Exam Reviews

70-285: Design Exchange with Confidence!

This exam for Exchange presents a challenge that should only be taken with broad, in-depth knowledge and intense preparation.

Thorough planning and design should always prelude any real live Exchange implementation to ensure successful delivery and user satisfaction. Exam 70-285, a core messaging requirement for MCSE: Messaging on Windows Server 2003, demands candidates working on their certification to exhibit a broad and extensive knowledge in several areas, ranging from client to back-end setup, Exchange upgrade and migration, and everything else in between, including questions on Windows Server 2003.

Microsoft’s official exam preparation guide for this exam provides a fairly accurate description of the skills that you should master. In this exam, I zoom into specific areas that deserve extra attention -- Active Directory, administrator roles, and the like -- which you can use as guidance to help strengthen your know-how in preparation for the ultimate challenges ahead.

70-285: Exchange Server 2003

Reviewer's Rating
7.2 difficulty on a scale of 10.

Exam Title
Designing a Microsoft Exchange Server 2003 Organization

Who Should Take It
Elective credit for Windows 2003 MCSA and MCSE. Core Messaging Specialization for MCSE: Messaging on Microsoft Windows Server 2003.

2008: Designing and Planning an Exchange Server 2003 Organization (2 days)
2009: Upgrading Your Skills from Exchange Server 5.5 to Exchange Server 2003 (3 days)

Exam Objectives

Active Directory
This should come as no surprise as it is a core prerequisite in the design of an Exchange 2003 organization. An AD infrastructure must be properly prepared beforehand by executing Exchange's version of setup.exe with the /forestprep and /domainprep switches. The former extends the AD schema with Exchange specific classes and attributes. Run it in the AD domain where the Domain Controller (DC) holding the Schema Master Flexible-Single-Master-Operations (FSMO) role resides.

The /domainprep switch must be executed to create the necessary Exchange domain groups and permissions in AD, once in each domain:

  • that has one or more Exchange Server 2003
  • containing Exchange recipient objects (even if no Exchange Server exists in domain)
  • that is the root domain of the forest
  • where Global Catalog (GC) are configured and Exchange directory access components may potentially use

Global Catalog (GC) placement greatly influences the reliability and performance of Exchange Server 2003. Understanding exactly where to locate GCs can help minimize WAN traffic, allowing clients to efficiently query and retrieve a complete Global Address List (GAL), including recipient-related AD queries in single/multi-domain forest with one or more AD sites.

The various flavors of Windows Server operating system that are set up as Domain Controllers (NT 4, Win 2000/2003) dictate the AD forest and domain functional levels supported. This directly restricts the version of Exchange that can be installed in the architecture of an Exchange organization. Familiarity with mixed and native modes is a necessity, both in the context of AD and Exchange. Exchange 2003 installs in mixed mode by default. Go here and here for more information.

Having a firm grasp on basic AD administration is indispensable as several questions are featured around this topic. Terms like Organization Unit (OU) and Group Policy should be familiar concepts in designing efficient Exchange management strategy. Distinction between the types of administrative groups that control permissions and access levels must be clearly made in order to establish roles and responsibilities as outlined in the scenarios (Domain, Server or Exchange Admins).

Storage Groups
Storage groups is an area that receives a lot of attention throughout the exam. It is imperative to review the following to appreciate the fundamental concepts in order to design solutions that satisfy business and technical needs:

  • Each Exchange Server can have a maximum of four storage groups plus one recovery storage group.
  • A maximum of five mailbox stores can be created per storage group (Enterprise Edition only); hence, 20 mailbox stores are supported per Exchange Server.
  • One common set of configuration settings apply at each storage group level:
    • transaction logs and checkpoint file
    • circular logging feature (disabled by default)
    • backup schedules and configuration
    • storage mailbox size limit

Partitioning user mailboxes into different mailbox stores allows faster backup and recovery. Mailbox size will obviously influence the total time to carry out these mundane tasks.

The Recovery Storage Group is introduced in Exchange Server 2003 and is discussed here.

Exchange Administrative Roles
Permissions govern the types of tasks that can be carried out and is dependent on the following Exchange roles:

  • Exchange Full Administrator: full control permissions to relevant areas of the configuration partition
  • Exchange Administrator: similar to Exchange Full Administrator except for certain permissions restrictions
  • Exchange View Only Administrator: read-only permissions to relevant areas of the configuration partition

Administrative permissions can be delegated at the Exchange organizational or specific administrative group level, and is performed using the Exchange Server Delegation Wizard. Go here for a detailed description of these roles.

Exchange Building Blocks and Security
A core highlight in any design exam, you must be well prepared to answer a variety of questions relating to this topic. How the various elements are brought together to design and build a robust and secure Exchange infrastructure will be tested in varying degrees.

Windows Server 2003’s Network Load Balancing (NLB) can be used to cluster Exchange front-end or bridgehead servers to provide redundancy, increased availability and improved response time. Client access to the front-end servers takes place over supported Internet access protocols such as http (TCP:80), https (TCP:443), IMAP4 (TCP:143), IMAP4 with SSL (TCP:993), POP3 (TCP:110) and POP3 with SSL (TCP:995). Connection from front-end servers to back-end servers, however, is always established using the corresponding non-secured version of a client’s access protocol (e.g., http instead of https). This unencrypted channel can be protected using IPSec but Exchange Server 2003 must be running on Windows Server 2003 on both front- and back-end servers. Make sure that you know how all this works; go here for more.

To facilitate secured communication for legacy MAPI clients, the perimeter firewall must be properly configured. (Go here for more info on that.) On the client side, Outlook Web Access can digitally sign and encrypt e-mail messages using the new Secure/Multi-purpose Internet Mail Extension (S/MIME) OWA control, which is reliant on an existing Public Key Infrastructure (PKI). Go here for more information.

Realize that instead of NLB, Microsoft Cluster Service (MSCS) is used on Exchange back-end servers that typically host mailbox and public folders. Installation of anti-virus (AV) software is only necessary on servers containing mailboxes, hence it makes sense to procure AV licenses with this in mind.

You should digest some quick facts about Exchange front-end servers before hitting the exam floor:

  • It does not hold any user data such as mailbox or public folders.
  • It’s typically located in the demilitarized zone (DMZ)/screened subnet.
  • It’s mainly responsible for network communication with clients, acting as a proxy for incoming client requests and relays to the appropriate Exchange back-end server.
  • It provides a single namespace for users of Internet-based messaging clients (hides actual mailbox location).
  • Outlook Web Access (OWA) installed on a front-end server enables users with Internet Explorer (IE) 5.5 and above to gain mailbox and public folder access (IE 6.0 SP1 and above are required to support S/MIME).
  • It can be configured as an RPC over HTTP proxy server.
    • Permits users to use the full-featured Microsoft Office Outlook 2003 MAPI client to access mailbox (no separate VPN needed).
    • RPC over HTTP actually uses Secure Hypertext Transfer Protocol (S-HTTP) over an SSL connection configured on Internet Information Server (IIS).

If OWA is deployed in a front-end/back-end topology, always upgrade the front-end servers first before the back-end servers. For more info, go here.

Another key component of an Exchange infrastructure is the bridgehead server. A bridgehead server moves messages between routing groups or to destinations outside of the local routing group by means of a routing group connector (e.g., to the Internet or non-Exchange messaging system). It also plays a significant role in load balancing and fault tolerance. This can be achieved by specifying multiple source and destination bridgeheads for a single routing group connector between two routing groups.

To round up this section, obtain a copy of the "Exchange Server 2003 High Availability Guide" and read up in advance before the exam.

Routing Groups, Connectors and Costs
A routing group is defined as a collection of servers having reliable network connections with one another. This is mainly based on physical topology such as in a LAN or across underutilized hi-speed WAN connections. For the purpose of message routing, routing groups in Exchange 2003 are the equivalent to Exchange 5.5 sites.

Within the same routing group, servers communicate among themselves directly. To facilitate message transfer between different routing groups, a routing group connector must be created. Each routing group can have one or more bridgehead servers linked to the connector. The special Routing Group Connector that uses SMTP is the preferred method of connecting routing groups (although SMTP or X.400 connector can be used).

External message delivery to the Internet or a non-Exchange messaging system can be made with an SMTP connector. X.400 connectors are suitable for building routing topologies to connect to Exchange Server 5.5 outside of an Exchange organization or to other X.400 capable systems.

Cost is a variable associated with a routing group connector to enable Exchange to determine the most efficient message route. This is particularly important with large numbers of routing groups dispersed across geographical locations and is highly dependent on criteria such as physical topology, network speed, bandwidth availability and utilization. By design, Exchange will always attempt to use the lowest sum total cost routes to transfer messages to the final destination.

In this exam, expect to encounter drag-and-drop and other types of questions that quiz your knowledge in defining routing groups and assessing cost factors for optimal message transfer.

DNS Namespace
This topic rightfully should fall under the space of Windows Server 2003 network and infrastructure. Nevertheless, you should be educated of its significance in an Exchange organization. For a messaging system to be any useful, connectivity to the outside world (Internet) is inevitable. An organization's existing mail servers are identified by published MX records defined on external, publicly accessible DNS Servers. When more than one mail server is available, mail delivery can be directed to specific servers by tagging a different preference number to each MX record; the higher the number, the lower the delivery preference (watch out and don’t get mixed up!). For instance, if a situation calls for all incoming mails to be always delivered to mail01.mcpmag.com and only to mail03.mcpmag.com when the former fails or is unreachable, preference MX records of 10 and 20 can be assigned respectively (and not 20 and 10). Conversely, load balancing can be attained by assigning the same preference number to different mail servers.

Still on the topic of namespace, users may have mailboxes scattered around in different Exchange organizations with the need to maintain their old SMTP domain, while adopting a new corporate identity based on a common public SMTP domain. This type of setup is not uncommon in the case of a company acquisition or merger, or even during migration to Exchange Server 2003 from version 5.5 or 2000. A good comprehension of how configuring a shared SMTP namespace can help resolve such business needs is anticipated in the exam. Go here for a detailed treatment of this topic.

Coexistence, Migration, Upgrade Strategy
Predictably a prime focus in a design exam, make certain that you invest time to gear up for this part of the exam. Deploy the Exchange Server Migration Wizard (mailmig.exe) to migrate data from legacy or non-Exchange messaging systems into Active Directory and the target Exchange store in a different organization. The source mailbox remains intact as the migration is just a copy process. Used in conjunction with the Active Directory Connector (ADC), dissimilar Exchange organizations can coexist (5.5 and 2000/2003) that have appropriate Connection Agreements (CA) in place with defined replication scope (mailbox, custom recipients, distribution lists, etc.). This lets users maintain e-mail access during migration for instance. Besides the classic use in migrating domain user accounts, Active Directory Migration Toolkit (ADMT) can also help retain user permissions which would otherwise end up being a manual task after migration. Note that Move Mailbox from the Exchange Task Wizard is another option for moving mailboxes. Search for Knowledge Base articles 281223, 823601, 328871, 327928, 822892, 326079 and 822178 here to have a better appreciation of these crucial topics.

To replicate free/busy calendar information in addition to synchronizing public folder contents between separate Exchange organizations, the Inter-Organization Replication Tool is the right application to use. (Go here for more info.) Don’t forget to check out how public folders and referrals function. (Go here for more info.)

10 Things to Practice

1. Get acquainted with the basics of Active Directory concepts, terminology and various networking technologies and how Exchange fits into the overall infrastructure (e.g., DNS and SMTP namespace).

2. Build a test environment using virtualization technology such as Virtual Server 2005 to practice and gain hands-on experience with AD and Exchange.

3. Extend the test environment with fault-tolerance/redundancy built around Network Load Balancing (NLB) and MS Cluster Service (MSCS) to learn about Exchange High Availability (HA).

4. Have a firm grasp on the storage group concept and its impact on backup, recovery, mailbox partitioning and configuration strategy.

5. Find out how to manipulate Routing Groups, Connectors and Cost assignments to optimize message routing in Exchange.

6. Understand how to enhance security in an Exchange environment starting from the client to the server end (e.g., digital signature using PKI, Outlook 2003 access via RPC over HTTP, IPSec deployment to encrypt channel between Exchange front-end and back-end servers).

7. Be very familiar with the administrative models both in AD and Exchange to enable proper access control and permissions assignments in an organization.

8. Acquire knowledge on the assortment of tools and the correct types to deploy in scenarios that call for coexistence, migration and upgrade in the same or different Exchange organizations (e.g., ADMT, Exchange Server Migration Wizard, Active Directory Connector).

9. Know what kinds of tools are available for synchronization of public folders, referrals and free/busy calendar information between multiple Exchange organizations (e.g., Exchange Public Folder Migration Toolkit, Inter-Organization Replication Tool)

10. Review the official exam guide, MS Knowledge Base, Resource Kit and white papers.

Parting Tips
If you survived reading the article up to this point, you probably have already gathered that this design exam is certainly not an easy piece of cake to swallow. You are expected to demonstrate expertise in diverse topics with the ability to piece the different bits of a puzzle together to build the final big picture. Concentrate on acquiring some hands-on practice to get acquainted with the product. Remember to devote time to review the Knowledge Base articles presented here.

Related Links

Lastly, go through the official exam guide again and evaluate areas that may not have been addressed by this exam review (since not all topics are tested in the actual exam). You should then be all set to tackle the exciting Exchange challenges in front of you. May the force be with you and best of luck!


comments powered by Disqus

Subscribe on YouTube