Exam Reviews

70-284: Master of Messaging

This exam review jump-starts your study efforts to becoming an expert in Microsoft's newest messaging system.

• By Andy Barkl
• 01/01/2004

Exchange Server 2003 adoptions are happening at a fast pace—many companies are leaping over the upgrade to Exchange 2000 and moving directly from 5.5 to 2003. That means you'd be well situated to work on migration projects in your organization if you've made an effort to educate yourself on Microsoft's latest messaging platform. Going after your certification as part of that process is a great way to prove your expertise.

In this article, I help you prepare for one of the newest Exchange exams by covering the crucial test objectives listed in Microsoft's exam preparation guide.

This exam focuses on installation, configuration, managing, monitoring, maintaining and troubleshooting Exchange servers, organizations, recipients and address lists. What you'll discover is that you'll need more than simply a solid understanding of Exchange—you'll also be tested on Windows Server 2003! Your experience with Exchange 2000 will also be of great benefit.

70-284: Exchange Server 2003 Reviewer's Rating This exam is similar in difficulty to the Exchange 2000 Server administration exam 70-224, but with new content added for Windows Server 2003 and Exchange Server 2003. Exam Title Implementing and Managing Microsoft Exchange Server 2003 Who Should Take It Elective credit for Windows 2000 or 2003 MCSA and MCSE, as well as MCSA: Messaging and MCSE: Messaging. Courses 2400: Implementing and Managing Microsoft Exchange Server 2003 (5 days) 2009: Upgrading Skills from Microsoft Exchange Server 5.5 to Microsoft Exchange Server 2003 (3 days) Workshop 2011: Troubleshooting Microsoft Exchange Server 2003 (3 days) Exam Objectives http://www.microsoft.com/ traincert/exams/70-284.asp

Working with the Exchange Software
For the first area of expertise, "Installing, Configuring, and Troubleshooting Exchange Server 2003," you'll need to be prepared to answer questions about preparing Windows 2003 forests and domains, upgrading from Exchange 5.5, messaging connectors and clustering.

When preparing a Windows 2000 Forest or Domain for Exchange 2003, you need to run the Exchange 2003 setup utilities /ForestPrep and /DomainPrep, even if Exchange 2000 is already installed. Likewise, when preparing to install Exchange 2003 in a Windows 2003 Forest or Domain, the same utilities are used, but mostly to extend the Schema for additional classes and attributes.

Tip: You should upgrade to Exchange 2003 by first upgrading Exchange and then Windows 2000 to 2003. You can't upgrade directly from Exchange 5.5 to Exchange 2003, but you can add an Exchange 2003 server to a 5.5 site and use the move mailbox option.

Tip: You must run /DomainPrep in all domains that will contain Exchange 2003 mailbox-enabled objects (such as users and groups), even if no Exchange servers will be installed in these domains.

Tip: Exchange 2003 is supported on Windows 2000 with SP3 and Windows 2003, but Exchange 2000 isn't supported on Windows 2003. Some of the advanced security features are unavailable when running Exchange 2003 on Windows 2000 because of the earlier security model. Interestingly enough, you can run Exchange 5.5 on Windows 2003.

Exchange designated bridgehead servers can take on many roles, including the ability to send and receive Internet-based e-mail for all or only selected users in the Exchange organization. The actual role of sending and receiving Internet-based mail can be split among servers as well. When configuring the delivery of Internet-based e-mail, a Smart host can be an ISP's SMTP server, which assumes responsibility for DNS resolution and mail delivery.

Exchange 2003 includes the Internet Mail Wizard to help you configure Internet mail connectivity. As it guides you through the process of configuring the Exchange server to send and receive Internet mail, it creates the necessary SMTP connector for outgoing Internet mail and configures the SMTP virtual server to accept incoming mail.

Tip: When using the Internet Mail Wizard, be careful about enabling the Allow Open Relay option, unless you know exactly what you're doing. For more on this topic, read Bill Boswell's "Windows Insider" column, "Be the Exchange Server."

Clustering technologies are a big part of the Windows 2003 exam series. With the study and practice required for passing core MCSE exams, you shouldn't have many problems in tackling questions about those topics on the Exchange exam. Be sure you're familiar and comfortable with configuring cluster resources and dependencies. Let's review the process.

After completely installing Exchange on each of the cluster nodes, these steps are required:

1. Create the group to host the Exchange virtual server.
2. Create an IP Address resource.
3. Create a Network Name resource.
4. Add a disk resource to the Exchange virtual server.
5. Create an Exchange 2003 System Attendant resource.

Tip: When doing a new installation, you must install and configure Windows clustering services prior to installing Exchange.

Coexistence with multiple messaging systems is a fact of life for many enterprises. For this exam, read up on the Lotus Notes connector and migration options. You can find this information in the Exchange 2003 Help and Support documentation included with the product. Don't forget about the Exchange Server Migration Wizard when studying and practicing in the lab.

Keeping Computers Up
The objectives in the section of the guidelines on "Managing, Monitoring, and Troubleshooting Exchange Server Computers" include: server health, data storage, clusters, backup and recovery and server removal.

This exam will test your knowledge of server monitoring with such tools as Event Viewer and System Monitor. Learn how to interpret the output of these and be able to identify when and where problems exist.

Tip: The system monitor SMTP Queue Growth counter can be used between routing groups to monitor connectors and message flow.

System Policies allow you to manage and maintain Exchange servers across routing and administrative groups. Public folder store, mailbox store and server policies can be used to define such things as message tracking. You can even copy system policies between administrative groups!

Tip: If a user is permitted to send mail in Exchange RTF (Rich Text Format), the recipients must be using Exchange and have RTF enabled. Otherwise, the RTF content will come across as an attachment named winmail.dat.

Learn the basics of routing and administrative groups. Routing groups are similar to Exchange 5.5 Sites and should align with the physical topology of your messaging infrastructure. Connectors allow you to make connections between servers in different routing groups. Administrative groups should align with the logical messaging administrative model defined in your organization. You can never move servers between administrative groups but you can between routing groups.

Knowing how to do backup and recovery is essential for administrative work. You need to understand the new backup options available using VSS as described in many of my Windows Server 2003 MCSA and MCSE exam reviews. Also be sure you understand the ramifications of circular logging when used with backup. The bottom line: Don't enable it in most cases unless you really understand it and have a need. It can't be used with Incremental or Differential backup types!

Exchange database transaction logs can be moved to separate drives using the Exchange System Manager, within the properties of a storage group. Mailbox stores can also safely be moved, but be sure to use System Manager for this process.

Tip: Using the new Mailbox Recovery Center, you can simultaneously perform recovery or export operations on multiple disconnected mailboxes.

Removing an Exchange server from the organization involves the process of first moving the mailbox stores and public folder stores if present. Using the Exchange tasks—available in Active Directory Users and Computers—you can move recipient mailboxes to other servers. The rehoming process using the forest Global Catalog servers should direct the user's PC to the correct server at next logon. Finally, use System Manager | selected server | Action | All Tasks | Remove Server, to remove the server from both the organization and Active Directory.

The Exchange Organization
The objectives for, "Managing, Monitoring, and Troubleshooting the Exchange Organization," encompass public folders, virtual servers, front-end and back-end servers, connectivity and infrastructure performance.

A public folder store holds information associated with a particular public folder tree, such as how the tree is structured and what folders the tree contains. It also holds public folder content. Public folders can be mail-enabled or hidden from the global address list.

Virtual servers allow for multiple e-mail domain hosting or hosting of specific mail-enabled accounts. They're also used with cluster servers.

Tip: Exchange servers can be dedicated to private or public folder use and access by eliminating the unused private or public stores.

Managing and monitoring front-end and back-end servers is a skill you need to exhibit in this real life and in this exam. Front-end servers don't contain private or public stores. They exist only to secure the connection to the remote client and back-end servers and should always use IPSec to do so!

Connecting two Active Directory forests and Exchange organizations can be a daunting task. By creating SMTP connectors with server authentication, users from company A can be resolved to a contact in company B's global address list and vice-versa. The actual implementation of this is tricky. You can find detailed instructions within the product documentation when you need it. Study this closely. Be prepared to tackle questions about creating and managing external contacts and address lists. (More on this shortly!)

When configuring the intranet firewall for Exchange front-end and back-end server communication, ports 389, 3268, and 88 must be open for LDAP and Kerberos. Ports 80 and 25 should also be open along with 50, 51, and 500 for IPSec.

Real time infrastructure performance monitoring can be done using the Performance console. During an Exchange installation, many new counters are added that allow for server, store, connector and replication monitoring. After you have a server up and running, explore some of the feedback and reports that can be generated.

Security in the Exchange Environment
Under the general heading, "Managing Security in the Exchange Environment," you'll find objectives regarding connectivity across firewalls, audit settings and logs, permissions, and encryption and digital signatures now available with OWA.

Exchange 2003 has raised the bar when it comes to security out of the box. Many things such as POP3 and IMAP4 protocol services are disabled and must be started using the Services snap-in.

Typical auditing and logging should be used when it comes to monitoring security on Exchange. This includes logons, permission changes, directory access and account changes.

Configuring a firewall to allow for Exchange server communication between locations can be found in the document, "Using Internet Security and Acceleration (ISA) Server 2000 with Exchange 2003."

Watch for obvious questions relating to the use of ISA Server as your firewall. ISA Server can be configured to listen for incoming SMTP requests and forward the valid connections to an internal Exchange server.

SSL should always be used when configuring an Exchange server for remote HTTP access. The use of a trusted or self-issued certificate will secure HTTP communications and thwart would-be snoopers.

Controlling access to virtual servers is a must when securing Exchange servers. Anonymous, Basic, and Integrated Windows are just the beginning. Servers can also be secured using port, IP address and domain filtering. And if you haven't heard, Exchange Server 2003 also has built-in support for RBLs (Realtime Blackhole Lists)!

Tip: The Exchange Administration Delegation Wizard simplifies delegating permissions to Exchange administrators. You can delegate administrative permissions at the organization level in System Manager or at an administrative group level.

You may or may not find questions on this exam for each of these new security features, but I thought you should know about some of the new options Exchange 2003 offers. Perhaps through increased awareness and collaboration, we can increase the security of our messaging infrastructures and make a dent in the unsolicited e-mail that clutters our networks!

• Outlook Web Access now allows the use of the Internet-standard S/MIME security extensions: S/MIME allows you to sign and encrypt e-mail messages and attachments digitally to protect them against tampering or eavesdropping.
• Session inactivity timeout using forms-based authentication allows support for timed logoff as well as secure logoff, even if the browser is left open with a current session to the server.
• By default, content from outside a user's network is blocked in Outlook 2003 and Outlook Web Access. Users can override this to view external content. This feature helps prevent spammers from identifying valid e-mail addresses by links to external content.

By blocking Web beacons by default, this helps stops spammers from using Web links to covertly verify that recipients' e-mail addresses are active. Users are ultimately in control of this feature and can unblock HTML on a per-message basis or disable it completely.

Recipient Objects and Address Lists
The topic of "Managing Recipient Objects and Address Lists" includes managing recipient policies, user objects, distribution and security groups, contacts and address lists.

The term recipient refers to an Active Directory object that's mailbox-enabled or mail-enabled. Mailbox-enabled recipients can send, receive and store messages. External contact, mail-enabled objects, can be used to simplify the process of sending Internet-based e-mail for Exchange users. These objects can also be resolved to global address lists as noted earlier.

Tip: Windows 2003 includes two types of groups: Security and Distribution. Security groups are used in the traditional sense to group users for permissions to network resources. Distribution groups are used for e-mail only.

Recipient policies can be a big time saver in large Exchange organizations. For example, a recipient policy that manages e-mail addresses has the following characteristics: It applies to a selected group of recipients; it always contains information about the address types that are to be applied to those recipients, and it's given a priority so that you can control what address is applied as the primary address to a recipient that may appear in more than one policy. The first step in creating a recipient policy is to choose the type of policy to create. A single recipient policy can contain an address policy, a Mailbox Manager policy or both.

Tip: InetOrgPerson objects can be mail-enabled only if you have a Windows 2003 domain controller and Exchange 2003 servers in the organization.

When it comes to Exchange address lists, the most familiar is the global address list. By default, the GAL contains all recipients within an Exchange organization. Any mailbox-enabled or mail-enabled object in the Active Directory forest where Exchange is installed is listed in the GAL. Creating and managing custom address lists is a skill you should master! Address lists can be created and sorted by any attribute associated with a recipient. The simplest and most efficient address list hierarchy would be based on location and department. Empty address lists can be used as placeholders for organization.

10 Things To Practice Install Exchange 2003 in your Windows 2000 forest and domain. Understand when and how to use ForestPrep and DomainPrep. Then upgrade your forest and domain to Windows Server 2003 starting with ADprep. Get a copy of VMware or Microsoft's Virtual PC and build an Exchange organization of at least three servers. Connect them across routing groups and assign them to administrative groups. Install the Windows 2003 clustering service and build a cluster installation of Exchange 2003 as outlined in this review. Create server policies and understand what happens when they are applied in order of precedence. Do the same with recipient policies. Create and configure additional virtual servers. Practice monitoring queues and server performance. Add ISA Server to your network and understand how to configure it to secure an Exchange server. Practice managing recipient policies, user objects, distribution and security groups, contacts and address lists. This is a big part of an Exchange administrator's daily tasks and it's important to understand for this exam. Sharpen your skills of deciphering network topologies and subnetting. Always use an efficient and logical approach to troubleshooting. Work with Queue Viewer in the Exchange System Manager console. Create queue problems and observe the results of these noting how to repair message routing issues. Configure and apply Exchange organizations, routing and administrative groups, and server permissions to understand how they can work for you and sometimes against you.

Supporting Exchange
Under the final heading, "Managing and Monitoring Technologies that Support Exchange Server 2003," the objectives include host resolution, Active Directory troubleshooting, and connectivity problems.

You haven't made it this far in your quest for Microsoft certification without acquiring at least a basic understanding of name resolution and DNS. As I always say, Windows network problems are either DNS or permissions! MX records should always be used in a zone that's responsible for e-mail delivery. As mentioned earlier, your ISP's DNS and SMTP server (smart host) can be used to deliver and accept all Internet-based e-mail. Generally in larger organizations, dedicated Exchange servers are configured with SMTP connectors for either outbound or inbound delivery.

This isn't a network infrastructure exam but you should be familiar with network topologies and subnetting and have the ability to diagnose a problem based on a given scenario and network diagram.

Queue Viewer is a feature in Exchange System Manager that allows you to monitor an organization's messaging queues, as well as the messages that are contained within those queues. Queue Viewer works at a server level. Understanding where a problem may exist when a queue is in a retry state is essential. If the queue in question is responsible for a routing group connector, is the problem related to IP configuration on the Exchange servers, network routing, or DNS? Only experience can tell! In table 5.6 of the Exchange 2003 Administration Guide mentioned earlier you'll find some great information on queue status and troubleshooting.

Tip: The application event log and NSlookup can be invaluable tools when troubleshooting stuck queues.

Additional Information The exam preparation guideline is here: http://www.microsoft.com/traincert/exams/70-284.asp. You can obtain a 120-day evaluation copy of Exchange Server 2003 here: http://www.microsoft.com/exchange/evaluation/trial/2003.asp. Check out the Exchange Server community Web page here: http://www.microsoft.com/exchange. I also recommend that you read Microsoft's technical documentation on planning a messaging system, deployment and administration guides. You'll find that here: http://www.microsoft.com/technet/treeview/default.asp?url= /technet/prodtechnol/exchange/exchange2003/proddocs/library/default.asp. —Andy Barkl

Your preparations for tackling 70-284 will give you a much greater understanding about what's involved in the day to day administration of Exchange 2003. It will also help you on your way to earning the new MCSE: Messaging credential. As more companies move from Exchange 5.5 to Exchange 2003, this kind of expertise will help set you apart from others who want to tackle the migration work—and that's bound to translate to interesting projects for you. Good luck!