70-285: Design Exchange with Confidence!
This exam for Exchange presents a challenge that should only be taken with broad, in-depth knowledge and intense preparation.
Thorough planning and design should always prelude any real live Exchange implementation
to ensure successful delivery and user satisfaction. Exam 70-285, a core messaging
requirement for MCSE: Messaging on Windows Server 2003, demands candidates working
on their certification to exhibit a broad and extensive knowledge in several
areas, ranging from client to back-end setup, Exchange upgrade and migration,
and everything else in between, including questions on Windows Server 2003.
Microsoft’s official exam preparation guide for this exam provides a fairly
accurate description of the skills that you should master. In this exam, I zoom
into specific areas that deserve extra attention -- Active Directory, administrator
roles, and the like -- which you can use as guidance to help strengthen your
know-how in preparation for the ultimate challenges ahead.
70-285: Exchange Server 2003
7.2 difficulty on a scale of 10.
Designing a Microsoft Exchange Server 2003 Organization
Who Should Take It
Elective credit for Windows 2003 MCSA and MCSE. Core Messaging
Specialization for MCSE: Messaging on Microsoft Windows Server
2008: Designing and Planning an Exchange Server 2003 Organization
2009: Upgrading Your Skills from Exchange Server 5.5 to Exchange
Server 2003 (3 days)
This should come as no surprise as it is a core prerequisite in the design of
an Exchange 2003 organization. An AD infrastructure must be properly prepared
beforehand by executing Exchange's version of setup.exe with the /forestprep
and /domainprep switches. The former extends the
AD schema with Exchange specific classes and attributes. Run it in the AD domain
where the Domain Controller (DC) holding the Schema Master Flexible-Single-Master-Operations
(FSMO) role resides.
The /domainprep switch must be executed to create
the necessary Exchange domain groups and permissions in AD, once in each domain:
- that has one or more Exchange Server 2003
- containing Exchange recipient objects (even if no Exchange Server exists
- that is the root domain of the forest
- where Global Catalog (GC) are configured and Exchange directory access
components may potentially use
Global Catalog (GC) placement greatly influences the reliability and performance
of Exchange Server 2003. Understanding exactly where to locate GCs can help
minimize WAN traffic, allowing clients to efficiently query and retrieve a complete
Global Address List (GAL), including recipient-related AD queries in single/multi-domain
forest with one or more AD sites.
The various flavors of Windows Server operating system that are set up as Domain
Controllers (NT 4, Win 2000/2003) dictate the AD forest and domain functional
levels supported. This directly restricts the version of Exchange that can be
installed in the architecture of an Exchange organization. Familiarity with
mixed and native modes is a necessity, both in the context of AD and Exchange.
Exchange 2003 installs in mixed mode by default. Go here
for more information.
Having a firm grasp on basic AD administration is indispensable as several
questions are featured around this topic. Terms like Organization Unit (OU)
and Group Policy should be familiar concepts in designing efficient Exchange
management strategy. Distinction between the types of administrative groups
that control permissions and access levels must be clearly made in order to
establish roles and responsibilities as outlined in the scenarios (Domain, Server
or Exchange Admins).
Storage groups is an area that receives a lot of attention throughout the exam.
It is imperative to review the following to appreciate the fundamental concepts
in order to design solutions that satisfy business and technical needs:
- Each Exchange Server can have a maximum of four storage groups plus one
recovery storage group.
- A maximum of five mailbox stores can be created per storage group (Enterprise
Edition only); hence, 20 mailbox stores are supported per Exchange Server.
- One common set of configuration settings apply at each storage group level:
- transaction logs and checkpoint file
- circular logging feature (disabled by default)
- backup schedules and configuration
- storage mailbox size limit
Partitioning user mailboxes into different mailbox stores allows faster backup
and recovery. Mailbox size will obviously influence the total time to carry
out these mundane tasks.
The Recovery Storage Group is introduced in Exchange Server 2003 and is discussed
Exchange Administrative Roles
Permissions govern the types of tasks that can be carried out and is dependent
on the following Exchange roles:
- Exchange Full Administrator: full control permissions to relevant
areas of the configuration partition
- Exchange Administrator: similar to Exchange Full Administrator except
for certain permissions restrictions
- Exchange View Only Administrator: read-only permissions to relevant
areas of the configuration partition
Administrative permissions can be delegated at the Exchange organizational
or specific administrative group level, and is performed using the Exchange
Server Delegation Wizard. Go here
for a detailed description of these roles.
Exchange Building Blocks and Security
A core highlight in any design exam, you must be well prepared to answer a variety
of questions relating to this topic. How the various elements are brought together
to design and build a robust and secure Exchange infrastructure will be tested
in varying degrees.
Windows Server 2003’s Network Load Balancing (NLB) can be used to cluster
Exchange front-end or bridgehead servers to provide redundancy, increased availability
and improved response time. Client access to the front-end servers takes place
over supported Internet access protocols such as http (TCP:80), https (TCP:443),
IMAP4 (TCP:143), IMAP4 with SSL (TCP:993), POP3 (TCP:110) and POP3 with SSL
(TCP:995). Connection from front-end servers to back-end servers, however, is
always established using the corresponding non-secured version of a client’s
access protocol (e.g., http instead of https). This unencrypted channel can
be protected using IPSec but Exchange Server 2003 must be running on Windows
Server 2003 on both front- and back-end servers. Make sure that you know how
all this works; go here
To facilitate secured communication for legacy MAPI clients, the perimeter
firewall must be properly configured. (Go here
for more info on that.) On the client side, Outlook Web Access can digitally
sign and encrypt e-mail messages using the new Secure/Multi-purpose Internet
Mail Extension (S/MIME) OWA control, which is reliant on an existing Public
Key Infrastructure (PKI). Go here
for more information.
Realize that instead of NLB, Microsoft Cluster Service (MSCS) is used on Exchange
back-end servers that typically host mailbox and public folders. Installation
of anti-virus (AV) software is only necessary on servers containing mailboxes,
hence it makes sense to procure AV licenses with this in mind.
You should digest some quick facts about Exchange front-end servers before
hitting the exam floor:
- It does not hold any user data such as mailbox or public folders.
- It’s typically located in the demilitarized zone (DMZ)/screened subnet.
- It’s mainly responsible for network communication with clients, acting
as a proxy for incoming client requests and relays to the appropriate Exchange
- It provides a single namespace for users of Internet-based messaging clients
(hides actual mailbox location).
- Outlook Web Access (OWA) installed on a front-end server enables users
with Internet Explorer (IE) 5.5 and above to gain mailbox and public folder
access (IE 6.0 SP1 and above are required to support S/MIME).
- It can be configured as an RPC over HTTP proxy server.
- Permits users to use the full-featured Microsoft Office Outlook 2003
MAPI client to access mailbox (no separate VPN needed).
- RPC over HTTP actually uses Secure Hypertext Transfer Protocol (S-HTTP)
over an SSL connection configured on Internet Information Server (IIS).
If OWA is deployed in a front-end/back-end topology, always upgrade the front-end
servers first before the back-end servers. For more info, go here.
Another key component of an Exchange infrastructure is the bridgehead server.
A bridgehead server moves messages between routing groups or to destinations
outside of the local routing group by means of a routing group connector (e.g.,
to the Internet or non-Exchange messaging system). It also plays a significant
role in load balancing and fault tolerance. This can be achieved by specifying
multiple source and destination bridgeheads for a single routing group connector
between two routing groups.
To round up this section, obtain a copy of the "Exchange
Server 2003 High Availability Guide" and read up in advance before
Routing Groups, Connectors and Costs
A routing group is defined as a collection of servers having reliable network
connections with one another. This is mainly based on physical topology such
as in a LAN or across underutilized hi-speed WAN connections. For the purpose
of message routing, routing groups in Exchange 2003 are the equivalent to Exchange
Within the same routing group, servers communicate among themselves directly.
To facilitate message transfer between different routing groups, a routing group
connector must be created. Each routing group can have one or more bridgehead
servers linked to the connector. The special Routing Group Connector that uses
SMTP is the preferred method of connecting routing groups (although SMTP or
X.400 connector can be used).
External message delivery to the Internet or a non-Exchange messaging system
can be made with an SMTP connector. X.400 connectors are suitable for building
routing topologies to connect to Exchange Server 5.5 outside of an Exchange
organization or to other X.400 capable systems.
Cost is a variable associated with a routing group connector to enable Exchange
to determine the most efficient message route. This is particularly important
with large numbers of routing groups dispersed across geographical locations
and is highly dependent on criteria such as physical topology, network speed,
bandwidth availability and utilization. By design, Exchange will always attempt
to use the lowest sum total cost routes to transfer messages to the final destination.
In this exam, expect to encounter drag-and-drop and other types of questions
that quiz your knowledge in defining routing groups and assessing cost factors
for optimal message transfer.
This topic rightfully should fall under the space of Windows Server 2003 network
and infrastructure. Nevertheless, you should be educated of its significance
in an Exchange organization. For a messaging system to be any useful, connectivity
to the outside world (Internet) is inevitable. An organization's existing mail
servers are identified by published MX records defined on external, publicly
accessible DNS Servers. When more than one mail server is available, mail delivery
can be directed to specific servers by tagging a different preference number
to each MX record; the higher the number, the lower the delivery preference
(watch out and don’t get mixed up!). For instance, if a situation calls
for all incoming mails to be always delivered to mail01.mcpmag.com and only
to mail03.mcpmag.com when the former fails or is unreachable, preference MX
records of 10 and 20 can be assigned respectively (and not 20 and 10). Conversely,
load balancing can be attained by assigning the same preference number to different
Still on the topic of namespace, users may have mailboxes scattered around
in different Exchange organizations with the need to maintain their old SMTP
domain, while adopting a new corporate identity based on a common public SMTP
domain. This type of setup is not uncommon in the case of a company acquisition
or merger, or even during migration to Exchange Server 2003 from version 5.5
or 2000. A good comprehension of how configuring a shared SMTP namespace can
help resolve such business needs is anticipated in the exam. Go here
for a detailed treatment of this topic.
Coexistence, Migration, Upgrade Strategy
Predictably a prime focus in a design exam, make certain that you invest time
to gear up for this part of the exam. Deploy the Exchange Server Migration Wizard
(mailmig.exe) to migrate data from legacy or non-Exchange messaging systems
into Active Directory and the target Exchange store in a different organization.
The source mailbox remains intact as the migration is just a copy process. Used
in conjunction with the Active Directory Connector (ADC), dissimilar Exchange
organizations can coexist (5.5 and 2000/2003) that have appropriate Connection
Agreements (CA) in place with defined replication scope (mailbox, custom recipients,
distribution lists, etc.). This lets users maintain e-mail access during migration
for instance. Besides the classic use in migrating domain user accounts, Active
Directory Migration Toolkit (ADMT) can also help retain user permissions which
would otherwise end up being a manual task after migration. Note that Move Mailbox
from the Exchange Task Wizard is another option for moving mailboxes. Search
for Knowledge Base articles 281223, 823601, 328871, 327928, 822892, 326079 and
to have a better appreciation of these crucial topics.
To replicate free/busy calendar information in addition to synchronizing public
folder contents between separate Exchange organizations, the Inter-Organization
Replication Tool is the right application to use. (Go here
for more info.) Don’t forget to check out how public folders and referrals
function. (Go here
for more info.)
Things to Practice
1. Get acquainted with the basics of
Active Directory concepts, terminology and various networking
technologies and how Exchange fits into the overall infrastructure
(e.g., DNS and SMTP namespace).
2. Build a test environment using virtualization
technology such as Virtual Server 2005 to practice and gain
hands-on experience with AD and Exchange.
3. Extend the test environment with fault-tolerance/redundancy
built around Network Load Balancing (NLB) and MS Cluster Service
(MSCS) to learn about Exchange High Availability (HA).
4. Have a firm grasp on the storage group concept
and its impact on backup, recovery, mailbox partitioning and
5. Find out how to manipulate Routing Groups, Connectors
and Cost assignments to optimize message routing in Exchange.
6. Understand how to enhance security in an Exchange
environment starting from the client to the server end (e.g.,
digital signature using PKI, Outlook 2003 access via RPC over
HTTP, IPSec deployment to encrypt channel between Exchange
front-end and back-end servers).
7. Be very familiar with the administrative models
both in AD and Exchange to enable proper access control and
permissions assignments in an organization.
8. Acquire knowledge on the assortment of tools and
the correct types to deploy in scenarios that call for coexistence,
migration and upgrade in the same or different Exchange organizations
(e.g., ADMT, Exchange Server Migration Wizard, Active Directory
9. Know what kinds of tools are available for synchronization
of public folders, referrals and free/busy calendar information
between multiple Exchange organizations (e.g., Exchange Public
Folder Migration Toolkit, Inter-Organization Replication Tool)
10. Review the official exam guide, MS Knowledge
Base, Resource Kit and white papers.
If you survived reading the article up to this point, you probably have already
gathered that this design exam is certainly not an easy piece of cake to swallow.
You are expected to demonstrate expertise in diverse topics with the ability
to piece the different bits of a puzzle together to build the final big picture.
Concentrate on acquiring some hands-on practice to get acquainted with the product.
Remember to devote time to review the Knowledge Base articles presented here.
Lastly, go through the official exam guide again and evaluate areas that may
not have been addressed by this exam review (since not all topics are tested
in the actual exam). You should then be all set to tackle the exciting Exchange
challenges in front of you. May the force be with you and best of luck!