70-284: Master of Messaging
This exam review jump-starts your study efforts to becoming an expert in Microsoft's newest messaging system.
Exchange Server 2003 adoptions are happening at a fast pace—many
companies are leaping over the upgrade to Exchange 2000 and moving directly
from 5.5 to 2003. That means you'd be well situated to work on migration
projects in your organization if you've made an effort to educate yourself
on Microsoft's latest messaging platform. Going after your certification
as part of that process is a great way to prove your expertise.
In this article, I help you prepare for one of the newest Exchange exams
by covering the crucial test objectives listed in Microsoft's exam preparation
This exam focuses on installation, configuration, managing, monitoring,
maintaining and troubleshooting Exchange servers, organizations, recipients
and address lists. What you'll discover is that you'll need more than
simply a solid understanding of Exchange—you'll also be tested on
Windows Server 2003! Your experience with Exchange 2000 will also be of
Exchange Server 2003
This exam is similar in difficulty to the Exchange 2000
Server administration exam 70-224, but with new content
added for Windows Server 2003 and Exchange Server 2003.
Implementing and Managing Microsoft Exchange Server
Who Should Take It
Elective credit for Windows 2000 or 2003 MCSA and MCSE,
as well as MCSA: Messaging and MCSE: Messaging.
Implementing and Managing Microsoft Exchange Server
2003 (5 days)
Upgrading Skills from Microsoft Exchange Server 5.5
to Microsoft Exchange Server 2003 (3 days)
2011: Troubleshooting Microsoft Exchange
Server 2003 (3 days)
Working with the Exchange Software
For the first area of expertise, "Installing, Configuring, and Troubleshooting
Exchange Server 2003," you'll need to be prepared to answer questions
about preparing Windows 2003 forests and domains, upgrading from Exchange
5.5, messaging connectors and clustering.
When preparing a Windows 2000 Forest or Domain for Exchange 2003, you
need to run the Exchange 2003 setup utilities /ForestPrep and /DomainPrep,
even if Exchange 2000 is already installed. Likewise, when preparing to
install Exchange 2003 in a Windows 2003 Forest or Domain, the same utilities
are used, but mostly to extend the Schema for additional classes and attributes.
Tip: You should upgrade to Exchange 2003 by first upgrading
Exchange and then Windows 2000 to 2003. You can't upgrade directly from
Exchange 5.5 to Exchange 2003, but you can add an Exchange 2003 server
to a 5.5 site and use the move mailbox option.
Tip: You must run /DomainPrep in all domains that will
contain Exchange 2003 mailbox-enabled objects (such as users and groups),
even if no Exchange servers will be installed in these domains.
Tip: Exchange 2003 is supported on Windows 2000 with SP3
and Windows 2003, but Exchange 2000 isn't supported on Windows 2003. Some
of the advanced security features are unavailable when running Exchange
2003 on Windows 2000 because of the earlier security model. Interestingly
enough, you can run Exchange 5.5 on Windows 2003.
Exchange designated bridgehead servers can take on many roles, including
the ability to send and receive Internet-based e-mail for all or only
selected users in the Exchange organization. The actual role of sending
and receiving Internet-based mail can be split among servers as well.
When configuring the delivery of Internet-based e-mail, a Smart host can
be an ISP's SMTP server, which assumes responsibility for DNS resolution
and mail delivery.
Exchange 2003 includes the Internet Mail Wizard to help you configure
Internet mail connectivity. As it guides you through the process of configuring
the Exchange server to send and receive Internet mail, it creates the
necessary SMTP connector for outgoing Internet mail and configures the
SMTP virtual server to accept incoming mail.
Tip: When using the Internet Mail Wizard, be careful about
enabling the Allow Open Relay option, unless you know exactly what you're
doing. For more on this topic, read Bill Boswell's "Windows Insider"
the Exchange Server."
Clustering technologies are a big part of the Windows 2003 exam series.
With the study and practice required for passing core MCSE exams, you
shouldn't have many problems in tackling questions about those topics
on the Exchange exam. Be sure you're familiar and comfortable with configuring
cluster resources and dependencies. Let's review the process.
After completely installing Exchange on each of the cluster nodes, these
steps are required:
- Create the group to host the Exchange virtual server.
- Create an IP Address resource.
- Create a Network Name resource.
- Add a disk resource to the Exchange virtual server.
- Create an Exchange 2003 System Attendant resource.
Tip: When doing a new installation, you must install and
configure Windows clustering services prior to installing Exchange.
Coexistence with multiple messaging systems is a fact of life for many
enterprises. For this exam, read up on the Lotus Notes connector and migration
options. You can find this information in the Exchange 2003 Help and Support
documentation included with the product. Don't forget about the Exchange
Server Migration Wizard when studying and practicing in the lab.
Keeping Computers Up
The objectives in the section of the guidelines on "Managing, Monitoring,
and Troubleshooting Exchange Server Computers" include: server health,
data storage, clusters, backup and recovery and server removal.
This exam will test your knowledge of server monitoring with such tools
as Event Viewer and System Monitor. Learn how to interpret the output
of these and be able to identify when and where problems exist.
Tip: The system monitor SMTP Queue Growth counter can be
used between routing groups to monitor connectors and message flow.
System Policies allow you to manage and maintain Exchange servers across
routing and administrative groups. Public folder store, mailbox store
and server policies can be used to define such things as message tracking.
You can even copy system policies between administrative groups!
Tip: If a user is permitted to send mail in Exchange RTF
(Rich Text Format), the recipients must be using Exchange and have RTF
enabled. Otherwise, the RTF content will come across as an attachment
Learn the basics of routing and administrative groups. Routing groups
are similar to Exchange 5.5 Sites and should align with the physical topology
of your messaging infrastructure. Connectors allow you to make connections
between servers in different routing groups. Administrative groups should
align with the logical messaging administrative model defined in your
organization. You can never move servers between administrative groups
but you can between routing groups.
Knowing how to do backup and recovery is essential for administrative
work. You need to understand the new backup options available using VSS
as described in many of my Windows Server 2003 MCSA and MCSE exam reviews.
Also be sure you understand the ramifications of circular logging when
used with backup. The bottom line: Don't enable it in most cases unless
you really understand it and have a need. It can't be used with Incremental
or Differential backup types!
Exchange database transaction logs can be moved to separate drives using
the Exchange System Manager, within the properties of a storage group.
Mailbox stores can also safely be moved, but be sure to use System Manager
for this process.
Tip: Using the new Mailbox Recovery Center, you can simultaneously
perform recovery or export operations on multiple disconnected mailboxes.
Removing an Exchange server from the organization involves the process
of first moving the mailbox stores and public folder stores if present.
Using the Exchange tasks—available in Active Directory Users and
Computers—you can move recipient mailboxes to other servers. The
rehoming process using the forest Global Catalog servers should direct
the user's PC to the correct server at next logon. Finally, use System
Manager | selected server | Action | All Tasks | Remove Server, to remove
the server from both the organization and Active Directory.
The Exchange Organization
The objectives for, "Managing, Monitoring, and Troubleshooting the
Exchange Organization," encompass public folders, virtual servers,
front-end and back-end servers, connectivity and infrastructure performance.
A public folder store holds information associated with a particular
public folder tree, such as how the tree is structured and what folders
the tree contains. It also holds public folder content. Public folders
can be mail-enabled or hidden from the global address list.
Virtual servers allow for multiple e-mail domain hosting or hosting of
specific mail-enabled accounts. They're also used with cluster servers.
Tip: Exchange servers can be dedicated to private or public
folder use and access by eliminating the unused private or public stores.
Managing and monitoring front-end and back-end servers is a skill you
need to exhibit in this real life and in this exam. Front-end servers
don't contain private or public stores. They exist only to secure the
connection to the remote client and back-end servers and should always
use IPSec to do so!
Connecting two Active Directory forests and Exchange organizations can
be a daunting task. By creating SMTP connectors with server authentication,
users from company A can be resolved to a contact in company B's global
address list and vice-versa. The actual implementation of this is tricky.
You can find detailed instructions within the product documentation when
you need it. Study this closely. Be prepared to tackle questions about
creating and managing external contacts and address lists. (More on this
When configuring the intranet firewall for Exchange front-end and back-end
server communication, ports 389, 3268, and 88 must be open for LDAP and
Kerberos. Ports 80 and 25 should also be open along with 50, 51, and 500
Real time infrastructure performance monitoring can be done using the
Performance console. During an Exchange installation, many new counters
are added that allow for server, store, connector and replication monitoring.
After you have a server up and running, explore some of the feedback and
reports that can be generated.
Security in the Exchange Environment
Under the general heading, "Managing Security in the Exchange Environment,"
you'll find objectives regarding connectivity across firewalls, audit
settings and logs, permissions, and encryption and digital signatures
now available with OWA.
Exchange 2003 has raised the bar when it comes to security out of the
box. Many things such as POP3 and IMAP4 protocol services are disabled
and must be started using the Services snap-in.
Typical auditing and logging should be used when it comes to monitoring
security on Exchange. This includes logons, permission changes, directory
access and account changes.
Configuring a firewall to allow for Exchange server communication between
locations can be found in the document, "Using
Internet Security and Acceleration (ISA) Server 2000 with Exchange 2003."
Watch for obvious questions relating to the use of ISA Server as your
firewall. ISA Server can be configured to listen for incoming SMTP requests
and forward the valid connections to an internal Exchange server.
SSL should always be used when configuring an Exchange server for remote
HTTP access. The use of a trusted or self-issued certificate will secure
HTTP communications and thwart would-be snoopers.
Controlling access to virtual servers is a must when securing Exchange
servers. Anonymous, Basic, and Integrated Windows are just the beginning.
Servers can also be secured using port, IP address and domain filtering.
And if you haven't heard, Exchange Server 2003 also has built-in support
for RBLs (Realtime Blackhole Lists)!
Tip: The Exchange Administration Delegation Wizard simplifies
delegating permissions to Exchange administrators. You can delegate administrative
permissions at the organization level in System Manager or at an administrative
You may or may not find questions on this exam for each of these new
security features, but I thought you should know about some of the new
options Exchange 2003 offers. Perhaps through increased awareness and
collaboration, we can increase the security of our messaging infrastructures
and make a dent in the unsolicited e-mail that clutters our networks!
- Outlook Web Access now allows the use of the Internet-standard S/MIME
security extensions: S/MIME allows you to sign and encrypt e-mail messages
and attachments digitally to protect them against tampering or eavesdropping.
- Session inactivity timeout using forms-based authentication allows
support for timed logoff as well as secure logoff, even if the browser
is left open with a current session to the server.
- By default, content from outside a user's network is blocked in Outlook
2003 and Outlook Web Access. Users can override this to view external
content. This feature helps prevent spammers from identifying valid
e-mail addresses by links to external content.
By blocking Web beacons by default, this helps stops spammers from using
Web links to covertly verify that recipients' e-mail addresses are active.
Users are ultimately in control of this feature and can unblock HTML on
a per-message basis or disable it completely.
Recipient Objects and Address Lists
The topic of "Managing Recipient Objects and Address Lists"
includes managing recipient policies, user objects, distribution and security
groups, contacts and address lists.
The term recipient refers to an Active Directory object that's mailbox-enabled
or mail-enabled. Mailbox-enabled recipients can send, receive and store
messages. External contact, mail-enabled objects, can be used to simplify
the process of sending Internet-based e-mail for Exchange users. These
objects can also be resolved to global address lists as noted earlier.
Tip: Windows 2003 includes two types of groups: Security
and Distribution. Security groups are used in the traditional sense to
group users for permissions to network resources. Distribution groups
are used for e-mail only.
Recipient policies can be a big time saver in large Exchange organizations.
For example, a recipient policy that manages e-mail addresses has the
following characteristics: It applies to a selected group of recipients;
it always contains information about the address types that are to be
applied to those recipients, and it's given a priority so that you can
control what address is applied as the primary address to a recipient
that may appear in more than one policy. The first step in creating a
recipient policy is to choose the type of policy to create. A single recipient
policy can contain an address policy, a Mailbox Manager policy or both.
Tip: InetOrgPerson objects can be mail-enabled only if
you have a Windows 2003 domain controller and Exchange 2003 servers in
When it comes to Exchange address lists, the most familiar is the global
address list. By default, the GAL contains all recipients within an Exchange
organization. Any mailbox-enabled or mail-enabled object in the Active
Directory forest where Exchange is installed is listed in the GAL. Creating
and managing custom address lists is a skill you should master! Address
lists can be created and sorted by any attribute associated with a recipient.
The simplest and most efficient address list hierarchy would be based
on location and department. Empty address lists can be used as placeholders
Things To Practice
Install Exchange 2003 in your Windows 2000 forest
and domain. Understand when and how to use ForestPrep
and DomainPrep. Then upgrade your forest and domain
to Windows Server 2003 starting with ADprep.
Get a copy of VMware or Microsoft's Virtual PC
and build an Exchange organization of at least three
servers. Connect them across routing groups and
assign them to administrative groups.
Install the Windows 2003 clustering service and
build a cluster installation of Exchange 2003 as
outlined in this review.
Create server policies and understand what happens
when they are applied in order of precedence. Do
the same with recipient policies.
Create and configure additional virtual servers.
Practice monitoring queues and server performance.
Add ISA Server to your network and understand
how to configure it to secure an Exchange server.
Practice managing recipient policies, user objects,
distribution and security groups, contacts and address
lists. This is a big part of an Exchange administrator's
daily tasks and it's important to understand for
Sharpen your skills of deciphering network topologies
and subnetting. Always use an efficient and logical
approach to troubleshooting.
Work with Queue Viewer in the Exchange System
Manager console. Create queue problems and observe
the results of these noting how to repair message
Configure and apply Exchange organizations, routing
and administrative groups, and server permissions
to understand how they can work for you and sometimes
Under the final heading, "Managing and Monitoring Technologies that
Support Exchange Server 2003," the objectives include host resolution,
Active Directory troubleshooting, and connectivity problems.
You haven't made it this far in your quest for Microsoft certification
without acquiring at least a basic understanding of name resolution and
DNS. As I always say, Windows network problems are either DNS or permissions!
MX records should always be used in a zone that's responsible for e-mail
delivery. As mentioned earlier, your ISP's DNS and SMTP server (smart
host) can be used to deliver and accept all Internet-based e-mail. Generally
in larger organizations, dedicated Exchange servers are configured with
SMTP connectors for either outbound or inbound delivery.
This isn't a network infrastructure exam but you should be familiar with
network topologies and subnetting and have the ability to diagnose a problem
based on a given scenario and network diagram.
Queue Viewer is a feature in Exchange System Manager that allows you
to monitor an organization's messaging queues, as well as the messages
that are contained within those queues. Queue Viewer works at a server
level. Understanding where a problem may exist when a queue is in a retry
state is essential. If the queue in question is responsible for a routing
group connector, is the problem related to IP configuration on the Exchange
servers, network routing, or DNS? Only experience can tell! In table 5.6
of the Exchange 2003 Administration Guide mentioned earlier you'll find
some great information on queue status and troubleshooting.
Tip: The application event log and NSlookup can be invaluable
tools when troubleshooting stuck queues.
Your preparations for tackling 70-284 will give you a much greater understanding
about what's involved in the day to day administration of Exchange 2003.
It will also help you on your way to earning the new MCSE: Messaging credential.
As more companies move from Exchange 5.5 to Exchange 2003, this kind of
expertise will help set you apart from others who want to tackle the migration
work—and that's bound to translate to interesting projects for you.