Questions and Answers

1.

You are the Exchange administrator for your organization. On Monday morning, users call to report that they are unable to open Microsoft Outlook; they receive an error message indicating that Exchange Server is unavailable. You check to see if the services are running and find that the Information Store service is stopped. You attempt to start it from Services and it fails, generating an error. Where do you begin troubleshooting?

2.

Which of the following Microsoft operating systems meet the minimum requirements to install Microsoft Exchange System Management Tools?

1. Windows XP Home SP2

2. Windows XP Professional

3. Windows XP Professional SP1

4. Windows 98 SE

5. Windows NT Workstation 4.0 SP6a

6. Windows 2000 Professional SP2

7. Windows 2000 Professional SP3

8. Windows Millennium (Windows Me)

3.

You have been assigned the task of designing a more streamlined administrative structure for your Exchange Server 2003 organization. Your organization currently consists of 15 administrators who have various levels of administrative control of Exchange, assigned individually at the administrative group level as well as the organizational level, in some cases. What would be your best approach to this task?

4.

You are an Exchange administrator for an organization that has five Exchange administrators who perform various tasks. There are no additional Exchange administration roles delegated outside of the service account that Exchange Server 2003 was installed with. You are trying to convince the senior Exchange administrator, who is more management-oriented than IT-oriented, to delegate administrative control to the individual administrators or, at a minimum, to create security groups and delegate control to the groups, but he is reluctant. His reasoning is that it is more secure if only a single user account has the Exchange Full Administrator role for the organization. How would you counter his argument?

1.

Because the service fails to start, you would first check whether any services that the Information Store service is dependent on are in a stopped state. This would tell you if the problem is the Information Store service itself or one of the services on which it is dependent. The Information Store service is dependent on the Microsoft Exchange System Attendant and the EXIFS services. Failure of either one will cause the Information Store service to fail. In addition, you would verify the service account to ensure that it is not locked out and to check that its password was not changed by another administrator.

2.

The correct answers are c and g.

3.

The best approach would be to start the Exchange Administration Delegation Of Control Wizard at both the organizational and administrative group levels and remove all individual user accounts other than the service account. You can then create security groups that match the Exchange Server 2003 administrative roles, with the plan to use those roles for delegating control at the organizational level. Then create additional security groups for each administrative group that has an administrator that should be restricted to only the administrative group level of authority. Then, assign the individual user accounts to the appropriate security groups, and from there you can delegate control, as required.

4.

Having only a single account is actually less secure because all five Exchange administrators will share the same account. As a result, all the administrators will have access to Exchange Full Administrator rights whether they need them or not, and it will be nearly impossible to tell in the Security log which administrator performed a task because all events will have the same user account. Furthermore, having only a single account prevents limiting a particular administrator's rights to a specific administrative group or limiting their access to "view only."

1.

Describe when you would use multiple administrative groups in an Exchange Server 2003 organization and how administrative groups differ from routing groups.

2.

Describe the differences between a centralized administrative model and a decentralized administrative model.

3.

You are an Exchange administrator for an organization that has two physical locations in Dallas that are connected by an ISDN line. There is an Exchange administrator at the other location, as well, and you have two administrative groups so that each of you can manage your own Exchange server without the other interfering. There is a server running Exchange Server 2003 at each location, and the organization is running in mixed mode. Due to the changing economic climate, your company closes the other office, consolidating all resources in the main office (and as a result, you are the only Exchange administrator). You bring all of the hardware back to the main office to set up. What do you need to do to move the Exchange server from the other office into the same routing group as the other Exchange server, since they are now located on the same LAN?

1. Use Exchange System Manager to move the server from one routing group to the other.

2. Use Exchange System Manager to first move the server into your administrative group, and then move it from the other routing group to your routing group.

3. Reinstall Exchange Server 2003 on the other server and place it into the correct routing group during the installation.

4. Reinstall Exchange Server 2003 on the other server and place it into the correct administrative group during installation, which will automatically place it in the routing group under that administrative group.

4.

You are the senior Exchange administrator for the contoso.com domain, which has an Exchange Server 2003 organization that consists of two administrative groups: one for Contoso and one for Fabrikam, a subsidiary of Contoso. One of the divisions of Contoso is being consolidated with Fabrikam, and in the process, you are moving its server running Exchange Server 2003 from the First Routing Group in Contoso to the First Routing Group in Fabrikam. You try to drag and drop the server between routing groups but find that you are unable to. When you place the cursor over the routing group in Fabrikam, it shows a circle with a line through it, indicating you cannot move the server there. What would be preventing the move?

1.

You would use multiple administrative groups in order to create administrative boundaries in your organization. For example, if you need to have part of the organization administered by different personnel than the rest of the organization but you do not want to grant administrative permissions over the entire organization.

Routing groups are used to group servers by the physical topology of the network. Administrative groups are logical groupings not directly related to the physical layout of the network.

2.

A centralized administrative model involves a small number of administrative groups controlled by an IT department at one location, whereas a decentralized model uses many administrative groups to distribute the administration of the Exchange organization to IT personnel in different divisions or physical locations. A centralized model naturally works better in organizations where the IT department is centralized, and a decentralized model works best when branch offices have their own local IT personnel to manage the Exchange environment. A centralized model is used most commonly by smaller organizations, while a decentralized model is most commonly used by larger organizations.

3.

The correct answer is b.

4.

You can only move servers between routing groups that are in different administrative groups when the Exchange Server 2003 organization has been converted to native mode. By default, an organization is in mixed mode, which doesn't support this functionality.

1.

Which of the following statements are true about an Exchange organization operating in mixed mode?

1. Administrative groups are mapped to Exchange Server 5.5 sites.

2. You can move mailboxes between servers in different administrative groups.

3. You can move mailboxes between servers in the same administrative group.

4. You can edit Exchange Server 5.5 system data from Exchange System Manager.

5. You can install servers running Exchange Server 5.5 in your organization, even if you have only servers running Exchange Server 2003 presently.

6. Servers running Exchange Server 5.5 and Exchange Server 2003 can route mail seamlessly.

7. You can configure administrative groups independently of routing groups.

2.

You have a Windows Server 2003 domain that is operating at the mixed mode domain and forest functional level. You have installed Exchange Server 2003 into the domain, which has no other mail services running. You know that you will never need to support Exchange Server 5.5 installations, so you want to convert the Exchange organization to native mode. What do you need to do to accomplish this?

1. Raise the domain functional level to native mode, and then change the Exchange Server 2003 mode to native mode.

2. Raise the domain functional level to native mode, then raise the forest functional level to native mode, and then change the Exchange Server 2003 mode to native.

3. Use Exchange System Manager to change the mode from mixed mode to native mode.

4. Reinstall Exchange Server 2003 and choose native mode during the Setup program.

5. Use the Active Directory Sites And Services console to change the mode for the Microsoft Exchange service from mixed mode to native mode.

3.

You are the senior Exchange administrator for contoso.com, which has an Exchange organization consisting of servers running Exchange Server 5.5, Exchange 2000 Server, and Exchange Server 2003. Due to a recent company reorganization, there is a need to decentralize much of the Exchange administration duties to local branch offices. This will require you to convert the organization to native mode in order to gain the flexibility necessary with administrative groups. What servers must you upgrade prior to converting to native mode?

4.

You have been asked to give a technology presentation for IT management in your company. The topic of the presentation is why the company should upgrade its existing Exchange Server 5.5 infrastructure to Exchange Server 2003. Management is partially sold on the idea after hearing about administrative groups; they want to migrate Exchange Server 5.5 to Exchange Server 2003 in eight of the company's 12 locations and to install Exchange Server 2003 to coexist with the existing Exchange Server 5.5 servers in two other locations. They like the idea of administrative groups not being tied to the physical layout of the network since some locations do not have their own administrators, and in some cases, administrators are responsible for more than one location. After you describe how this works in native mode in Exchange Server 2003, they ask if you can set it up so that the eight administrative groups with only servers running Exchange Server 2003 can be converted to native mode right away, leaving the other administrative groups to be converted later once Exchange Server 5.5 is able to be fully replaced. What do you tell them?

1.

The correct answers are a, c, e, and f.

2.

The correct answer is c.

3.

Native mode supports servers running Exchange 2000 Server and Exchange Server 2003, so you would need to upgrade or migrate the servers running Exchange Server 5.5 to one of these versions prior to converting to native mode. (It is easy to forget that native mode does not require Exchange Server 2003.)

4.

Unfortunately, this scenario wouldn't work. The mode is configured at the organizational level, so mixed mode or native mode is all or nothing. You would have to keep the organization in mixed mode until all servers running Exchange Server 5.5 were migrated.

1.

Describe three reasons why you would want to use a front-end and back-end server architecture.

2.

What versions of Exchange Server can be configured as front-end servers?

1. Exchange Server 2000, Standard Edition

2. Exchange Server 2000, Enterprise Edition

3. Exchange Server 2003, Standard Edition

4. Exchange Server 2003, Enterprise Edition

3.

You are part of a team that is planning a large-scale Exchange Server 2003 deployment. Part of your role in the design is to research and recommend a solution to the problem of managing the remote access of mailboxes on 100 servers running Exchange Server 2003. Approximately 25,000 users will be accessing their mailboxes with connections coming into the network from the Internet, utilizing OWA and POP3. These connections from the Internet are not over a virtual private network (VPN), so they are unsecured. You know that you will recommend using front-end servers so the Exchange Server 2003 administration team will have an easier time managing remote access to the user mailboxes, but what type of configuration would be most appropriate for the needs of the organization?

4.

You are a senior Exchange administrator for Contoso, Ltd., which has recently acquired Fabrikam, Inc. The companies have not yet fully merged and so are still two distinct Active Directory forests. You have been asked to begin to merge the Exchange Server 2003 organizations. You want to configure Contoso's front-end server infrastructure to support Fabrikam's servers running Exchange Server 2003. This would make remote user access consistent between organizations as everyone could use the same server addresses when configuring their mail clients. When you present your plan to the Exchange steering committee, consisting of senior Exchange administrators from both Contoso and Fabrikam, the plan is rejected. Why?

1.

One benefit of using a front-end and back-end server architecture is enhanced security. External users accessing e-mail from the Internet through the HTTP, POP3, or IMAP4 protocols can be made to connect to a front-end server that authenticates them and processes client requests but does not contain the actual mailbox data.

A second benefit of using a front-end and back-end server configuration is being able to provide a unified namespace to external users. You might have many back-end servers hosting mailboxes, but with a front-end server, you would be able to supply all of your external users with the same server settings to access their e-mail remotely.

A third benefit is that using a front-end server can improve the processing time for SSL traffic and at the same time create less burden on the mailbox servers (the back-end servers) themselves. SSL can be negotiated and processed entirely by the front-end server, and traffic between the front-end and back-end servers can pass securely without the overhead of SSL.

2.

The correct answers are b, c, and d.

3.

Because the remote users will not be accessing their mailboxes securely, it is recommended that you put the front-end server behind the firewall. You would only allow the specific ports required for POP3, SMTP, and OWA through the firewall to the front-end server, which would enhance the security of the configuration.

4.

The use of front-end and back-end architecture requires that both the front-end server and the back-end server be part of the same Active Directory forest. Therefore, your plan won't work until after fabrikam.com has been migrated into the contoso.com forest. Until that time, you would still have to maintain two separate namespaces.

1.

Describe an appropriate administrative group structure for Contoso's Exchange organization given their requirements.

2.

In a default Exchange Server 2003 organization, could you have Omaha's servers placed in the St. Louis administrative group?

1.

Since day-to-day administration of Exchange is decentralized, you would want to create administrative groups for each location and delegate Exchange administrator permissions to the appropriate groups in each division. Omaha would be an exception as its servers are required to be placed in the St. Louis administrative group.

You would reserve Exchange Full Administrator permissions for the service account and the corporate Enterprise Admins group. By delegating control, you allow the local IT department to manage their local Exchange servers without having to grant them permissions that allow them to administer other locations' servers.

2.

You could, technically, but this wouldn't be the ideal configuration because in the default mixed mode, the administrative group model is tied to the routing model. By placing Omaha's servers in the St. Louis administrative group, you would be implying that they were on the same LAN, which could cause significant performance problems related to replication. The organization should therefore be converted to native mode first. Given that there are no servers running Exchange Server 5.5 nor are there ever likely to be, converting to native mode will be a simple process after installing the first server running Exchange Server 2003 into the organization.

1.

Describe the type of administrative model that is best suited for Contoso, based on its organizational needs. Explain why it is the best choice.

2.

How would you accommodate the needs of the help desk managers to be able to run the Exchange System Manager console to view message queue information while not allowing them to make changes or attempt to alter the message queues (such as forcing a delivery retry)?

3.

Based on the information in the scenario, design a delegation of authority plan that would be the easiest to administer and update on a long-term basis, allow delegation of appropriate levels of permissions to different IT personnel, and meet the administrative model needs of Contoso.

1.

Because Contoso has decided to create an Exchange administration team at the organization level, you would want to build a centralized administrative model. This model can later be adapted, if necessary, when each of Contoso's individual locations has Exchange Server 2003 servers installed locally. Centralized administration fits best because the Exchange organizational infrastructure is centralized and managed from a single location, even though not all administrators have the same permissions.

2.

The administrative role Exchange View Only Administrator exists for just such a purpose, so you can allow read-only access to Exchange data. You could assign this role to the help desk managers' user accounts directly or, even better, to a security group for Exchange View Only Administrators.

3.

The best course of action would be to create security groups for each of the three Exchange Server 2003 administrative roles, assign the two administrators responsible for assigning permissions to the security group matching the Exchange Full Administrator role, and then assign the remaining five Exchange administrators to the security group matching the Exchange Administrator role. You would assign the helpdesk managers to the security group matching the Exchange View Only Administrator role so that they can use Exchange System Manager to monitor the message queues without being able to make modifications to any settings. After creating the security groups and adding the user accounts to the appropriate group, you would use Exchange System Manager to delegate control to each security group at the organization level, assigning the role that matches the security group membership.

1.

Prior to installing Microsoft Exchange System Management Tools on the helpdesk managers' computers running Windows XP Professional SP2, which of the following components need to be installed on the computers? (Choose all that apply.)

1. IIS

2. Windows Server 2003 AdminPack

3. WWW service

4. IIS Manager

5. SMTP service

2.

Contoso's server environment is entirely Windows Server 2003–based, and the company never ran a prior server version of Windows (Windows Server 2003 replaced Novell NetWare 3.12). Given the nature of Contoso's migration to Windows Server 2003, identify a problem that must be addressed prior to installing Microsoft Exchange System Management Tools on the administrators' laptop computers running Windows 2000 Professional SP3.

1.

The correct answers are a, b, and d.

2.

Windows 2000 Professional will require Adminpack.msi to be installed from the Windows 2000 Server installation CD. This could be an inconvenience initially for a company that has never had any computers running Windows 2000 Server and therefore likely doesn't have an installation CD for the program. They would need to obtain the Windows 2000 Server media through their Microsoft representative or download an evaluation version of Windows 2000 Server to install the AdminPack on the Windows 2000 Professional workstations. Neither would violate the licensing agreements.