click virtual directories tab.
49. On the virtual directories tab, double-click owa (Default Web Site) LON-CAS1.
50. In the External URL box, type https://webmail.adatum.com/owa.
51. Click authentication, and then click Use one or more standard authentication methods, and then
select the Basic Authentication check box, and click save. Read the information on the window that
appears, and click ok.
52. On the virtual directories tab, double-click ecp (Default Web Site) LON-CAS1.
53. In the External URL box, type https://webmail.adatum.com/ecp.
54. Click authentication, and then click Use one or more standard authentication methods, and then
select the Basic Authentication check box, and click save.
55. Click yes on the warning window. Click ok.
56. Open the Windows PowerShell. At the PS prompt, type IISReset /noforce, and then press Enter.
57. Wait until IIS service restarts.
58. Switch back to LON-TMG machine.
59. In the Forefront TMG console, double-click OWA rule.
60. In the OWA rule properties windows, click on the Application Settings tab.
61. In the Published server logoff URL, type /owa/logoff.owa. (Note: you are doing this because TMG
2010 does not have publishing rule for Exchange 2013 so logoff page still direct users to old location
used by Exchange Server 2010.)
62. Click OK and then click Apply two times.
63. Click OK.
64. Double-click OWA rule.
65. On the General tab, click Test Rule.
66. In Web Publishing Rule Test Results window, look for results for
https://webmail.adatum.com:443/ecp and https://webmail.adatum.com:443/owa. You should have
green check marks for these URLs. Click Close, and then click OK.
Task 2: Publishing rule testing
1. On the host computer, in Hyper-V Manager, right-click 20341B-LON-CL1, and then click Settings.
2. Click Network Adapter, and in the Network drop-down list, click Private Network 2, and then click
OK.
3. Log on to LON-CL1 as Adatum\Administrator with password Pa$$w0rd.
4. On LON-CL1, in the Start screen, type control panel. Click on the Control Panel icon.
5. Open the Control Panel, and then click View network status and tasks.
6. Click Change adapter settings.
7. Right-click Ethernet, and then click Properties.
8. Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.
9. Change the IP address to 131.107.0.2, change the Default Gateway to 131.107.0.1.
10. Delete the value for DNS server.
11. Click OK, and then click Close. Close the Control Panel.
12. On the Start screen, type cmd and press Enter.
13. In the command prompt window, type notepad c:\windows\system32\drivers\etc\hosts, and then
press Enter.
14. At the bottom of the hosts file, type 131.107.0.1 webmail.adatum.com, and then save and close
the file.
15. Open Internet Explorer, and then connect to https://webmail.adatum.com/owa.

16. Log on as adatum\administrator using the password Pa$$w0rd, and then verify that you access the
user mailbox.
17. In the Outlook Web App window, click Settings and then click Options. Verify that you can connect
to the options of your mailbox.
18. Close Internet Explorer.
4. Repeat steps 2 to 3 for 20341B-LON-CAS1, 20341B-LON-MBX1, 20341B-LON-TMG, and
20341B-LON-CL1.
8. You must now move the subnet object currently associated with the Swindon site to the London
site before starting the Exchange Servers:
a. On LON-DC1, click Server Manager.
b. In Server Manager, click Tools and then click Active Directory Sites and Services.
c. In Active Directory Sites and Services, click Subnets.
d. Right-click 172.16.0.128/25 and then click Properties.
e. In the 172.16.0.128/25 Properties dialog box, in the Site list, click London and then click OK.
f. Close Active Directory Sites and Services.
g. Close Server Manager.
repeat steps 5 to 7 for 20341B-LON-MBX2, 20341B-LON-CAS1, and 20341B-LON-CAS2.
Module 6: Planning and Implementing High Availability

Lab: Implementing High Availability
Exercise 1: Creating and Configuring a Database Availability Group
Task 1: Pre-stage the cluster network object for a DAG
1. On LON-DC1, in Server Manager, click Tools, and then click Active Directory Users and Computers.
2. In Active Directory Users and Computers, on the menu bar, click View, and then click Advanced
Features.
3. In the left pane, expand Adatum.com, click Computers, then right-click Computers, point to New,
and then click Computer.
4. In the New Object Computer dialog box, in the Computer name field, type DAG1, and then click
OK.
5. In the right pane, right-click DAG1, and then click Properties.
6. In the DAG1 Properties dialog box, click the Security tab.
7. On the Security tab, click Add, and in the Enter the object names to select field, type Exchange
Trusted Subsystem. Click Check Names, and then click OK.
8. On the Security tab, click Add, and then click Object Types.
9. In the Object Types dialog box, click Computers, and then click OK.
10. In the Select Users, Computers, Service Accounts, or Groups window, in the Enter the object names
to select field box, type LON-MBX1$, then click Check Names, and then click OK.
11. On the Security tab, select LON-MBX1 (ADATUM\LON-MBX1$), then in the Allow column in the
Permissions for LON-MBX1 list, click Full control.
12. On the Security tab, select Exchange Trusted Subsystem (ADATUM\Exchange Trusted
Subsystem), then in the Allow column in the Permissions for Exchange Trusted Subsystem list, click Full
control, and then click OK.
13. In the Active Directory Users and Computers window, in the right pane, right-click DAG1, and then
click Disable Account.
14. In the warning window, click Yes, and then on the next information window, click OK.
Task 2: Create a DAG and add mailbox servers to the DAG
1. Switch to LON-CAS1. Open Internet Explorer, and type https://lon-cas1.adatum.com/ecp, and
then press Enter.
2. Sign in as Adatum\administrator with the password Pa$$w0rd.
3. In the EAC, in the Feature pane, click servers.
4. On tabs, click database availability groups, and then on the toolbar, click New.
5. In the New database availability group window, in the Database availability group name field, type
DAG1, then click Witness server, and type LON-CAS1 in the Witness server field. Click
Witness directory, in the Witness directory field, type C:\FSWDAG1, click Enter an IP address, in
Database availability group IP addresses field, and type 172.16.0.33. Then click Add, and then click
save.
6. In the list view, click DAG1, and on the toolbar, click Manage DAG membership.
7. In the manage database availability group membership window, click Add.
8. In the Select Server window, click LON-MBX1, click add, and then click LON-MBX2. Click add, and
then click ok.
9. In the manage database availability group membership window, click save.
10. In the Saving completed successfully window, click close.
Task 3: Create a mailbox database copy
1. In the EAC, in tabs, click databases, then click Mailbox Database 1 on the toolbar, click More, and
then click Add database copy.
2. In the add mailbox database copy window, click browse.
3. In the Select Server window, click LON-MBX2, and then click ok.
4. In the add mailbox database copy window, click save.
5. Wait until the saving completes successfully, then click close.
Task 4: Verify successful completion of copying a database
1. In tabs, click Refresh, and wait until the details pane shows Mailbox Database 1\LON-MBX2 as
Passive Healthy. This might take several minutes and up to several hours depending on the size of the
database.
2. In the details pane, under Mailbox Database 1\LON-MBX2, click View details.
3. Make sure that the Status displays Healthy and the Content index state also displays Healthy. Then
click cancel. Note that this might take some time, so please wait.
Task 5: Suspend and resume a database copy
1. In the EAC, in the details pane, click Mailbox Database 1, and then under Mailbox Database
1\LON-MBX2, click Suspend.
2. In the Suspend database window, in the Comments field, type Test Suspend, and then click save.
Now the database copy is suspended and will not receive any updates.
3. In the details pane, under Mailbox Database 1\LON-MBX2, click Resume. If the Resume button is not
available, wait and then click Refresh a few more times.
4. In the warning window, click yes.
5. In tabs, click Refresh, and then wait until the details pane shows Mailbox Database 1\LON-MBX2 as
Copy queue length: 0.
Exercise 2: Deploying Highly Available Client Access Servers

Task 1: Install the Network Load Balancing feature on Client Access servers
1. Switch to LON-CAS1.
2. Click the Server Manager icon on the taskbar to open Server Manager.
3. Click Add roles and features.
6. On the Select destination server page, make sure that Select a server from the server pool is
7. On the Select server roles page, click Next.
8. On the Select features page, click Network Load Balancing, and in the Add Roles and Features
Wizard window, click Add Features, and then click Next.
10. In the Add Roles and Features Wizard, wait until the feature installation has succeeded, and then
click Close.
11. Switch to the LON-CAS2 virtual machine.
12. Click the Server Manager tile.
13. Click Add roles and features.
16. On the Select destination server page, make sure that Select server from the server pool is
17. On the Select server roles page, click Next.
18. On the Select features page, click Network Load Balancing. In the Add Roles and Features Wizard
window, click Add Features, and then click Next.
20. In the Add Roles and Features Wizard, wait until the feature installation has succeeded, and then
click Close.
Task 2: Create a load-balanced Client Access server cluster
1. Switch to LON-CAS1, and in Server Manager, on the menu bar, click Tools, and then in the Tools
drop-down list, select Network Load Balancing Manager.
2. In the Network Load Balancing Manager, on the menu bar, click Cluster, and then click New.
3. In the New Cluster: Connect dialog box, type LON-CAS1 in the Host field, click Connect, and then
click Next.
4. In New Cluster: Host Parameters dialog box, click Next.
5. In New Cluster: Cluster IP Address dialog box, click Add.
6. In the Add IP Address dialog box, type 172.16.0.6 as the IPv4 address, type 255.255.0.0 as the
Subnet mask, and then click OK.
7. In the New Cluster: Cluster IP Address dialog box, click Next.
8. In the New Cluster: Cluster Parameters dialog box, type webmail.adatum.com in the Full Internet
name box, and then click Next.
9. In New Cluster: Port Rules dialog box, click Finish.
10. In Network Load Balancing Manager, wait until the LON-CAS1 icon turns green.
11. In the left pane, right-click Webmail.adatum.com (172.16.0.6), and then click Add Host To Cluster.
12. In the Add Host to Cluster: Connect dialog box, type LON-CAS2 in Host field, click Connect, and
then click Next.
13. In the Add Host to Cluster: Host Parameters dialog box, click Next.
14. In the Add Host to Cluster: Port Rules dialog box, click Finish.
15. In Network Load Balancing Manager, wait until the LON-CAS2 icon turns green, and the Status says
Converged.
Task 3: Create a DNS record for the virtual IP address
1. Switch to LON-DC1, and in Server Manager, click Tools, and then click DNS.
2. In the DNS Manager, in the left pane, expand Forward Lookup Zones, select and then right-click
Adatum.com, and then click New Host (A or AAAA).
3. In the New Host dialog box, in Name field type Webmail, in the IP address field, type 172.16.0.6,
and then click Add Host.
4. Click OK, and then click Done.
Exercise 3: Testing the High-Availability Configuration
Task 1: Simulate failure on LON-CAS1 and verify Microsoft Outlook Web Access functionality
1. Switch to LON-CAS1, then in Network Load Balancing Manager, in the left pane, right-click
LON-CAS1(Ethernet), click Control Host, and then click Stop.
2. Switch to LON-DC1, open Internet Explorer and type https://webmail.adatum.com/owa, and
then press Enter.
3. In Outlook Web App, sign in as Adatum\administrator with the password Pa$$w0rd.
4. You should now see your Inbox. This indicates that LON-CAS2 is currently serving as the Client
Access server.
Task 2: Enable LON-CAS1 and simulate a LON-CAS2 failure
1. Switch to the LON-CAS1 virtual server, in Network Load Balancing Manager, in the left pane,
rightclick
LON-CAS1 (Ethernet), click Control Host, and then click Start.
2. In Network Load Balancing Manager, wait until the LON-CAS1 (Ethernet) icon turns green, and the
Status says Converged.
3. Switch to the Host machine, in Hyper-V Manager, right-click 20341B-LON-CAS2, and then click
Turn Off. Click Turn Off.
4. Switch to the LON-DC1 virtual machine. In Internet Explorer, click Refresh (F5).
5. In Outlook Web App, if the sign in page appears, sign in as Adatum\administrator with the
password Pa$$w0rd.
6. In Outlook Web App, in the left pane click, Sent Items to make sure Outlook Web App is still
working. This verifies that LON-CAS1 took over the Client Access server role for the client.
Task 3: Verify high availability of the database copies
1. Switch to LON-CAS1, and in the EAC, click servers, and then on tabs, click databases.
2. In list view, click Mailbox Database 1, and in the details pane, verify that Mailbox Database
1\LON-MBX1 is Active Mounted and Mailbox Database 1\LON-MBX2 is Passive Healthy.
3. Switch to the Host machine, in Hyper-V Manager, right-click 20341B-LON-MBX1, and then click
Turn Off. Click Turn Off.
4. Switch to the LON-CAS1 virtual machine. In Internet Explorer, click Refresh (F5).
Note: If you receive an error in Internet Explorer, close it and reopen it and reconnect to the EAC.
5. In the EAC, if the sign-in page appears, sign in as Adatum\administrator with the password
Pa$$w0rd.
6. In the EAC, in the Feature pane, click Servers.
7. On tabs, click databases, and then in the list view, click Mailbox Database 1.
8. Verify that in the details pane Mailbox Database 1\LON-MBX1 shows as Passive ServiceDown, and
Mailbox Database 1\LON-MBX2 shows as Active Mounted.
9. Switch to the LON-DC1 virtual machine, and in Internet Explorer and Outlook Web App, in the left
pane, click Inbox. Create and send a new message to make sure the mailbox is available and can be
used.
the
following steps:
4. Repeat steps 2 to 3 for 20341B-LON-CAS1, 20341B-LON-CAS2, 20341B-LON-MBX1, and
20341B-LON-MBX2.
Note: Although some of the servers are not running, you must still revert them.
Module 7: Planning and Implementing Disaster Recovery

Lab: Implementing Disaster Recovery for Exchange Server 2013
Exercise 1: Backing Up Exchange 2013
Task 1: Populate a mailbox with Outlook Web App
1. On LON-CAS1, open Internet Explorer. Type https://lon-cas1.Adatum.com/owa.
2. Sign in as Adatum\michael with the password Pa$$w0rd.
3. On the Language and Time zone page, click save.
4. Click new mail.
5. In the To section, type Mark Bebbington, and type Message before backup into the subject line.
6. Click Send.
7. Sign out from Outlook Web App.
8. Sign in again as Adatum\mark with the password Pa$$w0rd.
9. On the Language and Time zone page, click save.
10. Check that the message is received.
13. Switch to the Start screen, and click the Exchange Management Shell.
14. Type the following command, and press Enter:
Get-Mailbox mark@ADatum.com | fl name,database,guid
Notice the name and the GUID of the Mailbox Database. This is needed for the restore.
Task 2: Install Windows Server Backup
1. On LON-MBX1, on the Start screen, click Server Manager.
2. In the Dashboard, click Add roles and features. The Add Roles and Features Wizard opens.
3. On the Before You Begin page, click Next.
4. On the Installation Type page, select Role-based or feature-based installation, and click Next.
5. On the Server Selection page, select Select a server from the server pool, click
LON-MBX1.Adatum.com in the Server Pool, and click Next.
6. On the Server Roles page, click Next.
7. On the Features page, scroll down in the Features list, select Windows Server Backup, and click
Next.
8. On the Confirmation page, do not select the Restart the destination server automatically if required
option, and then click Install.
9. On the Results page, click Close.
Task 3: Perform a backup of a mailbox database using Windows Server Backup
1. On LON-CAS1, open File Explorer, and create a folder named Backup on drive C:\.
2. Right-click the Backup folder, select Share with, and select Specific people.
3. Check that the Administrator account has Read/Write permissions, and click Share. Click Done.
5. On LON-MBX1, on the Start screen, click Administrative Tools.
6. Scroll down the tools list and double-click Windows Server Backup.
7. In the left navigation pane, select Local Backup.
8. In the Actions pane on the right side, click Backup Once.
9. In the Backup Once Wizard on the Backup Options page, select Different options, and click Next.
10. On the Select Backup Configuration page, select Full server (recommended), and click Next.
11. On the Specify Destination Type page, select Remote shared folder, and click Next.
12. On the Specify Remote Folder page, under Location type \\LON-CAS1\Backup, under Access
control, select Do not inherit and click Next.
13. In the Windows Security pop-up window, enter Administrator as the name and Pa$$w0rd as the
password, and click OK.
14. On the Confirmation page, click Backup.
15. On the Backup Progress page, click Close.
16. When the backup completes, close Windows Server Backup. It may take 10 to 15 minutes to
complete.
Task 4: Delete message in mailbox
1. On LON-CAS1, open Internet Explorer. Type https://lon-cas1.ADatum.com/owa.
2. Sign in as Adatum\Mark with the password Pa$$w0rd.
3. Delete the message received from Michael.
4. Empty the Deleted Items folder.
5. Right-click the Deleted Items folder and select recover deleted items.
6. In the recover deleted items window, select the message received from Michael, and click purge.
7. Click ok to confirm the purge action on the selected item.
8. Close the recover deleted items window.
Exercise 2: Restoring Exchange Server 2013 Data

Task 1: Restore the database using Windows Server Database
1. On LON-MBX1, open File Explorer, and create a folder named Restore on drive C:\.
2. On the Start screen, click Administrative Tools.
3. Scroll down the tools list, and double-click Windows Server Backup.
4. In the Actions pane, click Recover.
5. In the Recovery Wizard on the Getting Started page, select A backup stored on another location, and
click Next.
6. On the Specify Location Type page, select Remote shared folder, and click Next.
7. On the Specify Remote Folder page, type \\LON-CAS1\Backup, and click Next.
8. On the Select Backup Date page, select the date and time of the backup, and click Next.
9. On the Select Recovery Type page, select Applications, and click Next.
10. On the Select Applications page, verify that Exchange is selected.
11. Select Do not perform a roll-forward recovery of the application database, and click Next.
12. On the Specify Recovery Options page, select Recover to another location, and click Browse.
13. In the Browse For Folder window, select the C:\Restore folder, and click OK. Click Next.
14. On the Confirmation page, click Recover.
15. On the Recovery Progress page, check that the status of the recovery is Completed, and click Close.
16. Close Windows Server Backup.
Task 2: Create a recovery database with the Exchange Management Shell
1. On LON-MBX1, click to the Start screen, and then click Exchange Management Shell.
2. In the Exchange Management Shell, execute the following command. This command identifies the
Mailbox Database 1 GUID, as well as the locations for the database and transaction log files.
Get-MailboxDatabase ID Mailbox Database 1 | fl name, guid, edbfilepath, logfolderpath
3. In the Exchange Management Shell, type the following command to create the Recovery database,
and press Enter. Verify that the GUID, database and transaction log names match the output from the
previous command.
New-MailboxDatabase Recovery Name RecoveryDB EdbFilePath C:\Restore\3c32c739-a0ce-43bc-a2992f56f2bcb20c\C_\Program Files\Microsoft\Exchange Server\V15\Mailbox\Mailbox Database 1808842331\Mailbox
Database 1808842331.edb
LogFolderPath C:\Restore\GUID\C_\Program Files\Microsoft\Exchange Server\V15\Mailbox\Mailbox Database
1808842331 Server LON-MBX1
4. At the Exchange Management Shell prompt, type the following command, and then press Enter.
Restart-service msexchangeis
CD C:\Restore\3c32c739-a0ce-43bc-a299-2f56f2bcb20c\C_\Program Files\Microsoft\Exchange
Server\V15\Mailbox\Mailbox Database 1808842331
Eseutil /r E00 /i /d
7. At the Exchange Management Shell prompt, type the following command, and press Enter.
Mount-Database RecoveryDB
Get-MailboxStatistics -Database RecoveryDB
9. This cmdlet displays all mailboxes within the recovery database. Check that the Mark Bebbington
mailbox is listed.
Task 3: Recover the mailbox from the recovery database

New-MailboxRestoreRequest SourceDatabase RecoveryDB SourceStoreMailbox Mark Bebbington TargetMailbox
mark@adatum.com -SkipMerging StorageProviderForSource
Get-MailboxRestoreRequest
3. Repeat step 2 until the status is shown as Completed.

4. On LON-CAS1, open Internet Explorer.
5. Type https://lon-cas1.adatum.com/owa.
6. Sign in as adatum\mark with the password Pa$$w0rd.
7. Verify that the message has been restored.
Exercise 3: Exchange Server 2013 Disaster Recovery (Optional)

Task 1: Installing Exchange Server 2013 in Recover Server mode
1. On LON-DC1, from Server Manager, open Active Directory Users and Computers.
2. In the console tree, click Computers.
3. In the details pane, right-click the computer LON-CAS2, and then click Reset Account.
4. Click Yes and then click OK.
5. On your host, in Hyper-V Manager, click 20341B-LON-SVR1, and in the Actions pane, click Start.
o User name: Administrator
8. On the Start screen, click Server Manager.
9. In Server Manager, click Local Server in the console tree. Beside Ethernet, click the 172.16.0.30,
IPv6 Enabled.
10. Right-click Ethernet, and click Properties.
11. Click Internet Protocol Version 4 (TCP/IP v4), and click Properties.
12. Change the IP address to 172.16.0.21, and the Preferred DNS server to 172.16.0.10.
13. Click OK, click Close, and then close the Network Connections window.
14. Click the link next to Computer name in the Properties tile.
15. In the System Properties dialog box, on the Computer Name tab, click Change.
16. In Computer Name, type LON-CAS2. Under Member of, click Domain, and then type adatum.com.
Click OK.
17. When you are prompted for a user name and password, type Administrator and the password
Pa$$w0rd, and then click OK.
18. When you see a dialog box welcoming you to the adatum.com domain, click OK.
19. When you are prompted that you must restart the computer, click OK.
20. On the System Properties dialog box, click Close.
21. When you are prompted to restart the computer, click Restart Now.
22. All steps referring to LON-CAS2 should be performed on the renamed virtual machine (previously
LON-SVR1).
23. Sign in to LON-CAS2 as Adatum\Administrator with the password Pa$$w0rd.
24. In Hyper-V Manager, open the 20341B-LON-SVR1 settings, and attach the Exchange iso from
D:\Program Files\Microsoft learning\20341\Drives\ExchangeServer2013CU1.iso.
25. On LON-CAS2, open a Command Prompt as an administrator.
26. Type D:, and press Enter.
27. Type the following command and press Enter
Setup.exe /m:RecoverServer /Iacceptexchangeserverlicenseterms
28. After setup has finished, restart the server.

4. Repeat steps 2 to 3 for 20341B-LON-CAS1, 20341B-LON-SVR1, and 20341B-LON-MBX1.
Module 8: Planning and Configuring Message Transport

Lab: Planning and Configuring Message Transport
Exercise 1: Configuring Message Transport
Task 1: Configure a Send connector to the Internet
1. On LON-CAS1, open Internet Explorer and type https://lon-cas1.adatum.com/ecp, and press Enter.
3. In the EAC, in the Feature pane, click mail flow.
4. Click the send connectors tab.
5. Click the New button.
6. In the new send connector window, type Internet sending in the Name text box.
7. Select Internet (For example, to send internet mail), and click next.
8. On the next wizard page, make sure that MX record associated with recipient domain is selected,
and click next.
9. On the next wizard page, click Add.
10. In the add domain window, in the Full Qualified Domain Name (FQDN) text box, type * and click
save, and then click next.
11. On the next wizard page, click Add.
12. Select LON-MBX1, and click the add-> button, and click ok.
13. Click finish.
Task 2: Configure a receive connector to accept relaying
1. In the EAC, click the receive connectors tab.
2. Click New.
3. In the new receive connector window, type AppClient in the Name box, and select Client.
Click next.
4. On the next page, click Remove to remove scope 0.0.0.0 255.255.255.255. Click Add.
5. In the add IP address window, type 172.16.0.10, and click save.
6. Click finish.
7. Click on AppClient, and then click Edit.
8. Click security.
9. Select the Anonymous users check box, and click save.
Exercise 2: Troubleshooting Message Delivery

Task 1: Verify that messages from the Internet can be received
1. On LON-DC1, open Windows PowerShell from the task bar.
2. At the command prompt, type telnet LON-CAS1 smtp, and then press Enter.
3. Type helo, and press Enter.
4. Type mail from: info@internet.com, and press Enter.
You should receive response: 250 2.1.0 Sender OK
5. Type rcpt to: Aidan@adatum.com, and press Enter.
Response: 250 2.1.5 Recipient OK.
6. Type data, and press Enter.
Response: 354 Start mail input; end with <CRLF>.<CRLF>
7. Type Test from Internet, and press Enter.
8. Press the period (.) key, and then press Enter.
9. Type Quit, and press Enter.
10. Switch to LON-CL1, and log on as Adatum\Aidan with the password Pa$$w0rd.
11. In Start, right-click Start, click All apps, and then click Outlook 2013.
12. In the Welcome to Microsoft Outlook 2013 Wizard, click Next three times and then click Finish.
13. If prompted about a certificate, in the Security Alert dialog box, click Yes.
14. In the First things first dialog box, click Ask me later and then click Accept.
15. Verify that you received a new message from info@internet.com.
16. Reply to the message with the text of your choice, and click Send.
Task 2: Troubleshoot message transport
1. On LON-MBX1, on the Start screen, click on Exchange Toolbox.
2. In the Exchange Toolbox window, double-click Queue Viewer.
3. In the Queue Viewer window, ensure that the internet.com domain is listed with one message in
the queue.
4. Double-click on internet.com
5. Right-click on the Aidan@adatum.com message, and select Remove (with NDR).
6. Click OK in the Bulk Action window, and then click Yes.
7. Switch to LON-CL1 machine, and ensure that you are still logged on as Aidan.
8. In the Outlook 2013 window, ensure that you received non-delivery report for the message you
sent to info@internet.com.
Exercise 3: Configuring Transport Rules and Data-Loss Prevention Policies

Task 1: Implementing and testing a disclaimer transport rule
1. On LON-CAS1, in the EAC, click mail flow in the Feature pane.
2. Click the rules tab.
3. Click the New and then click Create a new rule.
4. In the new rule window, in the Name text box, type Adatum Disclaimer.
5. In the Apply this rule if drop-down box, select The sender is located option, and then in the select
sender location window, select Inside the organization, and then click ok.
6. In the Do the following drop-down box, select Append the disclaimer.
7. Click Enter text.
8. In the specify disclaimer text, type This is the Adatum Disclaimer, and click ok.
9. Click Select one, and then in the specify fallback action window, select Wrap and click ok.
10. Click More options.
11. Click the add exception button. In the Except if drop-down box, point to The sender and then click
is a member of this group.
12. In the Select Members window, click Administrator, and click add->. Then click ok.
13. Select the check box on the option Activate this rule on the following date and select tomorrows
date in drop-down box and then click save.
14. Switch to LON-CL1, and in Outlook 2013, click New Email.
15. In the To field, type administrator@adatum.com.
16. In the Subject field, type disclaimer test.
17. In the message body, type Test, and then click Send.
18. Open Internet Explorer, and type https://lon-cas1.adatum.com/owa.
19. In the Outlook Web App window, sign in as Adatum\Administrator with the password Pa$$w0rd.
20. In the Outlook Web App, ensure that you received an email from Aidan, and that the disclaimer
text is appended to the messages.
21. Reply to that message with any text.
22. Switch to Outlook 2013, and make sure that you received the message from Administrator, but
without the disclaimer.
Task 2: Create a Data-Loss Prevention policy
1. On LON-CAS1, in the EAC, click compliance management in the Feature pane.
2. Click on the data loss prevention tab.
3. Click an arrow next to the + sign.
4. Select New custom DLP policy.
5. In the new custom DLP policy window, in the Name text box, type IP address block.
6. Click Enforce, and then click save.
7. Select the IP address block policy, and then click Edit.
8. In the IP address block window, click rules.
9. Click an arrow next to the + sign, and then select Block messages with sensitive information.
10. In the New Rule window, click Outside the organization. In the select recipient location window,
select Inside the organization, and click ok.
11. Click Select sensitive information types.
12. In the sensitive information types windows, click Add.
13. Scroll down the list and select IP Address, and then click add->. Then click ok two times.
14. In the Do the following drop-down box, select Generate incident report and send it to, and then
click Select one.
15. In the list, select Administrator, and click ok.
16. Click Include message properties, select sender checkbox. Click OK.
17. Click Block the message.
18. In the notify the sender with a Policy Tip, type Your message is blocked in the Enter the message for
the NDR that users will receive text box, and click ok.
19. Click Include message properties, and in the Include message properties window, select the original
mail check box and then click ok.
20. Select the check box on the option Activate this rule on the following date, and then click save.
21. In the IP address block, click save.
Task 3: Verify data-loss prevention policy functionality
1. Switch to LON-CL1, and switch to Outlook 2013.
2. Click New Email.
3. In the To field, type amr@adatum.com.
4. In the Subject field, type block test.
5. In the message body, type This is my IP address: 192.168.0.100, and then click Send.
6. Wait for a few moments, and see if you receive an email with the message that your previous
message to Arm Zaki is undeliverable. Also ensure that Your message is blocked text appears.
Review the message content.
7. Switch to Internet Explorer, and in the Outlook Web App window, ensure that you received an email
from Aidan and that the original message that Aidan sent to Amr is attached.
Module 9: Planning and Configuring Message Hygiene

Lab: Planning and Configuring Message Security
Exercise 1: Configure Antimalware Options in Exchange Server 2013
Task 1: Enable antimalware features in Exchange Server 2013
1. On LON-MBX1, on the Start screen click Exchange Management Shell.
2. In the Exchange Management Shell, change current folder to \Program Files\Microsoft
\Exchange Server\V15\Scripts by typing the following cmdlet, and then press Enter.
cd \Program Files\Microsoft\Exchange Server\V15\Scripts
3. In the Exchange Management Shell, enable antimalware scanning by typing following script, and
then press Enter.
.\Enable-AntimalwareScanning.ps1
4. Verify that the following message appears: Antimalware engines are updating. This may take a
few minutes. Note that because the lab environment does not have an Internet connection, the
engine update cannot complete. Type CTRL-C to stop the script.
5. In the Exchange Management Shell, restart the Microsoft Exchange Transport Service by typing
following cmdlet, and then press Enter.
Restart-Service MSExchangeTransport
6. In the Exchange Management Shell, list installed transport agents by typing the following cmdlet,
Get-TransportAgent
7. Verify that the following antimalware agent is listed: Malware Agent. Note that the status of
Malware Agent is Enabled True if the script was allowed to complete.

Task 2: Configure the default antimalware policy in Exchange Server 2013
2. Move the mouse pointer to the lower right corner of the window, and then click on the Start
charm.
3. On the Start screen, click on the Internet Explorer tile.
4. In Internet Explorer, type the following address in the address bar, https://lon-cas1.adatum.com
/ecp and then press Enter.
5. Sign in to the EAC as Adatum\Administrator with the password Pa$$w0rd, and then click on the
sign in button.
6. In the EAC, on the feature pane, click on protection.
7. In the EAC window, on malware filter tab, click on the edit button on the toolbar.
8. In the Default window, click on settings.
9. Under Malware Detection Response, select Delete all attachments and use custom alert text.
10. In the Custom alert text box, type the following text: The attachment has been deleted because it
contained malware. Contact your administrator.
11. Under Notifications, select both Notify internal senders and Notify external senders check boxes.
12. Under Administrator Notifications, select the Notify administrator about undelivered messages
from internal senders check box.
13. In the Administrator email address box, type administrator@adatum.com.
14. Under Administrator Notifications, select the Notify administrator about undelivered messages
from external senders check box.
15. In the Administrator email address box, type administrator@adatum.com.
16. In the Default window, click the save button.
Exercise 2: Configuring Anti-Spam Options on Exchange Server

Task 1: Enable anti-spam features on LON-MBX1
1. Switch to LON-MBX1.
2. In Exchange Management Shell, install anti-spam agents by typing following script and then press
Enter.
.\Install-AntiSpamAgents.ps1
3. In Exchange Management Shell, restart the Microsoft Exchange Transport Service by typing
following cmdlet and then press Enter.
Restart-Service MSExchangeTransport
4. In Exchange Management Shell, specify the IP addresses of the internal SMTP servers LON-MBX1
and LON-MBX2 that should be ignored by the Sender ID agent, by typing following cmdlet and then
press Enter.
Set-TransportConfig -InternalSMTPServers @{Add=172.16.0.22,172.16.0.223}
5. In Exchange Management Shell, list installed transport agents by typing following cmdlet and then
press Enter.
Get-TransportAgent
6. Verify that following anti-spam agents are listed: Content Filter Agent, Sender ID Agent, Sender
Filter Agent, Recipient Filter Agent, Protocol Analysis Agent. Verify that the status of anti-spam
agents is Enabled True.
Task 2: Configure content filtering on LON-MBX1
1. In the Exchange Management Shell, verify that content filtering is enabled by typing the following
cmdlet, and then press Enter.
Get-ContentFilterConfig | Format-List Enabled
2. Verify that Enabled:True is displayed.

3. In Exchange Management Shell, configure the blocked phrase Poker results by typing the following
Add-ContentFilterPhrase -Influence BadWord -Phrase "Poker results"
4. In the Exchange Management Shell, configure the allowed phrase Report document by typing the
Add-ContentFilterPhrase -Influence GoodWord -Phrase "Report document"
5. In the Exchange Management Shell, configure the quarantine mailbox quarantine@adatum.com by

typing the following cmdlet, and then press Enter.
Set-ContentFilterConfig -QuarantineMailbox quarantine@adatum.com
6. In the Exchange Management Shell, configure SCL thresholds and enable quarantine by typing the
Set-ContentFilterConfig -SCLRejectEnabled $true -SCLRejectThreshold 8 -SCLQuarantineEnabled $true
-SCLQuarantineThreshold 7
7. In the Exchange Management Shell, configure a custom rejection response by typing the following
Set-ContentFilterConfig -RejectionResponse "Your message was rejected by our spam filter. Contact your administrator."
8. In the Exchange Management Shell, configure the SCL junk threshold with value 6 for all mailboxes
in your organization by typing the following cmdlet, and then press Enter.
Set-OrganizationConfig -SCLJunkThreshold 6
Task 3: Configure sender and recipient filtering on LON-MBX1

1. On LON-MBX1, in the Exchange Management Shell, configure sender filtering to block messages
from marketing@contoso.com by typing the following cmdlet, and then press Enter.
Set-SenderFilterConfig -BlockedSenders marketing@contoso.com
2. In the Exchange Management Shell, configure recipient filtering to block messages sent to
helpdesk@adatum.com by typing the following cmdlet, and then press Enter.
Set-RecipientFilterConfig -BlockListEnabled $true BlockedRecipients helpdesk@adatum.com
Exercise 3: Validating Antimalware and Anti-Spam Configuration

Task 1: Validate antimalware configuration
2. Edit the E:\Labfiles\Mod09\Eicar.txt file and remove the line breaks between the first line and the
subsequent text line. All of the text should be on one line. Save the file.
3. If Internet Explorer is currently open, close it.
4. Open Internet Explorer, and type https://lon-cas1.adatum.com/owa.
5. Sign in as Adatum\Michael with the password Pa$$w0rd.
6. On the Language and time zone page, make no changes to the time zone, and then click Save.
8. Type mark@adatum.com in the To field.
9. Click in the Subject field, and type Test Message.
10. In the message body, type Daily report, click Insert, and then click Attachment.
11. In Choose File to Upload window, in the navigation pane, browse to E:\Labfiles\Mod09, doubleclick
file EICAR.TXT, and then click Send.
12. In Outlook Web App window, click on Michael Allen, and then click Sign out.
13. In Internet Explorer, on the Outlook Web App logon page, sign in as Adatum\Mark with the
password Pa$$w0rd. Click Save.

14. In the Outlook Web App window, open the new message from Michael Allen. Double-click the
attachment, click Open and then click Open again.
15. Verify that the code that was in the file has been deleted and replaced by the custom text you
configured.
16. In the Outlook Web App window, click on Mark Bebbington, and then click Sign out.
Task 2: Validate anti-spam configuration
1. Switch to LON-DC1.
2. On LON-DC1, open Windows PowerShell from the task bar.
3. At the command prompt, type telnet LON-CAS1 smtp, and then press Enter.
4. Type helo, and press Enter.
5. Type mail from: info@internet.com, and press Enter.
You should receive the response: 250 2.1.0 Sender OK
6. Type rcpt to: michael@adatum.com, and press Enter.
Response: 250 2.1.5 Recipient OK
7. Type data, and press Enter.
Response: 354 Start mail input; end with <CRLF>.<CRLF>
8. Type Subject: Information for you and then press Enter twice.
9. Type Please find below poker results, and press Enter.
10. Press the period (.) key, and then press Enter.
11. Verify that following message is displayed: Your message was rejected by our spam filter. Contact
your administrator. Type Quit, and press Enter.
When you finish the lab, revert the virtual machines to their initial state by performing the following
steps:
4. Repeat steps 2 and 3 for 20341B-LON-CAS1 and 20341B-LON-MBX1.
Module 10: Planning and Configuring Administrative Security and

Auditing
Lab: Configuring Administrative Security and Auditing
Exercise 1: Configuring Exchange Server Permissions
Task 1: Configure Exchange server permissions for the IT administrators group
1. On LON-MBX1, open Server Manager, click Tools, and then click Active Directory Users and
Computers.
2. In the left pane, expand Adatum.com, click Microsoft Exchange Security Groups, and then on right
pane, double-click Server Management.
3. In Server Management Properties, click the Members tab, and then click Add.
4. In the Enter the object names to select field, type IT, and then click OK twice.
5. Close Active Directory Users and Computers.
Task 2: Configure permissions for the Support Desk and HelpDeskAdmins groups
2. In the Exchange Management Shell, at the PS prompt, type the following command, and then press
Enter:
New-RoleGroup -Name HelpDeskAdmins -roles Mail Recipients
3. At the PS prompt, type the following command, and then press Enter:
New-RoleGroup -Name SupportDesk -roles Mail Recipients, Mail Recipient Creation, Distribution Groups
4. Click to the Start screen, and then click Internet Explorer, connect to https://LONCAS1.adatum.com/ecp. Sign in as Adatum\Administrator using the password
Pa$$w0rd.
5. In the EAC, in the feature pane, click permissions.
6. On tabs, click admin roles, and then double-click SupportDesk in the list view.
7. In the Role Group window, under Members, click Add.
8. On the Select Members page, select Ryan Spanton, click add, and then click ok.
9. In the Role Group window, click save.
10. In the list view, double-click HelpDeskAdmins.
11. In the Role Group window, under Members, click Add.
12. On the Select Member page, select Carol Troup, click add, and then click ok.
13. In the Role Group window, click save.
Task 3: Verify the permissions for the three role groups created
1. On LON-MBX1, open Internet Explorer, and connect to https://LON-CAS1.adatum.com/ecp. Sign
in as Adatum\Tony using the password Pa$$w0rd.
2. In the feature pane, click servers.
3. In tabs, click databases.
4. In the list view, double-click Research.
5. On the Mailbox database dialog box, in the left pane, click limits, then click the Issue a warning at
(GB) drop-down list, select unlimited, and then click save.
6. In the feature pane, click unified messaging. Verify that you can see the UM dial plans, but not
create or modify them. Remember that Tony is part of the IT group, and therefore is able to modify
server properties but not unified messaging settings.
8. Open Internet Explorer, and connect to https://LON-CAS1.adatum.com/ecp. Sign in as
Adatum\Ryan using the password Pa$$w0rd. Recognize that in the feature pane, there are no servers.
This is because Ryan does not have permissions to manage servers.
9. In the feature pane, click recipients.
10. In the list view, double-click Alan Steiner.
11. In the User Mailbox window, in the left pane, click organization.
12. In the Department field, type IT, and then click save.
13. In tabs, click groups.
14. In the list view, double-click Research. Verify that you cannot modify the group properties by
typing a group description and then click save.
15. An error window appears that shows you that you do not have sufficient permissions to modify
the group, click ok, and then in the Security Group window, click cancel.
16. In tabs, click mailboxes, and then click New in toolbar.
17. In the User Mailbox window, type Test in the Alias field, and then click New user.
18. Type Test in the First name field, and then type Test in Last name field. Type Test in the User
logon name field, and Pa$$word in the New password and Confirm password fields, and then
click save. This confirms that Ryan is able to create new mailboxes.
20. Open Internet Explorer, and connect to https://LON-CAS1.adatum.com/ecp. Sign in as
Adatum\Carol using the password Pa$$w0rd.
21. In the feature pane, click recipients. Note that there is no New user button on the toolbar.
22. In the list view, double-click Alan Steiner.
23. In the User Mailbox window, in the left pane, click organization.
24. In the Department field, type Customer Service, and then click save.
25. Verify that groups is not available in tabs as Carol does not have permission to manage groups.
Exercise 2: Configuring Audit Logging

Task 1: Configure audit logging on the Info@Adatum.com mailbox
2. In the Exchange Management Shell, at the PS prompt, type the following:
Set-Mailbox -Identity "Info" -AuditDelegate SendAs,SendOnBehalf -AuditEnabled $true
3. Minimize the Exchange Management Shell.

Task 2: Perform SendAs activity on the Info@Adatum.com mailbox
1. Switch to LON-CAS1, open Internet Explorer, type https://LON-CAS1.adatum.com/owa, and then
press Enter.
2. Sign in to the Outlook Web Access Application as Adatum\Tony using the password Pa$$w0rd.
3. Click new mail to create a new message, click more options, and then click show from.
4. Right-click From, click edit, and in the From field, type Info@adatum.com, and in the To field type
Tony Smith. In the Subject field type Testing Send As logging.
5. In the message body, type some text, and then click Send. Verify that the message is sent.
Task 3: Verify that the activity is logged
1. On LON-MBX1, open Internet Explorer, and then type https://LON-CAS1.adatum.com/ecp.
2. Sign in as Adatum\Administrator using the password Pa$$w0rd.
3. In the EAC, in the feature pane, click compliance management.
4. On tabs, click auditing.
5. Click Run a non-owner mailbox access report.
6. In the Search for access by drop-down box, select All non-owners, and then click Search.
7. In the search results, click Info, and view the report that shows that Tony Smith accessed the Info
mailbox.
8. Click close, and then close Internet Explorer.
Exercise 3: Configuring RBAC Split Permissions on Exchange Server 2013

Task 1: Create a new role group called HRAdmins, and assign permissions
2. In the Exchange Management Shell, at the PS prompt, type the following cmdlets, and then press
Enter.
New-RoleGroup "HRAdmins" -Roles "Mail Recipient Creation", "Security Group Creation and Membership"
New-ManagementRoleAssignment -Role "Mail Recipient Creation" SecurityGroup "HRAdmins" -Delegating
New-ManagementRoleAssignment -Role "Security Group Creation and Membership" -SecurityGroup "HRAdmins"
Delegating
3. In the Exchange Management Shell, at the PS prompt, type the following command, and then press
Enter.
Add-RoleGroupMember "HRAdmins" -Member Tony
4. Open Server Manager, click Tools, and then click Active Directory Users and Computers.
5. In the left pane, click Microsoft Exchange Security Groups, and then double-click HRAdmins.
6. Click the Managed By tab, click Change and type HRAdmins, and then click OK.
7. Select the Manager can update membership list check box, and then click OK.
8. In the right pane, double-click Recipient Management.
9. Click the Members tab, click Add and type HRAdmins, and then click OK. This is required to assign
the HRAdmins group the necessary permissions to be able to create a mailbox. Click OK.
10. Close the Active Directory Users and Computers console.
Task 2: Remove the permission to create AD DS objects from other Exchange Server administrator
groups
1. On LON-MBX1, open the Exchange Management Shell.

Get-ManagementRoleAssignment -Role "Mail Recipient Creation" | Format-Table Name, Role, RoleAssigneeName Auto
3. After you see which groups have delegated role assignments for this role, run the following cmdlet
to remove all groups except HRAdmins:
Get-ManagementRoleAssignment -Role "Mail Recipient Creation" | Where {$_.RoleAssigneeName -NE "HRAdmins" } |
Remove-ManagementRoleAssignment
4. At the prompt, type A, and press Enter.

Get-ManagementRoleAssignment -Role "Security Group Creation and Membership" | Where {$_.RoleAssigneeName -NE
"HRAdmins" } | Remove-ManagementRoleAssignment
6. At the prompt, type A, and press Enter.

Task 3: Validate RBAC split-permissions functionality
1. On LON-MBX1, open Internet Explorer, connect to https://LON-CAS1.adatum.com/ecp. Sign in as
Adatum\Administrator using the password Pa$$w0rd.
2. In the feature pane, click recipients.
3. Click the mailboxes tab, click New in toolbar, and then click User mailbox.
4. In the User Mailbox window, type New in the Alias field, and then click New user. Note that all
fields required to create a new user are greyed out. This is because you do not have the permission to
create a new user account in AD DS.
5. Click cancel, and then close Internet Explorer.
6. Open Internet Explorer, connect to https://LON-CAS1.adatum.com/ecp. Sign in as Adatum\Tony
using the password Pa$$w0rd.
7. Click the mailboxes tab, click New in toolbar, and then click User mailbox.
8. In the User Mailbox window, type Test2 in the Alias field, and then click New user.
9. Type Test2 in First name field, and Test2 in Last name field. Type Test2 in the User logon name
field, and Pa$$word in the New password and Confirm password fields, and then click Save. This
confirms that Tony is able to create user accounts for new mailboxes.
4. Repeat steps 2 to 3 for 20341B-LON-CAS1 and 20341B-LON-MBX1.
Module 11: Monitoring and Troubleshooting Microsoft Exchange

Server 2013
Lab: Monitoring and Troubleshooting Exchange Server 2013
Exercise 1: Monitoring Exchange Server
Task 1: Create a new data collector set named Exchange Monitoring
1. On LON-MBX1, click on the Server Manager tile.
2. In the Server Manager window, click on the Tools menu, and then click Performance Monitor.
3. In the Performance Monitor window, in the navigation pane, expand Data Collector Sets, and then
click User Defined.
4. Click the Action menu, click New, and then click Data Collector Set.
5. In the Create new Data Collector Set Wizard, in the Name box, type Exchange Monitoring, select
Create manually (Advanced), and then click Next.
6. Select the Performance Counter check-box, and then click Finish.
Task 2: Create a new performance-counter data collector set for monitoring basic Exchange Server
performance
1. In the Performance Monitor, in the navigation pane, expand Data Collector Sets, expand User
Defined, click Exchange Monitoring, click the Action menu, click New, and then click Data
Collector.
2. In the Create New Data Collector Wizard, in the Name box, type Base Exchange Monitoring, select
Performance counter data collector, click Next, and then click Add.
3. In the Available counters object list, expand Processor, and then click % Processor Time. Press and
hold the Ctrl key, click % User Time, click % Privileged Time, and then click Add.
4. In the Available counters object list, expand Memory, and then click Available Mbytes. Press and
hold the Ctrl key, click the following items, and then click Add:
o Page Reads/sec
o Pages Input/sec
o Pages/sec
o Pages Output/sec
o Pool Paged Bytes
o Transition Pages Repurposed/sec
5. In the Available counters object list, expand MSExchange ADAccess Domain Controllers, and
then click LDAP Read Time. Press and hold the Ctrl key, click the following items, and then click Add:
o LDAP Search Time
o LDAP Searches Timed Out per Minute
o Long Running LDAP Operations/min
6. In the Available counters object list, expand System, click Processor Queue Length, click Add, and
then click OK.
7. In the Create New Data Collector Wizard, in the Sample interval box, type 1, in the Units drop-down
list, select Minutes and then click Finish to create the data collector.
Task 3: Create a new performance-counter data collector set for monitoring Mailbox server role
performance
1. In the Performance Monitor, in the navigation pane, click Exchange Monitoring, click the Action
menu, click New, and then click Data Collector.
2. In the Create New Data Collector Wizard, in the Name box, type Mailbox Role Monitoring, select
Performance counter data collector, click Next, and then click Add.
3. In the Available counters object list, expand LogicalDisk, and then click Avg.Disk sec/Read. Press and
hold the Ctrl key, click the following items, and then click Add:
o Avg.Disk sec/Transfer
o Avg.Disk sec/Write
4. In the Available counters object list, expand MSExchangeIS Store, and then click RPC Average
Latency. Press and hold the Ctrl key, click the following items, and then click Add:
o RPC Operations/sec
o RPC Requests
o Messages Delivered/sec
5. Click OK.
6. In the Create New Data Collector Wizard, in the Sample interval box, type 1 in the Units drop-down
list, select Minutes, and then click Finish to create the data collector set.
Task 4: Verify that the data collector set works properly

1. In the Performance Monitor, in the navigation pane, click Exchange Monitoring, click the Action
menu, and then click Start.
2. Wait at least five minutes, click the Action menu, and then click Stop.
3. In the navigation pane, expand Reports, expand User Defined, expand Exchange Monitoring, click
LON-MBX1_DateTime-Number, and then review the report.
4. Close the Performance Monitor.
Exercise 2: Troubleshooting Database Availability

Task 1: Identify the scope of the problem
Before you begin this exercise, complete the following steps:
1. On LON-MBX1, open the Exchange Management Shell. At the prompt, type
c:\scripts\Lab11Prep1.ps1, and then press Enter. This script will simulate database failure.
2. On LON-MBX1, if the Start screen is not displayed, move the mouse to the lower right corner of the
screen, click Start.
3. On the Start screen, open Internet Explorer.
4. In the Internet Explorer window, type https://lon-cas1.adatum.com/ecp, and then press Enter.
5. On the Outlook Web App web page, in the Username box, type Adatum\Administrator. In the
Password box, type Pa$$w0rd and then click Sign In.
6. On the Exchange Administration Center, on the feature pane, click on servers, and then click on the
databases tab.
7. In the list view, click on MailboxDB100 database, and then in the details pane, verify that it is
Dismounted.
8. In the toolbar, click More, and then click Mount.
9. In the warning window, click the yes button.
10. Another warning window appears, displaying message that at least one database file is missing. In
the warning window, click cancel.
Task 2: Review the event logs
1. On LON-MBX1, click on Server Manager.
2. In Server Manager window, click on the Tools menu, and then click Event Viewer.
3. In Event Viewer, in the navigation pane, expand Windows Logs, click Application, and then in the
Content pane, review recent events. Click recent events that have a source from one of the
MSExchange services, and then review the details of the error in the lower half of the Content pane.
4. In the navigation pane, click System, and then in the Content pane, review recent events. Notice
that notable events are present.
5. Close Event Viewer.
Task 3: List the probable causes of the problem, and rank the possible solutions if multiple options
exist
List the problems and possible solutions:
Problem
Disk errors are preventing access to the
database.
Database path is incorrect because of storage
changes.
Possible solution
Replace disks and restore from backup.
Change storage or database configuration.
Task 4: Review the database configuration

1. On LON-MBX1, in the Exchange Administration Center, in the list view, verify that MailboxDB100
database is selected, and then on the toolbar, click on the Edit button.
2. Take note of the Database path.
3. Click the File Explorer icon on the Taskbar, and then in the navigation pane, expand Computer,
expand Local Disk (C:), expand Program Files, expand Microsoft, expand Exchange Server, expand
V15, expand Mailbox, and then verify that the folder MailboxDB100-newpath does not exist. This is the
specified location for MailboxDB100.edb.
4. In the navigation pane, click the MailboxDB100 folder, and locate the MailboxDB100.edb database
file. This is the actual location of the database and transaction log files. The configuration is pointing
to the wrong path.
5. Close the File Explorer window.
Task 5: Reconfigure and mount the database
1. On LON-MBX1, switch to the Exchange Management Shell, and then type the follow cmdlet, and
then press Enter:
Move-DatabasePath MailboxDB100 LogFolderPath C:\Program Files\Microsoft\Exchange
Server\V15\Mailbox\MailboxDB100 EdbFilePath C:\Program Files\Microsoft\Exchange
Server\V15\Mailbox\MailboxDB100\MailboxDB100.edb ConfigurationOnly force
2. Type Y, and then press Enter.

3. In the Exchange Management Shell, type the following cmdlet:
Mount-Database MailboxDB100
4. Press Enter.
5. In the EAC, on the features pane, click on servers, and then click on the databases tab.
6. In the list view, click on MailboxDB100 database, and then in the details pane, verify that it is
Mounted.
Exercise 3: Troubleshooting Client Access Servers

Task 1: Use the Test cmdlets to verify server health
Before you begin this exercise, complete the following steps:
1. On LON-MBX1, in the Exchange Management Shell, at the prompt, type c:\scripts\Lab11Prep2.ps1,
3. On LON-MBX1, if the Start screen is not displayed, move the mouse to the lower right corner of the
screen, and click Start.
4. On the Start screen, click Exchange Management Shell.
5. In the Exchange Management Shell, type the following Test cmdlet:
Test-ServiceHealth
6. Press Enter. Verify that the output does not return any errors.
7. In the Exchange Management Shell, type the following Test cmdlet, and then press Enter:
Test-OwaConnectivity URL https://LON-MBX1.adatum.com/OWA -TrustAnySSLCertificate
8. Note the authentication errors.

Task 2: List the probable causes of the problem, and rank the possible solutions if multiple options
exist
List the problems and possible solutions:
Problem
Internet Information Server (IIS)
Configuration is not configured correctly
Microsoft Outlook Web App authentication is
not configured correctly.
Possible solution
Modify the IIS configuration.
Modify Outlook Web App authentication
configuration.
Task 3: Check the Outlook Web App configuration

1. On LON-MBX1, if Start screen is not displayed, move the mouse to the lower right corner of the
screen, click on Start.
2. On the Start screen, open the Internet Explorer.
4. On the Outlook Web App web page, in the Username box, type Adatum\Administrator, in the
Password box, type Pa$$w0rd and then click the Sign In button.
5. Verify that you cannot sign in to the EAC.
6. In the Exchange Management Shell, type following cmdlet, and then press Enter.
Get-OwaVirtualDirectory Identity lon-cas1\owa (Default Web Site)" | ft name, *authentication
7. Verify that all authentication methods are set to False.

8. In the Exchange Management Shell, type following cmdlet, and then press Enter.
Set-OwaVirtualDirectory Identity lon-cas1\owa (Default Web Site)" FormsAuthentication $true
9. In the Exchange Management Shell, type following command, and then press Enter.
Iisreset
11. On the Outlook Web App web page, in the Username box, type Adatum\Administrator, and in the
Password box, type Pa$$w0rd and then click on the Sign In button.
12. Verify that now you can sign in to EAC. If you receive a navigation error in Internet Explorer, close
and reopen Internet Explorer and repeat the process from step 10.
Note: If you receive an error indicating that the service did not start, start the World Wide
Web Publishing Service in the Services management console.
Task 4: Verify that you resolved the problem
1. Open Internet Explorer, and connect to https://LON-CAS1.adatum.com/owa.
2. Log on to Outlook Web App as Adatum\Administrator with the password Pa$$w0rd.
3. Confirm that Administrator can now access Outlook Web App, and then close Internet Explorer.

Exchange Core PDF

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Exchange Core PDF

Diunggah oleh

Hak Cipta:

Format Tersedia

Contents

Module 1: Deploying and Managing Microsoft Exchange Server 2013 ................................................ 4

Exercise 2: Restoring Exchange Server 2013 Data ........................................................................ 33

Module 1: Deploying and Managing Microsoft Exchange Server 2013

Exercise 2: Deploying Exchange Server 2013

Task 2: Performing Exchange Server 2013 installation on a single server

8. Close File Explorer.

Exercise 3: Managing Exchange Server 2013

Task 2: Manage Exchange Server with Exchange Management Shell

4. In the Outlook Web App window, click new mail.

Module 2: Planning and Configuring Mailbox Servers

Number of Database Availability Groups: 2

o Mailbox Database Copy Configuration

Exercise 2: Configure Storage on the Mailbox Servers

Exercise 3: Creating and Configuring Mailbox Databases

9. In the Prohibit send at (GB): text box, type 1.

17. Type y, and press Enter.

12. Type Dismount-Database identity DB2, and press Enter.

6. Type Get-MailboxExportrequest, and press Enter.

Task 4: To prepare for the next module

Module 3: Managing Recipient Objects

7. On LON-CAS1, open Internet Explorer and connect to https://LON-CAS1.adatum.com

o Email address: TR_Room1

17. On LON-CAS1, in the EAC, in the Features pane, click recipients.

o Display name: TreyIntegration

Exercise 2: Configure Address Lists and Policies for Trey Research

Task 5: Validate the deployment

Exercise 3: Configure Public Folders for Trey Research

Task 4: Validate the public folder deployment

Module 4: Planning and Deploying Client Access Servers

lon-cas1.adatum.com, AutoDiscover.Adatum.com, LON-CAS1, and Adatum.com, and then click

Exercise 2: Configuring Client Access Services Options

20. Make no changes, and click Cancel.

Exercise 3: Configuring Custom MailTips

7. Close the Windows PowerShell window.

Module 5: Planning and Configuring Messaging Client Connectivity

Exercise 2: Configuring Outlook Web App and Outlook Anywhere

29. In the Brad Sutton window, click mailbox features.

Exercise 3: Configuring Exchange ActiveSync

Exercise 4: Publishing Exchange Server 2013 Through TMG 2010

15. Open Internet Explorer, and then connect to https://webmail.adatum.com/owa.

Module 6: Planning and Implementing High Availability

Exercise 2: Deploying Highly Available Client Access Servers

Exercise 3: Testing the High-Availability Configuration

Task 2: Enable LON-CAS1 and simulate a LON-CAS2 failure

Module 7: Planning and Implementing Disaster Recovery

Exercise 2: Restoring Exchange Server 2013 Data

Task 3: Recover the mailbox from the recovery database

3. Repeat step 2 until the status is shown as Completed.

Exercise 3: Exchange Server 2013 Disaster Recovery (Optional)

28. After setup has finished, restart the server.

Module 8: Planning and Configuring Message Transport

Exercise 2: Troubleshooting Message Delivery

Exercise 3: Configuring Transport Rules and Data-Loss Prevention Policies

Module 9: Planning and Configuring Message Hygiene

Malware Agent is Enabled True if the script was allowed to complete.

Exercise 2: Configuring Anti-Spam Options on Exchange Server

Get-ContentFilterConfig | Format-List Enabled

2. Verify that Enabled:True is displayed.

5. In the Exchange Management Shell, configure the quarantine mailbox quarantine@adatum.com by

Task 3: Configure sender and recipient filtering on LON-MBX1

Exercise 3: Validating Antimalware and Anti-Spam Configuration

password Pa$$w0rd. Click Save.