MS Exchange Interview Questions

1. What must be done to an AD forest before Exchange can be deployed?

Setup.exe /forestprep
2. What Exchange process is responsible for communication with AD?
DSACCESS
3. What 3 types of domain controller does Exchange access?
Normal Domain Controller, Global Catalog, Configuration Domain Controller
4. What connector type would you use to connect to the Internet, and what are the two methods of sending mail over that
connector?
SMTP Connector: Forward to smart host or use DNS to route to each address
5. How would you optimise Exchange 2003 memory usage on a Windows Server 2003 server with more than 1Gb of
memory?
Add /3Gb switch to boot.ini
6. Name the process names for the following:
System Attendant? MAD.EXE, Information Store STORE.EXE, SMTP/POP/IMAP/OWA INETINFO.EXE
7. What is the maximum amount of databases that can be hosted on Exchange 2003 Enterprise?
20 databases. 4 SGs x 5 DBs.
8. What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAP and Global Catalog?

9.

25
110
143

SMTP
POP3
IMAP4

135

RPC

389

LDAP

636

LDAP (SSL),

3268

Global Catalog

465

SMTP/SSL,

993

IMAP4/SSL,

563

IMAP4/SSL,

53

DNS ,

80

HTTP ,

88

Kerberos ,

- 102
110 POP3 ,

X.400 ,

119
NNTP ,
137 - NetBIOS Session Service

139 - NetBIOS Name Service ,

379

LDAP (SRS) ,

443

HTTP (SSL) ,

445 - NetBIOS over TCP

563

NNTP (SSL) ,

691

LSA ,

993

IMAP4 (SSL) ,

994

IRC (SSL) ,

995

POP3 (SSL) ,

1503

T.120 ,

1720

H.323 ,

1731 Audio conferencing ,

1863 - MSN IM
3268 GC ,
3269 GC (SSL) ,
6001 Rpc/HTTP Exchange Store ,
6002 HTTP Exchange Directory Referral
service ,
6004 Rpc/HTTP NSPI Exchange Directory
Proxy service/Global Catalog ,
6667 IRC/IRCX ,
6891 - 6900 - MSN IM File transfer ,
6901 - MSN IM Voice ,
7801 - 7825 - MSN IM Voice[/b]

What are the prequisite for installation of Exchange Server

The pre requsite are
IIS, SMTP, WWW service ,NNTP, W3SVC
NET Framework
ASP.NET
Then run Forestprep
The run domainprep

10. Which protocol is used for Public Folder ?

ANS: SMTP

11. What is the use of NNTP with exchange ?

ANS: This protocol is used the news group in exchange
12. Disaster Recovery Plan?
Ans: Deals with the restoration of computer system with all attendent software and connections
to full functionality under a variety of damaging or interfering external condtions.
13. About the new features in Exchange 2003:
1.Updated Outlook Web Access.
2.Updated VSAPI (Virus Scanning Application Programming Interface)
but in Exchange Server 2003 Enterprise, there are Specific Features which :
3.Eight-node Clustering using the Windows Clustering service in Windows Server
(Ent.&Datacenter)
4.Multiple storage groups.
5..X.400 connectors which supports both TCP/IP and X.25.

14. What would a rise in remote queue length generally indicate?

- This means mail is not being sent to other servers. This can be explained by outages or performance

issues
with the network or remote servers.
15. What would a rise in the Local Delivery queue generally mean?
This indicates a performance issue or outage on the local server. Reasons could be slowness in
consulting
AD, slowness in handing messages off to local delivery or SMTP delivery. It could also be
databases being
dismounted or a lack of disk space.
16. What are the disadvantages of circular logging?

In the event of a corrupt database, data can only be restored to the last backup.
17. What is the maximum storage capacity for Exchange standard version? What would you do if it reaches maximum
capacity?
16GB.Once the store dismounts at the 16GB limit the only way to mount it again is to use the 17GB
registry setting. And even this is a temporary solution.
if you apply Exchange 2003 SP2 to your Standard Edition server, the database size limit is initially increased to
18GB. Whilst you can go on to change this figure to a value up to 75GB, its important to note that 18GB is the
default setting
HKLM\System\CurrentControlSet\Services\MSExchangeIS\{server name}\Private-{GUID
It therefore follows that for registry settings that relate to making changes on a public store, youll need to work
in the following registry key:
HKLM\System\CurrentControlSet\Services\MSExchangeIS\{server name}\Public-{GUID}
Under the relevant database, create the following registry information:
Value type: REG_DWORD
Value name: Database Size Limit in GB
Set the value data to be the maximum size in gigabytes that the database is allowed to grow to. For the Standard
Edition of Exchange, you can enter numbers between 1 and 75. For the Enterprise Edition, you can enter numbers
between 1 and 8000. Yes, thats right, between 1GB and 8000GB or 8TB. Therefore, even if you are running the
Enterprise Edition of Exchange, you can still enforce overall database size limits of, say, 150GB if you so desire.
Exchange 2000 Server Question
18. You are the Exchange Administrator for your company. A hard disk on one of the Exchange 2000
Server computers
fails. The failed hard disk contained the Exchange 2000 System files. The hard disk that contained the transaction log
files and exchange databases was not affected by the failure. You replace the failed hard disk. You need to bring the
server online, but the only available does not include the system files.
What should you do?
A. Reinstall Exchange 2000 Server by running setup/DomainPrep on the server.
B. Reinstall Exchange 2000 Server by running setup/DisasterRecovery on the server.
C. Perform a normal installation of Exchange 2000 Server on the server. Create a new database that uses the same
database names and paths as the original installation.
D. Perform a normal installation of Exchange 2000 Server on the server. Create a storage group that uses the same
database names and paths as the original installation.
19. You are the Exchange Administrator for your company. You configure an Exchange 2000 Server computer as a recovery
server for single mailbox recovery. You restore the database files from your production exchange servers online backup
to recovery server. You specify the correct names and paths of the databases, but you are not able to mount the
databases.
What should you do?
A. Run ISINTEG-patch and then mount the databases.
B. Change the transaction log file path to match the transaction log file path of the original server.
C. In system manager, select the This database can be overwritten by a restore check box, and then
mount the databases.
D. Enable circular logging on the storage group, and then restart the information store service.
20. You are the Exchange Administrator for your company. A power failure causes one of the Exchange 2000 Server
computers shut down abruptly. You restore power to the exchange server, but the hard disk that contains the transaction
log files was damaged. You replace the failed hard disk, but its contents are unrecoverable. When you restart the server,
the mailbox store will not mount. You examine the header of the database, and find it to be in an inconsistent state. You
back up the exchange database files to a safe location, and now you need to bring the mailbox store online with most
current data possible.
Which two actions should you take before mounting the database? (Each correct answer
presents
part
of the solution. Choose two)
A. Run ESEUTIL/R on the database.
B. Run ESEUTIL/P on the database.
C. Run ESEUTIL/G on the database.
D. Run ISINTEG-patch in the MDBData folder.
E. Run ISINTEG-fix on the database.
21. You are the Exchange Administrator for your company. The only domain controller on your Windows 2000 network is
named as server 1. The only Exchange 2000 Server computer on the network is named server 2. Server 1 fails, and you
do not have a backup of the server. You reinstall the domain controller and create a new forest. You need to allow the
users in this new forest to access the exchange mailboxes on server2.
What should you do?
A. Run setup/DisasterRecovery on server 2, and then run the mailbox clean up agent on the mailboxes.
B. Perform a normal reinstallation of Exchange 2000 Server on Server 2. Configure the new installation to use
your original database files, and then reconnect the mailboxes to the new user accounts.
C. Join server 2 to the new domain created by server 1, and then run the mailbox cleanup agent on the
mailboxes.
D. Run EXMERGE against the exchange databases, and save the output to a file. Run setup/DomainPrep on
server2, and then import the EXMERGE data files exchange.
22. You are the administrator of an exchange organization that has the Exchange 2000 Server computers.Each server
supports 1,500 mailboxes. Some users are using Microsoft outlook 2000, and some are using outlook web access.

Recently, you enabled SSL for the default web site on all servers and now require all outlook web access users to connect
by using secure HTTP. Users report that all the servers are much slower than they were before you enabled SSL. You
must keep additional level of security provided by SSL, but you need to improve server responsiveness.
What should you do?
A. Install an additional Exchange 2000 Server computer to support the secure HTTP users, and configure it as a
front-end server.
B. Remove SSL and implement TLS on the SMTP and IMAP4 virtual servers.
C. Install two additional Exchange 2000 Server computers, and move the outlook web access users to the new
server.
D. Specify digest authentication on the default web site, and disable integrated Windows authentication.
E. Enable Windows 2000 IPSec for the network adapter that supports SQL.
23. You are the Exchange Administrator for your company. The public folders in your organization contain more than 10,000
documents. You want to make it easier and faster for users to find specific documents.
What should you do?
A. Configure a public folder store policy, and add the public folder store to the policy.
B. Configure a public folder store policy, and create a full-text index on the public folder store.
C. Configure a public folder store policy, and set the replication for the public folder store policy to
always run.
D. Create a new public folder tree, configure a public folder store policy in this tree, and then create a
fulltext index for the public folder store.
24. You are the exchange administrator for your company. You have a mail box store policy for mailbox storage limits in
effect for your entire exchange organization. The policy is shown in the exhibit. You add a new exchange 2000 server
computer. After the server runs for a few weeks, you notice that several mailboxes are considerably over the limits that
are. You need to configure the server to enforce the limits that you set.
What should you do?
A. Configure a new mailbox store policy for the new server.
B. Configure a new server policy and add the new server to this policy.
C. Set storage limits on the existing mailbox store on the new server.
D. Add the default mailbox store on the new server to the mailbox store policy.
25. You are the exchange administrator of your company. Your network is configured as shown in the exhibit. Click the
exhibit button. All of your employees connect to your exchange 2000 server computers by using the Microsoft outlook
2000 or outlook express while in office and outlook web access outside the office. You examine the exchange 2000 log
files and notice that unknown users on the internet are using your exchange 2000 express server computers to relay
SMTP messages to users outside of your company. You need to prevent unauthorized use of your SMTP server while still
allowing all of your users to connect to your exchange servers whether the users are in the office or out of the office. In
addition, users must still be able to exchange internet e-mail messages with anyone.
What should you do?
A. Create a rule on the firewall to allow only the computers on the LAN to access IP addresses
192.169.1.0/24 by using port 25, port 80 and port 110.
B. Create a rule on the firewall to allow only the computers on the perimeter network to access IP address
192.168.1.0/24 by using the port 25, port 80 and port 110.
C. Configure the SMTP virtual servers to accept SMTP connections from only IP address
192.168.1.0/24 and 92.168.2.0/24.
D. Configure the SMTP virtual servers to accept connections from anyone and to allow relaying for only IP addresses
192.168.1.0/24.
26. You are the Exchange Administrator for an international company. You have Exchange 2000 Server computers located in
15 countries worldwide. You create a routing group for each country and a routing group connector between each country
and the routing group for your main office. The networks in three of these countries are configured with 56-Kbps
connections to your WAN. The networks in the other 12 countries have faster connections. You select several public
folders and configure them to replicate to the Exchange servers in each of these three countries. You need to configure
the public fold replication to occur during non-business hours during those three countries. You also need to prevent the
users in these three countries from accessing public folders that have not been replicated to the Exchange servers
located in their country.
What should you do?
A. Configure the replication interval for the selected public folders to always run. Configure the connection time
for the routing group connectors for each of the three countries and the main office to occur at midnight.
B. Configure the replication interval for the selected public folders to run at midnight. Configure the routing
group connector for each of three countries to disallow public folder referrals.
C. Configure the replication interval for the selected public folder to run at midnight. Configure the routing group
connector for the main office to disallow public folder referrals.
D. Configure the connection time for the routing group connectors for each of the three countries and the main
office to occur at mid night. Set the routing group connector cost to 1.
E. Configure the connection time for the routing group connectors for each of the three countries and the main
office to occur at mid night. Set the routing group connector cost to 100.

27.

You are the network administrator for Contoso Ltd. The company hires a consultant named Amy Jones from Litware Inc.
Amy requires access to your network. She prefers to receive all of her e-mail at her [email protected] address. You
want Amys name to appear in the exchange address book, but you want e-mail messages to be sent only at her
litware.com address.
What should you do?
A. Create a user account that has an exchange mailbox in active directory. Change the SMTP address on the email address tab to the user property sheet to the [email protected] .
B. Create an e-mail enabled contact object for Amy Jones and specify the SMTP [email protected] as
the e-mail address in active directory.

C.

C. Create a user account that does not have an exchange mailbox in active directory. Use exchange task wizard
to assign an SMTP address for [email protected]

D.

D. Create a user account that does not have an exchange mailbox in active directory. Enter
[email protected] as the e-mail address on the General tab of the user property sheet.

28. You are the administrator of seven Exchange 2000 server computers. Each server supports 1,800 mailboxes. Each
servers mailboxes are distributed among five mailbox stores that are located in two storage groups. All mailbox store
settings are configured at the default values. Tape backups on all servers occur between 4 A.M and 7 A.M. Users on the
night shift report that sending and operating messages often takes several seconds between 1 A.M and 2:30 A.M.
Response times are acceptable at other times. You need to improve the response times between 1 A.M and 2:30 A.M.
What should you do?
A. Configure full-text indexing to use a lower amount of system resources.
B. Schedule the tape backups to back up each of the mailbox stores at different times across a wider period of
time.
C. Configure the warning interval of each of the mailbox stores so that warnings run on a custom schedule.
D. Configure the maintenance interval of each of the mailboxes stores so that maintenance is staggered across
a wider period of time.
29. You are the exchange administrator of Miller textiles. Eric, the manager of human resources wants potential job
candidates to send their resumes to [email protected]. Eric wants to prevent employees in other departments from
being able to view these messages. Eric creates a Microsoft outlook public folder named job inquires. You need to
configure the job inquiries folder to accept e-mail messages from job candidates.
Which two actions should you take? (each correct answer presents part of the solution. Choose two)
A. Enable anonymous access for the job inquiries folder.
B. Change the name of the job inquiries folder in the address list to [email protected]
C. Change the SMTP address of the job inquiries folder to [email protected]
D. Make the job inquiries folder visible in the address list.
E. Change the permissions role for the default user to contributor.
30. You are the Exchange Administrator for your company. You recently implemented instant messaging. Some users report
that they are unable to logon to the instant messaging server. You verify that you can log on to the server and
communicate with other users on the network. You need to configure your network to allow all users to log on to the
instant messaging server.
What should you do?

A.

Use system manager to change the permissions on the instant messaging protocol. Grant the Everyone group
read permission.
B. Use system manager to change the permissions on the instant messaging protocol. Grant the user who are
unable to log on the execute permission.
C.
Use the Active Directory users and computers console to select the users who are
unable to log on. Run
Exchange task wizard and enable instant messaging.
D.
Use the Active Directory users and computers console to select the users who are unable to log on. Change
the protocol settings for these users.

31. You are the Exchange Administrator for your company. Your Exchange 2000 Server computer has a single storage group

that contains three mailbox stores and one public folder store. You perform nightly backups, altering between a normal
backup of two of the mailbox stores on one night and a normal backup of the other mailbox store and public folder store
the following night. You notice hat the transaction log files are not being purged, and they are now consuming nearly all
the available disk space. You need to continue to perform alternating nightly backups of the mailbox stores and the public
folder store, but you must make sure that the transaction log files are not taking up too much of hard disk space.
What should you do?
A. Configure the storage group to disable circular logging.
B. Install a new physical disk and move the transaction log files to the new disk.
C. Perform a nightly incremental backup of the entire storage group in addition to the current
backups.
D. Perform differential backups of the mailbox stores and the public folder store instead of normal
backups.

32. You are the Exchange Administrator for your company. You are configuring your Exchange 2000 Server computer to
support a disaster recovery plan. The server has three hard disks, Disk0, disk1, and disk2. The system files are stored on

disk 1. Currently, disk1 and disk2 are not in use. You perform nightly online backups of the exchange databases.You must
configure the server to minimize the loss of data if one of the hard disks fails.
What should you do?
A. Place the log files on disk 1. Place the .edb and .stm files on disk 2. Enable circular logging on the
exchange server.
B. Place the log files on disk 1. Place the .edb files on disk 2. Enable circular logging on the exchange
server.
C. Place the log files on disk 1. Place the .edb and .stm files on disk 2. Disable circular logging on the
exchange server.
D. Place the log files on disk 1. Place the .stm files on disk 2. Disable circular logging on the exchange
server.
Microsoft Exchange Server interview questions

33. What is a Distribution List?

In e-mail applications, a distribution list is a group of mail recipients that is addressed as a single recipient.
Distribution lists are used to send e-mail to groups of people without having to enter each recipient's individual address.
A distribution list is different from an e-mail list in that members cannot reply to the distribution list's name to send
messages to everyone else in the group.
Distribution list is a term sometimes used for a function of email clients where lists of email addresses are used to email
everyone on the list at once. This can be referred to as an electronic mailshot. It differs from a mailing list, electronic
mailing list or the email option found in an Internet forum as it is usually for one way traffic and not for coordinating a
discussion. In effect, only members of a distribution list can send mails to the list.
34. GAL, Routing Group, Stm files, Eseutil & ininteg - what are they used for?
(.STM) Streaming store file. A file used by Microsoft Exchange (mail) server to store user emails. The file is
called a streaming file since data is added to it sequentially in its native format. The data itself inside
the STM file is not encoded or encrypted in any way so if a store is dismounted the file can be viewed
using a text editor.
ESEUTIL is a repair utility. It is a tool to defragment your exchange databases offline, to check their integrity and to
repair a damaged/lost database.
ESEUTIL is located in the \EXCHSRVR\BIN directory. This directory is not in the system path so you must open the
tool in the BIN directory or enhance the system path with the \EXCHSRVR\BIN directory.
GAL : is Global Address List, it contains most if not all email addresses in your Exchange organization.
35. What is MIME & MAPI?
MIME = Multipurpose Internet Mail Extensions It defines non-ASCII message formats. It is a coding standard that defines
the structure of E-Mails and other Internet messages. MIME is also used for declaration of content from other Internet
protocols like HTTP, Desktop environments like KDE, Gnome or Mac OS X Aqua. The standard is defined in RFC 2045.
With MIME it is possible to exchange information about the type of messages (the content type) between the sender and the
recipient of the message. MIME also defines the art of coding (Content-Transfer-Encoding).
These are different coding methods defined for the transportation of non ASCII characters in plain text documents and non
text documents like Images, Voice and Video for transportation through text based delivery systems like e-mail or the
Usenet.
The non text elements will be encoded from the sender of the message and will be decoded by the message recipient. Coding
of non ASCII characters is often based on quoted printable coding, binary data typically using Base64-coding.
There is an extension of this Standard called S/MIME (Secure Multipurpose Internet Mail Extensions) that allows the signing
and encryption of messages. There are other e-mail encryption solutions like PGP/MIME (RFC 2015 and 3156).
MAPI = Messaging Application Programming Interface It's the programming interface for email. It is a Microsoft Windows
program interface that enables you to send e-mail from within a Windows application and attach the document you are
working on to the e-mail note. Applications that take advantage of MAPI include word processors, spreadsheets, and graphics
applications. MAPI-compatible applications typically include a Send Mail or Send in the File pulldown menu of the
application. Selecting one of these sends a request to a MAPI server

36. List the services of Exchange Server 2003?

There are several services involved with Exchange Server, and stopping different services will accomplish different things. The
services are interdependent, so when you stop or start various services you may see a message about having to stop
dependent services. If you do stop dependent services, don't forget to restart them again when you restart the service that
you began with.
To shut down Exchange completely on a given machine, you need to stop all of the following services:
Microsoft Exchange Event (MSExchangeES)
This service was used for launching event-based scripts in Exchange 5.5 when folder changes were detected.
Exchange 2000 offered the ability to create Event Sinks directly, so this use of this service has decreased. This
service is not started by default.
Microsoft Exchange IMAP4 (IMAP4Svc)

This service supplies IMAP4 protocol message server functionality. This service is disabled by default. To use IMAP4
you must enable this service, configure it to auto-start, and start the service.
Microsoft Exchange Information Store (MSExchangeIS)
This service is used to access the Exchange mail and public folder stores. If this service is not running, users will not
be able to use Exchange. This service is started by default.
Microsoft Exchange Management (MSExchangeMGMT)
This service is responsible for various management functions available through WMI, such as message tracking. This
service is started by default.
Microsoft Exchange MTA Stacks (MSExchangeMTA)
This service is used to transfer X.400 messages sent to and from foreign systems, including Exchange 5.5 Servers.
This service was extremely important in Exchange 5.5, which used X.400 as the default message transfer protocol.
Before stopping or disabling this service, review MS KB 810489. This service is started by default.
Microsoft Exchange POP3 (POP3Svc)
This service supplies POP3 protocol message server functionality. This service is disabled by default. To use POP3 you
must enable this service, configure it to auto-start, and start the service.
Microsoft Exchange Routing Engine (RESvc)
This service is used for routing and topology information for routing SMTP based messages. This service is started by
default.
Microsoft Exchange System Attendant (MSExchangeSA)
This service handles various cleanup and monitoring functions. One of the most important functions of the System
Attendant is the Recipient Update Service (RUS), which is responsible for mapping attributes in Active Directory to
the Exchange subsystem and enforcing recipient policies. When you create a mailbox for a user, you simply set some
attributes on a user object. The RUS takes that information and does all of the work in the background with Exchange
to really make the mailbox. If you mailbox-enable or mail-enable objects and they don't seem to work, the RUS is
one of the first places you will look for an issue. If you need to enable diagnostics for the RUS, the parameters are
maintained in a separate service registry entry called MSExchangeAL. This isn't a real service; it is simply the
supplied location to modify RUS functionality. This service is started by default.
Microsoft Exchange Site Replication Service (MSExchangeSRS)
This service is used in Organizations that have Exchange 5.5 combined with Exchange 2000/2003. This service is not
started by default.
Network News Transfer Protocol (NntpSvc)
This service is responsible for supplying NNTP Protocol Server functionality. This service is started by default.
Simple Mail Transfer Protocol (SMTPSVC)
This service is responsible for supplying SMTP Protocol Server functionality. This service is started by default.
Core Exchange Server 2003 Services
Topic Last Modified: 2005-05-23
The following figure illustrates the core components of Exchange Server 2003, together with their service dependencies. Core
components are System Attendant, the Exchange Information Store service, the IIS Admin service, the SMTP service, and
the Exchange installable file system (ExIFS). All of these services must be running on every Exchange Server 2003 server to
guarantee a fully functioning messaging system.
Core Windows services and their dependent core Exchange Server 2003 services

IIS Admin service and SMTP service are integrated with IIS, as discussed in the previous section. The SMTP service must run
on every server running Exchange Server 2003 because all messages sent to or from local recipients must pass through the
SMTP transport engine. If the SMTP service is stopped or unavailable, Exchange Server 2003 cannot deliver messages. For
more information about the routing architecture of Exchange Server 2003, see Message Routing Architecture.
The core components of Exchange Server 2003 have the following responsibilities.
Microsoft Exchange System Attendant service System Attendant is one of the most important services in
Exchange Server 2003. This component has many responsibilities, including maintaining communication with
Active Directory, generating offline address lists, performing message tracking, and so forth. The executable file is
Mad.exe and is located in the \Program Files\Exchsrvr\Bin directory. There are several registry keys that System
Attendant uses for its various internal components under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\, such MSExchangeSA, MSExchangeDSAccess,
MSExchangeAL, MSExchangeFBPublish, MSExchangeMU, and MSExchangeADDXA.
The following table lists the responsibilities of System Attendant.
Internal System Attendant components and their responsibilities
Component

Responsibility

Comments

DSAccess
Component

Locating domain controllers in

the network and providing other
Exchange services with
Active Directory information

System Attendant must find domain controllers and global catalogs

in the network, so that the Exchange services can access recipient
and configuration information. To find domain controllers, System
Attendant uses ADSI to do a server-less binding.
To proxy directory access from other Exchange components, such as
Exchange store and SMTP transport engine, to Active Directory,
System Attendant includes a DSAccess component (DSAccess.dll).
DSAccess also caches directory information to reduce the number of
queries to Active Directory. For more information about roles of
domain controllers and global catalogs, and DSAccess, see Exchange
Server 2003 and Active Directory.

DSProxy
Component

Proxying legacy MAPI clients to

Active Directory

System Attendant's DSProxy component (Dsproxy.dll) refers

Outlook 2000 and later versions to a global catalog server so that
the MAPI client can communicate with Active Directory to get access
to the global address list. DSProxy also relays directory
communication for older MAPI clients that cannot be referred
directly. For more information about DSProxy see Exchange Server
2003 and Active Directory.

Free/Busy
Component

Maintaining free/busy
information for Outlook Web
Access users

System Attendant is involved when publishing free/busy information

in Outlook Web Access. When a user creates an appointment, the
Exchange store extracts the free/busy information from the user's
calendar and sends the data in a message to the System Attendant
mailbox. The free/busy component (Madfb.dll) processes these
messages and publishes the free/busy information in the
SCHEDULE+ FREE BUSY system public folder. For more information
about publishing free/busy information, see Exchange Information
Store Service Architecture.

Mailbox
Manager
Component

Managing mailboxes

The mailbox manager component enforces message retention

policies and mailbox quotas that you can use to manage mailbox
store sizes.

Metabase
update service

Replicating settings from

Active Directory to the IIS
metabase

The Directory Service to metabase update service (Ds2mb.dll) is an

internal component of System Attendant. The Metbase Update
Service replicates protocol settings from Active Directory to the IIS
metabase to apply Internet protocol settings that you configure in
Exchange System Manager to the Internet protocol engines, such as
the SMTP service. For more information about the metabase update
service, see Exchange Server 2003 and Active Directory.

Offline Address Generating offline address books The offline address book generator (Oabgen.dll) creates address lists
Book
in the Exchange store on an offline address list server. Users can
Generator
then connect to this server and download the offline address lists.
Offline address lists provide access to address information when a
user is working remotely and does not have a permanent connection
to the server. Because offline address lists are stored in a hidden
public folder, it is possible to replicate the offline address lists to
multiple servers.
Recipient
Applying recipient policies and
Update Service generating proxy addresses

The Recipient Update Service (Abv_dg.dll) is the System Attendant

component that monitors all mail-enabled user objects and recipient
policies, and applies recipient policies to mail-enabled user objects.
For more information about the Recipient Update Service, see
Exchange Server 2003 and Active Directory.

Server Monitor
Component

Monitoring server resources

System Attendant monitors server resources at periodic intervals

and updates link state information (LSI) through Windows
Management Instrumentation (WMI). System Attendant also
updates the routing table so that the routing engine can make
informed routing decisions based on the current status of servers
and connectors. For more information about link state information,
see Message Routing Architecture.
System Attendant is also responsible for maintaining the message
tracking logs if message tracking has been enabled on a server.

System
Attendant
Component

Verifies computer account

configuration

The computer account of an Exchange server must be a member of

a global security group called Exchange Domain Servers to grant
Exchange Server 2003 the required access permissions to
Active Directory. System Attendant verifies, in the background, that
the computer account belongs to this group.

Exchange Information Store service The Microsoft Exchange Information Store service is another very
important component in Exchange Server 2003, because it maintains the messaging databases that contain all
server-based mailboxes and public folders. The executable file of the Exchange Information Store service is
Store.exe, located in the \Program Files\Exchsrvr\Bin directory. The corresponding registry key is
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS.
The Exchange store uses Extensible Storage Engine (ESE) to maintain the messaging databases and supports a
variety of clients through corresponding store extensions. The following figure illustrates how the various client types
can access messaging data.
Exchange store architecture and supported messaging clients

MAPI clients communicate directly with the Exchange Information Store service through MAPI RPCs. Internet clients,
however, use protocol engines integrated with IIS, as explained earlier in this section. Internet clients and Web
applications communicate with the Exchange store through IIS protocol engines. This communication takes place
through a store driver, Epoxy.dll, and store extensions, such as ExSMTP.dll or ExIMAP.dll. The EPOXY layer is a fast
inter-process communication (IPC) mechanism based on shared memory, which is used by Drviis.dll and store
extensions to coordinate their processing. For example, when delivering an inbound message through SMTP, Drviis.dll
uses the Exchange installable file system to create a message item in the Exchange store, and then communicates
with ExSMTP.dll through EPOXY to instruct the Exchange store to further process the message (that is, to place the
message into the recipient's mailbox). For more information about the interaction between Drviis.dll, Epoxy.dll, store
extensions, Store.exe and ExIFS, see Exchange Information Store Service Architecture.
Exchange Installable File System The Exchange installable file system is a kernel-mode driver, implemented in
ExIfs.sys, which IIS protocol engines and Web applications can use to read and write items from and to messaging
databases. To gain access to the databases, the ExIFS file system driver must communicate with the Exchange store.
This is accomplished through a store extension (ExWin32.Dll) and a user-mode wrapper (Ifsproxy.dll). The Exchange
store, on the other hand, uses ESE to access .stm and .edb files, which are files that reside on a drive formatted with
the NTFS file system. The following figure illustrates this architecture.
The ExIFS architecture

As mentioned in Exchange Server 2003 Technical Overview, a mailbox store or public folder store is made up of a
streaming database (.stm) and a MAPI database (.edb). The IIS components use ExIFS to work with streaming
databases, while MAPI clients, such as Outlook, work with MAPI-based databases (.edb). A streaming database holds
Internet messages in their native format, such as MIME, while an .edb database stores e-mail messages in MAPI
format. The Exchange store must keep both the streaming databases and the corresponding MAPI-based databases
synchronized. To accomplish this, the Exchange store must communicate with ExIFS, in addition to ESE. For example,
when allocating free space in a database, ExIFS requests space from ESE. ESE must track which pages in the
streaming database are reserved and committed. Thus, the Exchange Information Store service depends on ExIFS.
The registry key for ExIFS is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EXIFS. For more
information about ExIFS and the architecture of the Exchange store, see Exchange Information Store Service
Architecture.
Note:
ExIFS is the only kernel-mode component in Exchange Server 2003.

37. How would you recover Exchange server when the log file is corrupted?
To resolve this issue, you must remove the corrupted log file from your Microsoft Exchange 2000 Server computer. To remove
the corrupted log file, follow these steps:
1. Perform an offline backup of the Exchange databases in the storage group that contains the corrupted log file.
Important When you perform an offline backup, the Exchange 2000 computer is unavailable to users whose mailboxes are
stored in the storage group that you are backing up. The Exchange 2000 computer is unavailable to the users because you
must dismount the databases in the storage group.
a. To dismount the databases in the storage group, follow these steps.
1. Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
2. Expand Servers, expand the server that you want, and then expand Storage Group.
Note If you have administrative groups defined, expand Administrative Groups, expand Administrative Group,
expand Servers, expand the server that you want, and then expand Storage Group.
3. Right-click an information store, click Dismount Store, and then click Yes to continue.
4. Dismount the remaining stores that are listed under Storage Group.
b. Back up the storage group by using the Microsoft Windows 2000 version of Windows Backup. You can run Windows
Backup on any computer in the forest that is running Exchange 2000. To back up the storage group, follow these steps:
1. Click Start, point to Programs, point to Accessories, point to System Tools, and then click Backup.
2. Click Backup Wizard, click Next, click Back up selected files, drives, or network data, and then click Next.
3. Expand Microsoft Exchange Server, expand ServerName, expand Microsoft Information Store, click to select
the check box for the storage group that you want to back up, and then click Next.
4. In the Backup media or filename box, specify a location where you want your backup to be stored, click Next, and
then click Finish to start the backup.
When the backup is finished, continue to step 2.
2. Use the Eseutil utility (Eseutil.exe) to determine whether the databases are in a consistent state or in an inconsistent state.
A consistent state is the same as a clean shutdown state. An inconsistent state is the same as a dirty shutdown state. To
determine whether the databases are in a consistent state or in an inconsistent state, follow these steps:
a. Make sure that the databases in the storage group are dismounted.
b. Change to the C:\Program Files\Exchsrvr\Bin folder, and then run the eseutil /mh command by using the following
syntax:
eseutil /mh "C:\Program Files\Exchsrvr\Mdbdata\Database.edb"
Note This step assumes that you installed Exchange 2000 on drive C. This step also assumes that you are running
Exchange 2000 in the Program Files\Exchsrvr\Bin folder and that the .edb files are in the Program
Files\Exchsrvr\Mdbdata folder. If you have performed an upgrade, the database files might be located in the
C:\Exchsrvr\Mdbdata folder. If you have multiple storage groups, the database files might be located in a folder that is
different from the Mdbdata folder.
c. In the output results, locate the output line that is labeled "State." If the database state is consistent, you will see
"State: Clean Shutdown." If the database is inconsistent, you will see "State: Dirty Shutdown."
For additional information about where to find the Eseutil utility, click the following article number to view the article in the
Microsoft Knowledge Base:
170091 XADM: Location of the Eseutil utility
For additional information about Eseutil command line switches, click the following article number to view the article in the
Microsoft Knowledge Base:
317014 XADM: Exchange 2000 Server Eseutil command line switches
3. If the databases are consistent, move all the log files out of the folder where your database files are located, and then
mount the stores. The folder where your database files are located is typically the Exchsrvr\Mdbdata folder. As with any

situation where a log file has been corrupted, some data loss will occur.
4. If the databases are inconsistent, you can try to perform a soft recovery of the files. Important To perform a soft
recovery, you must stop the Microsoft Exchange Information Store service. When the Information Store service is stopped,
all users who have their mailboxes stored on the server will not be able to send and receive mail.
To perform a soft recovery of the files, follow these steps:
a. Click Start, point to Programs, point to Administrative Tools, and then click Services.
b. Locate and then right-click the Microsoft Exchange Information Store service, click Stop, and wait for the
Information Store service to stop.
c. At the command prompt, change to the folder where the database and the log files are located. For example, change to
the C:\Program Files\Exchsrvr\Mdbdata folder.
d. Run the following command in the folder where the database and the log files are located:
"C:\Program Files\Exchsrvr\Bin\Eseutil" /r E00
Note Replace E00 with the three-character log file base name.
For additional information about the soft recovery procedure, click the following article number to view the article in the
Microsoft Knowledge Base:
313184 HOW TO: Recover the information store on Exchange 2000 in a single site
5. If the soft recovery is unsuccessful, you can try to perform a recovery of the Exchange database by restoring from a
backup. The databases in the storage group must remain dismounted if you try to restore from a backup.
Note If you enabled circular logging for the storage group that the inconsistent database is located in, you can only
recover the data that was in the database when you performed the last working full backup. To determine if circular logging
is enabled, right-click the storage group, click Properties, and then view the status of the Enable Circular Logging
check box.
If you restore the databases from an online backup, only replay transaction logs that are older than the log file that is
corrupted.
For additional information about how to restore Exchange from an online backup, click the following article number to
view the article in the Microsoft Knowledge Base:
232938 The "Last Backup Set" check box and hard recovery in Exchange
If you restore the databases from an offline backup, empty the database log folders and the transaction log folders.
Only restore the .edb files and the .stm files.
For additional information about offline backup and restore procedures for Exchange, click the following article number
to view the article in the Microsoft Knowledge Base:
296788 Offline backup and restoration procedures for Exchange
6. If there are no backups available that you can use and if the database remains in an inconsistent state, you can try to
repair your databases by using the eseutil /p command.
Note If you use the eseutil /p command, you may lose some Exchange 2000 data. The command is a hard command. A
hard command is also known as a forcible-state recovery command. Microsoft recommends that you use this command
only if the public information store or the private information store does not return to a consistent state after you perform
the steps that are described earlier in this article.
For more information about the ramifications of using the eseutil /p command, click the following article number to view
the article in the Microsoft Knowledge Base:
259851 Ramifications of running the eseutil /p or edbutil /d /r command in Exchange
38. How can you recover a deleted mail box ?
In Exchange, if you delete a mailbox, it is disconnected for a default period of 30 days (the mailbox retention period), and
you can reconnect it at any point during that time. Deleting a mailbox does not mean that it is permanently deleted (or
purged) from the information store database right away, only that it is flagged for deletion. At the end of the mailbox
retention period, the mailbox is permanently deleted from the database. You can also permanently delete the mailbox by
choosing to purge it at any time.
This also means that if you mistakenly delete a mail-enabled user account, you can recreate that user object, and then
reconnect that mailbox during the mailbox retention period.
Configure the deleted mailbox retention period at the mailbox store object level.
To Delete a Mailbox in Exchange
1. Right-click the user in Active Directory Users and Computers.
2. Click Exchange Tasks.
3. Click Next on the Welcome page of the Exchange Task Wizard.
4. Click Delete Mailbox.
5. Click Next, click Next, and then click Finish.

The mailbox is now flagged for deletion and will be permanently deleted at the end of the mailbox retention period unless you
recover it.
To Reconnect (or Recover) a Deleted Mailbox
1. In Exchange System Manager, locate the mailbox store that contains the disconnected mailbox.
2. Click the Mailboxes object under the mailbox store.
3. If the mailbox is not already marked as disconnected (the mailbox icon appears with a red X), right-click the Mailboxes
object, and then click Cleanup Agent.
4. Right-click the disconnected mailbox, click Reconnect, and then select the appropriate user from the dialog box that
appears.
5. Click OK.
Note Only one user may be connected to a mailbox because all globally unique identifiers (GUIDs) are required to be unique
across an entire forest
.
To Reconnect a Deleted Mailbox to a New User Object
1. In Active Directory Users and Computers, create a new user object. When you create the new user object, click to clear
the Create an Exchange Mailbox check box.
You will connect this user account to an already existing mailbox.
2. Follow steps 1 through 4 in the preceding "To Reconnect (or Recover) a Deleted Mailbox" section.
To Configure the Mailbox Retention Period
1. Right-click the mailbox store, and then click Properties.
2. On the Limits tab, change the Keep deleted mailboxes for (days) default setting of 30 to the number of days you want.
3. Click OK.
39. what is the use of ESUtil.exe ?
Repair the database. ESEUTIL is a tool to defragment your exchange databases offline, to check their integrity and to
repair a damaged/lost database.
ESEUTIL is located in the \EXCHSRVR\BIN directory. This directory is not in the system path so you must open the tool in the
BIN directory or enhance the system path with the \EXCHSRVR\BIN directory.
You can use the Eseutil utility to defragment the information store and directory in Microsoft Exchange Server 5.5 and to
defragment the information store in Microsoft Exchange 2000 Server and in Microsoft Exchange Server 2003. Eseutil
examines the structure of the database tables and records (which can include reading, scanning, repairing, and
defragmenting) the low level of the database (Ese.dll).
Eseutil is located in the Winnt\System32 folder in Exchange Server 5.5 and in the Exchsrvr/Bin folder in Exchange 2000 and
in Exchange 2003. The utility can run on one database at a time from the command line.
40. What are the port Numbers for pop3, imap, smtp port, smtp over ssl, pop3 over ssl, imap over ssl ?
41. Difference between Exchance 2003 and 2007?
Exchange Server 2003
Exchange Server 2003 may be run on the Windows 2000 Server if the fourth service pack has already been installed. It may
also be run on 32 bit Windows Server 2003. There is a new disaster recovery feature that is even better than before. It
allows the server to experience less downtime. The Exchange Server 2003 received some features form Microsoft Mobile
Information server as well. These include Outlook Mobile Access as well as ActiveSync. Improved versions of anti-spam and
anti-virus were also included. Management tools for mailboxes and messages have been improved and Instant Messaging
and Exchange Conferencing Server are now separate products. There are two versions available of Exchange Server 2003.
These include the Enterprise edition and the Standard edition. There are many other features that are available on Exchange
Server 2003.
Exchange Server 2007
When Exchange Server 2003 was released there were no immediate plans as to what would happen to the product. A 2005
edition was dropped and it was not until the end of 2006 that the new version was released. Some of the new features
included integration of voicemail, improved filtering, Web service support, and Outlook Web Access interface. The new edition
was run on a 64 bit x 64 version of Windows Server. This increase the performance significantly. There are quite a few
improvements to Exchange Server 2007. These include better calendaring, improved web access, unified messages, and
better mobility. From a system protection standpoint there is more clustering, antivirus, anti spam, and compliance included.
The IT experience is improved overall with a 64-bit performance. Deployment is better; routing is simplified as well as the
command line shell and GUI.
42. What is required for using RPC over Https with MS Outlook ?
You can configure user accounts in Microsoft Office Outlook 2003 to connect to Microsoft Exchange Server 2003 over the
Internet without the need to use virtual private network (VPN) connections. This feature connecting to an Exchange
account by using Remote Procedure Call (RPC) over HTTP allows Outlook users to access their Exchange Server accounts
from the Internet when they are traveling or are working outside their organization's firewall.
There are several requirements for this feature. These include:

Microsoft Windows XP with Service Pack 1 and the Q331320 hotfix (or a later service pack) installed on users'
computers

Outlook 2003
Microsoft Exchange Server 2003 e-mail accounts
Microsoft Windows Server 2003 (required for server components only)

SERVER REQUIREMENTS
RPC over HTTP/S requires Windows Server 2003 and Exchange Server 2003. RPC over HTTP/S also requires Windows
Server 2003 in a Global Catalog role.
CLIENT REQUIREMENTS
The client computer must be running Microsoft Windows XP Professional Service Pack 1 (SP1) or later.
If you're running SP1, you must install the following update package:
Outlook 2003 Performs Slowly or Stops Responding When Connected to Exchange Server 2003 Through HTTP - 331320
If you have installed Windows XP SP2, you do NOT have to install the update package.
You can also run Windows Server 2003 as the client operating system.
The client computer must be running Microsoft Office Outlook 2003.
RECOMMENDATIONS
Here are some of Microsoft's (and my) recommendations when using Exchange with RPC over HTTP:
Use basic authentication over Secure Sockets Layer (SSL) - You should enable and require the use of SSL on the
RPC proxy server for all client-to-server communications.
Use an advanced firewall server on the perimeter network - A dedicated firewall server is recommended to help
enhance the security of your Exchange computer. Microsoft Internet Security and Acceleration (ISA) Server 2000
is an example of a dedicated firewall server product.
Obtain a certificate from a third-party certification authority (CA) - When using the Basic Authentication you
MUST use an SSL-based connection, and you will have to configure a Digital Certificate for your Default Website.
Read Configure SSL on Your Website with IIS for more on this issue.
A Digital Certificate needs to be obtained from a CA (Certification Authority), either a 3rd-party commercial CA
such as Verisign, Thawte and others, or from an internal CA.
Windows 2000/2003 has a built-in CA that can be installed and used, however, when issuing a Digital Certificate
from your internal CA you MUST be 100% sure that the client computers that are going to connect to the server
are properly configured to trust this CA.
Most operating systems are pre-configured to trust known 3rd-party CAs such as Verisign, Thawte and others.
However unless these computers are made members of the Active Directory domain where you've installed your
CA, they will NOT automatically trust your internal CA, and thus your connection will fail! In these scenarios,
when a user tries to connect by using RPC over HTTP/S, that user loses the connection to Exchange and is NOT
notified.
In such scenarios you must import the ROOT CA Digital Certificate into the client computers in order to make
them trust your CA.
When using 3rd-party trusted CAs, in most cases you won't be required to import anything to the client
computers, however you will be required to pay a few hundred dollars for such a Digital Certificate.
Additionally, if you use your own certification authority, when you issue a certificate to your RPC proxy server, you must
make sure that the Common Name field or the Issued to field on that certificate contains the same name as the URL of
the RPC proxy server that is available on the Internet.
43. If you have deleted the user, after you recreated the same user. How you will give the access of previous mail box ?
Reconnect the Deleted user s mailbox to the recreated user. Provided the recreated user doesnt have mailbox .
44. If NNTP service get stoped, what features of exchange will be effected ?

45. Which protocol is used for Public Folder ?

NNTP Network News Transfer Protocol, both nntp and imap helps
clients to access the public folder. but actually, Smtp send the mails across the public folder.

46. What is latest service pack Exchange 2003?

SP2
47. What is latest service pack Exchange 2000?
SP4
48. What is the name of Exchange Databases?
priv1.edb
49. How many databases in Standard Exchange version 1
50. How many databases in Enterprise Exchange version 20
51. What is Storage Group?
The Exchange store has several logical components that interact with each other. These components can reside on a single
server, or they can be distributed across multiple servers. This topic provides details about the following primary components
of the Exchange store:
Storage groups (including recovery storage groups)

Mailbox databases
Public folder databases

Storage groups
An Exchange storage group is a logical container for Exchange databases and their associated system and transaction log
files.
Storage groups are the basic unit for backing up and restoring data in Microsoft Exchange (although you can restore a single
database). All databases in a storage group share a single backup schedule and a single set of transaction log files.
Exchange Server 2007 Enterprise Edition supports up to 50 storage groups. Exchange 2007 Standard Edition supports up to
five storage groups.

52. What is mail store?

MAIL STORE
The mail store is a directory or Universal Naming Convention (UNC) path where the POP3 service stores all e-mail until users
retrieve it to their client computer.
The basic structure of the mail store, or mail root, is a directory on the local hard disk where all e-mail is stored.
When a domain is created, the POP3 service creates a corresponding directory in the directory that has been designated for
the mail store. For each user with a mailbox in that domain, POP3 creates a directory in the domain directory. E-mail that a
user receives is stored as an individual file within the user's directory until the user retrieves it using a POP3 e-mail client.
The following is an example of the path to an e-mail message in the mail store:
C:\inetpub\mailroot\mailbox\example.com\P3_someone.mbx\P347865.eml
where mailroot corresponds to the mail store directory, example.com to the domain directory, P3_somone.mbx to the
directory for a mailbox named someone and P347865.eml to a single saved e-mail message.
The directory and file permissions for each directory in the mail store are identical. When you configure the mail store, the
permissions are set so that only local or domain administrators and the local network service, which the POP3 service is
configured to run under, are assigned permissions to the directories. No other user is assigned read/write permissions.
The mail store's functionality depends on having adequate hard disk space available. To ensure the mail store's functionality,
you should develop a disk-space requirement estimate based on the number of users on the server, the volume of e-mail that
they will receive, and the average size of the e-mail they will receive.
In addition, you can protect the server from situations where the mail store's disk usage might increase unexpectedly by
implementing disk quotas. Disk quotas monitor and control disk space that is used on NTFS file system volumes. For more
information, see Configuring disk quotas for the POP3 service.
Notes
Because the mail store can potentially use large amounts of disk space, you should either set a disk quota limit on the
volume of the mail store (to control its disk space usage) or set it to use a volume other than the one where the operating
system is installed. This will prevent the possibility of the operating system running out of disk space if the mail store
becomes too large. For more information, see Set the mail store. For more information on disk quotas, see Configuring disk
quotas for the POP3 service.
The mail store must be configured to use either a directory on the local hard disk or a UNC path; other storage options, such
as mapped drives, are not supported.
You cannot set the mail store to the root directory of the hard disk, for example C:\, or to a directory in which files are
currently in use.
If you restore the mail store from a backup or move it to a new location, you must reset the permissions on the mail store
directory using the command-line procedure described in Set the mail store.
If you transfer the mail store to a new directory, you must move the mail store directory to ensure the directory retains the
correct ownership; copying the mail store will not work.
Physical access to a server is a high security risk. To maintain a more secure environment, restrict physical access to the
server where the mail store resides.
53. Explain Exchange transaction logs
Before changes are actually made to an Exchange database file, Exchange writes the changes to a transaction log file. After a
change has been safely logged, it can then be written to the database file.
One of the most important components of Exchange server is the transaction logs. Exchange server was designed to write all
transactions to these log files and commit the changes to the databases when the system allows. Users can send and receive
messages without touching the database thanks to this write-ahead method of logging.
When a message is sent, the transaction is first recorded in the transaction logs. Until the transaction is committed to the
Exchange database (EDB), the only existence of this data is in the system memory and the transaction logs. In the event of a
crash, you lose the contents of the memory and all you are left with is the record in the transaction log. These transaction
logs are crucial to the recovery of a failed Exchange server, whether it was a minor crash that required a reboot, or a more
catastrophic failure requiring the deployment of your disaster recovery plans. The same goes for other transactions such as
received messages, deleted items and messages moved to different folders.
54. What is default size for Transaction logs?
5 MB for 2003 and 1 MB for 2007
55. Why exchange is using transaction logs? Why not to write to data directly to the Exchange database?
One of the most important components of Exchange server is the transaction logs. Exchange server was designed to write all
transactions to these log files and commit the changes to the databases when the system allows. Users can send and receive
messages without touching the database thanks to this write-ahead method of logging.
When a message is sent, the transaction is first recorded in the transaction logs. Until the transaction is committed to the
Exchange database (EDB), the only existence of this data is in the system memory and the transaction logs. In the event of a
crash, you lose the contents of the memory and all you are left with is the record in the transaction log. These transaction
logs are crucial to the recovery of a failed Exchange server, whether it was a minor crash that required a reboot, or a more
catastrophic failure requiring the deployment of your disaster recovery plans. The same goes for other transactions such as
received messages, deleted items and messages moved to different folders.
For this reason, it is recommended to house the transaction files on a redundant storage system, like a RAID 1 array, so that
in the event of a hardware failure, no data is lost. Losing a set of transaction logs will not prevent you from restoring from
your backups, but you will lose all the messages and changes since the last full backup.

56. How exchange database gets defragmented?

There are two types of Exchange database defragmentation: online and offline.
Online Defragmentation
Online defragmentation is one of several database-related processes that occur during Exchange database maintenance. By
default, on servers running Exchange 2000 Server and Exchange Server 2003, Exchange Server database maintenance
occurs daily between 01:00 (1:00 A.M.) and 05:00 (5:00 A.M.). Online defragmentation occurs while Exchange Server
databases remain online. Therefore, your e-mail users have complete access to mailbox data during the online
defragmentation process.
The online defragmentation process involves automatically detecting and deleting objects that are no longer being used. This
process provides more database space without actually changing the file size of the databases that are being defragmented.
Note: To increase the efficiency of defragmentation and backup processes, schedule your maintenance processes and backup
operations to run at different times.
Offline Defragmentation
Offline defragmentation involves using the Exchange Server Database Utilities (Eseutil.exe). ESEUTIL is an Exchange Server
utility that you can use to defragment, repair, and check the integrity of Exchange Server databases. It is available through
the following sources:
If you are running Exchange 2000 Server, ESEUTIL is located in the E:\Support\Utils folder of your Exchange 2000 CD (where
E:\ is the drive letter of your CD-ROM drive).
If you are running Exchange Server 2003, ESEUTIL is located in the F:\Program Files\exchsrvr\bin directory after running
Exchange Server 2003 Setup (where F:\ is the drive letter of the drive to which you installed Exchange Server).
You can only perform offline defragmentation when your Exchange Server databases are offline. Therefore, your e-mail users
will not have access to mailbox data during the offline defragmentation processes.
During the offline defragmentation process, Eseutil.exe creates a new database, copies the old database records to the new
one, and then discards unused pages, resulting in a new compact database file. To reduce the physical file size of the
databases, you must perform an offline defragmentation in the following situations:
After performing a database repair (using Eseutil /p)
After moving a considerable amount of data from an Exchange Server database.
When an Exchange Server database is much larger than it should be.
Defragmenting an Exchange 2000 or Exchange 2003 database
Defragmenting a database requires free disk space equal to 110 percent of the size of the database being processed.
1. In Exchange System Manager, right-click the information store that you want to defragment, and then click Dismount
Store.
2. At the command prompt, change to the Exchsrvr\Bin folder, and then type the eseutil /d command, a database switch,
and any options that you want to use.
For example, the following command runs the standard defragmentation utility on a mailbox store database:
C:\program files\exchsrvr\bin> eseutil /d c:\progra~1\exchsrvr\mdbdata\priv1.edb
Use the following database switch to run Eseutil defragmentation on a specific database:
eseutil /d <database_name> [options]
57. What is white space, and how can it be reclaimed?
White space is nothing but free space.
When the 16 GB database size limit is reached on the Standard version of Exchange and white space must be reclaimed
in order to mount the database. If you are running Exchange Server 2003, then Service Pack 2 (SP2) should be installed
to raise the limit to 75 GB.
Free Space Reclamation
The version store is the area of the database that manages version control. When a transaction is committed to the
database, a cleanup process returns space that is freed by modify and delete transactions to the database. For each modify
or delete operation, the existing version of the record is written to the version store so that the database maintains a copy of
the old version until the new version is written to the database. After the transaction is committed to the database, any
space that is freed from deleted records and long values is returned to the table or index that owns the space. Until the
change is committed to the database, requests for the object continue to access the old version. If the transaction is rolled
back, the version store record is used to undo the transaction.
The version store has a size limit that is the lesser of the following: one-fourth of total random access memory (RAM) or
100 MB.
Because most domain controllers have more than 400 MB of RAM, the most common version store size is the maximum size
of 100 MB. If too many large changes or deletions occur simultaneously, it is possible for the version store to run out of
processing space. In this event, cleanup of free space is suspended temporarily. On domain controllers running
Windows 2000 Server, the most common cause of version store overload is large-scale bulk deletions.
Bulk deletions and database growth in Windows 2000
Delete operations are the most CPU-intensive operations that the version store processes. On domain controllers running
Windows 2000 Server, bulk deletions, such as the deletion of an entire tree of objects at one time, can cause a temporary
condition in which free space cannot be returned to the database in a timely fashion because the cleanup process cannot
keep up with the deletions. Event ID 602 is logged in the Directory Services event log to indicate this condition.

During the time that pages are being skipped by the cleanup process, free space is not released to the database, and space
is not reclaimed until the next scheduled online defragmentation occurs. In the meantime, processing requirements can
cause the database to grow. In particular, when bulk deletions or other bulk changes coincide with database additions,
significant growth can occur. In addition, space from the deletion of long values is not returned to the database by online
defragmentation. As a result of these conditions, the directory database on domain controllers running Windows 2000 Server
can actually increase in size following a bulk deletion.
On domain controllers running Windows Server 2003, the effects of these conditions are greatly reduced by improvements in
version store cleanup and online defragmentation. However, if event ID 602 is logged in the Directory Services event log,
running online defragmentation manually can alleviate the problem. On domain controllers running Windows 2000 Server, the
only way to prompt online defragmentation is to change the garbage collection interval to the minimum value of one hour to
force garbage collection and online defragmentation to occur as soon as possible.
Improved space processing in Windows Server 2003
Two improvements in the Windows Server 2003 processing of free space eliminate the database growth problems that can
result from large-scale bulk deletions:
The threshold at which the database begins skipping cleanup operations is increased from 5 percent to 90 percent.
Space is reclaimed from long-value deletions.
The threshold of maximum pages that can be processed by the version store is the limiting factor in whether the cleanup
process can keep pace with deletions. The version store cleanup process can take place only as long as the version store has
sufficient space. With a maximum version store size of 100 MB, only 5 MB (5 percent) is available in Windows 2000 Server,
and this low threshold is responsible for early suspension of the cleanup process. The threshold of 90 MB (90 percent) in
Windows Server 2003 eliminates this problem. For this reason, large-scale bulk deletions that can be problematic on domain
controllers running Windows 2000 Server present no significant growth concerns on domain controllers running
Windows Server 2003.
In addition, online defragmentation on domain controllers running Windows Server 2003 returns the space that is freed by
long values to the long-value table, which further optimizes the availability of space in the database.
58. What time online maintenance runs by default in Exchange?
Exchange Server database maintenance occurs daily between 01:00 (1:00 A.M.) and 05:00 (5:00 A.M.).

59. What event log exchange logs after online defragmentation

standard version? What would you do if it reaches

What is the maximum storage capacity for Exchange

maximum capacity?

For Exchange Server 5.5, an Event 179 from source ESE97 is logged for each database at the beginning of online
defragmentation. An Event 180 signals completion of online defragmentation. An Event 183 indicates that online
defragmentation did not complete, but has been suspended and will finish later. Online defragmentation may be
suspended if the online maintenance period that is defined for the database expires before online defragmentation
completes. In this case, online defragmentation will resume where it left off during the next online maintenance window.
In Microsoft Exchange 2000 Server and in Microsoft Exchange Server 2003, event ID 700 signals the beginning of a full
pass, and event ID 701 signals the completion of a full pass.
You may view or adjust the Information Store Maintenance schedule in the Exchange Server Administrator program for
individual databases.
The free space that is reported by Event 1221 is a conservative estimate. If you perform offline defragmentation, you
will recover at least the amount of space that is reported as free. All space in an Exchange database is owned either by
the database root or by particular tables in the database. Event 1221 estimates free space by calculating the number of
empty pages owned by the messages table, the attachments table, and the database root. Free pages that are owned by
other tables in the database are not taken into account.

60. . Retention Period: The retention period specifies how long Exchange will keep items that users have deleted. Upon

deleting an item, Exchange marks the item for complete removal based on the retention period. The default retention
period is set to 30 days:

61. boot process in windows nt/xp/2000/2003

A Windows Server 2003 Intel-based boot sequence requires a number of files. A list of these files, their
appropriate locations and the stages of the boot process associated with each file are listed in Table 1.2.
Note: Systemroot represents the path to your Windows Server 2003
installation folder, which by default is C:\Windows

TABLE 1.2: Files Used in the Windows Server 2003 Boot Process
File
Ntldr
Boot.ini
Bootsect.dos
Ntdetect.com
Ntbootdd.sys
Ntoskrnl.exe
Hal.dll
System
Device drivers

Location
System partition root (C:\ )
System partition root
System partition root
System partition root
System partition root
systemroot\System32
systemroot\System32
systemroot\System32\Config
systemroot\System32\Drivers

Boot Stage
Preboot and boot
Boot
Boot (optional)
Boot
Boot (optional
Kernel load
Kernel load
Kernel initialization
Kernel initialization

Note: The string systemroot (typed as %systemroot%) represents the folder in

the boot partition that contains the Windows Server 2003 system files.
The boot loader phase varies by platform. Since the earlier phases are not specific to the OS, the boot process is
considered to start:
For x86 or x64: when the partition boot sector code is executed in real mode and loads NTLDR

For IA-64: when the IA64ldr.efi EFI program is executed (later referred as simply IA64ldr)
From that point, the boot process continues as follows:
An NTLDR file, located in the root folder of the boot disk, is composed of two parts. The first is the StartUp module and
immediately followed by the OS loader (osloader.exe), both stored within that file. When NTLDR is loaded into memory
and control is first passed to StartUp module, the CPU is operating in real mode. StartUp module's main task is to switch
the processor into protected mode, which facilitates 32-bit memory access, thus allowing it to create the initial Interrupt
descriptor table, Global Descriptor Table, page tables and enable paging. This provides the basic operating environment
on which the operating system will build. StartUp module then loads and launches OS loader.
NTLDR's OS loader includes basic functionality to access IDE-based disks formatted for NTFS or FAT file systems, or
CDFS (ISO 9660), ETFS[clarify] or UDFS[clarify] in newer operating system versions. Disks are accessed through the system
BIOS, through native ARC routines on ARC systems, or via network using TFTP protocol. It should be noted that all BIOS
calls are done through virtual 8086 mode beyond this point, because the BIOS can not be accessed directly within
protected mode. If the boot disk is a SCSI disk and the SCSI controller is not using real-mode INT 0x13, an additional
file, Ntbootdd.sys is loaded to handle disk access in place of the default routines. This is a copy of the same SCSI
miniport driver that is used when Windows is running.
The boot loader then reads the contents of boot.ini to locate information on the system volume. If the boot.ini file is
missing, the boot loader will attempt to locate information from the standard installation directory. For Windows NT
machines, it will attempt to boot from C:\WINNT. For Windows XP and 2003 machines, it will boot from C:\WINDOWS.
At this point, the screen is cleared, and in the Windows 2000 or later versions of NTLDR and IA64ldr which support
system hibernation, the root directory default volume as defined in boot.ini is searched for a hibernation file, hiberfil.sys.
If this file is found and an active memory set is found in it, the contents of the file (which will match the amount of
physical memory in the machine) are loaded into memory, and control is transferred into the Windows kernel at a point
from which hibernation can be resumed[1]. The file is then immediately marked as non-active, so that a crash or other
malfunction cannot cause this (now-outdated) memory state to be re-loaded. If a state resume fails, the next time
NTLDR runs it will ask the user whether to try resuming again or to discard the file and proceed with normal booting.
If boot.ini contains more than one operating system entry, a boot menu is displayed to the user, allowing the user to
choose which operating system is to be loaded. If a non NT-based operating system such as Windows 98 is selected
(specified by an MS-DOS style of path, e.g. C:\), then NTLDR loads the associated "boot sector" file listed in boot.ini (by
default, this is bootsect.dos if no file name is specified) and passes execution control to it. If an NT-based operating
system is selected, NTLDR runs ntdetect.com, which gathers basic information about the computer's hardware as
reported by the BIOS.
At this point in the boot process, NTLDR clears the screen and displays a textual progress bar, (which is often not seen
on XP or 2003 systems, due to their initialization speed); Windows 2000 also displays the text "Starting Windows..."
underneath. If the user presses F8 during this phase, the advanced boot menu is displayed, containing various special
boot modes including Safe mode, with the Last Known Good Configuration, with debugging enabled, and (in the case of
Server editions) Directory Services Restore Mode.
Once a boot mode has been selected (or if F8 was never pressed) booting continues.

If an x64 version of Windows is being booted (Windows XP Professional x64 Edition or Windows Server 2003 x64
Editions), the CPU is now switched into Long mode, enabling 64-bit addressing.
Next, the Windows kernel Ntoskrnl.exe and the Hardware Abstraction Layer hal.dll are read into memory. If either of
these files fails to load, the message "Windows could not start because the following file was missing or corrupt" is
displayed to the user, and the boot process comes to a halt.
If multiple hardware configurations are defined in the registry, the user is prompted at this point to choose one.
With the kernel in memory, boot-time device drivers are loaded (but not yet initialized). This information (along with
information on all detected hardware and Windows Services) is stored in the HKLM\SYSTEM portion of the registry, in a
set of registry keys collectively called a Control Set. Multiple control sets (typically two) are kept, in the event that the
settings contained in the currently-used one prohibit the system from booting. HKLM\SYSTEM contains control sets
labeled ControlSet001, ControlSet002, etc., as well as CurrentControlSet. During regular operation, Windows uses
CurrentControlSet to read and write information. CurrentControlSet is a reference to one of the control sets stored in the
registry. Windows picks the "real" control set being used based on the values set in the HKLM\SYSTEM\Select registry
key:
Default will be NTLDR or IA64ldr's choice if nothing else overrides this.

If the value of the Failed key matches Default, then NTLDR or IA64ldr displays an error message, indicating that
the last boot failed, and gives the user the option to try booting, anyway, or to use the "Last Known Good
Configuration".
If the user has chosen Last Known Good Configuration from the boot menu, the control set indicated by the
LastKnownGood key is used instead of Default.
When a control set is chosen, the Current key gets set accordingly. The Failed key is also set to the same as Current until
the end of the boot process. LastKnownGood is also set to Current if the boot process completes successfully.
For the purposes of booting, a driver is either a "Boot" driver that is loaded by NTLDR or IA64ldr prior to starting the
kernel and started before system drivers by the kernel, a "System" driver, which is loaded and started by ntoskrnl.exe
after the boot drivers or an "Automatic" driver which is loaded much later when the GUI already has been started. "Boot"
drivers are almost exclusively drivers for hard-drive controllers and file systems (ATA, SCSI, file system filter manager,
etc.); in other words, they are the absolute minimum that ntoskrnl.exe will need to get started with loading other
drivers, and the rest of the operating system. "System" drivers cover a wider range of core functionality, including the
display driver, CD-ROM support, and the TCP/IP stack.
The appropriate file system driver for the partition type (NTFS, FAT, or FAT32) which the Windows installation resides on
is also loaded.
With this finished, control is then passed from NTLDR or IA64ldr to the kernel. At this time, Windows NT shows the
famous "blue screen" displaying number of CPUs and the amount of memory installed, whilst Windows 2000, XP and
2003 switch into a graphical display mode to display the Windows logo.
A. A. Firstly the files required for NT to boot are
Ntldr - This is a hidden, read-only system file that loads the operating system

Boot.ini - This is read-only system file, used to build the Boot Loader Operating System Selection menu on Intel
x86-based computers
Bootsect.dos - This is a hidden file loaded by Ntldr if another operating system is selected

Ntdetect.com - This is a hidden, read-only system file used to examine the hardware available and to build a
hardware list.
Ntbootdd.sys - This file is only used by systems that boot from a SCSI disk.
The common Boot sequence files are
Ntoskrnl.exe - The Windows NT kernel

System - This file is a collection of system configuration settings

Device drivers - These are files that support various device drivers

Hal.dll - Hardware Abstraction Layer software

The boot sequence is as follows
1. Power on self test (POST) routines are run
2. Master Boot Record is loaded into memory, and the program is run
3. The Boot Sector from Active Partition is Loaded into Memory
4. Ntldr is loaded and initialized from the boot sector

5.

Change the processor from real mode to 32-bit flat memory mode
Ntldr starts the appropriate minifile system drivers. Minifile system drivers are built into Ntldr and can read FAT
or NTFS
7. Ntldr reads the Boot.ini file
8. Ntldr loads the operating system selected, on of two things happen
* If Windows NT is selected, Ntldr runs Ntdetect.com
* For other operating system, Ntldr loads and runs Bootsect.dos and passes control to it. The Windows NT
process ends here
9. Ntdetect.com scans the computer hardware and sends the list to Ntldr for inclusion in
HKEY_LOCAL_MACHINE\HARDWARE
10. Ntldr then loads Ntoskrnl.exe, Hal.dll and the system hive
11. Ntldr scans the System hive and loads the device drivers configured to start at boot time
12. Ntldr passes control to Ntoskrnl.exe, at which point the boot process ends and the load phases begin
6.

I have a Windows NT 4.0 SP6a Server that takes 45 min to boot. It get to step 8. below, at seems to hang for the larger
part of the time. Then, it will finish the boot process and work fine. It is just a pain if I ever have to reboot.
1. Power on self test (POST) routines are run
2. Master Boot Record is loaded into memory, and the program is run
3. The Boot Sector from Active Partition is Loaded into Memory
4. Ntldr is loaded and initialized from the boot sector
5. Change the processor from real mode to 32-bit flat memory mode
6. Ntldr starts the appropriate minifile system drivers. Minifile system drivers are built into Ntldr and can read FAT or
NTFS
7. Ntldr reads the Boot.ini file
8. Ntldr loads the operating system selected, on of two things happen
* If Windows NT is selected, Ntldr runs Ntdetect.com
* For other operating system, Ntldr loads and runs Bootsect.dos and passes control to it. The Windows NT process ends
here
9. Ntdetect.com scans the computer hardware and sends the list to Ntldr for inclusion in
HKEY_LOCAL_MACHINE\HARDWARE
10. Ntldr then loads Ntoskrnl.exe, Hal.dll and the system hive
11. Ntldr scans the System hive and loads the device drivers configured to start at boot time
12. Ntldr passes control to Ntoskrnl.exe, at which point the boot process ends and the load phases begin

WINDOWS SERVER 2003 BOOT PROCESS: COMMON ERRORS & SOLUTIONS

The boot process starts when you turn on your computer and ends when you log on to Windows Server 2003. There
can be various reasons for startup failures. Some can be easily corrected, while others might require you to reinstall
Windows Server 2003.
This article will help you understand and troubleshoot most of the errors commonly occurring during the Windows
Server 2003 boot process.
While diagnosing a server error, it is important to first determine at which stage the error occurred. A server error can
occur when the server is booting, during its running time or even when it is shutting down.
The Boot Process
The boot process will slightly differ depending on whether your server is using an x86-based processor or an Itaniumbased processor. This article exclusively deals with x86-based boot Process
If you are running Windows Server 2003 on an x86-based platform, the boot process consists of six major stages:
1. The pre-boot sequence

2. The boot sequence

3. Kernel load sequence
4.

Kernel initialization sequence

5.
6.

Logon sequence

Plug and Play detection

Many files are used during these stages of the boot process. The following sections describe the steps in each boot
process stage, the files used, and the errors that might occur.
Stage 1: Pre-Boot Sequence
A normal boot process begins with the pre-boot sequence, in which your computer starts up and prepares to boot the
operating system.
The computer will search for a boot device based on the boot order that was configured in the computers BIOS
settings.
Steps in the Pre-Boot Sequence
The preboot sequence is not truly a part of windows booting process.
The pre-boot sequence consists of the following steps:
1.

2.

When the computer is powered on, it runs a power-on self-test (POST) routine. The POST detects the
processor you are using, how much memory is present, the hardware is recognized and what BIOS (Basic
Input/Output System) your computer is using.
The BIOS points to the boot device and the Master Boot Record (MBR) is loaded. It is also sometimes
called the master boot sector or even just the boot sector.
The MBR is located on the first sector of the hard disk. It contains the partition table and master boot code,
which is executable code used to locate the active partition.

3.

The MBR points to the Active partition. The active partition is used to specify the partition that should be

4.

used to boot the operating system. This is normally the C: drive. Once the MBR locates the active partition,
the boot sector is loaded into memory and executed.
The Ntldr file is copied into memory and executed. The boot sector points to the Ntldr file, and this file

executes. The Ntldr file is used to initialize and start the Windows Server 2003 boot process.
Possible Errors & Solutions
If you see errors during the pre-boot sequence, they are probably not related to Windows Server 2003, since the
operating system has not yet been loaded. The following table lists some common causes for errors and solutions .
Symptom

Corrupt MBR

Improperly
configured
hardware

Cause

Solution

There are many viruses that affect MBR and corrupt it.

You can protect your system from this

type of error by using a virus-scanning
software. Most of the commonly used
virus-scanning programs can correct an
infected MBR.

If the POST cannot recognize your hard drive, the pre-boot

Recheck your device configuration, driver
stage will fail. This error can occur even if the device was
settings. Also check for any hardware
working properly and you haven't changed your
malfunction and failure.
configuration.

This can happen if you used the Fdisk utility and did not
If the partition is FAT16 or FAT32 and on a
No partition is create a partition from all of the free space. If you created
basic disk, you can boot the computer to
marked as
your partitions as a part of the Windows Server 2003
DOS or Windows 9x with a boot disk. Then
active
installation and have dynamic disks, marking an active
run Fdisk and mark a partition as active.
partition is done for you during installation.
Corrupt or
missing Ntldr
file

There are chances that, Ntldr file may be corrupted or

deleted by virus attack. .
Back to the Top

Stage 2: Boot Sequence

You can restore this file through

Automated System Recovery or a Windows
Server 2003 boot disk.

62. how do you configure memory dump if c:,d:,e: & paging file is configured so and so way?

Overview of memory dump file options for Windows Server 2003, Windows XP, and Windows 2000
On This Page

Complete memory dump

Kernel memory dump
Small memory dump
Configure the dump type
Tools for the various dump types
Definitions
Registry values for startup and recovery
Test to make sure that a dump file can be created
Default dump type options
Maximum paging file size
Technical support for x64-based versions of Microsoft Windows
You can configure Microsoft Windows Server 2003, Microsoft Windows XP, and Microsoft Windows 2000 to write debugging
information to three different file formats (also known as memory dump files) when your computer stops unexpectedly as a
result of a Stop error (also known as a "blue screen," system crash, or bug check). You can also configure Windows not to write
debugging information to a memory dump file.
Windows can generate any one of the following memory dump file types:
Complete memory dump

Kernel memory dump

Small memory dump (64 KB)

MORE INFORMATION
Complete memory dump
A complete memory dump records all the contents of system memory when your computer stops unexpectedly. A complete
memory dump may contain data from processes that were running when the memory dump was collected.
If you select the Complete memory dump option, you must have a paging file on the boot volume that is sufficient to hold all
the physical RAM plus 1 megabyte (MB). By default, the complete memory dump file is written to the
%SystemRoot%\Memory.dmp file.
If a second problem occurs and another complete memory dump (or kernel memory dump) file is created, the previous file is
overwritten.
Note The Complete memory dump option is not available on computers that are running a 32-bit operating system and that
have 2 gigabytes (GB) or more of RAM.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
274598 Complete memory dumps are not available on computers that have 2 or more gigabytes of RAM

Kernel memory dump

A kernel memory dump records only the kernel memory. This speeds up the process of recording information in a log when your
computer stops unexpectedly. Depending on the RAM in your computer, you must have between 150MB and up to 2GB of
pagefile space available based on server load and the amount of physical RAM available for page file space on the boot volume.
This dump file does not include unallocated memory or any memory that is allocated to User-mode programs. It includes only
memory that is allocated to the kernel and hardware abstraction layer (HAL) in Windows 2000 and later, and memory allocated
to Kernel-mode drivers and other Kernel-mode programs. For most purposes, this dump file is the most useful. It is significantly
smaller than the complete memory dump file, but it omits only those parts of memory that are unlikely to have been involved in
the problem. By default, the kernel memory dump file is written to the %SystemRoot%\Memory.dmp file.
If a second problem occurs and another kernel memory dump file (or a complete memory dump file) is created, the previous file
is overwritten.

Small memory dump

A small memory dump records the smallest set of useful information that may help identify why your computer stopped
unexpectedly. This option requires a paging file of at least 2 MB on the boot volume and specifies that Windows 2000 and later
create a new file every time your computer stops unexpectedly. A history of these files is stored in a folder.
This dump file type includes the following information:
The Stop message and its parameters and other data

 A list of loaded drivers

The processor context (PRCB) for the processor that stopped
The process information and kernel context (EPROCESS) for the process that stopped
The process information and kernel context (ETHREAD) for the thread that stopped
The Kernel-mode call stack for the thread that stopped
This kind of dump file can be useful when space is limited. However, because of the limited information included, errors that
were not directly caused by the thread that was running at the time of the problem may not be discovered by an analysis of this
file.
If a second problem occurs and a second small memory dump file is created, the previous file is preserved. Each additional file
is given a distinct name. The date is encoded in the file name. For example, Mini022900-01.dmp is the first memory dump
generated on February 29, 2000. A list of all small memory dump files is kept in the %SystemRoot%\Minidump folder.

Configure the dump type

To configure startup and recovery options (including the dump type), follow these steps.
Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they
are, see your product documentation to complete these steps.
1. Click Start, point to Settings, and then click Control Panel.
2. Double-click System.
3. On the Advanced tab, click Startup and Recovery.

Tools for the various dump types

You can load complete memory dumps and kernel memory dumps with standard symbolic debuggers, such as I386kd.exe.
I386kd.exe is included with the Windows 2000 Support CD-ROM.
Load small memory dumps by using Dumpchk.exe. Dumpchk.exe is included with the Support Tools for Windows 2000 and
Windows XP. You can also use Dumpchk.exe to verify that a memory dump file has been created correctly.
For more information about how to use Dumpchk.exe in Windows XP, click the following article number to view the article in the
Microsoft Knowledge Base:
315271 How to use Dumpchk.exe to check a memory dump file
For more information about how to use Dumpchk.exe in Windows 2000, click the following article number to view the article in
the Microsoft Knowledge Base:
156280 How to use Dumpchk.exe to check a memory dump file
For more information about Windows debugging tools, visit the following Microsoft Web site:
http://www.microsoft.com/whdc/devtools/debugging/default.mspx

Definitions
Boot volume: The volume that contains the Windows operating system and its support files. The boot volume can be, but
does not have to be, the same as the system volume.

System volume: The volume that contains the hardware-specific files that you must have to load Windows. The system

volume can be, but does not have to be, the same as the boot volume. The Boot.ini, Ntdetect.com, and Ntbootdd.sys files
are examples of files that are located on the system volume.

Registry values for startup and recovery

The following registry value is used:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl
CrashDumpEnabled
CrashDumpEnabled
CrashDumpEnabled
CrashDumpEnabled

REG_DWORD
REG_DWORD
REG_DWORD
REG_DWORD

0x0
0x1
0x2
0x3

=
=
=
=

None
Complete memory dump
Kernel memory dump
Small memory dump (64KB)

Additional registry values for CrashControl:

0x0 = Disabled
0x1 = Enabled
AutoReboot REG_DWORD 0x1
DumpFile REG_EXPAND_SZ %SystemRoot%\Memory.dmp

LogEvent REG_DWORD 0x1

MinidumpDir REG_EXPAND_SZ %SystemRoot%\Minidump
Overwrite REG_DWORD 0x1
SendAlert REG_DWORD 0x1

Test to make sure that a dump file can be created

For more information about how to configure your computer to generate a dump file for testing purposes, click the following
article number to view the article in the Microsoft Knowledge Base:
244139 Windows feature lets you generate a memory dump file by using the keyboard

Default dump type options

Windows 2000 Professional: Small memory dump (64 KB)
Windows 2000 Server: Complete memory dump
Windows 2000 Advanced Server: Complete memory dump
Windows XP (Professional and Home Edition): Small memory dump (64 KB)
Windows Server 2003 (All Editions): Complete memory dump

Maximum paging file size

Maximum paging file size is limited as follows:
x86
Maximum size of a paging file

4 gigabytes

Maximum number of paging files 16

Total paging file size

x64

IA-64

16 terabytes

32 terabytes

16

16

64 gigabytes 256 terabytes 512 terabytes

Note When the Physical Address Extension (PAE) option is enabled for an x86-based processor, you can set the paging file size
to a maximum of 16 terabytes (TB). However, we recommend that you set the paging file size to 1.5 times the installed physical
memory.

Technical support for x64-based versions of Microsoft Windows

Your hardware manufacturer provides technical support and assistance for x64-based versions of Windows. Your hardware
manufacturer provides support because an x64-based version of Windows was included with your hardware. Your hardware
manufacturer might have customized the installation of Windows with unique components. Unique components might include
specific device drivers or might include optional settings to maximize the performance of the hardware. Microsoft will provide
reasonable-effort assistance if you need technical help with your x64-based version of Windows. However, you might have to
contact your manufacturer directly. Your manufacturer is best qualified to support the software that your manufacturer installed
on the hardware.
For product information about Microsoft Windows XP Professional x64 Edition, visit the following Microsoft Web site:
http://www.microsoft.com/windowsxp/64bit/default.mspx
For product information about x64-based versions of Microsoft Windows Server 2003, visit the following Microsoft Web site:
http://www.microsoft.com/windowsserver2003/64bit/x64/editions.mspx

63. TELL ME WHY WE R USEING EXCHANGE SERVER?

This is a mail server.. we can use this Server to send mails in Intranet as well as outside.
64. What is a smarthost?

A smarthost is a common term for a server that accepts outbound mail and passes it on to the recipient.

DNSThis is the standard for sending mail. When Exchange needs to send mail to another domain it will look for the MX
records of that domain and will attempt to contact the mailserver directly.
SmarthostIn this case Exchange takes your outgoing mail and sends it to another mailserver (which is called a smarhost, hence
the name). The smarthost will deliver your mail to the other mailservers on your behalf. This is exactly what you do
when you use Outlook Express to send mail using your ISP SMTP servers.
65. A Exchange server is having bandwidth issues, explain how you would look at fixing the issue?
TECHNICAL INTERVIEW QUESTIONS EXCHANGE 2003
66. Tell me a bit about the capabilities of Exchange Server.

67. What are the different Exchange 2003 versions?

Standard Exchange version , Enterprise Exchange version

and Small Business Server.

68. What's the main differences between Exchange 5.5 and Exchange 2000/2003?
The primary differences are...
-Exchange 2000 does not have its own directory or directory service; it uses Active Directory instead.
-Exchange 2000 uses native components of Windows 2000 (namely, IIS and its SMTP, NNTP, W3SVC and other
components, Kerberos and others) for many core functions.
-SMTP is now a full peer to RPC, and is it the default transport protocol between Exchange 2000 servers.
-Exchange 2000 supports Active/Active clustering and was recently certified for Windows 2000 Datacenter.
-Exchange 2000 scales much higher.
-It boasts conferencing services and instant messaging.
69. What is the latest Exchange 2003 Service Pack? Name a few changes in functionality in that SP.

70. What are the major network infrastructure for installing Exchange 2003?
Hardware Requirements
There are several factors that affect the hardware requirements for Exchange Server 2003: the number of users that will
be accessing the server; the size and number of messages transferred on a daily basis (not to mention during peak
usage periods); availability requirements; and so on. These factors will have a significant influence on the type of
hardware you use for your deployment. However, Table 2-1 contains some minimum hardware requirements. While Table
2-1 contains the minimum requirements to install Exchange Server 2003 ,that configuration is sufficient for only the
smallest of Exchange environments supporting only a handful of users, or for testing in a lab. In most cases, the
Microsoft recommended requirements for Exchange Server 2003 in Table 2-2 are a more reasonable starting point.
However, remember that this is only a starting point; your organizations specific needs will dictate your system
requirements. Table 2-1 Minimum Hardware Requirements for Exchange Server 2003

Component
Processor
Operating system
Memory
Disk space
installed
Drive
Display
File system
including

Minimum requirements
Pentium 133
Windows 2000 Server + SP3
256 megabyte (MB)
200 MB on system drive, 500 MB on partition where Exchange Server 2003 is
CD-ROM drive
VGA or better
All partitions involving Exchange Server 2003 must be NTFS file system (NTFS),
System partition
Partition storing Exchange binaries
Partition containing Exchange database files
Partition containing Exchange transaction logs
Partitions containing other Exchange files.

Tip Installing Exchange Server 2003 on an existing server will increase the burden on that server. You should use System
Monitor to establish a performance baseline for your server prior to installing Exchange Server 2003 to determine if the
server hardware is adequate to
support Exchange and also so you can later determine the effect that the Exchange Server 2003 installation has had on
your servers overall performance. Table 2-2 Recommended Hardware Requirements for Exchange Server 2003

Component
Processor
Operating system
Memory
Disk space
Drive
Display

Recommended requirements
Pentium III 500 (Exchange Server 2003, Standard Edition) Pentium III 733 (Exchange
Server 2003, Enterprise Edition)
Windows Server 2003
512 MB
200 MB on system drive, 500 MB on partition where Exchange Server 2003 is
installed. Separate physical disks for the Exchange binaries, database files, and
transaction logs.
CD-ROM drive
SVGA or better
File system All partitions involving Exchange must be NTFS, including
System partition
Partition storing Exchange binaries
Partition containing Exchange database files
Partition containing Exchange transaction logs
Partitions containing other Exchange files

71. What are the disk considerations when installing Exchange (RAID types, locations and so on).

RAID -5, 200 MB on system drive, 500 MB on partition where Exchange Server 2003 is installed. Separate physical

disks for the Exchange binaries, database files, and transaction logs..

72. You got a new HP DL380 (2U) server, dual Xeon, 4GB of RAM, 7 SAS disks, 64-bit. What do you do next to install
Exchange 2003? (you have AD in place)

73. Why not install Exchange on the same machine as a DC? Are there any other installation considerations?

Microsoft recommends against installing Exchange on a domain controller, but does support this practice in environments
that need to run this way. However, if you do find that you need to run Exchange on a domain controller--perhaps for
budgetary reasons--make sure you know the limitations and make an informed decision:
Once Exchange is installed on the domain controller, you cannot reduce the server to member server status.
Normally considered a best practice, don't use the /3GB switch on domain controllers that are also running Exchange
as this can result in Exchange using too much system RAM.
A shut down or restart of a domain controller running Exchange can take more than 10 minutes due to the order in
which services are unloaded for a shutdown. Before you restart these servers, manually stop the Exchange services to
avoid these delays.
This installation method seriously hinders your high availability efforts as Exchange will use only the services offered
by the host domain controller and will not seek out others if the AD services (i.e. Global Catalog servers) experience a
problem.
In general, unless you absolutely have to run Exchange on a domain controller, you should try to install Exchange to a
member server.
Exchange on a DC
One question that often pops up in the Exchange world is whether it's a good idea (or not, as the case may be) to install
Exchange on a domain controller. Generally, this has not been recommended in the past, with the two most common
reasons being:
An increase in disaster recovery complexity. This was certainly true in an NT4 environment, but it would be fair to
say that, since much of Exchange's configuration information is stored in Active Directory (assuming Exchange 200x),
this is no longer so much of an issue.
The performance impact of locating these two services on the same machine. Logic dictates that separating
these two roles will be best for performance, since the domain controller has plenty of other work to do.
Exchange 2003 running on a domain controller is supported, but you should be aware of the following additional reasons
on why this isn't such a good idea:
The old "my Exchange server takes a long time to shut down" issue
When Exchange 2003 is installed on a domain controller, it will take around 10 minutes to shut this server down. The
technical reason is because the Active Directory service shuts down before the Exchange services, causing DSAccess to
go through several timeouts before terminating. The workaround, as before, is to manually stop the Exchange services
before shutting down the server.
Memory management
I've heard it said to not use the /3GB boot.ini switch on the server if Exchange is on a domain controller to prevent
Exchange from dominating the memory.
DSAccess will no longer failover
Normally, if Active Directory services are busy or not responding, the Exchange services will failover to use other domain
controllers. When Exchange is on a domain controller, this failover will not occur; this is by design.
Security considerations
You can decrease your attack surface area by not installing Exchange on a domain controller. Since all services run under
the LocalSystem context, any attacker that gains access to Active Directory will also be able to gain access to Exchange.
More security considerations
Your Exchange administrators will have log on locally rights to the Exchange server. Do you also want them to be logging
on locally to your domain controllers?
Installing Exchange on a domain controller is best avoided. However, there are situations when you cannot practically
avoid this. I know, as I've been involved in several projects where we've installed Exchange on a domain controller,
mainly in the branch-office scenario. Outlook 2003's cached mode will now give us the chance to review this situation on
future projects.
1. It is recommended and I second the motion, not to install Exchange 2003 on a DC though it can be done. This is a
decision you'll really have to think about (This will get you started http://www.microsoft.com/technet/prodtechnol/exchange/Analyzer/7423376e-686b-4cda-b90f-cf5cff4f8981.mspx). It's
best to run Exchange on it's own server.
If you are running Exchange Server 2003 on a domain controller, using the domain controller promotion tool (DCPromo)
to change the computer role is not supported, and it is known to break components such as Microsoft Outlook Mobile
Access (<- an issue listed below).
If you are running Exchange Server on a domain controller without Small Business Server, consider the following issues:
Exchange Server and Active Directory are both resource-intensive applications. There are performance implications to
be considered when both applications are running on the same computer.
If Exchange Server is running on a domain controller, you must also make that domain controller a global catalog
server.
Several Exchange Server directory components, such as Directory Service Access (DSAccess), Directory Service Proxy
(DSProxy), and the Message Categorizer will not fail over to any other domain controller or global catalog server.
You should not take advantage of the /3GB startup switch in Windows because it could cause Exchange Server to
consume all memory, therefore reducing the memory available for Active Directory.

 System shutdown will take considerably longer if the Exchange Server services are not stopped before shutting down
or restarting the server.
This configuration is less secure because Exchange administrators will have local administrative access to Active
Directory, enabling them to elevate their own privileges. Additionally, any security vulnerability found in either Exchange
Server or Active Directory exposes the other to compromise.

74. How would you prepare the AD Schema in advance before installing Exchange?
By running Forestprep.
75. What type or permissions do you need in order to install the first Exchange server in a forest? In a
domain?
Permissions for Installing New Exchange Server 2003 Servers
After ensuring that your organization meets the necessary prerequisites, the procedures referenced in this topic guide you through
the deployment process. This process includes installing the first Exchange Server 2003 computer into your organization.
Table 1 lists the required permissions or roles for the procedures referenced in this topic.
Procedure

Required permissions or roles

Enable Microsoft Windows 2000 Server or Microsoft

Windows Server 2003 services

See Windows 2000 or Windows Server 2003 Help

Run ForestPrep on a domain controller (updates the

Active Directory schema)

Enterprise Administrator

Domain Administrator

Enterprise Administrator

Exchange Full Administrator role applied at the organization level

Run DomainPrep

Install Active Directory Connector (ADC)

Install Exchange 2003 on the first server in a domain

Install Exchange 2003 on additional servers in the

domain

Run Active Directory Account Cleanup Wizard

Schema Administrator
Domain Administrator
Local Machine Administrator

Local Machine Administrator

Schema Administrator
Domain Administrator
Local Machine Administrator

Exchange 5.5 Administrator under the organization, site, and

configuration nodes (if installing into an Exchange 5.5 site)
Local Machine Administrator

Exchange Full Administrator role applied at the administrative group level

Enterprise Administrator

Exchange 5.5 Site Administrator (if installing into an Exchange 5.5 site)
Exchange 5.5 service account password
Local Machine Administrator

For more information about managing and delegating permissions and user and group authorities, see the Exchange Server 2003
Administration Guide.
Procedure

Required permissions or roles

Enable Microsoft Windows 2000 Server or

Microsoft Windows Server 2003 services

See Windows 2000 or Windows Server 2003 Help

Run ForestPrep on a domain controller (updates the

Microsoft Active Directory directory service
schema)

Enterprise Administrator

Domain Administrator

Install Exchange Server 2003 on the first server in

a domain

Exchange Full Administrator role applied at the organization level

Install Exchange Server 2003 on additional servers

in the domain

Exchange Full Administrator role applied at the administrative group

level
Exchange Server 5.5 Site Administrator (if installing into an
Exchange Server 5.5 site)
Local Machine Administrator

Exchange Full Administrator applied at the organization level

Run DomainPrep

Install the first instance of a connector

Schema Administrator
Domain Administrator
Local Machine Administrator

Local Machine Administrator

Local Machine Administrator

76. How would you verify that the schema was in fact updated?
use adsiedit.msc to verify the changes.
Steps for Extending the Schema
Before you install one of the new features that is described in Active Directory Schema Update or before you add a
domain controller running Windows Server 2003 R2 to a forest for the first time (unless it is the first domain controller in
a new forest), you must first extend the schema with the Adprep tool. Perform the following steps to extend the schema:
Verify Active Directory functionality before you apply the schema extension
Apply the schema extension
Verify the schema extension
VERIFY ACTIVE DIRECTORY FUNCTIONALITY BEFORE YOU APPLY THE SCHEMA EXTENSION
Verify Active Directory functionality before you update the schema to help ensure that the schema extension proceeds
without error. At a minimum, ensure that all domain controllers for the forest are online and performing inbound
replication.
To verify Active Directory functionality before you apply the schema extension
1. Log on to an administrative workstation that has the Windows Support Tool Repadmin.exe installed.
Note
The Support Tools are located on the operating system installation media in the Support\Tools folder.
2.
3.

Open a command prompt, and then change directories to the folder in which the Windows Support Tools are installed.
At a command prompt, type the following, and then press ENTER:
repadmin /replsum /bysrc /bydest /sort:delta
All domain controllers should show 0 in the Fails column, and the largest deltas (which indicate the number of
changes that have been made to the Active Directory database since the last successful replication) should be less
than or roughly equal to the replication frequency of the site link that is used by the domain controller for replication.
The default replication frequency is 180 minutes.
For more information about additional steps that you can take to verify Active Directory functionality before you apply
the schema extension, see article 325379 in the Microsoft Knowledge Base
(http://go.microsoft.com/fwlink/?LinkId=71057).
APPLY THE SCHEMA EXTENSION
Use the following procedure to apply the Windows Server 2003 R2 schema extension to the Active Directory schema.
To apply the Windows Server 2003 R2 schema extension to the Active Directory schema
1. Log on to the computer that holds the schema master operations role (also known as flexible single master
operations or FSMO) as a member of the Schema Admins group and the Enterprise Admins group. If you are not sure
which computer holds the schema master operations role, type the following at a command prompt, and then press
ENTER:
Netdom query FSMO
Note
The built-in Administrator account in the forest root domain is a member of the Schema Admins group by
default.
2.
3.

Verify that the schema operations master has performed inbound replication of the schema directory partition since
the last time that the server restarted. Type the following at a command prompt, and then press ENTER:
repadmin /showrepl
Locate the version of Adprep, either in the \cmpnents\R2 folder of the Windows Server 2003 R2 Disc 2 or from
Microsoft hotfix 919151, that is compatible with the version of Windows that runs on your schema master.
Each version of Windows Server 2003 R2 (x86-based or x64-based) ships with a single version of Adprep on Disc 2
that is compatible only with operation masters that run that version of Windows Server 2003 R2 (x86-based or x64based).
If your schema master is running run an x86-based version of Windows, run the x86-based version of Adprep.
If your schema master is running run an x64-based version of Windows, run the x64-based version of Adprep.
If your schema master does not run a version of Windows that is compatible with the version of Adprep that you plan
to run, but your forest contains a domain controller that does run a compatible version of Windows, transfer the
schema master role to that domain controller. Continue to step 4, and transfer the role back to the original role
holder after the schema update is complete.
If you do not have a compatible domain controller, obtain the hotfix described in article 919151 in the Microsoft
Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=82345).
To determine the version of the Windows operating system that is running on the schema master, type the following
at a command prompt, and then press ENTER:
winver
Important
Be sure to use the version of Adprep that is on Windows Server 2003 R2 Disc 2 or hotfix 919151, not the
version of Adprep that is on Windows Server 2003 R2 Disc 1.

4.

Run adprep /forestprep. Change directories to the location that contains the appropriate Adprep version. Type the
following command at the command prompt, and then press ENTER:
cd cmpnents\R2\ADPREP
adprep /forestprep
Note

When you change the schema on the schema operations master, the changes are automatically propagated to all
other domain controllers in the forest. Therefore, it is not necessary to perform this operation on other domain
controllers. Also, there is no need to run adprep /domainprep in any child domain where you have already
installed a domain controller running Windows Server 2003 with Service Pack 1 (SP1); the necessary domain
partition updates were performed when the domain controller running Windows Server 2003 SP1 was installed.
VERIFY THE SCHEMA EXTENSION
After you run Adprep, you can use the Windows Support tool ADSI Edit to verify the schema extension.
To verify the schema extension
1. Log on to an administrative workstation that has ADSI Edit installed.
2. Click Start, click Run, type adsiedit.msc, and then click OK.

3.
4.
5.
6.
7.
8.

Double-click Configuration Container, and then double-click CN=Configuration,DC=forest_root_domain

where forest_root_domain is the fully qualified domain name (FQDN) of your forest root domain.
Double-click CN=ForestUpdates.
Right-click CN=Windows2003Update, and then click Properties.
Verify that the Revision attribute value is 9, and then close the Properties dialog box.
Double-click Schema.
Right-click CN=Schema,CN=Configuration,DC=forest_root_domain
where forest_root_domain is the FQDN of your forest root domain.

9. Click Properties.
10. On the Attribute Editor tab, for Select a property to view, select objectVersion, and verify that the attribute
Value(s) equals 31.
77. What type of memory optimization changes could you do for Exchange 2003?
Add /3Gb switch to boot.ini
78. How would you check your Exchange configuration settings to see if they're right?
Send and Receive and Email.
79. What are the Exchange management tools? How and where can you install them?

Tools for Exchange Server 2003

Add Root Certificate (English only)
May 24, 2004. Add a custom root certificate to your Microsoft Windows Mobilebased PocketPC.
Address Rewrite (English only)
May 24, 2004. Rewrite return e-mail addresses on outgoing messages sent from a non-Microsoft mail system to
Exchange Server and destined to external or Internet addresses.
ArchiveSink (English only)
May 24, 2004. Archive message and log recipient details and other information about messages sent to or received by
your server that is running Exchange Server.
ASP.NET Mobile Controls Device Updates
Update the supported devices you can use with Microsoft Outlook Mobile Access on your Exchange server.
Authoritative Restore (English only)
May 25, 2004. Force a restored directory database to replicate to your other servers after restoring from a backup by
using this tool.
Auto Accept Agent
August 3, 2005. Automatically process meeting requests for resource mailboxes. The agent checks the availability of
the resource mailbox based on the resource schedule (not free/busy) and accepts or declines new or updated meeting
requests.
Badmail Deletion and Archiving (English only)
September 21, 2004. Delete or archive files automatically in the Badmail directory of specified Simple Mail Transfer
Protocol (SMTP) virtual servers.
Calendar Connector for Lotus Notes/Domino
August 1, 2007. The updated Microsoft Exchange Server 2003 Calendar Connector for Lotus Notes/Domino is used for
coexistence and migration of free/busy calendar data between Microsoft Exchange Server 2003 and Lotus Domino.
Collaboration Data Objects, Version 1.2.1
August 1, 2007. Provides access to data in any MAPI store through a set of strongly typed interfaces that correspond to
the common Microsoft Office Outlook items types, including Message, Appointment, and Person.
Connector for Lotus Notes/Domino
August 1, 2007. The updated Microsoft Exchange Server 2003 Connector for Lotus Notes/Domino is used for
coexistence and migration of message flow, calendar requests, and directory synchronization between Microsoft
Exchange Server 2003 and Lotus Domino.
Deployment Tools
September 21, 2004. Find out the steps you should take, the diagnostic tools you should use, and the Setup links to
help you successfully install Exchange Server2003 (requires Exchange Server2003 Service Pack 1 [SP1]).
Disable Certificate Verification (English only)
May 24, 2004. Disable the Secure Sockets Layer (SSL) certificate check that is performed on a server running Exchange
ActiveSync.
Domain Rename Fixup
August 12, 2005. Repair Exchange Server attributes in Active Directory directory service after using the Microsoft
Windows Server2003 domain rename tool. All Exchange servers in the renamed forest must be running Exchange
Server2003 SP1.
E-Mail Journaling Advanced Configuration (English only)
May 25, 2004. Augment the current Exchange Server archiving features and capture recipients on expanded distribution
lists, Bcc recipients, and other message details.
Error Code Lookup (English only)
May 24, 2004. Determine error values from decimal and hexadecimal error codes in Microsoft Windows operating
systems.
Exchange ActiveSync Mobile Web Administration (English only)
February 1, 2006. Manage the process of remotely erasing lost, stolen, or otherwise compromised mobile devices.
Exchange MAPI Client and Collaboration Data Objects 1.2.1
August 1, 2007. Starting with the Beta 2 release of Microsoft Exchange Server 2007, neither the Messaging API (MAPI)
client libraries nor CDO 1.2.1 are provided as part of the product. The result is missing functionality that many server
applications depend on. This tool provides access to these APIs, thereby providing access to the contents of the Exchange
store and Active Directory.
Exchange Server 2003 Management Pack Configuration Wizard (English only)
March 7, 2007. Configure test mailboxes, message tracking, and monitoring services in the Exchange2000 Server and
Exchange Server2003 Management Packs with this graphical user interface.
Exchange Server ActiveSync Certificate-Based Authentication (English only)
August 1, 2007. Provides several tools to help an Exchange administrator configure and validate client certificate
authentication for Exchange Server ActiveSync.
Exchange Server Management Pack for Microsoft Operations Manager 2005
June 6, 2007. The Exchange Server Management Pack includes rules and scripts to track performance, availability, and
reliability of Exchange components, such as Internet-related services, Extensible Storage Engine, System Attendant,
Microsoft Exchange Information Store service, and SMTP.

ExchDump (English only)

March 12, 2004. Gather Exchange Server configuration information from various sources used in troubleshooting support
issues with this command-line tool.
GroupWise Migration Tools
Get the Connector for Novell GroupWise for Exchange2000 Server or Exchange Server5.5 Service Pack4, a
GroupWise Migration Wizard demo, and more. For the Exchange Server2003 version of these tools, explore the
Exchange Server2003 CD.
GUIDGen (English only)
May 24, 2004. Generate globally unique identifiers (GUIDs) with this tool.
Information Store Viewer (MDBVU32) (English only)
May 24, 2004. The Information Store Viewer tool has been replaced by the MAPI Editor. The new tool, while still providing
the functionality of the older tool for tasks such as browsing storage, is easier to use and is more stable. MAPI Editor is
downloadable from this Exchange Server 2003 Tools page.
Inter-Organization Replication (English only)
September 21, 2004. Replicate public folder and free and busy information between Exchange Server organizations.
Jetstress (English only)
August 1, 2007. This tool has been revised to work with Exchange 2007 and is backward compatible with Exchange 2003.
You will be directed to the new version when you click the tool name.
LegacyDN (English only)
May 25, 2004. Change Exchange2000 Server and Exchange Server2003 organization names and administrative group
names on critical system objects. You can also use this tool to view or change legacyExchangeDN values.
Load Simulator 2003 (LoadSim) (English only)
August 1, 2007. Load Simulator 2003 has been replaced with the new Exchange Load Generator for Exchange Server
2007. Exchange Load Generator works with Exchange Server 2003 as well.
Lotus Applications Migration Tools
Get Office Outlook Connector for Lotus Domino, Importer for Lotus cc:Mail archives, Microsoft Application Analyzer 2006
for Lotus Domino, and more.
Mailbox Merge Wizard (ExMerge) (English only)
August 3, 2005. Extract data from mailboxes on one Exchange server and then merge that data into mailboxes on
another Exchange server.
MAPI Editor (English only)
June 7, 2006. This tool, which replaces the current Information Store Viewer (MDBVU32), provides access to the contents
of Messaging API (MAPI) stores. This is done through a graphical user interface.
Microsoft Baseline Security Analyzer
August 4, 2005. Scan for missing security updates for Exchange Server5.5 and later. Visit the Microsoft TechNet site to
find out the details.
Microsoft Exchange Best Practices Analyzer, Version2.8
June 6, 2007. Better integration with Microsoft Operations Manager 2005 enables you to identify and help resolve
configuration issues before problems arise.
Microsoft Exchange Intelligent Message Filter
Find out how you can improve productivity and trim costs while lessening spam by exploring the resources listed on this
page.
Microsoft Exchange Intelligent Message Filter Update with Microsoft Update
December 19, 2005. Starting with Exchange Server 2003 SP2, you can update your Intelligent Message Filter spam
definitions using Microsoft Update.
Microsoft Exchange Troubleshooting Assistant, Version 1.1 (English only)
April 4, 2007. Access the following functionality by using the Exchange Troubleshooting Assistant: Exchange Performance
Troubleshooter, Exchange Database Recovery Management, and Exchange Mail Flow Troubleshooter.
Microsoft Search Administrative Tool (MSSearch)
April 6, 2005. Use this command-line tool to perform administrative tasks against a full-text index such as enabling and
disabling a full-text index for searching, obtaining the current status of a full-text index, and stopping the current
population on a full-text index.
Migration Wizard for Lotus Notes/Domino
August 1, 2007. The Microsoft Exchange Server 2003 Migration Wizard for Lotus Notes/Domino is used for migrating
Lotus Domino Accounts and mailboxes to Exchange Server 2003 and Active Directory.
MTA Check (English only)
May 24, 2004. Look for message transfer agent (MTA) database consistency and perform repairs.
Outlook Web Access Web Administration
May 25, 2004. Administer Microsoft Outlook Web Access with this Web-based tool.
Profile Analyzer (English only)
January 3, 2007. This tool has been revised to work with Exchange 2007 and is backward compatible with Exchange
2003. You will be directed to the new version when you click the tool name.
Profile Redirector or Exchange Profile Update
November 2, 2005. Exchange Redirector (ExProfRe.exe), also known as the Exchange Profile Update tool, updates
Microsoft Office Outlook profiles after moving mailboxes across Exchange Server organizations or administrative groups.

Public Folder DAV-based Administration (English only)

April 4, 2007. Use the Exchange Server Public Folder Distributed Authoring and Versioning (DAV)-based Administration
tool (PFDAVAdmin) to perform various management tasks related to public folders and mailboxes. Note that this tool now
works with Exchange Server 2007.
Quota Message Service (English only)
June 7, 2006. Generate custom quota messages that inform users that they have exceeded their message quotas. This
tool is a mailbox agent, and it uses template messages to format the body of the quota messages.
SMTP Internet Protocol Restriction and Accept/Deny List Configuration (English only)
May 24, 2004. Programmatically set Internet Protocol (IP) restrictions on an SMTP virtual server.
SMTPDiag
May 3, 2006. Determine whether SMTP and DNS are configured to reliably deliver mail to an external e-mail address.
Software Development Kit (SDK) Development Tools
December 3, 2004. Get tools and components for creating and debugging collaborative applications on Exchange Server.
Stress and Performance2003 (English only)
March 7, 2007. This tool has been revised to work with Exchange 2007 and is backward compatible with Exchange 2003.
You will be directed to the new version when you click the tool name.
Up-to-Date Notifications Binding Cleanup (English only)
May 2, 2005. View and remove existing up-to-date notifications event registration items (bindings) on an individual as
well as on a bulk level.
Up-to-Date Notifications Troubleshooting (English only)
May 24, 2004. Solve common notification issues and test e-mail message delivery to specified mobile devices with this
troubleshooting tool.
User Monitor (English only)
April 8, 2005. Enables system administrators to view and evaluate individual user's usage and experience with Exchange
Server.
WinRoute
May 25, 2004. Get a visual representation of the Exchange Server routing topology and the status of the different routing
components.
Workflow Designer for Exchange Server
May 2, 2007. The Workflow Designer for Exchange Server is no longer available to download. Click the tool name to go to
the download page where you can download documentation that fully explains why the tool has been removed, and what
you can use instead of this tool.
80. What types of permissions are configurable for Exchange?
81. How can you grant access for an administrator to access all mailboxes on a specific server?
How do I grant the administrator(s) (or any other user) full mailbox right on Exchange 2000/2003
mailboxes?
In Microsoft Exchange Server 5.5, when you grant Service Account Admin privileges on the Site container to a Microsoft
Windows account, you grant that account unrestricted access to all mailboxes. Because Exchange 2000 and Exchange
Server 2003 do not use a service account, even accounts with Enterprise Administrators rights are denied rights to
access all mailboxes, by default.
This means that Exchange Full Administrators do not have the right to open any mailbox found on any server within the
Exchange organization.
In fact, if your logon account is the Administrator account or is a member of the Domain Admins or Enterprise Admins
groups, then you are explicitly denied access to all mailboxes other than your own, even if you otherwise have full
administrative rights over the Exchange system.
However, unlike Exchange Server 5.5, all Exchange 2000/2003 administrative tasks can be performed without having to
grant an administrator sufficient rights to read other people's mail.
This default restriction can be overridden in several ways, but doing so should be in accordance with your organization's
security and privacy policies. In most cases, using these methods is appropriate only in a recovery server environment.
Granting right to a specific mailbox
Use the following procedure to grant access to an Exchange 2000 or an Exchange 2003 mailbox:
Note: You must have the appropriate Exchange administrative permissions to do so.
1. Start Active Directory Users and Computers.
2. On the View menu, ensure that the Advanced Features check box is selected.
Note: This is not necessary on Exchange Server 2003 because of the fact that the Exchange Advanced tab is exposed by
default.
3. Right-click the user whose mailbox you want to give permissions to and choose Properties.

4.

On the Exchange Advanced tab, click Mailbox Rights.

5.
6.
7.
8.

Notice that the Domain Admins and Enterprise Admins have both been given Deny access to Full Mailbox access.
Click Add, click the user or group who you want to have access to this mailbox, and then click OK.
Be sure that the user or group is selected in the Name box.
In the Permissions list, click Allow next to Full Mailbox Access, and then click OK.

9. Click Ok all the way out.

Warning: If the Group or User name list is empty and you only see one line with the name of SELF - do NOT touch the
permission settings before you read SELF Permission on Exchange Mailboxes.

= Bad!

= Good
Note: If the purpose of granting such access is to permit use of the EXMERGE utility (see Delete Messages from
Mailboxes by using EXMERGE for an example of such a requirement), grant Receive As permissions. You can also grant
Full Control permissions if you want complete access.
Granting right to a mailboxes located within a specific mailbox store
Use the following procedure to grant access to Exchange 2000 or an Exchange 2003 mailboxes found on a specific
mailbox store:
Note: You must have the appropriate Exchange administrative permissions to do so.
1. Start Exchange System Manager.
2. Drill down to your server object within the appropriate Administrative Group. Expand the server object and find
the required mailbox store within the appropriate Storage Group. Right-click it and choose Properties.

3.
4.
5.
6.
Note:

In the Properties window go to the Security tab.

Click Add, click the user or group who you want to have access to the mailboxes, and then click OK.
Be sure that the user or group is selected in the Name box.
In the Permissions list, click Allow next to Full Control, and then click OK.
Make sure there is no Deny checkbox selected next to the Send As and Receive As permissions.

7. Click Ok all the way out.

Granting right to a mailboxes located on a specific server
Use the following procedure to grant access to Exchange 2000 or an Exchange 2003 mailboxes found on a specific
server:
Note: You must have the appropriate Exchange administrative permissions to do so.
1. Start Exchange System Manager.
2. Drill down to your server object within the appropriate Administrative Group. Right-click it and choose Properties.

3.
4.
5.
6.
Note:

In the Properties window go to the Security tab.

Click Add, click the user or group who you want to have access to the mailboxes, and then click OK.
Be sure that the user or group is selected in the Name box.
In the Permissions list, click Allow next to Full Control, and then click OK.
Make sure there is no Deny checkbox selected next to the Send As and Receive As permissions.

7. Click Ok all the way out.

Note: It might take some time before the changes you've made will take effect. The amount of time needed is influenced
by the number of domain controllers, Global Catalogs and site replication schedules and intervals. On one domain with
one site containing multiple domain controllers it might take up to 15 minutes before you can begin using these new
permissions. On single servers that are also DCs you can speed up the process by restarting the Information Store
service.
81.
What is the Send As permission?
How to grant Send As permission
"Send As" allows one user to send an email as though it came from another user. The recipient will not be given any
indication that the email was composed by someone other than the stated sender.
"Send As" can only be granted by a system administrator. "Send on Behalf of" may be more appropriate in many
situations, it allows the recipient to be notified both who the author was and on who's behalf the email was sent
The following procedure will allow system managers to grant users the ability to send as another:
1.
Log onto the server running Exchange.
2.
Run Active Directory Users and Computers.
3.
Under the "View" menu ensure that "Advanced Features" is ticked.
4.
Find the user's account that you want to be able to send as, and open up the account properties.
5.
Select the "Security" tab.
6.
Click [Add ...] (under "Group or user names") and add the user (users or group) that is to be granted permission
to send-as this account.
7.
For each account added, highlight the account under "Group or user names" and in the "Permissions for ..."
window grant the account "Send As" permission.
8.
Click [OK] to close the account properties dialog.
Note:
If there is an account for which a number of people need to be able to send as (such as an account used as a
single point of contact for a distribution lists) then administratively it may be simpler to add a group of users who should
have that permission and grant the permission to the group and not to the accounts individually.
The process of sending an email as coming from another account is the same as sending on behalf-of.
Set Mailbox Send as Permission
To set up a mailbox so another person can send mail on behalf of that person (send as) follow the procedure below. This
procedure works when using Exchange 2000 for the mail server. For example if you have a person who is an executive
with an office assistant, they may want the office assistant to be able to send mail on their behalf. In the procedure
below, the first user whose properties are vied would be the executive, and the user granted the permission is the office
assistant.
Open Active Directory Users and Computers.
On the Menu, select "View".

Either double click the user who you want someone else to send e-mail on behalf of or right click the user and select
"Properties"
A user properties dialog box will appear. Select the "Exchange General" tab.

Click the "Delivery Options" button.

A "Delivery Options" dialog box will appear. To the right side of the box labeled "Grant this permission to", click the "Add"
button.

A select recipient dialog box will appear. Select the recipients that you want to be able to send mail on behalf of the user
whose properties you are editing.

Click OK to close the select recipient dialog box.

Click OK to close the "Delivery Options" dialog box.
Click OK to close the user properties dialog box.
82. What other management tools are used to manage and control Exchange 2003? Name the tools you'd use.

83. What are Exchange Recipient types? Name 5.

Exchange Server 2003 allows you to create several different types of recipient objects: mailbox-enabled users, mailenabled users, contact recipients, group recipients and public folder recipients. This tutorial explains how these various
types of Exchange Server recipient objects work, when to use them and how to configure them.
Part 1: Exchange Server mailbox-enabled and mail-enabled recipients
There is a world of difference between an Exchange Server mailbox-enabled recipient object and a mail-enabled recipient
object. An Exchange Server mailbox-enabled recipient object is a user who actually has a user account on your system.
On the other hand, a mail-enabled recipient object is a user who does not have a valid user account, but who does have
an email address that reflects your organization's domain.
You would typically create a mail-enabled Exchange Server recipient object for someone who doesn't actually work for
your company, but who needs to maintain the appearance of working there.
By using a mail-enabled recipient object, you would be able to publish an external user's email address as
[email protected]. Any email messages sent to that address would pass through your Exchange server
and be forwarded to that person's normal email account in his own domain.
The process for creating an Exchange Server mail-enabled user is fairly similar to the procedure for creating a mailboxenabled user. Both processes start with creating a user account. Exchange Server extends the user creation wizard and
gives you a chance to create an Exchange Server mailbox for the user, as shown in Figure A.
If you wanted to create a mailbox-enabled user, you would create an Exchange Server mailbox for the new user and then
complete the account creation process in the normal way.
Figure A: Set up an Exchange mailbox to create a mailbox-enabled user object.

If you are creating a mail-enabled recipient though, you would deselect the "Create an Exchange Mailbox" checkbox
shown in Figure A prior to completing the account creation process.
Since a mail-enabled recipient is someone who has no business logging onto your network, you also need to disable that
user account right away. To disable an Exchange Server mail-enabled recipient, right click on the user account in the
Active Directory Users and Computers (ADUC) console and select the "Disable Account" command.
Now it's time to mail-enable the user account:
Right click on the account and select the Exchange Tasks command to launch the Exchange Tasks Wizard.
Click Next to bypass the wizard's Welcome screen and you will see a list of the tasks that can be applied to the user
object.

Select the "Establish Email Address" option from the list and click Next to see the screen shown in Figure B.
Figure B: You must enter the user's external email address.

As you can see in Figure B, the user's alias is filled in automatically. However, you must enter the user's external email
address. This is the user's real email address where he normally receives his email.
Click the modify button and you will be prompted to select the type of address that you want to enter.
Select the SMTP Address option and click OK.
Enter the user's external email address and click OK once again. The "External Email Address" field on the screen shown
in Figure B will now be filled in.
Click Next, followed by Finish, to complete the process.
You will be able to tell that the process was successful because the newly mail-enabled user will now appear in the
Exchange Server Global Address List (GAL).
Part 2: Exchange Server contact recipients
An Exchange Server contact recipient object is very similar to a mail-enabled recipient object in that it points to an
external email address. Contact recipient objects and mail-enabled recipient objects have totally different purposes
though.
An Exchange Server contact recipient object also points to an external email address, but its purpose is not to provide an
email address from your domain to an external recipient. Instead, its goal is to make it easier for your users to send
messages to that external person.
For example, let's say that your company outsources printing to a local print shop, and your employees regularly email
documents there. If you create a contact recipient object for the print shop, its email address will be added to your
Exchange Server Global Address List (GAL). This will save your users the time and effort of having to manually type in
the print shop's email address every time they want to send email.
When you create a contact recipient, you do not have to create a user account. However, you do have to create an Active
Directory object to link to the external email address.
To create an Exchange Server contact recipient:
Open the Active Directory Users and Computers (ADUC) console.
Right click on the Users folder and select New -> Contact to view the New Object -- Contact dialog box.
Enter a first name, last name, full name, and display name and click Next.
This screen asks if you want to create an Exchange Server email address. Make sure that the "Create an Exchange Email
Address" checkbox is selected and click the Modify button.
You will now be asked what type of address you want to enter. Select the SMTP address option and click OK.
Enter the recipients email address and click OK one more time.
Click Next, followed by Finish, to create the new contact recipient object.
The newly created contact will reside in the Users folder (or whatever folder you created it in) of the ADUC console. You
can tell it apart from a normal user because the contact's icon looks like a business card rather than a person.
Now that you have created the new contact, it should appear on the Exchange Server Global Address List. When you
view the GAL through Microsoft Outlook, you will be able to tell that the entry uses an external mailbox, because
Microsoft Outlook will display a globe icon next to the contact.
Part 3: Exchange Server group recipients
For all practical purposes, a group recipient object is the same as an Exchange Server distribution list. It is basically just
a group that has been mail-enabled (not mailbox-enabled). When an email message is sent to the group's email address,
the message is forwarded to the group members' individual mailboxes.
To create an Exchange Server group recipient object:

Open the Active Directory Users and Computers (ADUC) console and select the Users container.
Right click on the Users container and select New -> Group To view the New Object -- Group dialog box.
Enter a name for the group and then set the group type to Distribution.
Click Next to see a screen asking you if you want to create an Exchange Server address for the group.
Make sure that the "Create an Exchange Email Address" checkbox is selected and click Next.
Click Next one more time, followed by Finish, to create the Exchange Server group recipient object.
To add users to the group, click on the group, select Properties, and click the Add button on the Members tab.
Part 4: Exchange Server public folder recipients
The last type of Exchange Server recipient object that I want to talk about is a public folder recipient -- also known as a
mail-enabled public folder. A public folder recipient is simply an Exchange Server public folder that has an email address
associated with it.
There are many different uses for mail-enabled Exchange public folders, but the first example that comes to mind is a
situation in which your company launches a new product and wants to receive feedback from customers. With a a mailenabled Exchange public folder, you could receive all customer feedback in a central location, instead of flooding multiple
personal mailboxes with those messages.
To create an Exchange Server public folder recipient object:
Open Exchange System Manager.
Navigate through the console tree to Administrative Groups -> your administrative group -> Folders -> Public Folders ->
the public folder you want to mail enable.
Right click on the Exchange Server public folder you want to mail enable and select the All Tasks -> Mail Enable
command.
The folder is technically now mail-enabled, but you still need to verify that an email address has been assigned to the
Exchange public folder.
To do so, right click on the folder and select Properties.
Select the Email Addresses tab to view the SMTP address assigned to the Exchange public folder.
Use the Add and Edit buttons to add an alternate address or to modify the existing address, if necessary.

84. You created a mailbox for a user, yet the mailbox does not appear in ESM. Why?

You wanted to change mailbox

access permissions for a mailbox, yet you see the SELF permission alone on the permissions list. Why?

WHAT HAPPENS WHEN I CREATE A MAILBOX IN EXCHANGE 2003?

I have been asked this question a fair bit recently by members of my team, or indeed staff whom have delegated rights
to the ESM whom worry when the dont see the new mailbox that they have created appear in the Exchange System
Manager.
The most recent related question that I have been asked is why is the only permission on the mailbox the self
permission, which prompted me to have a look around the web for some information, whereas I understand why the
mailbox does not appear in the ESM and why the self permission is the sole permission upon creation I was hoping to
find some resources on the web to distribute to my team.
I was very surprised to find that although I tracked down a very good explanation for the self permission, I could not
find anything that really explains what happens when you go through the mailbox creation process, therefore I have
decided to write my own explanation (and await the flogging from people that know better!)
Ok, a common misconception about creating a Mailbox is that when you have completed the Mailbox creation Wizard
there is a nice shiny mailbox created in the store that you have chosen.
This is not the case, the Mailbox wizard at this stage only updates the following attributes in Active Directory with the
values that are specific to you Exchange Organisation;

homeMDB - Home Location of your Mailbox in the correct Exchange Database

homeMTA - Your Native Message Transport Agent
legacyExchangeDN - Used for compatibility with Exchange 5.5 systems
mail - Your primary e-mail address
mailNickname - Your mailbox alias
msExchHomeServerName - The server which your mailbox is located on
msExchMailboxGuid - GUID of the Primary samAccount for the mailbox
msExchMailboxSecurityDescriptor - Defines mailbox rights
proxyAddresses - Additional Addresses.

What then happens is the Recipient Update Service will run (usually every 15 minutes) and stamp the mail and proxy

addresses to the account in Active Directory - at this stage there is still no physical mailbox in the Exchange store (which
can be verified by check the mailbox list from the ESM).
In addition to the above if you check the Exchange Advanced tab and click Mailbox Rights (you will need to turn on
the Advanced Features of ADUC) you will see that the only permission on the mailbox at this point is the self
permission.
This situation happens because the securityDescriptor object (msExchMailboxSecurityDescriptor) is not read from
Active Directory until the user first logs on to the mailbox or the mailbox is sent an item of mail.

A common misconception is that the Recipient Update Service plays a part in both the mailbox creation and indeed the
configuration of security permissions on the mailbox, however the RUS does not work out any permissions (as that is not
its job) it is the store service that works these out when the user logs on or mail is received which co-incidentally is the
point where the store process creates the mailbox in the database based upon the data that is contained in Active
Directory for the account.
85. What are Query Based Distribution groups?

QUERY-BASED DISTRIBUTION GROUPS

A query-based distribution group works much like a standard distribution group. The difference being that the querybased Distribution Groups assign group membership based on LDAP queries. Query-based distribution groups are only
supported when running in Exchange Server 2003 Native Mode. The main advantage of creating a query-based
distribution group is that administrators can dynamically assign members to the group you do not have to manually
add/remove accounts from the query-based distribution group.
You can use the Filter option to define group membership for the query-based distribution group. Then, when new
account objects are created, these objects too are added to the group when they defined as being mail-enabled in Active
Directory.
The different Filter options for defining a query-based distribution group are listed here:
Users with Exchange Mailboxes
Users with External Mail Addresses
Mail-Enabled Groups
Contacts with External Email Addresses
Mail-Enabled Public Folders
Customer Filters

HOW TO CREATE A QUERY-BASED DISTRIBUTION GROUP

Open the Active Directory Users and Computers console.

Click the View menu and enable the Advanced Features option.
Navigate to and expand the Organizational Unit that should contain the query-based distribution group.
Click the Action menu and select New and then Query-Based Distribution Group.
Provide a name for the query-based distribution group
Click Change, and then select the domain and organizational unit. The filter will be applied to all users in
the organizational unit.
Select the Users with Exchange Mailbox option.
Click Next and then click Finish.

86. What type of groups would you use when configuring distribution groups in a multiple domain

forest?
87. Name a few configuration options for Exchange recipients.
88. Name a few configuration options related to mailbox stores.
89. What are System Public Folders? Where would you find them?
Types of public folders
There are two types of public folders in Exchange 2003:
Public Folder
System Folder
Puchange distinguishs between different public folder trees:
ONE public folder tree type called MAPI Clients and
MANY public folder tree types called General purpose
Every public folder tree must be associated with an Exchange 2003 Public Folder Store.
Public folders under the MAPI public folder tree are visible in Outlook.
Public folders under the General purpose public folder tree are visible in Explorer and various other clients, except
Outlook, like HTTP clients.
System Folder
System folders are hidden folders for internal Exchange System Management. Exchange needs this System Folders for
Offline Address Book generation, Free+Busy information and many more.
Exchange generates the following System Folders:
EForms Registry
Events Root
Nntp Control Folder
Offline Address Book
Schedule+ Free Busy
StoreEvents
System Configuration
To view System Folders start Exchange System Manager, navigate to Public Folders and right click View
System Folders.

Figure 2: Display System folders in ESMblic folders

Public folders are the visible public folders for your users to organize and publish informations. You can create as much
public folders you want.
90. How would you plan and configure Public Folder redundancy?
Okay. Go to the individual mailbox stores (not the storage group) on Server A. Open the properties page and
set the Default Public folder store to Server B.
91. How can you immediately stop PF replication?
92. How can you prevent PF referral across slow WAN links?
93. What types of PF management tools might you use?
New Tools Available for Public Folders and Mailbox Management, and for Mobility
With the release of Microsoft Exchange Server 2003 Service Pack 2 (SP2), you now have two new tools that can make
your day-to-day operations tasks easier and more productive.
1.The Microsoft Exchange Server Public Folder Distributed Authoring and Versioning (DAV)-based
Administration tool, version 2.4, is a tool previously available for internal use only, but now is available publicly. This
tool helps IT Administrators to manage various server tasks related to:
Public folders
Mailboxes
2.The Microsoft Exchange ActiveSync Mobile Administration Web tool is part of the overall new Mobility feature
that was introduced with SP2. This tool enables IT Administrators to manage the process of remotely erasing or wiping
lost, stolen, or otherwise compromised mobile devices.
For more information about downloading these tools, see Tools for Exchange Server 2003. Download these tools to start
taking advantage of the many tasks they can perform both for public folder and mailbox administration, and for an
enhanced administrator mobility experience.
The following sections describe the tools in more detail.
Microsoft Exchange Server Public Folder Distributed Authoring and Versioning (DAV)-based Administration
Tool
The Microsoft Exchange Server Public Folder Distributed Authoring and Versioning (DAV)-based Administration tool
version 2.4 (PFDAVAdmin 2.4) is an Exchange 2000 and later tool that assists Exchange administrators in fulfilling
various server management tasks. As the name of the tool implies, many of these tasks are related to public folder
management, but this tool can be used with mailboxes, too.
What PFDAVAdmin Can Do
Probably the most popular usage of PFDAVAdmin is permissions management of public folders. This tool is especially
useful when correcting problems in permissions caused by M drive scanning or modifications made through a non-MAPI
interface. Another common usage is to export or import folder permissions set on public folders and mailboxes.
The following examples show additional you can do with PFDAVAdmin.
Content Report
Did you ever want to know how many items each public folder contains? Or do you want to know when the newest item
was created in a folder? The Content Report menu is here to help you. Use this menu to create a report for all the public
folders or any single folder (and its subfolders) with information such as the following:
Item count
Size of the folder
Largest item size in the folder
Most recent modification date of any item in the folder
Centralized Permission change
Did you ever want to assign certain permission to all the user mailboxes, such as reviewer permission on Calendar
folders of all the users? You can use Propagate ACE to add the permission to all the folders named Calendar, or you can
export or import permissions through text files.
Note:
For Calendar folders, you must take an extra action. For more information, see Microsoft Knowledge Base article
237924, "PRB: ACL: Outlook 2000 Doesn't Properly Read ACL Settings."
Permission Migrate
Do you need to migrate from an Exchange Server 5.5 organization to a new Exchange Server 2003 organization? If you
do, you may also want to migrate the permissions of public folders rather than manually assigning the permissions on
Exchange Server 2003. You can use PFInfo to export the permissions of Exchange Server 5.5 public folders and use
PFDAVAdmin to import the file into Exchange Server 2003.
Frequently Asked Questions

The following questions are frequently asked.

Question Does PFDAVAdmin only work against public folders?
Answer No, in spite of its name, PFDAVAdmin works against mailboxes as well.
Question Can you run PFDAVAdmin against Exchange Server 5.5?
Answer No, PFDAVAdmin works only with Exchange 2000 and later servers. However, PFDAVAdmin can work with the
data you exported from Exchange Server 5.5 with tools such as PFInfo.
Question Is it possible to run PFDAVAdmin from a command line?
Answer Yes. You can specify various switches to indicate what type of operations you want to perform, as well as the
scope of the operations. To see what options are available, type pfdavadmin -? at a command prompt.
Question Can you run PFDAVAdmin from a computer that is not a member of the forest where the target Exchange
server resides?
Answer Yes. This feature is new with version 2.4. Also, you can use an account that is not a member of the Exchange
forest if it has appropriate Exchange Administrator permissions (for example, in a resource forest scenario).
Question What is the typical 'folders per hour' that PFDAVAdmin can process?
Answer This answer depends on many factors such as the hardware specifications of the server and client, and the
types of operations (Export Permissions, Export Replica Lists, Content Report). generally, you can get a higher
performance when you run PFDAVAdmin against Exchange Server 2003 than against Exchange 2000 Server. Also, for
Exchange Server 2003, it is faster when installed on Microsoft Windows Server 2003. As a broad estimate, 20,000 to
50,000 folders per hour is a good benchmark. Do note, though, that the performance in version 2.4 is significantly
improved over the previous versions.
Microsoft Exchange ActiveSync Mobile Administration Web Tool
The Microsoft Exchange ActiveSync Mobile Administration Web tool enables administrators to manage the process of
remotely erasing lost, stolen, or otherwise compromised mobile devices.
By using the Exchange ActiveSync Mobile Administration Web tool, administrators can perform the following actions:
View a list of all devices that are being used by any enterprise user.
Select or cancel the selection of devices to be remotely erased.
View the status of pending remote erase requests for each device.
View a transaction log that indicates which administrators have issued remote erase commands, in addition to the
devices that those commands pertained to.
Installation
To install the Exchange ActiveSync Mobile Administration Web tool on a front-end server that runs Exchange Server 2003
with Service Pack 2 (SP2), run the .msi package. The installation package creates the MobileAdmin virtual directory,
through which the tool can be accessed.
When installed correctly, the Exchange ActiveSync Mobile Administration Web tool is available from any remote computer
that has a browser that can access the virtual directory associated with the tool. However, to access the Exchange
ActiveSync Mobile Administration Web tool from the same computer that it is installed on, you must use one of the
following approaches:
Add the server name to the Local intranet list for Internet Explorer: In Internet Explorer, click Tools, click Internet
Options, click Security, click Local intranet, and then click Sites.
Use localhost as the server name when specifying the mobileAdmin URL in the browser (for example,
https://localhost/mobileAdmin).
Adding Administrators
By default, access to the Exchange ActiveSync Mobile Administration Web tool is restricted to Exchange administrators
and local administrators. A user from either of these groups can enable additional users to access the tool by modifying
the security settings on the MobileAdmin folder in the installation directory. You make this change by right-clicking the
folder, and then selecting sharing & security, which displays the Insert Folder Security properties dialog box.
By using this user interface, an administrator can add a user or group by clicking Add and then entering the name of the
user or group to which the administrator wants to grant access.
Similarly, a user or group can be removed by selecting that user or group and then clicking Remove.
Using the Tool
The Welcome Screen presents the Administrator with a list of available administrative options. Select one of these
options to start the associated Web page. The following options are displayed on the Welcome page.
Remote Wipe Run a remote wipe command for a lost or stolen mobile device
Transaction Log View a log of administrative actions, noting time/action/user
Running and Monitoring a Remote Device Wipe
The Remote Device Wipe administrator console provides the following functions:
Issue a remote wipe command for a lost or stolen mobile device.
To issue a remote wipe command, search for a users mobile devices by specifying the users name. The tool displays the
device ID, device type, and the time the device last synchronized with the server for each of the user's devices. Locate
the desired device, and then click Wipe. The tool then displays the up-to-date status for the device, displaying when or if
the device has been successfully wiped.
View the status on a pending remote wipe command.
When a Wipe action is specified for a device, it stays active until the administrator specifies otherwise. This means that,
after the initial remote wipe has been completed, the server continues to send a remote wipe directive if the same device
ever tries to reconnect.
Undo (cancel) a remote wipe command if a lost or stolen device is recovered.
If a lost device is recovered, the administrator can cancel this directive to enable the device to successfully connect
again. You cancel the wipe by locating the mobile device that has the remote wipe action set, and then clicking Cancel
Wipe.
Delete a device partnership.
The administrator can use the remote wipe console to delete a device partnership from the server. This action has the
effect of cleaning up all state associated with a specified device on the server and is primarily useful for housekeeping
purposes. If a device tries to connect after its partnership has been deleted, it will be forced to re-establish that

partnership with the server through a recovery process that is transparent to both the IT administrator and the device
user. This action is carried out by locating the mobile device, and then clicking Delete.
Viewing a Log of Remote Wipe Transactions
The transaction log displays the following information for all critical administrative actions performed with the Exchange
ActiveSync Mobile Administration Web tool:
Date Time Date and time when the action was executed
User The user who executed the action
Mailbox The mailbox that the action pertained to
Device ID The device that the action pertained to
Type The type of device that the action pertained to
Action The action taken by the administrator
94. What are the differences between administrative permissions and client permissions in PF?
Using Public Folder Permissions

The following sections discuss how to use public folder permissions.

Understanding the Three Types of Public Folder Permissions
You can control access to public folders using the following types of permissions:
Client permissions These settings control who can use client applications to access folders and messages. By default,
all users have permissions to read and write content in the public folder. You can change permissions for all users or
create different permissions for specific users. The default client permissions do not include the Exchange administrative
roles (Exchange Full Administrators, Exchange Administrators, or Exchange View Only Administrators).
Depending on the type of public folder that you are working with, you may see different forms of the client permissions.
Folders in the Public Folders tree use MAPI permissions.
Folders in general-purpose public folder trees use Windows 2000 Server permissions.
Directory rights These settings are normal Active Directory permissions, and control who can change the e-mail
related attributes of a mail-enabled public folder. Exchange stores these attributes in Active Directory, in the public
folder's directory object in the Microsoft Exchange System Objects container. The default directory permissions include
extensive permissions for the domain local Administrators group. Normally, any user that you have assigned to one of
the Exchange administrative roles is a member of this group.
Administrative rights These settings control who can use Exchange System Manager (or a custom administration
program) to change the replication, limits, and other settings for a public folder. Some of these permissions are inherited
from the public folder store and include permissions for the Exchange administrative roles. These permissions are
Windows 2000 Server permissions, although they reside only in the public folder store.
If you are working with a public folder tree that has multiple levels of public folders, you can modify client permissions or
administrative rights for a single folder, and you can use the Propagate Settings command to propagate the changes to
all subfolders of that folder. To propagate client permissions, use Propagate Settings with the Folder rights option. To
propagate administrative rights, use Propagate Settings with the Administrative rights option.
Special Considerations for Working with Client Permissions
When you use Exchange System Manager to view client permissions for a public folder, the information that you see can
depend on what type of folder tree you are working with. You also have access to different views of the same
information. The procedures in this section provide information about how to use and how not to use the different views.
To view permissions that control client access to a public folder
In Exchange System Manager, right-click the folder that you want to change, and then click Properties.
In the Properties dialog box, click the Permissions tab, and then click Client permissions.

After you click Client permissions, one of two different dialog boxes appears, depending on the type of public folder tree
with which you are working.
If you are working with a folder in the Public Folders tree, you see a dialog box that contains MAPI permissions and roles.

If you are working with a folder in a general-purpose

public folder tree, you see a dialog box that contains
Windows 2000 Server permissions, users, and groups.
You can also use Exchange System Manager to view the Windows 2000 version of the permissions on a folder in the
Public Folders tree.
Caution:
Although you can view the Windows 2000 Server version of the Public Folders tree permissions, do not
attempt to edit the permissions in this view. The Windows user interface that displays the permissions formats
the ACL in such a way that Exchange Server will no longer be able to convert the permissions to their MAPI
form. If this happens, you will no longer be able to use Outlook or the regular Exchange System Manager
dialog boxes to edit the permissions.
To view the Windows 2000 version of MAPI permissions
In Exchange System Manager, right-click the folder whose permissions you want to view, and then click Properties.
From the Properties dialog box, click the Permissions tab, and then press and hold the CTRL key and click Client
permissions.
The resultant dialog displays as below. Note that all of the permissions check boxes are cleared:

To see the actual permissions information, click Advanced. The resulting dialog box is shown below:

To view detailed permissions information, click a permissions entry and then click View/Edit.
Remember, do not use this dialog box to edit the permissions. As stated earlier, using this interface to modify
permissions would save the changes in a form that Exchange Server could not convert to the MAPI format. The following
screenshot shows an example of the detailed Windows 2000 Server permissions information you can view.

Designating a User as a Public Folder Delegate

You can configure a mail-enabled public folder so that a user can send mail on the public folder's behalf. For example, if
the folder serves as a shared storage location or workspace for a group of users, one user could send notifications to the
group. A custom application could also perform such a function, if you created an account for it to use.
To give a user the ability to send mail on behalf of a public folder
From Exchange System Manager, expand Folders, right-click the public folder for which you want to give a user the
ability to send mail and click Properties.
Click Exchange General, and then click Delivery Options.
Click Add to specify a user.
You may need to make additional modifications if the following conditions apply:
The user's mailbox resides in a domain that is different from the public folder's domain.
The user's mailbox resides on a server that is located in a site that does not contain any domain controllers for the
domain that hosts the public folder.

Use one of the following additional steps:

Add the Exchange Domain Servers security group of the child domain with Read permissions to the ACL of the Microsoft
Exchange System Objects container in the parent domain. This method is the recommended method for working around
this problem.
Move one domain controller from the parent domain to the user's Exchange Server 2003 site.
Maintaining the Minimum Permissions Required for Mail-Enabled Public Folders
This section explains the minimum permissions that are required for mailbox stores and public folder stores to function
correctly.
If you modify the default client permissions and roles on a mail-enabled public folder, make sure you maintain the
Contributor role for the Anonymous account. Otherwise, mail sent to the public folder will be returned as undeliverable.
When the public folder receives e-mail from a user who has no permissions on the folder, it treats the mail as a message
posted using the Anonymous account.
Note:
This is a change from Exchange Server 5.5, where the default role of the Anonymous account was None.
Maintaining the Minimum Permissions Required for Mailbox Stores and Public Folder Stores
If you modify the default permissions on Exchange Server 2003 mailbox stores and public folder stores, make sure you
maintain the following minimum permissions:
Administrators group Full Control
Authenticated Users group Read and Execute, List Folder Contents, and Read
Creator Owner None
Server Operators group Modify, Read and Execute, List Folder Contents, Read, and Write
System account Full Control
You may experience difficulties in mounting the mailbox stores or public folder stores if you do not maintain these
permissions for these groups and accounts. The following error messages and events indicate that the accounts and
groups in the preceding list do not have the correct permissions:
An internal processing error has occurred. Try restarting Exchange System Manager or the Microsoft Exchange
Information Store service, or both.
MAPI or an unspecified service provider. ID no: 00000476-0000-00000000.
Information Store (2520) An attempt to determine the minimum I/O block size for the volume "[drive:\]" containing
"[drive:\]Exchsrvr\Mdbdata\" failed with system error 5 (0x00000005): "Access is denied." The operation will fail with
error -1032 (0xfffffbf8).
Error 0xfffffbf8 starting Storage Group [dn of storage group] on the Microsoft Exchange Information Store.
The MAPI call 'OpenMsgStore' failed with the following error: The Microsoft Exchange Server computer is not available.
Either there are network problems or the Microsoft Exchange Server computer is down for maintenance. The MAPI
provider failed. Microsoft Exchange Server Information Store ID no: 8004011d-0526-00000000.
You may also encounter problems when mounting public folder stores if you have cleared the Allow inheritable
permissions from parent to propagate to this object option for the public folder hierarchy. The following error messages
indicate that you have cleared this option:
The store could not be mounted because the Active Directory information was not replicated yet.
The Microsoft Exchange Information Store service could not find the specified object. ID no: c1041722.
To restore the permissions required by Exchange Server:
In Exchange System Manager, right-click the Folder container, select the public folder tree, and then click Properties.
In the Properties dialog box, click the Security tab, click Advanced, and then select Allow inheritable permissions from
parent to propagate to this object.
Wait for Active Directory to replicate the change to all of the domain controllers.
Right-click the public folder store and click Mount Store.
95. How can you configure PF replication from the command prompt in Exchange 2003?
Replicating Public Folders from Exchange 2000 to Exchange Server 2003
Just as the mailboxes are migrated from one set of Exchange 2000 servers to another set of Exchange Server 2003
systems, the public folders should be replicated before retiring the old Exchange 2000 servers. Previously, this procedure
involved a manual replication of folder hierarchy, which could prove to be a tedious process. Microsoft addressed this
drawback with a new utility called PFMigrate, which is accessible via the Exchange Deployment Tools. PFMigrate can
create public and system folder replicas on new systems, and remove them from old servers. The following procedure
outlines how to use PFMigrate to migrate from an Exchange 2000 Server to an Exchange Server 2003 system:
Open a Command Prompt (select Start, Run; type cmd; and press Enter).
Type cd D:\support\Exdeploy and press Enter.
To create a report of current public folder replication, type the following:
pfmigrate.wsf /S:OLDSERVERNAME /T:NEWSERVERNAME /R /F:c:\LOGNAME.log
This generates a report named LOGNAME.log on the C: drive. OLDSERVERNAME should be the name of the
Exchange 2000 system, and NEWSERVERNAME should be the new Exchange Server 2003 system.
To replicate System Folders from the Exchange 2000 server to the Exchange 2003 server, type the following:
pfmigrate.wsf /S:OLDSERVERNAME /T:NEWSERVERNAME /SF /A /N:100 /F:c:\LOGNAME.log
To replicate Public Folders from Exchange 2000 to Exchange Server 2003, type the following:

pfmigrate.wsf /S:OLDSERVERNAME /T:NEWSERVERNAME /A /N:100 /F:c:\LOGNAME.log

After all public folders have replicated, the old replicas can be removed from the Exchange 2000 Servers by
typing the following, as illustrated in Figure 16.11:
pfmigrate.wsf /S:OLDSERVERNAME /T:NEWSERVERNAME /D
Figure 16.11. Command-line PFMigrate functionality.

The LOGNAME.log file can be reviewed to ensure that replication has occurred successfully and that a copy of each public
folder exists on the new server. A sample log from this procedure is illustrated in Figure 16.12.
Figure 16.12. Sample PFMigrate log file.

TIP
Become familiar with the command-line options that are available with the PFMigrate tool, because they can be useful for
managing the replication of public folders across a newly deployed Exchange Server 2003 environment.
96. What are the message hygiene options you can use natively in Exchange 2003?
97. What are the configuration options in IMF?
IMF SCL Configuration - getting it right
Correct SCL configuration is the key to a successful Exchange Intelligent Message Filter setup. With a good
understanding of SCLs we can get the best results out of IMF. In this article I look at how to do this with the help of
windeveloper IMF Tune, a freeware application released for this purpose.
Note: This article makes references to WinDeveloper IMF Tune, an application that was available as freeware at the time
of writing. IMF Tune is today a commercial product.
The Intelligent Message Filter IMF, is one of the anti-spam products with the least configuration settings I ever came
across. It boils down to four settings, Gateway SCL, Gateway Action, Junk Email SCL, and enabling of IMF per SMTP
virtual server. The lack of options may easily give the impression that the configuration is trivial.
What's an SCL by the way? The SCL rating is a value from 0 to 9 assigned to emails as a classification of their likelihood
of being spam. 0 indicates lowest probability whereas 9 indicates near certainty of the email being spam. Values in
between indicate a varying degree of certainty.
Given the SCL value, an administrator is expected to decide what to do with the email. Emails with ratings at the lower
range of SCL values are typically permitted to go through as valid email. High SCL ratings enable Administrators to be
brave and take drastic actions such as delete, reject or archive. Values in between typically require emails to be
deposited to the Junk Email folder for verification by the end-recipient. So effectively our goal is that of identifying these
three SCL value ranges. Getting them wrong may lead to many valid emails ending in the Junk Email folder. Getting
them totally wrong (and some do!!) may lead to loss of valuable emails.

Quick IMF Configuration Tour

Before delving deeper into SCLs, let's have a very quick look at the IMF configuration to make sure everyone is in sync.
The main IMF configuration settings are available from:
<Organization> | Global Settings | Message Delivery <properties> | Intelligent Message Filtering <property sheet>

Here you will find Gateway SCL, Gateway Action and Junk Email SCL. The Gateway settings are used to filter emails
scoring very high SCLs. At this end one can configure IMF to reject, delete or archive emails. The Junk Email SCL
identifies the emails that should be deposited to the Junk Email folder. Obviously this is set to a lower value than the
Gateway SCL. Note that there is a typo in the IMF configuration. The text "Move messages with an SCL rating greater
than or equal to:" should read "Move messages with an SCL rating greater than:". Combining these two SCL values we
end up with three buckets for email classification as depicted below:

Enabling of IMF per virtual server is done from:

<Organization> | Servers | <Exchange Server> | Protocols | SMTP | 'Intelligent Message Filtering'

What does the SCL really mean?

The first point to make clear is the fact that the SCL range between 0 and 9 is not linear. Let's rephrase this. Do SCL
values such as 4 or 5 indicate 50:50 chance of an email being spam? Does it mean that half of these emails are spam
and half ham? The answer is no. Such linearity would make large part of the SCL values useless.
Using IMF Archiving feature it is possible to get an idea how the level of certainty changes from one SCL value to
another. To compile this table I just looked at a few sample emails between SCL1 and SCL 9, hence the values are purely
indicative to illustrate this point.
X-SCL

Confidence Level (%)

52.68

57.43

63.87

67.41

82.82

90.50

94.72

97.82

99.58

As already said these values are purely indicative but it is clear that anyone rejecting/deleting/archiving emails with SCL
lower than 7 is looking for trouble. Also values up to 3 or 4 can cause quite a large number of false positives.
Did I already say these values are purely indicative? This means that in practice one has to see IMF in action to see the
real meaning of SCL values. My aim so far was to block anyone (see the newsgroups) from doing crazy stuff. What we
need is to start off with some reasonable SCL values and fine tune our settings by checking what is being filtered.
Initial SCL settings
Putting myself in the position of an administrator deploying IMF for the first time this is how I would start the
configuration settings:
Gateway Action

NoAction

Gateway SCL

In this case this is not relevant, but 8 would be my starting value

for any other gateway action setting.

Junk Email SCL

Emails with SCL values between 0 and 4 will go straight to the

inbox. All the rest goes to the Junk Email folders.

Starting with no gateway action is wise. It is first best to build your confidence in IMF before giving it the trust to remove
emails. This is of course true for any other application as well. Once configuration is done make sure to enable IMF per
virtual SMTP server as shown previously.
Next we need to check which emails are ending in the Junk Email folder and which in the Inbox. Note that for the Junk
Email folder to be active, must be enabled through Outlook 2003: Tools | Options | Preferences | Junk E-mail... or
through OWA: Options | 'Privacy and Junk E-mail Prevention'.
WinDeveloper IMF Tune freeware
It is now time to verify how well our initial SCL settings are doing. There are two things to check:
Valid emails ending in the Junk Email folder (false positives).
Spam remaining unfiltered ending in the recipient Inbox (false negatives).
To do this we need to identify the SCL ratings for mails with false results. This information is not readily available unless
a tool such as WinDeveloper IMF Tune is used. IMF Tune processes all emails whose SCL score is larger than the Junk
Email SCL. It then prefixes their subject with the SCL score as shown below.

IMF Tune now enables us to look into the Junk Email folder and see how each of the individual emails is being classified.
The subject prefix enables us to sort all emails by SCL which is very useful.
Let's say a number of false positives are identified with SCL 5. The next step would be to determine what would happen
if we were to raise the Junk Email SCL level to 5. Naturally this will cause all emails with rating of 5 or less to remain
unfiltered. So it is best to determine how many false negatives will this cause. Sorting emails by SCL rating will enable us
to visualize this. If a good number of emails with SCL 5 are valid then one should certainly raise this level. On the other
hand if this is a small percentage it might be best to leave it as is. This decision can only be taken by analyzing real live
data.
IMF Tune is not configurable. It reads the IMF configuration every 5 minutes and adjusts which emails to process
accordingly. Hence on changing the IMF configuration, for a short while, you may end up with some missing SCL prefixes
at the Junk Email folder or some SCL prefixes at the Inbox. To avoid this restart the IIS Admin service, otherwise just be
patient for a few minutes.
IMF Tune only processes Junk Email. The subject is clearly an important piece of information which is best left alone for
legitimate emails. So IMF Tune is most useful when analyzing false positives. If a significant amount of spam is reaching
your Inbox then you may of course lower the Junk Email SCL. You may then use IMF Tune to analyze the result of this
change.
Determining the Gateway SCL settings is another area where IMF Tune comes handy. We started our IMF setup with no
gateway action. Now that the system has been running for some time it is good to look at the emails being assigned high
SCL values such as 8 and 9. Most organizations are unlikely to get false positives at this level. If you feel enough
confident in IMF SCL ratings at this end, then you may want to switch to archiving or even something more drastic like
delete or reject.
To conclude this, my client is currently using archiving as Gateway Action, 8 for Gateway SCL and 5 for Junk Email SCL.
He is also using another commercial Anti-spam product. I didn't discuss the ramifications of this but in effect it means
that these settings are specific to his particular setup. I hope you will find WinDeveloper IMF Tune helpful and make sure
to grab your copy by following the link at the references section. I will be happy to hear your feedback through the
www.windeveloper.com contact form.
Intelligent Message Filter
IMF is a plugin provided by Microsoft that greatly improves Exchange 2003's spam fighting capability. Microsoft doesn't
give the administrator the ability to allow users to retrain the filters like you can in CRM114 or bogofilter, but IMF is still
very useful.
Microsoft uses a concept known as the Spam Confidence Level (SCL) to determine whether or not a particular message is
spam. Each message is scored with an integer value from 0 to 9, with 0 indicating a non-spam message. Values from 1
to 9 indicates a spam message, with a lower number indicating that a message is likely not spam and a higher number
indicating that a message is probably spam. Each message is scored, and then depending upon its score, the message
can be rejected, deleted, or moved to a junk email folder, which is UceArchive at the system level or Junk Email for
individual users.
Unfortunately, Microsoft doesn't enable the administrator to easily view SCL scores for messages. However, the
References contain links to web pages that step you through the process of viewing SCL scores for both Outlook
messages and spam messages, which end up in the UceArchive folder.
Installation
In a large Exchange installation with many servers, IMF should be run on the machines we call the email relay machines.
These are MS Exchange servers that process email messages between the Internet (or non-Exchange servers) and the
Exchange mailbox servers your users login to in order to read their messages. Microsoft refers to the machines that IMF

is to be installed on as bridgehead machines. In smaller shops where there is no email relay, IMF can be installed directly
on the MS Exchange mailbox servers.
The IMF update must be downloaded from the MS Exchange IMF site,
http://www.microsoft.com/exchange/downloads/2003/IMF/default.asp, under the link called Exchange Intelligent
Message Filter.
After you've downloaded the update, install the package. The only options available during install are checkboxes called
Management Tools for Intelligent Message Filter and Intelligence Message Filter Functionality, which are both enabled by
default.
Configuration
The main IMF configuration screen is available by going to Global Settings==>Message Delivery==>(rightclick)==>properties==>Intelligent Message Filtering, which should bring up a screen similar to Figure 10.2.
Figure 10.2. Intelligent Message Filtering tab.

The IMF default values need to be changed because the software ships with values that won't work correctly in a
production environment. There are two thresholds, which can be set within the IMF configuration. The first is at the
server level and is located at the top of the IMF screen, titled Gateway Blocking Configuration. The second is at the
bottom of the IMF setup tab and is called Store Junk Email Configuration; it is processed when the message enters a
user's email box.
After the configuration has been set up via the IMF screen, the filter must then be made active, which is covered in the
Enabling IMF section of this chapter.
Gateway Blocking Configuration
When a message is presented to the Exchange server by a remote MTA, the Gateway Blocking Configuration defines
what the IMF system will do with the message after it is scored. The field named Block Messages with an SCL Rating
Greater Than or Equal To: specifies the score to match or exceed. We suggest setting this value to 8 initially and
adjusting it as necessary. If an SCL of a message is at or above this score, the action on the message can be one of the
following:
Archive
Delete
No Action
Reject
Archive causes the messages to be filed in the UceArchive folder (see the "UceArchive" section later). The Delete action
causes the message to be accepted by the server and then deleted. This setting should be used with caution, as
messages are irretrievably lost when this option is selected. The No Action setting allows you to see how the IMF system
would score messages without causing anything to happen to them. This setting is good for the paranoid administrator
who would like to see how IMF scores messages before implementing IMF on real clients.
Finally, the Reject setting causes the server to reject the message back to the originating MTA when the SCL score meets
the criteria. Like the Delete setting, this action should be used with caution because messages are essentially lost when
the Reject action is performed.
Store Junk E-mail Configuration
The Store Junk E-mail Configuration setting is what IMF should do with messages as they are being delivered into the
recipient's email box. This score defines the threshold at which messages should be delivered into a user's junk email
folder rather than his or her inbox. The field is called Move Messages with an SCL Rating Greater Than or Equal To, and a

good value to start off with is 4. If you are afraid your users will not go into their junk email boxes to view false
positives, then set this value to a higher number. However, more spam will likely end up in your user's inbox.
Enabling IMF
After configuring the IMF values, you must activate filtering. This is accomplished by going to the following click chain:
root==>servers==>name of server==>SMTP==>Intelligent Message Filtering==>(right-click)==>properties, which
should bring up a screen similar to the one shown in Figure 10.3.
Figure 10.3. Enabling IMF.

Click the Default SMTP Virtual Server checkbox and click the OK button. Your server is now running with IMF enabled.
Ongoing Maintenance
A couple of ongoing tasks need to be performed. One task is viewing the UceArchive folder, and another is viewing the
performance statistics of the IMF system.
UceArchive
When the Gateway Blocking Configuration item called When Blocking Messages is set to Archive, messages above the
SCL are placed in a folder called UceArchive. The administrator should view this folder periodically to be sure that no
legitimate email messages have slipped past the filters.
Unfortunately, Microsoft doesn't provide an easy way to view message scores. Appendix G contains a link to a program
called IMF Archive Manager, which enables the administrator to easily view messages in the UceArchive along with their
scores.
The UceArchive folder can be viewed by viewing the following directory path: drive letter:\Program
Files\Exchsrvr\Mailroot\vsi 1\UceArchive. In the UceArchive folder, each message that has been archived is saved as an
email message. A message is viewed by double-clicking on it, which should bring up Outlook so that the message can be
forwarded if necessary.
Figure 10.4. UceArchive folder.
[View full size image]

Be sure to delete the confirmed spam messages on a regular basis to prevent your disk from filling up.
Performance Data
If you would like to view statistics on how IMF is running, the IMF utility includes data for the built-in Windows
performance monitor. To view IMF data, bring up the Windows monitor by clicking on the following path:
Start==>Programs==>Administrative Tools==>Performance. When on the Performance screen, click the + (add) button
in the toolbar. On the Add Counters screen, make sure the All Counters and All Instances radio buttons are active, and
select MSExchange Intelligent Message Filter in the Performance Object drop-down box. Then click the Add button and
the Close button. The real-time display of all of the performance variables related to IMF should start, similar to Figure
10.5.
Figure 10.5. IMF performance monitoring.
[View full size image]

This is useful for determining how busy your server is and for troubleshooting problems. The individual performance
characteristics or variables can be selected as needed.

Stop spam at your server with the Exchange Intelligent Message Filter
Takeaway: Spam is quickly rendering e-mail useless. You can block spam at your Exchange 2003 server using Microsoft's
Intelligent Message Filter. Here's how.

For more Microsoft Exchange server tips, check out TechRepublic's Tech Tips for Exchange Administrators CD-ROM.
Packed with more than 100 technical solutions, this tips collection simplifies Exchange 5.5, 2000, and 2003
administration.
Few people would deny that the spam problem has grown to epidemic proportions. While there are a lot of enterpriselevel antispam products available for Exchange, most are very expensive and none of them are 100-percent effective. In
an effort to turn the tide on the war against spam, Microsoft has released a free antispam component for Exchange
Server 2003 called the Intelligent Message Filter.
Some background information
As you probably know, Microsoft owns MSN and Hotmail. For many years now, MSN and Hotmail mailboxes have been
favorite targets of spammers, perhaps rivaled only by AOL mailboxes. Because of this, Microsoft needed to do something
to rid these mailboxes of the endless assault by spammers to avoid losing customers.
Unfortunately, spam is really hard to define. To paraphrase Supreme Court Justice Stewart Potter, you may not be able to
give a hard and fast definition of spam, but you know it when you see it. Because of this simple fact, Microsoft asked
thousands of volunteers to identify messages coming into their Hotmail or MSN mailboxes as being either spam or
legitimate.
Microsoft then came up with a program that checks roughly half a million different characteristics of inbound messages.
What's nice about the program is that it doesn't just look for characteristics of spam; it also looks for characteristics
common to legitimate mail. This improves accuracy tremendously over intelligent mail filtering solutions that merely look
for characteristics of spam. The software then uses all of the message's characteristics to compute a mathematical
probability of whether or not the message is spam. After using this program successfully in Hotmail, Microsoft decided to
create a version of it for Exchange called the Intelligent Message Filter.
Acquiring the Intelligent Message Filter
The Intelligent Message Filter is free for owners of Microsoft Exchange Server 2003. You can download it from Microsoft's
Exchange 2003 Web site. The download is roughly 9 MB in size.
Before you install the filter

Before I show you how to configure the Intelligent Message Filter, you need to understand that the Intelligent Message
Filter works at the SMTP virtual-server level of Exchange. This means two things. First, if you have someone within your
office who sends you lots of junk mail, the Intelligent Message Filter won't filter that mail because it's local rather than
SMTP based. Second, if you have more than one SMTP virtual server, you will have to configure the Intelligent Message
Filter separately for each one.
Installing the Intelligent Message Filter
Begin by opening the ExchangeIMF.MSI file that you downloaded. When you do, Windows will launch the Microsoft
Exchange Intelligent Message Filter Installation Wizard. Click Next to bypass the wizard's Welcome screen and you will
see the software's end-user license agreement. Accept the license agreement, click Next, and you will be prompted for
the components you wish to install.
There are two components to choose from: the Intelligent Message Filter Functionality option, which is the actual
Intelligent Message Filter program, and the Management Tools For Intelligent Message Filter option. If this is the first
server on which you are installing Intelligent Message Filter, then you should select both options. It is also possible to
install the management component onto a machine that's running Windows XP so that you can manage the Intelligent
Message Filter without actually having to sit down at the server console.
Make your selections, click Next, and Windows will begin copying the necessary files. When the copy process completes,
click Finish to complete the installation.
Determining the gateway threshold
Once the Intelligent Message Filter is installed, you must determine the gateway threshold value. The idea here is that
your Exchange Server is acting as a mail gateway. Messages come into the server from the Internet and are placed into
user's mailboxes. The idea behind setting the gateway threshold value is that the Intelligent Message Filter assigns a
value to every inbound message. The value is based on the likelihood of the message being spam.
This is where the gateway threshold value comes in. If a message's value exceeds the gateway threshold value, the
Intelligent Message Filter assumes that the message is spam and doesn't even bother placing the message into the
destination mailbox.
The default gateway threshold value is 8, but this value is not suitable for all installations. If the gateway threshold
value is set too low, the Intelligent Message Filter may start flagging legitimate mail as spam. If the gateway threshold
value is set too high, on the other hand, users' inboxes may be flooded by spam. It's a very fine balancing act, and this
is why it's important to find out the appropriate value for your organization based on the mail that you receive rather
than simply accepting the defaults.
To figure out the appropriate value for your gateway threshold, you will have to use the Performance
Monitor. When you install the Intelligent Message Filter, you are also installing a set of corresponding Performance
Monitor counters. The tricky part, however, is that these counters are not readily available. The counters become
available only after messages begin passing through the filter. Fortunately, there is a way to have messages pass
through the filter without actually taking any action on the messages.
To do so, open the Exchange System Manager and navigate to Global Settings | Message Delivery. After doing so, rightclick on Message Delivery and select the Properties command from the resulting shortcut menu. This will cause Exchange
to display the Message Delivery Properties sheet. Select the Intelligent Message Filtering tab, then verify that all
thresholds are set to a value of 8. You must also verify that the When Blocking Message option is set to No Action, as
shown in Figure A.
Figure A

Configure the Intelligent Message Filter to take no action for right now.

Click OK and then navigate through System Manager to Administrative Groups | your administrative group | Servers |
your server | Protocols | SMTP | Intelligent Message Filtering. Right-click on the Intelligent Message Filtering option and
select the Properties command from the resulting shortcut menu. Select the check box next to the SMTP virtual server
for which that you want to enable Intelligent Message Filtering, as shown in Figure B. Click OK, and you should now be
able to access the Performance Monitor counters. If not, you may have to reboot your server.
Figure B

You must enable Intelligent Message Filtering for each SMTP virtual server that you want to use it with.
At this point, open the Performance Monitor and remove any existing performance counters by selecting them and
clicking the X icon. Next, click the + icon to reveal the Add Counters dialog box. Select the MSExchange Intelligent
Message Filter performance object, then select the Total Messages Assigned An SCL Rating Of 0 counter. Click the Add
button and repeat the process to add the counters for SCL levels 1 through 9. When you're finished, click Close and then
click the icon that formats the data as a bar graph. You should now see an empty graph similar to the one shown in
Figure C.
Figure C

This is how Performance Monitor should be configured.

You'll want to wait at least one business day for the Performance Monitor to collect an accurate sampling of data. If your
organization doesn't get a lot of e-mail, you may need to wait longer. At any rate, you will eventually have a graph that
looks something like the one shown in Figure D.
Figure D

This is what a fairly typical set of results will look like.

In this case, though, Figure D is a mock up. I use a pop3 utility to download all of my e-mail from my ISP to my
Exchange Server and, therefore, my server doesn't receive any SMTP mail. Even so, the chart in Figure D shows a fairly
typical set of results.
As you look at Figure D, you will notice that there are ten different bars on the chart. The bar on the far left represents
the number of received e-mails with an SCL (spam confidence level) of 0. The bar to the far right represents the number
of messages with an SCL of 9. If an e-mail message has an SCL of 0, it means that the Intelligent Message Filter is
positive that the message is legitimate. Likewise, if the SCL rating is 9, then the Intelligent Message Filter is positive that
the message is spam. Messages with SCL ratings below 5 are most likely legitimate mail, while messages with an SCL
rating above 5 are most likely spam. This doesn't mean that you should set the gateway threshold value at 5, however.
If you look at Figure D, you will notice that some SCL ratings were much more common than others. Particularly, 6, 7,
and 8 were the most common ratings. There was a very sharp rise in mail volume from an SCL value of 5 to an SCL
value of 6. Therefore, in this particular case, you would probably want to set the gateway threshold value to 6. The
reason is that all messages with an SCL of 6 or higher would be treated as spam at the gateway level. As you can see in
the figure, this would eliminate most of the inbound mail. On the other hand, if there had been relatively few messages
with an SCL rating of 6, but a lot of messages with an SCL rating of 7, then you would probably want to set the gateway
threshold value to 7. The trick is to set the gateway threshold value to the number corresponding to the SCL rating
where you see the sharpest rise above seemingly legitimate mail. In this case I picked 6 because there were only about
five messages with an SCL of 5, but there were about 40 messages with an SCL of 6.
Now that you know how to figure out the appropriate gateway threshold, it's time to actually set it. To do so, return to
the Intelligent Message Filtering tab of the Message Delivery Properties sheet. Next, select the appropriate SCL rating
value within the Gateway Blocking Configuration section. Before the gateway will filter any spam though, you will need to
change the When Blocking Messages option from No Action to either Archive, Delete, or Reject.
Controlling spam for users
Now that you have set the gateway threshold value, you have gotten rid of most of the spam that's coming into your
organization. However, there is still a lot of mail coming in that might or might not be spam. Since there is a possibility
that some of this mail might be legitimate, you don't want to have your Exchange Server getting rid of it at the gateway
level. Instead, it's better to have the users to make a decision as to whether the mail is legitimate or not.
One way of accomplishing this is to configure the Intelligent Message Filter to move potential spam that has not already
been filtered at the gateway level to a user's Junk E-Mail folder within Outlook. To do so, let's look at Figure D one last
time. In the figure, you will notice that there is quite a bit of mail that has been assigned an SCL rating of 0 or 1. The
number drops off significantly at 2 and climbs again at 3. The graph is a good indication (at least in this case) that SCL
levels 3 through 5 are questionable messages that could potentially be spam.
This being the case, we will tell the Intelligent Message Filter to move any messages with an SCL rating of 3 or above
into the user's Junk E-mail folder. The messages won't actually be deletedthey are simply being moved to a location in
which they will not show up in the user's Inbox, but in which the user is free to review them if necessary. To set this
threshold value, return to the Intelligent Message Filtering tab of the Message Delivery Properties sheet and set the
Store Junk E-Mail Configuration value to the appropriate level (in this case 3).
Spam control within Outlook
So far we have configured the Intelligent Message Filter to make some educated guesses as to what messages should
and should not be classified as spam. Unfortunately, the Intelligent Message Filter is not perfect in its judgment, so it is
prudent for users to help the Intelligent Message Filter out a little bit by configuring Outlook to recognize both legitimate
mail and spam. For example, I receive a bi-weekly newsletter through e-mail called the Relevant Security News. It's a
newsletter packed with information about IT security. Even though this newsletter is very important to me, my spam
filter simply sees it as something that was mass mailed, and therefore flags it as spam. To counteract the problem, I set
up a whitelist and placed the e-mail address that distributes my newsletter on it.
The idea behind a whitelist is that senders who are on the list never have their messages flagged as spam, regardless of
the message content. Likewise, you can also set up a blacklist. Blacklisted sender's messages are always flagged as
spam, regardless of whether the message is legitimate or not.
Almost every antispam program has a blacklist/whitelist feature, and this is generally how the feature works. In an
Intelligent Message Filtering environment, the blacklist and whitelist work a little bit differently than you might expect.
The reason is the gateway filtering option. Remember all of those messages that we configured the Intelligent Message
Filter to delete at the gateway level? Those messages will never be compared to a user's blacklist or whitelist, because

the blacklist and whitelist are mailbox-level features. When you delete messages at the gateway level, you are deleting
them before they can ever even reach the mailbox level.
Because of this, some administrators prefer to set the gateway threshold to a very high level, such as 8 or 9, so that
only the most blatantly obvious spam is deleted. This allows more messages to make it to the mailbox level where they
can be compared against the user's blacklist and whitelist prior to being moved to the user's Junk Mail folder.
So how do you manage all of those messages that do make it to the mailbox level? The first step is for the users to set
up whitelists and blacklists. They can do so by opening Outlook 2003 and selecting the Options command from the Tools
menu. When the Options properties sheet appears, the users can click the Junk E-Mail button. Tabs then become
available for setting up whitelists and blacklists. In Outlook, these options are referred to as the safe senders list and the
blocked senders list. If you happen to have a blacklist or whitelist in another antispam program, Outlook provides a way
to import these lists. There is also an option to consider any messages from someone with an entry in the user's
Contacts folder as safe. Outlook allows users to place about 2,000 entries on the safe senders list.

98. What are virtual servers? When would you use more than one?
An SMTP virtual server is an instance of the SMTP service running on an Exchange server. It is bound to a particular IP
address (or group of IP addresses) and port, usually the well-known TCP port 25.

Windows Exchange Servers use the word 'Virtual' in many contexts. To begin with, one physical
machine can act as a server for several Virtual SMTP domains, for example ourcomp.com and
mergecomp.net. Moreover, in addition to SMTP, one Exchange Server can also control Virtual servers for
IMAP4, NNTP and POP3. From another point of view, you could interpret these Exchange Virtual servers as
aliases for physical folders in Microsoft's IIS.
In a completely different context, the term Virtual Server is used in clustering. The Outlook clients connect
not to the individual Exchange 2003 nodes, but to a Virtual server with a virtual IP address.

99. Name some of the SMTP Virtual Server configuration options.

Introduction to Virtual Servers in Exchange Server 2003
Finding Microsoft's Virtual Servers must be one of the longest 'drill downs' in the Exchange 2003 System Manager. It's
as though one of Exchange server's most important configuration settings is hidden away, rather than being visible as a
top level folder.
Topics for Virtual Servers in Exchange Server 2003
Explaining Virtual Servers
How to Configure a Microsoft Virtual SMTP server
Summary
Explaining Virtual Servers
Windows Exchange Servers use the word 'Virtual' in many contexts. To begin with, one physical machine can act as a
server for several Virtual SMTP domains, for example ourcomp.com and mergecomp.net. Moreover, in addition to SMTP,
one Exchange Server can also control Virtual servers for IMAP4, NNTP and POP3. From another point of view, you could
interpret these Exchange Virtual servers as aliases for physical folders in Microsoft's IIS.
In a completely different context, the term Virtual Server is used in clustering. The Outlook clients connect not to the
individual Exchange 2003 nodes, but to a Virtual server with a virtual IP address.
How to Configure a Virtual SMTP server

Opposite is a diagram to help you navigate to the

various Virtual Servers folders. Once you have
found your Exchange 2003 server object, expand
the Protocols folder. Each protocol has its own
Virtual server. SMTP for MAPI clients (Outlook),
HTTP is for OWA (Outlook Web Access).
We are most interested in the Default SMTP Virtual
Server. As its name suggests, this is the container
where you check settings for regular SMTP mail.
(See this SMTP server object at the very bottom of
the screen shot.)
SMTP Virtual Server
General Tab - For Connection Filter and
Port Numbers
Access Tab - For Permissions
Messages Tab - For Limits
Delivery Tab - DNS Settings

General Tab - Filter

One of the most important jobs in the Virtual Server is to configure any Filters that you
set at the Global Settings, Message Delivery Tab. See Global Settings here.

To find the screen shot opposite click on the Advanced Tab next to the IP address. Select the IP address and Edit, now
the Identification dialog box will appear, see diagram opposite. At last you can check: Apply Sender, Recipient or
Connection Filter.
General Tab - Port Numbers
Rather like IIS, each SMTP Virtual server needs a unique combination of IP address and Port number. Here are the
common Exchange port numbers:
Default Secure Port
HTTP
80
443
IMAP4 143
993
NNTP 119
563
POP3 110
995
SMTP
25
25
Access Tab
The access tab is where you configure authentication. Who will be allowed to use your SMTP Virtual server?
Authenticated users - yes, but anonymous users? I think not, but you decide.
Messages Tab
The first section deals with setting limits - if any. For example, what would be the maximum number of recipients for
your company's emails?
The lower section invites you to configure accounts to hold NDR (non deliverable reports). This is where you
troubleshoot the location of the BadMail folder and the Queue directory.
Delivery Tab
As ever, DNS plays a central role in name resolution. Most likely your servers are
registered on the internet as being authoritative for your email domain. This
involves MX (Mail exchange) records on the InterNic servers that point to your
Exchange 2003 server.
The other side of the DNS coin is that your server must be able to deliver outgoing
email. If your server is (rightly) protected by a firewall delivering external email can
be an extra challenge. The answer is to forward the name resolution to a Smart host
on the outside of the firewall.
Reverse DNS
Configuring, Perform reverse DNS lookup, seems like a great idea to prevent
spammers spoofing addresses in their evil emails. However, everyone that I have
talked to has found that it slows down the system so much, that they put Reverse
DNS lookup in that pigeon hole: 'more trouble than it's worth '.

Summary of Windows Exchange Server 2003 - Virtual Server

Once you discover where Microsoft's SMTP Virtual servers are hiding, then you can get on with the important task of
configuring the Exchange 2003 server to accept your email, while not relaying spam. Remember the link between Global
Settings and SMTP filtering.
100.What is a Mail Relay? Name a few known mail relay software or hardware options.
Often referred to as an e-mail server, a device and/or program that routes an e-mail to the correct destination.
Mail relays are typically used within local networks to transmit e-mails among local users. (For example, all of the
student and faculty e-mail of a college campus.) Mail relays are particularly useful in e-mail aliasing where multiple email addresses are used but the mail relay forwards all messages to the specified e-mail addresses to one single
address.
A mail relay is different than an open relay, where an e-mail server processes a mail message that that neither
originates or ends with a user that is within the servers local domain (i.e., local IP range).
What Is A Mail Relay?
The first mechanism to be used against attacks is a mail relay. A mail relay is basically just a simple mail server that
accepts e-mails, filters it according to pre-defined criteria and then delivers them to another server. Your mail relay will
only allow mails that are destined to user in your SMTP domain to be relayed to the internal server. A mail relay could
also filter out viruses and junk e-mail if you install the right software package for it.
You would definitely want one of those so that your Exchange server will not be directly connected to the Internet for
inbound connections. A mail relay is typically placed in a DMZ, which a dedicated network, protected by a Firewall and
separated from both the internal LAN and the Internet. This allows the Firewall administrator to determine who is trying
to get into the mail relay and what is passing from the mail relay to the internal LAN.

Tips Regarding Mail Relay deployment

Don't forget the mail relay! Make sure that you secure the mail relay as much possible, install new security related
patches, etc. One of the perks of having a mail relay is that you can reboot it more often than you could an Exchange
Mailbox server.
Linux is no more secure than Windows and more difficult to manage, so make sure you have the knowledge to handle it
if you choose Linux as your solution.
Dont over-do your junk e-mail detection or you'll be fishing out deleted e-mails from your mail relay forever. Better
choose a solution that blocks some junk mail at the mail relay level, and the rest at the server level, delivering suspected
mail to a folder in the users' mailbox.
Using a different anti-virus at the mail relay level than the one you use internally can lessen the chances of infections.
Usually backing up mail relays is not really required but when your Exchange server is unavailable due to maintenance,
internal virus outbreak or a Firewall problem you should be able to backup your mail relay so that a sudden crash doesn't
take all your mail away.
Monitor your mail relay queue to find out if there is a problem sooner rather then later.
If you have POP3/SMTP clients, use the mail relay as an outgoing mail server instead of Exchange. This allows you to
uncheck the SMTP authentication checkbox of the Exchange SMTP virtual server Relay options that is used by Trojan
attacks.
Trojans hijack username and password on workstations using various methods. They use this information to authenticate
to the Exchange SMTP virtual server. Then they spoof the mail so that it appears as if it is coming from a valid IP for a
large Internet E-mail supplier. However if you uncheck this option regular SMTP clients that you might find in most large
enterprises such (For example, UNIX and Mac clients) will not be able to use Exchange to send mail. This quite alright as
your mail relay can be configured for this purpose.

Can I Use My Front End Server as a mail relay?

Front End Servers are the not the ideal candidate for a mail relay, security-wise, they can be configured as such like any
other Exchange server. You would need to have at least on mailbox store available for some SMTP operations.
However I think it is best to separate this functions and place them in separate DMZs so that hacking one of them
doesn't expose both of them.
Virus, Trojan and denial of service attacks are quite common these days and Exchange is a popular target for these
attacks due its popularity and inherent vulnerabilities. Mail relays can be used to thwart most attacks. I'm constantly
discovering that although the concept of mail relays is not new they can be used against the latest sophisticated attacks,
just long as they're not the weakest link in the chain of e-mail delivery.
101.What is a Smart Host? Where would you configure it?
Smarthosts are used to connect Exchange Server to an external (to the organization) messaging system. Typical
use of a smarthost involves relaying outbound SMTP email to a non-Exchange SMTP host in perimeter networks; or to an
ISP or hosted service provider that may offer functionality like mail relaying and spam and virus scanning
A smarthost is a common term for a server that accepts outbound mail and passes it on to the recipient.
A smart host is a type of mail relay server which allows an SMTP server to route e-mail to an intermediate mail server
rather than directly to the recipients server. Often this smart host requires authentication from the sender to verify that
the sender has privileges to have mail forwarded through the smart host. This is an important distinction from an open
relay that will forward mail from the sender without authentication. Common authentication techniques inc Set Up
Private Outbound DNS
Route mail to Outbound Services by setting up an external DNS server. For an overview of Private Outbound DNS
concepts, see Alternate Option: Set Up Private Outbound DNS.

1
. Select the Start Menu -> Programs -> Microsoft Exchange -> System Manager.
2
. Expand the top level -> Servers -> <Your Mail Server> -> Protocols -> SMTP.
3.Right-click Default SMTP Virtual Server & select Properties.

4.Click the Delivery Tab.

5
. Click Advanced to go to the Advanced Delivery dialog box.

6 If you have a Smarthost set to point to Outbound Services for mail filtering, clear the
. Smarthost. The Private Outbound DNS will replace your Smarthost for routing.
7 Click Configure.

8
. Click Add and enter the appropriate IP address for your system. Click OK.

The appropriate IP address depends on your system. To find what system to use, see Identify Your System.
System
IP Address to use for Private Outbound DNS
5
64.18.4.12
6
64.18.5.12
7
64.18.6.12
8
64.18.7.12
20
64.18.9.14
200
207.126.147.11
201
207.126.154.11
9
. Click OK again. You should see your IP address listed as an External DNS.

10.Click OK twice to return to the System Manager.

11.In System Manager, restart your mail server.
lude SMTP-AUTH and POP before SMTP.
102.What are Routing Groups? When would you use them?
Routing groups These are logical group of servers based on the companys physical topology, used to control mail flow
and public folder referrals. Routing groups share one or more physical connections. In a routing group, all Exchange
servers communicate and transfer messages directly to one another, using Simple Mail Transfer Protocol (SMTP) virtual
servers. In a native mode organization, routing groups can include servers from different administrative groups.
However, in a mixed mode organization, routing groups cannot span multiple administrative groups, due to backward
compatibility with Exchange Server 5.5. This is because the routing topology in Exchange 5.5 is defined by sites, and
sites provide the functionality of both the administrative group and the routing group.
Tip:
SMTP works well over any type of TCP/IP connection. Therefore, a routing group does not necessarily define regions
on a computer network with high network bandwidth. Routing groups can span slow network connections, if the

connection is permanent and reliable. For example, if all servers in Figure 5.1 can communicate directly through
TCP/IP, you might consolidate all Exchange servers into one routing group, thus eliminating four of the five
bridgehead servers and all routing group connectors. This significantly streamlines the routing group topology. In
Figure 5.1, the bridgehead server running a connector to the non-Exchange messaging system must remain
connected to the external messaging system. Note, however, that all servers in a routing group periodically poll the
routing group master. Gaining control over server-to-server communication might require you to implement multiple
routing groups, which might be especially important if communication over wide area network (WAN) connections
generates costs. For more information about the design and configuration of routing group topologies, see Exchange
Server 2003 Transport and Routing Guide (http://go.microsoft.com/fwlink/?LinkId=26041).
103.What are the types of Connectors you can use in Exchange?
Routing group connectors A routing group connector enables message transfer between two routing groups.
The following Exchange connectors can be used to establish message transfer paths between routing groups:
Routing group connectors A routing group connector provides a one-way connection path in which messages are routed
from servers in one routing group to servers in another routing group. Routing group connectors use Simple Mail Transfer
Protocol (SMTP) to communicate with servers in connected routing groups. Routing group connectors provide the best
connection between routing groups.
Note:
The Routing Group Connector (note the capitalization) is a specific type of connector that can only be
used to connect routing groups with each other. Other connectors that can connect routing groups are
the SMTP connector and X.400 connector. However, these connectors can also be used to connect an
Exchange organization to an external messaging system through SMTP or X.400. To avoid confusion,
this guide uses "Routing Group Connector" to refer to the specific connector that can only be used
between routing groups and "routing group connector" to refer to all types of connectors that can be
used to connect routing groups.
SMTP connector An SMTP connector can be used to connect routing groups, but this is not recommended. SMTP
connectors are designed for external message delivery. SMTP connectors define specific paths for e-mail messages that
are destined for the Internet or an external destination, such as a non-Exchange messaging system.
X.400 connectors Although you can use X.400 connectors to connect routing groups, X.400 connectors are designed to
connect servers running Exchange with other X.400 systems or to servers running Exchange Server 5.5 outside an
Exchange organization. A server running Exchange Server 2003 can then send messages over this connector using the
X.400 protocol.
Note:
X.400 connectors are available only in Exchange Server 2003 Enterprise
Edition.
Connectors to non-Exchange messaging systems
These connectors support message transfer and directory synchronization between Exchange and non-Exchange
messaging systems. When appropriate connectors are implemented, the user experience is similar on both messaging
systems and the transfer of messages and other information between the Exchange and non-Exchange messaging
system is transparent to the user. However, some message properties might be lost during message conversion from an
Exchange format to a non-Exchange format, or vice versa.
Using X.400 Connectors
In the beginning of this chapter, you learned that the X.400 MTA handles message transfer both within the organization
and to servers outside it. Normally, the X.400 message transfer is handled within routing groups and not between them.
You can, however, configure X.400 connectors to connect two routing groups in the same Exchange organization. The
primary reason to do this is when you need to strictly control bandwidth usage between the routing groups. You can also
use X.400 connectors to connect an Exchange routing group with a foreign X.400 messaging server.
The key reason for using an X.400 connector instead of another type of connector is that the X.400 connector incurs less
overhead than other connectors when sending large messages. This means that sending large messages through an
X.400 connector requires less bandwidth than sending the same messages through other types of connectors.
Understanding X.400 Connectors
Because X.400 connectors are more complex than other types of connectors, they're difficult to use. Unlike other
connectors, X.400 connectors have several variations, including these:
TCP/IP X.400 connectors Used to transfer messages over a standard TCP/IP network. Use this connector when you have
a dedicated connection such as a T1 line. Because most X.400 messaging systems support TCP/IP, this is the most
common type of X.400 connector used.
X.25 X.400 connectors Configured to connect to an X.25 adapter on a remote mail server. With this connector, you can
support standard X.25 protocols as long as an X.25 adapter is available and you know the X.121 address of the remote
server.
Before you configure an X.400 connector, you must install and configure an X.400 transport stack that is the same type
as the connector. The transport stack contains configuration information that the connector needs to properly transport
messages. The available transport stacks include the TCP/IP X.400 stack and the X.25 X.400 stack.
104.What is the cost option in Exchange connectors?
Cost is used to detect the best path.

105.What is the Link State Table? How would you view it?
Link State Algorithm (LSA)
It contains information about whether the Link is up or down. It is very similar to OSPF protocol. Every 60 seconds it
updates this information.
Exchange Server 2003 determines the route that an e-mail must take based on the status and availability of connectors
between different routing groups and to external messaging systems through an SMTP connector or other connectors.
Every exchange server stores its status information in a Link State Table (LST). The Link State Table is a small table
which requires about 32 bytes per entry which is held in the Exchange Servers' RAM.
All information will be collected by the Routing Group Master (RGM) of the routing group. The Routing Group Master uses
TCP Port 691 to talk with other exchange servers in the routing group and is responsible for generating / updating the
LST and for the distribution of the LST to each exchange server in the routing group.
The updated LST is propagated to other routing groups through Bridgehead Servers. The Routing Group Master (RGM)
then sends the updated information to the Bridgehead Server, and then the Bridgehead Server sends the information to
Bridgehead Servers in other Routing Groups over TCP Port 25.

Figure 6: Link State Table

The Link State Table lists all connectors, and their status, in an Exchange Server 2003 organization. The following
information is included in the LST:
Link status
There are only two states for any given link: up or down. For this reason, connection information, such as whether a link
is active or in a retry state, is not propagated between servers running Exchange Server 2003, and it is only available on
the server involved in the message transfer. Exchange Server 2003 only considers routing messages by using connectors
with a link status of up.
Link cost
The Link State Table stores costs for each connector. Exchange Server 2003 uses the cost values stored in the link state
table to select the least cost route for a message. Costs are configured on each connector, and Exchange Server 2003
records them in the Link State Table.
106.How would you configure mail transfer security between 2 routing groups?
107.What is the Routing Group Master? Who holds that role?
When you create a routing group, the first server in that routing group is assigned the role of routing group
master. The routing group master maintains current link state information for its routing group and propagates it to the
other servers within the routing group.

108..Explain the configuration steps required to allow Exchange 2003 to send and receive email from the
Internet (consider a one-site multiple server scenario).
108.What is DS2MB?
Directory Service/Metabase Synchronization process (DS2MB process). In short the DS2MB process overwrites new
configuration information in the local metabase (the metabase is kind of a registry for IIS) with configuration
information that was last set in Active Directory by using the Exchange System Manager snap-in.
DS2MB is short for Directory Service to Metabase and the purpose of this process is to transfer configuration
information from Active Directory to the IIS Metabase. The configuration is stored in the IIS Metabase instead of the
registry mainly for performance and scalability reasons. The DS2MB process is a one-way write from Active Directory to
the IIS Metabase, which means that the Metabase never writes back to Active Directory.
This can be done either by using the Metabase Explorer tool form the IIS 6.0 Resource Kit, or by using ADSUtil which by
default is located in the AdminScripts folder under Drive:\Inetpub. Lastly theres a method which involves editing directly
in the Metabase.xml file using Notepad or a similar text editor.

DS2MB is synchronizing exchange configuration setting in AD to the IIS Metabase.

It depends upon Netlogon service, when changes take place in AD, DS2MB job to replica the changes to Metabase, when
changes happens DS2MB gets notified within 15 Seconds.
Remember for you interview one day with Microsoft (-:
Metabase update service, also referred to as the directory service/metabase synchronization process, or DS2MB
(because this process is implemented in DS2MB.dll) is a component in Exchange Server 2003 that is used to synchronize
several Exchange configuration settings in Active Directory with counterpart settings in the IIS metabase. The function of
DS2MB is to replicate configuration information from Active Directory to the local IIS metabase.
The DS2MB process copies entire subtrees from Active Directory, without changing the shape of the subtree. This is a
one-way write from Active Directory to the metabase; the metabase never writes to Active Directory. The DS2MB process
does not add or compute any attribute when copying. The paths in the metabase are called keys. Properties can be set
at each key, and each property can have attributes that customize that property. All identifiers that are present in the
directory service image of the subtree are required in the metabase, including identifiers such as KeyType. In addition,
the Relative Distinguished Name of the object in the directory is mapped directly to the key name in the metabase.
DS2MB Operations
The metabase update is a subprocess that is launched when System Attendant is started. The operation of SMTP, POP3,
IMAP4, Outlook Web Access and Outlook Mobile Access are all dependent on the replication by DS2MB. DS2MB registers
with the config domain controller after startup, enabling the config domain controller to notify DS2MB of any changes
that are made to the Exchange configuration. This notification occurs within 15 seconds of the change. As soon as the
change is replicated to the configuration domain controller, the change should be replicated to the metabase by DS2MB.
DS2MB tracks changes to directory objects based on update sequence numbers (USNs).
101.What is Forms Based Authentication?
Exchange Server 2003 has greatly improved the Outlook Web Access (or OWA for short) experience when compared
to older Exchange versions. Besides the nice new GUI, spell-checking in different languages, drag-and-drop
features, S/MIME and more, Exchange Server 2003 has added a new logon method that can be used on OWA.
Exchange Server 2003 offers a feature called "form-based authentication" that can make your Outlook Web Access
more secure. Instead of entering the username and password in an annoying pop-up screen, when configured with
Forms-Based Authentication (or FBA for short), OWA will display a logon screen that enables the user to select
various options and get a generally better look for the logon process.
FBA can also be used to enable compression and other nice features. Exchange Server 2003 Outlook Web Access (OWA)
supports forms-based authentication technology. Also known as cookie authentication .Forms-based authen
When you enable this authentication method, OWA stores the users name and password in a cookie, rather than clients
browser. After a certain period of inactivity, the cookie is automatically cleared. This offers better security because the
users credentials are not cached on the clients computer. The credentials are only valid for the duration of the session
and theres no "Remember my password" option available to the client.
To configure form-based authentication in Exchange, go to the Properties of the Exchange Virtual Server (see Fig.
1) and check the box "Enable Forms Based Authentication." Optionally, you can also select a Low or High level of
compression. The main difference between High and Low compression is that High compresses both static and dynamic
pages, while Low only static pages. However, to avoid putting extra loads on your server you should not select this
option if you only have one Exchange Server in your environment.
You need to restart the IIS service after you enable forms-based authentication by simply typing iisreset at the command
prompt.
Once youve enabled form-based authentication, you might also want to configure the time-out value for cookie
authentication. With OWA, clients can select one of the two security options:
Public or shared computer The default option is ideal for kiosks or other computers that are in a shared
environment. The user session will time-out after 15 minutes of inactivity with this option.
Private computer Useful when clients don't share their computers with others and desire a longer session timeout value. Select it and the cookie will last for 24 hours before it's cleared.
You can change the default time-out values by modifying the registry. There are two settings in the registry for clients:
PublicClientTimeout and TrustedClientTimeout. The first value refers to the "Public or shared computer" security option
on the OWA logon screen, which defaults to 15 minutes. The second value refers to the "Private computer" security
option, which defaults to 24 hours.
Here are the two registry settings that can be added. The values are set in minutes between 1 and 43200 (i.e. 30 days).
If the PublicClientTimeout and TrustedClientTimeout registry values do not exist then OWA uses the default values
mentioned above.
Registry location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
MSExchangeWeb\OWA
Value name: PublicClientTimeout
Value type: REG_DWORD
Value data: Between 1 and 43200
Base: Decimal
Value name: TrustedClientTimeout
Value type: REG_DWORD

Value data: Between 1 and 432000

Base: Decimal
To set a cookie time-out value of 36 hours for "Private computer," you use a value of 864 (see Fig. 2). You need to
restart the W3SVC service after you make these registry modifications. You can type net stop w3svc and net start w3svc
at the command prompt to restart the service.

Figure 1. Configuring forms-based authentication for

OWA.

Figure 2. Modifying client session time-out

value in registry.
1.

.
If you have a front-end/back-end server environment, make sure that you only enable forms-based
authentication on the frontend -- do not enable this feature on the backend. If you are not using a front-end
server, then enable forms-based authentication on the mailbox server. Check out Microsofts Knowledge Base
article 830827, "How to manage Outlook Web Access features in Exchange Server 2003," for more information
on this topic.
Whether you are using forms-based authentication or not, OWA should always be secured with Secure Socket
Layer (SSL) to ensure data is transferred securely across the Internet. Fortunately, you cant configure formsbased authentication unless SSL is enabled. Forms-based authentication offers administrators additional security
by storing the users name and password in a cookie, rather than clients browser. You can control the session
time-out value by modifying the registry for public and private computers. This allows you to manage the period
of inactivity on clients computer before the session cookie is automatically cleared.

102.How would you configure OWA's settings on an Exchange server?

103.What are Recipient Policies?
When you perform the initial install of Exchange, the Recipient Update Service is installed and a default recipient
policy is created. This policy is responsible for ensuring that all mail-enabled objects in the Exchange organization have a
valid SMTP address following the [email protected] naming format. You can create a new policy that can be
configured to create each SMTP address following a different naming convention such as
[email protected]. Microsoft has a list of best practices to follow when creating and/or editing recipient
policies.

Create a new recipient policy and assign it a higher precedence rather than editing the default policy
Keep the number of recipient policies to a minimum

Rebuild the RUS with caution

104.How would you work with multiple recipient policies?
In Exchange Server 5.5 or Microsoft Exchange 2000 Server mixed-mode, only the default recipient policy is in effect.
The default recipient policy is created based on the site addressing of the Exchange Server 5.5 site. The default recipient policy
that is based on the site addressing of the Exchange Server 5.5 site permits backward compatibility with Exchange Server 5.5.
In native-mode, multiple recipient policies can be in effect on different groups of users.

Create Recipient Policies in the Exchange System Manager

1. Click Start, point to Programs, point to Microsoft Exchange, click System Manager
2. In the left System Manager window pane, click to expand Organization, click to expand Recipients, and
then click Recipient Policies.
Note In the right pane, there is a Default Policy that applies to all recipients. In mixed mode, there is a
Default Policy for each site.
3. Right-click Recipient Policies, point to New, and then click Recipient Policy.
4. Specify an LDAP filter (that is, to whom the policy applies) and the e-mail addresses for these recipients.
Also note that Exchange 2000 and Exchange 2003 support automatic generation of secondary e-mail addresses.

105.What is the "issue" with trying to remove email addresses added by recipient policies? How would
you fix that?
106.What is the RUS?
The Recipient Update Service (RUS) is a very important component in your Exchange installation, it is RUS that is
responsible for updating address lists and email addresses in your Active Directory.
Many people ask a simple question, "I just created a new mailbox, but when I look at the users properties in Active
Directory Users and Computers, nothing is listed on the Email Address Tab, what did I do wrong?", well the simple
answer is nothing, the RUS takes it's time to update all the information in AD, so give it some time and everything will
appear.
The Recipient Update Service (RUS) is a Microsoft Exchange 2003 service that updates recipient objects within a
domain with specific types of information. For example, the RUS updates recipient objects with e-mail addresses and
address list membership at scheduled intervals. Usually an administrator is responsible for determining the intervals at
which this service runs.
When you modify or create a recipient policy, the e-mail addresses for the address types that you have modified or
added will be generated the next time the RUS is scheduled to run. The RUS only processes changes that were made
since the last time it was run, so it is very efficient.
107.When would you need to manually create additional RUS?
108.How would you modify the filter properties of one of the default address lists?
109.How can you create multiple GALs and allow the users to only see the one related to them?
110.What is a Front End server? In what scenarios would you use one?
Microsoft Exchange Server2003 and Microsoft Exchange2000 Server support using a server architecture that
distributes server tasks among front-end and back-end servers. In this architecture, a front-end server accepts requests
from clients and proxies them to the appropriate back-end server for processing. A front-end server is a specially
configured server running either Exchange Server2003 or Exchange 2000 Server software.
Many organizations that implement Microsoft Outlook Web Access (OWA) based on Exchange Server 2003 or Exchange
2000 Server don't connect client browsers directly to the Exchange server on which the user's mailbox is located. Rather,
a front-end Exchange server accepts the OWA connection from a client, then proxies the connection to the back-end
server on which the user's mailbox resides. The front-end model offers the advantage of letting all users specify the
same URL to access their mailboxes.
However, the traditional front-end model also has disadvantages, especially with regard to authentication. Let's look at
how the traditional front-end server model works and examine the limitations of that model's authentication method.
Then, I outline an alternative mechanism for using a variant of the front-end server configuration to implement a
normalized namespace with OWA. This alternative approach avoids the drawbacks of Basic authentication while letting all
users enter the same URL to access their email
111.What type of authentication is used on the front end servers?

New for Exchange Server 2003 is the ability for the Exchange front-end server to use Kerberos
authentication for HTTP sessions between the front-end and its respective back-end servers. While the
authentication is now using Kerberos, the session is still being sent using clear text. Therefore, if the
network is public or the data is sensitive, it is recommended that you use Internet Protocol security
(IPSec) to secure all communication between the Exchange front-end and back-end servers

112.When would you use NLB?

When the load on the Front_End server is more.
113.How would you achieve incoming mail redundancy?
114.What are the 4 types of Exchange backups?
Overview of Exchange Server Backup Methods
Several backup methods are written that do not use the Microsoft backup API. The following is an overview of backup
methods that you can use.
This article divides backups into two categories: what Microsoft supports and does not directly support.
Exchange Backups that Microsoft Supports
1. Online Backups and Types of Online Backups

2. Offline Backups
Exchange Backups that Microsoft Does Not Directly Support
1. Open File Agent Backups
2.
3.

Mailbox (Brick) Level Backups

Snap or Snapshot and Hot Split Backups

For More Information
Online Backups and Types of Online Backups
Online backups are backups done while Exchange services are running. None of the Exchange services have to be
stopped for this backup to complete.
Online backup does not mean that you try to back up Exchange database files and Exchange folder structure while
Exchange services are running. Online backup means backing up a separate Microsoft Exchange or Microsoft Exchange
Server object that is available in backup software. You can do an online backup using Backup if you install Exchange
administrator or Exchange System Manager in Exchange 2000 Server on a server that will do a backup. If you use thirdparty backup software, you have to install the Exchange Agent or Exchange-aware backup software. Agents are popular
because they extend the functionality of third-party backup software. You will be backing up Exchange Directory
(Exchange Server version 5.5) or Microsoft Exchange Information Store service objects. You will not be able to select
individual files to back up or select individual mailboxes that need to be backed up.
If you try to back up actual Exchange Server files and folders while services are running, backup will complete but with
files that are skipped. Database files are skipped because the Exchange database engine has opened them, and only one
program can have exclusive access to a single file on the disk. If disaster strikes and this is the only type of backup
available, it is possible that Exchange information will not be recoverable.
When backing up Exchange Server databases, there are four backup types available:
Normal (or Full) The normal backup process backs up the directory or Exchange store in its entirety, as well as the
log files. To restore from a normal backup, only one normal backup is needed. A normal backup marks the objects it has
backed up so that incremental and differential backups have context. This is accomplished by backing up the entire
database and all the log files, and then purging the log files.
Copy The copy backup is the same as a normal backup except no marking takes place to give incremental and
differential context. This means that performing an incremental backup after a copy backup is equivalent to performing it
before a copy backup. Use a copy backup to get a full backup of the directory or Exchange store without disturbing the
state of ongoing incremental or differential backups.
Incremental An incremental backup backs up the subset of the component that has changed since the last normal or
incremental backup. Then it marks these objects as backed up. To restore from incremental backups, each incremental
backup since the last normal backup and the normal backup are needed. An incremental backup backs up only the log
files, and then purges them.
Differential A differential backup backs up changes in the directory or Exchange store that have occurred since the
last normal backup. To restore from differential backups, one differential backup and one normal backup is required. A
differential backup backs up only the log files but does not purge them.
Note:
In few cases, performing a differential or incremental backup is disabled, for example, immediately after an offline
defragmentation or while circular logging is enabled.
To restore an online backup in Exchange 2000 Server, you need the Microsoft Exchange Information Store service
running, and the stores that are being restored need to be dismounted. To restore an online backup in Exchange
Server 5.5, you need to have the Microsoft Exchange System Attendant service running.
Offline Backups
Offline backups are backups of Exchange files and folders when Exchange services are not running. If services are not
running, backup software can have exclusive access to database files and can back them up.
Planned offline backups will result in consistent database files. When Exchange services are being gracefully shut down,
all transactions are being committed to the database. Resulting databases will be consistent, marked consistent or clean
shutdown, depending on what version of Exchange you are running.
Unplanned offline backups are backups that are taken when the server fails. Database files are copied to some location
because that is the only type of backup available. If Exchange Server fails before this backup, databases do not have to

be consistent, so they might need repair after the restore procedure. Make sure to check if the backup was before or
after the failure or Exchange Server problem.
Exchange Backups that Microsoft Does Not Directly Support
For backup methods that are not supported, there is no guarantee that the methods will work. You should contact your
third-party backup software or hardware vendor in case of problems with backup. The backup vendor should be the
primary source of support in the case that any of the following backups are used. Microsoft will work with any customer
that has any backup type. However, if the backup was created by one of the following methods, the only help that
Microsoft might be able to provide is disaster recovery, which might involve data loss.
Open File Agent Backups
There are third-party backup programs that use special ways to do a file-level backup of files that are already opened by
some other application, such as Exchange Server. This might or might not work. In most cases, it will not work for
Exchange. There is no guarantee that this type of backup will back up all mailbox and public folder data, and that you
will be able to recover from disasters such as this. Open file agent backups, in most cases, back up inconsistent
databases.
Mailbox (Brick) Level Backups
There are several third-party backup programs that can back up and restore individual mailboxes, rather than whole
databases. Because those backup solutions do not follow Microsoft backup guidelines and technology, they are not
directly supported.
There are known problems with some versions of mailbox-level backup programs including loss of free/busy data and
incomplete restores. Every effort is made to help, and to look at the errors and issues that you are having with this type
of backup and restore, to determine if there are Exchange problems documented that could cause this error.
Snap or Snapshot and Hot Split Backups
This type backup provides benefits somewhat in between offline and open file agent backups. These backups are
typically done on a hard disk instead of tape devices, which allows much faster transfer rates.
Traditionally, the snapshot backup is done when databases are stopped. Because they are consistent, the restore
procedure is similar to offline restore procedures. Those types of snapshot backups require downtime when backing up.
There are some backups that perform what is called a Hot Split backup. This can be thought of as a snapshot backup
with an open file agent running. The result is a fast backup that does not require downtime, but the backed up databases
are inconsistent. Because of that, the backup vendor might need to be contacted to make sure that data is restored
without any loss.
A server running Microsoft Windows Server 2003 will support snapshot backups, and they are supported in Exchange
Server 2003. They will utilize the Volume Snapshot service of Windows Server 2003, and they will require both the
Exchange snapshot DLL and the special storage hardware.
Introduction to Exchange 2003 Backup Methods
Microsoft Exchange server has the usual range of backup methods, full, incremental and differential. What's new is
Windows Server 2003 supplying the Volume Shadow Copy Service, which speeds up online Exchange 2003 backups.
Topics for Microsoft Exchange 2003 Backup Planning
Volume Shadow Copy
Types of Exchange Server 2003 Backup
Online v Offline Backup
ASR (Automated System Recovery)
Backup Media Tactics
Summary
Volume Shadow Copy Service (VSS)
Windows Server 2003 provides a new Volume Shadow Copy (VSS) service, which produces a mirror of the file system.
The purpose of this VSS* is to allow the operating system to carry on working with the live data, while backup locks onto
a shadow copy of the files.
Microsoft even provide a VSS API (Volume Shadow Service Application Program Interface) specifically for backup to hook
into these Exchange 2003 databases. Now here is the strange part, the Windows Server 2003 Backup utility itself, does
not make full use of this VSS API; instead it uses the streaming API. It is claimed that if Windows 2003 Backup did
maximise this VSS API, then it would put out of business the companies who have made their reputation on backup
software. See more about Volume Shadow Service.
* Volume Shadow Copy Service uses the VSS API. Not to be confused with the VSAPI which is the new Exchange 2003
Virus Scanning API.
Types of Exchange Server 2003 Backup
Full Backup
Make it your reflex to make a full backup of Exchange. Here are two killer reasons why a full backup is so much better
than the alternatives; you only need one tape for a restore and a full backup purges the transaction logs.
Only resort to differential or incremental if the time taken by the full backup is unacceptable. If the duration seems too
long for a full backup, try work-arounds like faster tapes, backup to disk then to tape. Anything to avoid having to use
incremental or differential backups.
Differential Backup
If you have tried every trick in the book, and a full backup still takes too much time, then choose a differential rather
than incremental backup. Remember that when you restore differential tapes, there must be a full backup as a
reference point. Traditionally, the full backup is made at weekends, complimented by a differential backup on each
weekday night. Times may vary but the guideline would be the hours of lowest user activity.
Unfortunately, differential backups do not purge or truncate the transaction logs, so not only does the differential backup
get slightly bigger each day, but the logs are using up more and more disk space until you perform the next full backup.

Incremental Backup
Avoid this method. To prove my point try a test restore on a Friday. Calculate how many tapes you need and how long
it will take. Realize that there is a five times greater chance of a slip up before the data is recovered, than with a full
backup. Another clue that this is a poor method is that SQL and other relational databases do not allow incremental
backups. Two tiny pieces of good news, incremental backups are quick and they do delete old portions of the transaction
logs.
Copy Backup
This is a specialist method which is useful if you need to take a snapshot of the system without altering the archive bit.
Differential and Incremental backups take their cue from the archive property of the files, so my point is that a copy
backup doesn't affect other backup schedules that you have in place.
Daily Backup
This method surprised me, I thought that it would backup any file within the last 24hrs. Not so. It only backed up files
that had changed since midnight, time stamp 0:00. I cannot recommend this method for Exchange 2003.
Online v Offline Backup
An online backup means that email is not interrupted. New in Windows 2003 is the Volume Shadow Copy (VSS) service
which makes it possible to backup without dismounting the Exchange stores. Most proprietary programs like Backup
Exec, Legato or ArcServe have agents or add-ons which specifically hook into the Windows 2003's VSS APIs.
Offline backup. Dismount the Store, then backup. Not your first choice. The main reason that I can think of for
choosing an offline backup, is if the online backup failed. The disadvantages are that the logs are not purged and that
unlike an online backup, the database cannot be verified.
Another possible scenario is that you are about to undertake risky restore. So you create a rollback position by backing
up what you have already, before you try a restore.
ASR (Automated System Recovery)
I wanted to give you a timely reminder that Exchange 2003 relies on the underling Windows Server 2003 operating
system. In a worst case scenario you will have to rebuild the operating system before you restore the Exchange .edb
databases. An ASR backup and recovery disk is the fastest way of building a base from which you can restore those .edb
files. Before you tackle an ASR recovery, I assume you have tried Last Known Good, Safe Mode and the Recovery
Console.
In NT 4.0 days this process was known as RDISK. Both RDISK and ASR suffer from a fatal flaw, that is they are no good
unless the disk information is up-to-date. So, if you going to make ASR diskettes, make sure you repeat the procedure
every time the hardware changes in any significant way.
Backup Media Tactics
It is usually fastest to backup to disk. So, your tactics could be initially backup to disk, followed by a backup to a central
server or to a local tape drive. Perhaps the best strategy would be to employ a tape library on a SAN.
Summary of Backup Methods in Microsoft Exchange Server 2003
If you want to successfully restore your Exchange 2003 server, then spend time and plan your backup strategy carefully.
Make a full backup your first choice, and wherever possible, avoid incremental backups since they take too long to
restore.
115)What is DSACCESS?
DSAccess is a component that optimizes the communication between Active Directory and components within exchange
server.
For example, Components such as Information Store and message categorizer.
Exchange components that needs to interact with active directory uses DSAccess to retrieve information instead of
directly communicating with Domain Controller or Global Catalog servers.
DSAccess is also helpful for better system performance as it maintains a cache which helps in reducing LDAP queries that
exchange server components does on active directory and thus load is reduced on both domain controllers as well as
global catalog servers.
Note: Global Address List (GAL) queries from Microsoft Outlook client does not use this cache.
The system Attendant service is responsible for initializing DSAccess which is in form of a DLL file i.e., DSACCESS.DLL.
There are also two more dll's associated which are DSCMGS.DLL and DSCPERF.DLL.
Lets say, we want to see which processes are using DSACCESS.DLL. for this we will be using tasklist.exe (windows 2003
and XP) from command prompt.
tasklist -m dsaccess.dll
This will give you output similar as shown below.

DSAccess also have another important task to do, and that is "Discovery Process". In this discovery process DSAccess
determines the complete active directory structure and accordingly chooses domain controller and global catalog servers
that can be used by exchange.
To see which domain controller and global catalog is being used by DSAccess, we need to open ESM (exchange system
manager) and drill down to server, then open the properties page of server and go to Directory Access tab.

Note: This is available only if Exchange 2003 SP2 is installed. In prior versions you will need to use DSADIAG.EXE to get
the list of domain controllers and global catalogs that are being used by DSAccess.
Exchange 2003 System Attendent does not start.
Hello Friends,
Here if have got a new topic to post, may be some of you guys n gals face this problem while setting up exchange 2003
on member server of DC using /DisasterRecovery switch.
We setup exchange 2003 using disasterrecovery switch when information related to our exchange server is already
present in AD.
Setup goes smoothly and you get a message which says to restore database from backup, we click ok and then setup
wizard resume its job, here it tries to start Exchange System Attendent service and keeps trying to do it for long time,
things doesn't goes ahead. but if we see our Event viewer (our friend) you will get error 9022, 9149, and 1005. This is
because the exchange server container in AD does not proper permissions.

Ok, now we will solve this issue.

Go to the DC, make sure you have support tools installed. If not then install it from your windows 2003 server CD-ROM,
you can find it in support/Tools directory of your CD-ROM.
After finishing installation of support tools,
1. Goto Start > Run.. type adsiedit.msc then press Enter
2. we need to drill down
Configuration > Services > Microsoft Exchange > Administrative Group > First Administrative Group > Servers
3. Here we will see our server name. Right Click on server goto properties, goto Security tab and see the last group
"Exchange Domain Servers" click on it and you will get the list of permissions given to this group. You will find "Full
Control" is not enabled, and this is what we have to do. Enable it and click Apply.. Ok..
4. Now go to your exchange server and try to restart System Attendent service, also MTA Stack and Information Store
will be stopped, start them also..
And its done :-)
DSAccess is what Exchange services use to access information in the Active Directory. In order for it to find the correct
information, DSAccess needs to talk to Global Catalog servers, even if those servers are not in a domain where Exchange
is installed. DSAccess will only talk to GCs that it has rights to. It will check to see if it has rights to that GC by checking
if it has privileges to the Security Access Control List (SACL) on the GC. These rights are only propagated by the
Recipient Update Service (RUS) and you can only create a RUS for domains that have been DomainPrepped.
If you follow this chain, youll see that it comes down to "DSAccess needs to be able to talk to a GC", and in order to do
that the GC has to be in a domain which has been DomainPrepd and has a RUS pointed at it.
So if you have a parent-child domain configuration, with Exchange only in the child domain, and GCs in the parent
domain, you will have to run DomainPrep in the parent domain AND create a new RUS on an Exchange server in the child
domain and point that RUS at the parent domain.
Now I know youre all asking the question "What if you dont have a GC, or Exchange servers, or users getting Exchange
mailboxes in the parent domain?" The answer is: "Then you dont need to DomainPrep the parent domain."
So if all your GCs are in the child domain, and none are in the parent domain, and there are never going to be any
Exchange resources in the in the parent domain, then you dont need to DomainPrep it or create a RUS for it. But that
configuration doesnt happen very often and the consequences for not DomainPreping the parent are bad enough (like
the Exchange Information Store service wont start) that we tell everyone to always domainprep the parent domain.
What is the Dial-Tone server scenario?
Dial-Tone failover is the process of bringing up a new Exchange server (2000-2007) with the same name as the
failed server from production. The server will mount blank databases and be able to immediately allow end-users to
send/receive email. None of the historical email, calendar entries or Public Folder data will be available, but new mail will
flow. You can read up on the process for Exchange 2007 here:
116)When would you use offline backup?
You must perform an offline defragmentation in the following situations:
After performing a database repair (using Eseutil /p)
After moving a considerable amount of data from an Exchange Server database.
When an Exchange Server database is much larger than it should be.
117)How do you re-install Exchange on a server that has crashed but with AD intact?
118)What is the dumpster?
When you delete an item from your mailbox, the item will be kept on the dumpster for as long as configured for
your mailbox or for the mailbox database to which your mailbox belongs. As administrator you need to keep in mind
however that when you move a mailbox from one mailbox database to another mailbox database, t hat the content of

the dumpster is not moved for that mailbox and therefore lost.
How to Recover Deleted Emails in Outlook
When you delete an email in Outlook it goes to the Deleted Items folder.
Like the Recycle Bin on the Desktop, this gives you a second chance if you delete an email by accident.
Where do emails go when you delete them out of the Deleted Items folder?
If Outlook is using an account on an Exchange server, the answer is the Dumpster - the American word for a skip.
This is the place Exchange stores deleted emails for a length of time, called the Retention Period, the length of which can
set by an administrator, before finally and permanently deleting them.
The Arrowmail Exchange servers have a Retention Period of 14 days.
The Dumpster
The good news is that you can access the Dumpster yourself from within Outlook.
Here's how:Select the Deleted Items folder then click:Tools - Recover Deleted Items

A window opens showing all the emails deleted from the Deleted Items folder which haven't exceeded the Retention
Period.
Select one or more emails you want to recover, click on Recover Selected Items and they will appear back in the
Deleted Items folder:-

There's also the option to purge items from the Dumpster if there's a particular email you want to make disappear for
good.
You can also access the dumpster from Outlook Web Access, from the Options page:-

The Hidden Dumpster

This is fine for emails that have passed through the Deleted Items folder, but it's possible to "hard delete" items
straight to the Dumpster from any folder by holding down the Shift key while deleting an email.
With Outlook open and an email selected in the Inbox, you're 4 key-presses away from disaster:Ctrl+a then Shift+Del
This means "Select all emails in the Inbox" then "move them all to the hidden dumpster".
I've lost count of the number of support calls I've had where this has happened.
Emails hard deleted from any folder go to the Dumpster but, by default, you can only retrieve ones that have passed
through the Deleted Items folder.
To be able to access the entire Dumpster you need to make a Registry change.
(Remember that care should always be taken when editing the Registry as there are settings in there that can render
your Windows installation inoperable.)
Click: Start - Run and type regedit then click OK to open the Registry Editor.
Navigate to:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Options
Click: Edit - New - DWORD Value
Rename the new value: DumpsterAlwaysOn
Double-click this new value and set its value to 1:-

Close Regedit
Close Outlook, if it's open, restart it and the Recover Deleted Items option will now be enabled for every folder,
including those that contain Contacts, Calendar items, etc.
You'll need to make this Registry edit on every PC from which you want to access the hidden dumpster.
There's no way to access the hidden part of the Dumpster from Outlook Web Access.
Recovering Deleted Emails from the Cache on another PC
If some major catastrophe has happened with your email, and missing items are not recoverable from any part of the
Dumpster, there may still be some things you can do.
If you've been using Outlook with Exchange, in cached mode, on another PC, which is currently turned off, this PC will
have a full copy of your Outlook data in a local OST file.
This data will be as up-to-date as the last time you used Outlook on that PC, hopefully before the current problem
occurred.
The last thing you want to happen is for this PC synchronise with Exchange and so delete the items you're after from
its cache so, before you turn this PC on or open Outlook, make sure that it's NOT connected to the Internet.
Maybe pull out the network cable or turn off the wireless card.

When you open Outlook on this PC, while it's off-line, you should see all the missing items still there. The first task is
to copy them to a local PST file:From within Outlook, click:File - New - Outlook Data File
Select Outlook Office Personal Folders File then click OK
Click OK then OK to accept the default location and name of the new PST file.
You'll now see a new set of folders in Outlook called Personal Folders.
Drag-and-drop all the items you need from the mail folders, contacts, calendar etc. in the Exchange folders to the
equivalent place in Personal Folders.
When the copying process has completed you can safely re-enable your Internet connection and allow Outlook to
synchronise with Exchange.
The next thing to do is to copy the items you've saved to Personal Folders, back into your Exchange folders, as the
synchronisation process will have just deleted them from there.
Exchange will accept these as valid new items and will copy them back, first to your mailbox on the server, and then
to the local caches on all the other computers where you use Outlook.
When you're sure that this has worked, right-click on Personal Folders and select
Close "Personal Folders".
The local cache of your Exchange data, held on a PC, is your insurance against a failure of the Exchange server that
could be unrecoverable.
Maybe the building housing the server and the backup tapes has burnt down.
You could then arrange to have your incoming emails diverted to a POP3 mailbox and access a SMTP server so that
your email is functional again.
I've seen someone working this way, more than 2 years after the Exchange server they were using disappeared.
Archiving Email
This is where a separate copy of all incoming and/or outgoing emails are stored on the
mail-server in a read-only folder, separate from your mail mailbox which you can access and search through when the
original of an email is nowhere to be found.
If this is the only reason you have for keeping a mail archive then it's not too hard, or expensive, to organise such a
system for keeping the last 30 days' emails.
115.What are the e00xxxxx.log files?
All transactions are first logged to the current log file E00.LOG. If it gets full it will be saved to a file of the log
generation E00xxxxx.LOG. The log files are by default stored in the same directories as the database files. The
current log file E00.LOG (Note: E00 will be increased by 1 for each additional
storage group.), which contains the most recent transactions. As soon as it gets full,
Exchange will automatically save a copy in a log generation file like
E00xxxxx.LOG, where xxxxx is a five digit hexadecimal number. The handling of
the log generation depends on whether circular logging is enabled or not.
116.What is the e00.chk file?
File- The checkpoint file is used to track which transactions have been committed to the database and which
transactions have to be committed to the database. The name of the file is EX0.chk (X stands for the storage group) and
its size is 8KB.
The checkpoint file E00.CHK has an important role in Exchange database logging. First of, it maintains the current
checkpoint. The current checkpoint always points to the last transaction that was successfully committed to the
database. During normal operation, the Exchange Server always writes transactions to the log files first as
they provide sequential access. This is much faster than writing to the database directly since it provides random
access. The server will eventually write transactions to the databases as soon as it has idle time. The last transaction
committed is pointed to by the current checkpoint. In case of a database corruption, it allows the Exchange Server to
roll-forward from the last backup to the last known consistent state.
The checkpoint file also maintains the backup checkpoints. Backup checkpoints are used to store the position of the
current checkpoint at the beginning of a backup session to a temporary location.
117.What is circular logging? When would you use it?
Database Circular Logging
As stated before, all transactions are first logged to the current log file E00.LOG. If it gets full it will be saved to a file of
the log generation E00xxxxx.LOG. This process is called transaction log rollover. The way the current log file is rolled
over depends on the logging mechanism used. Microsoft Exchange provides circular and sequential logging mechanisms.
Circular logging automatically overwrites transaction log files after the data they contain has been committed to the
database. It reduces disk storage space requirements; however, if circular logging is enabled, you cannot perform
incremental backups.
To enable circular logging, go to the Properties window of a Storage Group and choose the General tab.

Circular logging (disabled by default) uses transaction log technology but does not maintain previous transaction log
files. Instead, it maintains a window of a few log files, then removes the existing log files and discards the previous
transactions after the transactions in the transaction log files have been committed to the database.
This helps to manage disk space and keeps transaction logs from building up, but it prevents you from using differential
or incremental backups, because they require the past transaction log files. In fact, because circular logging purges
some transaction log files, you may not be able to recover to a point of failure by roll forward through the transaction
log filesone or more may be missing. For this reason it is a good idea to disable circular logging on all Storage Groups
(default setting). You can manage disk space easily enough by performing regular online backups, which purge the log
files from the hard disk after they have been backed up.
118.What's the difference between online and offline defrag?
Online Defragmentation
Online defragmentation is one of several database-related processes that occur during Exchange database maintenance.
By default, on servers running Exchange 2000 Server and Exchange Server 2003, Exchange Server database
maintenance occurs daily between 01:00 (1:00 A.M.) and 05:00 (5:00 A.M.). Online defragmentation occurs while
Exchange Server databases remain online. Therefore, your e-mail users have complete access to mailbox data during the
online defragmentation process.
The online defragmentation process involves automatically detecting and deleting objects that are no longer being used.
This process provides more database space without actually changing the file size of the databases that are being
defragmented.
Note: To increase the efficiency of defragmentation and backup processes, schedule your maintenance processes and
backup operations to run at different times.
Offline Defragmentation
Offline defragmentation involves using the Exchange Server Database Utilities (Eseutil.exe). ESEUTIL is an Exchange .
Offline defragmentation can be done only when you dismount the database.
119.How would you know if it is time to perform an offline defrag of your Exchange stores?
You must perform an offline defragmentation in the following situations:
After performing a database repair (using Eseutil /p)
After moving a considerable amount of data from an Exchange Server database.
When an Exchange Server database is much larger than it should be.
Generally speaking you should only use ESEUTIL under the following Circumstances (there are generally no exceptions):
When you have no usable backup of your Exchange Databases Repair Scenarios

When you have had a lot of transient behaviour in the database Defrag Scenarios for example;
o A large number of users have either left the company, or moved to another store within the environment
You have installed a archiving solution into your environment and it has been running for at least 5
months
o You have hit a limit on the Database (in the standard Edition of Exchange only) this scenario should not
happen when using SP2 of Exchange 2003 or Exchange 2007
When you have good reason (good means Application Event Log errors) that suggest a corruption in the
Database Integrity Scenarios
When you wish to replay log files into the Database

When it is recommended by Microsoft Product Support Services, or when you are confident about using the
command syntax and you are sure that it is going to be of benefit to you

120)How would you plan for, and perform the offline defrag?
Defrag
Exchange 2003 defragments the Exchange database every night. But this is only an online defrag of the database. An
online defrag doesnt reduce the size of the information store. To reduce the size of the databases, you must use an
offline defrag.
When should I use an offline defrag?
Under normal conditions you don't need an offline defrag, but when you add tons of new users due to a merger or
aquisition or when you delete many objects from the store it can be necessary to do an offline defrag.
You can do a space dump with ESEUTIL /MS to determine the space. Also ensure that you have 110% free diskspace
associated with the Exchange database size.

Figure 4: ESEUTIL /MS

121)What is the isinteg command

What is the eseutil command?

ESEUTIL is a tool to defragment your exchange databases offline, to check their integrity and to repair a damaged/lost
database.
ESEUTIL is located in the \EXCHSRVR\BIN directory. This directory is not in the system path so you must open the tool in
the BIN directory or enhance the system path with the \EXCHSRVR\BIN directory.
Using ISINTEG for Exchange DB testing
ISINTEG is used to check and fix the integrity of the Information Store DB in Exchange. It is the only tool that
understands the Exchange DB at a mail and object level rather than at the pages/table level which ESEUTIL operates at.
Given that this tool requires the DB to be dismounted you won't be running it all the time. Really you only need to run it
when you are having specific problems perhaps with corrupted items in a mailbox for example.
The follows links are a great source of help if you are planning to run this tool on your DB.
Isinteg is a utility that searches through an offline information store for integrity weaknesses. You can also repair issues
that Isinteg detects. Isinteg is run at a command prompt.
When Isinteg is run at a command prompt, the following switches are available. This is also the usage display (-?
switch).
isinteg [-pri] [-pub] [-fix] [-l [logfilename]]
Switch Result ------ ------ -? Usage is displayed. -pri Check private information store (default). -pub Check public
information store. -fix Repair information store. -l [logfilename] Store log information in logfilename. Default is
isinteg.pri or isinteg.pub. -patch Offline backup restore patch.
Note Microsoft Exchange 2000 Server no longer uses the Isinteg -patch switch. The Isinteg -patch procedure is
performed automatically when the Messaging Database (MDB) starts.
Exchange 2000 also has the following additional switch.
Switch Result ------ ------ -s Server name.
In Exchange 2000 you must specify the database on which you are running Isinteg (for example, isinteg -s Server1 -test
allfoldertests). For more information about the Exchange 2000 version of this command, click the following article
number to view the article in the Microsoft Knowledge Base:
You can use the Isinteg.exe tool to check and to fix the integrity of the information store databases including the private
information store, Priv.edb, and the public information store, Pub.edb.
MORE INFORMATION
To view the command-line help about usage of Isinteg.exe, type the following command line from a command prompt:
c:\program files\exchsrvr\bin>isinteg /?
Output:
Microsoft Exchange Information Store Integrity Checker v6.0.4417.0 Copyright (c) 1986-2000 Microsoft Corp. All rights
reserved. Usage: isinteg -s ServerName [-fix] [-verbose] [-l logfilename] -test testname[[, testname]...] -s ServerName
-fix check and fix (default - check only) -verbose report verbosely -l filename log file name (default - .\isinteg.pri/pub) -t
refdblocation (default - the location of the store) -test testname,... folder message aclitem mailbox(pri only) delfld acllist
rcvfld(pri only) timedev rowcounts attach morefld ooflist(pri only) global searchq dlvrto peruser artidx(pub only) search
newsfeed(pub only) dumpsterprops Ref count tests: msgref msgsoftref attachref acllistref aclitemref newsfeedref(pub
only) fldrcv(pri only) fldsub dumpsterref Groups tests: allfoldertests allacltests isinteg -dump [-l logfilename] (verbose
dump of store data)
To run Isinteg.exe to fix and to check the integrity of the information store, run the following line from a command
prompt:
c:\program files\exchsrvr\bin>isinteg -s servername -fix -test alltests
For example:
exchsrvr\bin\isinteg -s server1 -fix -test alltests

NOTE: You need to first start the information store service and dismount the databases; you can only check databases
that are offline.
Output:
Databases for server SERVERNAME: Only databases marked as Offline can be checked (In this case only 1-Mailbox Store
(SERVERNAME) can be checked). Index Status Database-Name Storage Group Name: First Storage Group 1 Offline
Mailbox Store (SERVERNAME) 2 Online Public Folder Store (SERVERNAME) 3 Online Second Mailbox Store Enter a
number to select a database or press Return to exit
http://support.microsoft.com/kb/301460/
http://www.msexchange.org/tutorials/Exchange-ISINTEG-ESEUTIL.html
http://support.microsoft.com/kb/182081
120.How would you monitor Exchange's services and performance? Name 2 or 3 options.
You have Monitoring and Tools Options in ESM
121.Name all the client connection options in Exchange 2003.
Outlook 2000/2003
Outlook Web Access.
Outlook Mobile Access.
RPC Over Http/Https.

122.What is Direct Push? What are the requirements to run it?

'Direct Push' technology is an additional feature added to Microsoft Exchange 2003 with a new service pack that
adds messaging and security features currently also known as AKU2. Exchange Server enabled to push Outlook
messaging directly to a phone device running Windows Mobile 5, using a subscriber's existing wireless phone account
(instead of the device having to "pull" e-mail from the server). To achieve pushmail with any e-mail provider (i.e. other
than Exchange) there is a plug-in from for emansio (formerly VGS Mail) that enables push mail with any e-mail provider,
i.e. google mail etc.
Direct Push is just a heartbeat away
Background
Exchange 2003 introduced the Always Up To Date notification feature (AUTD) that kept devices up to date by sending
SMS triggers to the device. The triggers were sent from the enterprise as SMTP messages to the SMTP front end at the
mobile operator. They were then sent through the SMS gateway as SMS messages to the device. This approach had
some limitations since not all mobile operators did the SMTP to SMS conversion. Even when they did, there was latency
involved with SMS messages and there were end-to-end reliability issues. Also some mobile operators charged for each
incoming SMS message so that added an extra dimension to the cost of staying up to date. To alleviate these issues,
Exchange 2003 SP2 introduced Direct Push.
Direct Push Architecture
Direct Push is a client initiated HTTP connection to the server where the device opens a connection to the Exchange
Server and keeps it alive for a duration known as the heartbeat interval. Basically the client sets up the connection,
chooses the appropriate heartbeat interval and tears down and reestablishes the connection if and when necessary. The
server sends notifications about new items over this connection and the client synchronizes to get the new items.
A new AirSync command called PING has been introduced for Direct Push. This command is sent as part of the POST
request from the device.
Summary of Interaction between the client, EAS server and Exchange
1. Device issues a PING command.
2. When the EAS server receives a PING command it does the following:

If the Ping command contains the heartbeat interval or folder list, it stores the information in AUTDSTATE.XML in
the user's mailbox. The device does not need to send these parameters up again unless they change.

If the Ping command did not contain the heartbeat or folder list, it retrieves them from the mailbox server.

EAS subscribes to notifications for the folders. It issues DAV subscriptions using the SUBSCRIBE command.

Since there is a small window between the last SYNC and the SUBSCRIBE where changes could have occurred,
EAS checks for changes. If there is a change, the server immediately notifies the client to sync by issuing a response to
the PING command with a Status of 2. It does an UNSUBSCRIBE to delete the DAV subscription. If no changes have
occurred, the server continues to wait for UDP notifications from the mailbox server.

If a notification arrives within the heartbeat interval, the server will inform the client to sync. A response to the
PING command is issued with a Status of 2 indicating that there are changes. Otherwise, after the heartbeat interval
elapses, the server will return a response to the PING command with a Status of 1 indicating that there are no changes.
It does an UNSUBSCRIBE to delete the DAV subscriptions before issuing the PING response.
Deployment Considerations for Direct Push
1. In order to use Direct Push, only the Exchange 2003 Front End servers need to be upgraded to SP2. However it is
highly recommended that SP2 be installed on all Exchange Front End and back end servers.

If the Front End servers are load balanced, all the Front End servers need to be upgraded around the same time.
2. When there is new mail, the BE sends a UDP notification to the FE. Direct Push requires that UDP port 2883 be open
from the BE to the FE. The port can be configured using the registry value UDPListenPort under
HKLM\SYSTEM\CurrentControlSet\Services\MasSync\Parameters. If this value is set through the registry, the value must
be greater than or equal to 1 and less than or equal to 65535.
3. With Direct Push, the device keeps a connection open to the Exchange server. If you have a firewall between the
device and the Exchange server, you must increase the idle connection timeout on the firewall. Please note that this is
the idle connection timeout (i.e.) when there is no data transfer between client and server. For more information, please
refer to KB titled "Enterprise firewall configuration for Exchange ActiveSync Direct Push Technology" available at
http://support.microsoft.com/?kbid=905013
4. If you are using ISA 2000, you need to add a registry key on the ISA server to use direct push. Please refer to the KB
titled "The ISA Server response to client options requests is limited to a predefined" available at
http://support.microsoft.com/?ID=304340 for information on how to add the registry key.
Heartbeat Interval
The device specifies the heartbeat interval as part of the PING command. This dictates how long the server must keep
the connection alive. The device will dynamically converge to the highest possible heartbeat interval for a given network,
based on the mobile operator timeouts, firewall timeouts etc. The higher the heartbeat interval, the better it is for
battery life. So the heartbeat is optimized for a given network.
You can change the minimum and maximum heartbeat interval settings on the server through the registry.
The settings are MinHeartbeatInterval and MaxHeartbeatInterval under
HKLM\SYSTEM\CurrentControlSet\Services\MasSync\Parameters
The defaults are 1 and 45 minutes respectively. Note that the maximum is hard coded to 59 minutes since the maximum
possible DAV subscription lifetime is 60 minutes.
You can also specify a heartbeat alert threshold. The server maintains a sliding window of the last 200 heartbeat
intervals supplied by clients. If the average from this sample is less than or equal to the alert threshold, there will be a
warning in the event log
"The average of the most recent heartbeat intervals used by clients is less than or equal to x. Please check your firewall
settings to ensure that they permit requests to Exchange ActiveSync to live for at least 15 minutes."
The alert threshold and sample size can be configured through the registry. The settings are HBiSampleSize and
HbiAlertThreshold under
HKLM\SYSTEM\CurrentControlSet\Services\MasSync\Parameters
Configuring Direct Push on the Server
By default, Direct Push is enabled in Exchange 2003 SP2. However you can enable/disable it in Exchange System
Manager. In ESM expand Global Settings, right-click on Mobile Services, Properties and check/uncheck the box for
"Enable Direct Push over HTTP(S)"

You can also change this setting on a per-user basis using Active Directory Users and Computers. In ADU&C, click on the
user, Properties, Exchange Features tab, under Mobile Services enable/disable Up-to-Date Notifications. This controls
both SMS based AUTD and Direct Push for the user.
Configuring Direct Push on the client
A Direct Push capable device will automatically negotiate the protocol with the server and configure itself to use Direct
Push. The sync schedule is set to "As new items arrive".
Direct Push Initialization
1. Verify that Exchange ActiveSync is loaded and IP-based AUTD is initialized by checking the application log on the FE
for events below. Exchange Activesync gets initialized on the first sync attempt.
Event Type:
Information
Event Source: Server ActiveSync
Event Category:
None
Event ID:
3002
Date:
3/19/2006
Time:
12:44:08 PM
User:
N/A
Computer:
1B25A
Description:
Microsoft Exchange ActiveSync has been loaded: Process ID: [3048].
Event Type:
Information
Event Source: Server ActiveSync
Event Category:
None
Event ID:
3025
Date:
3/19/2006
Time:
12:44:19 PM
User:
N/A
Computer:
1B25A
Description:
IP-based AUTD has been initialized.
2. Verify that the FE is listening on port 2883.
To check if the server is listening on the AUTD port, you can run "netstat -ano". Here are results before and after IPbased AUTD has initialized.
Before

Proto

Local Address

Foreign Address

UDP
UDP

0.0.0.0:1985
0.0.0.0:3456

*:*
*:*

Proto

Local Address

Foreign Address

UDP
UDP
UDP

0.0.0.0:1985
0.0.0.0:2883
0.0.0.0:3456

*:*
*:*
*:*

State

PID
1928
3356

After
State

PID
1928
3048
3356

Netstat provides the Process ID which matches the EAS process per the initialization event in the application log.
Another way to check if the server is listening on the AUTD port is to use PortQry(available on Microsoft.com). This lists
the process that is listening on the port
Process ID: 3048 (w3wp.exe)
PID
3048
3048
3048

Port
TCP 31479
TCP 31480
UDP 2883

Local IP
172.29.8.222
172.29.8.222
0.0.0.0

State
ESTABLISHED
ESTABLISHED

Remote IP:Port
172.29.9.107:3268
172.29.9.107:389
*:*

123.How would you remote wipe a PPC?

Remote Wipe
The Microsoft Exchange ActiveSync Mobile Administration Web tool enables the remote wipe feature added in SP2.
This tool enables administrators and help desk professionals to manage the process of remotely erasing lost, stolen, or
otherwise compromised mobile devices. After the remote wipe has been completed, the administrator receives an
acknowledgement that the mobile device has been wiped. The ability to perform a remote wipe is useful when an end
user loses his or her mobile device, or if the device is stolen and there is a risk that personal or confidential information
could be accessed.
This feature is enabled over a Web application that is restricted to Exchange Administrators by default. Other individuals
can be added as required. Using this Web application, you can perform the following tasks:
View a list of all mobile devices that are being used by any enterprise user.
Send or cancel remote wipe commands to mobile devices.
View the status of pending remote wipe requests for each mobile device.
View a transaction log that indicates which administrators have issued remote wipe commands, in addition to the
mobile devices those commands pertain to.
Delete an old or unused partnership between devices and users.
124.What are the issues with connecting Outlook from a remote computer to your mailbox?
How would you solve those issues? Name 2 or 3 methods
125.What is Cached Mode in OL2003/2007?
Outlook 2002 and earlier gives you the capability to use an offline file with an Exchange Server account. The
offline file is a local copy of your mailbox data stored on your computer's local hard disk. By using an offline file, you can
continue working with your mailbox even when your server isn't available. So, you can still read e-mail messages you've
already downloaded, work on tasks, compose messages, and perform all of the other standard tasks you can accomplish
by using Outlook when your computer is connected to the server.
In Outlook 2003, offline file capability is improved with better connection management and synchronization. The offline
file feature in Outlook 2003 is called Cached Exchange Mode.
To turn on Cached Exchange Mode for your account in Outlook 2003
1. Exit Outlook.

2.
3.
4.
5.
6.

Click Start, click Control Panel, and then double-click Mail.

In the Mail Setup dialog box, click E-mail Accounts.
In the E-mail Accounts Wizard, select View or change existing e-mail accounts, and then click Next.
Select Microsoft Exchange Server, and then click Change.
Select the Use Cached Exchange Mode check box, click Next, and then click Finish.

The next time that you start Outlook, it will begin creating the local cache copy of your mailbox and synchronize your
local cache with the mailbox on the server. If you have a lot of items in your mailbox, synchronization might take time.
It's best to synchronize the two the first time through a local connection to your server, rather than through a remote
connection (such as using RPC over HTTP).
To set up an offline file in Outlook 2002
1. Exit Outlook.

2.
3.
4.
5.
6.
7.

Click Start, click Control Panel, and then double-click Mail.

In the E-mail Setup dialog box, click E-mail Accounts.
In the E-mail Accounts Wizard, select View or change existing e-mail accounts, and then click Next.
Select the Microsoft Exchange Server account, and then click Change.
On the third page of the wizard, click More Settings.

In the Microsoft Exchange Server dialog box, click the Advanced tab, and then click Offline Folder File
Settings.
8. Select a location and file name for the Office Folder file (.ost).
9. Do one of the following:
To accept the defaults and create the file, click OK.
Type a location and file name in the File box, and then click OK.

10. In the Microsoft Exchange Server dialog box, click OK, click Next, and then click Finish.
11. Close any remaining dialog boxes.

Using Remote Mail

Outlook includes a specific feature called Remote Mail, which you can use to view message headers (that is, the
summary information about messages, including the subjects and senders of the messages) and to manage messages
without downloading them. Why is that important when you work away from the office? If you receive a lot of mail,
particularly with documents or other attachments, downloading your mail over a slow connection (such as a dial-up
connection) seems to take forever. By using Remote Mail, you can download just the header, and then look at the subject
and sender to determine whether you want to download the message itself. If so, you mark the message header for
download and review the remaining message headers. When you've marked all of the headers for the messages that you
want downloaded, you can direct Outlook to download the messages.
Remote Mail is also helpful for cleaning out junk e-mail messages from your mailbox without taking the time required to
download the messages. Just mark the headers for deletion so that Outlook deletes the messages from your mailbox the
next time Outlook connects to the server.
Remote Mail was originally a feature specific to Exchange Server accounts; but because Outlook evolved, so has this
handy feature. You can still use Remote Mail for Exchange Server accounts, but as explained in detail in Microsoft Office
Outlook 2003 Inside Out, you can use Remote Mail for nonExchange Server accounts as well.
The following link has complete instructions on setting up and using Remote Mail for Exchange Server: Use Remote Mail
to download headers and messages.
NOTE You must add an Offline Folder file (.ost) to your Outlook profile to use Remote Mail. You can't use Remote Mail
if you are using Cached Exchange Mode in Outlook 2003.
126.What are the benefits and "issues" when using cached mode? How would you tackle those issues?
Benefits
1.
By using an offline file, you can continue working with your mailbox even when your server isn't
available. So, you can still read e-mail messages you've already downloaded, work on tasks, compose
messages, and perform all of the other standard tasks you can accomplish by using Outlook when your
computer is connected to the server.

2. You need not be Online to view your emails.

Issues
If you have a lot of items in your mailbox, synchronization might take time.
127.What is S/MIME? What are the usage scenarios for S/MIME?

S/MIME (Secure Multi-Purpose Internet Mail Extensions) is a secure method of sending e-mail
that uses the Rivest-Shamir-Adleman encryption system . An alternative to S/MIME is PGP/MIME,
which has also been proposed as a standard.
S/MIME (Secure / Multipurpose Internet Mail Extensions) is a protocol that adds digital
signatures and encryption to Internet MIME (Multipurpose Internet Mail Extensions) messages
described in RFC 1521. MIME is the official proposed standard format for extended Internet
electronic mail. Internet e-mail messages consist of two parts, the header and the body. The
header forms a collection of field/value pairs structured to provide information essential for the
transmission of the message. The structure of these headers can be found in RFC 822. The
body is normally unstructured unless the e-mail is in MIME format. MIME defines how the body
of an e-mail message is structured. The MIME format permits e-mail to include enhanced text,
graphics, audio, and more in a standardized manner via MIME-compliant mail systems.
However, MIME itself does not provide any security services. The purpose of S/MIME is to
define such services, following the syntax given in PKCS #7 (see Question 5.3.3) for digital
signatures and encryption. The MIME body section carries a PKCS #7 message, which itself is
the result of cryptographic processing on other MIME body sections. S/MIME standardization
has transitioned into IETF, and a set of documents describing S/MIME version 3 have been
published there.
S/MIME provides the following cryptographic security services for electronic messaging applications:
authentication, message integrity and non-repudiation of origin (using digital signatures) and privacy and data
security (using encryption). S/MIME specifies the application/pkcs7-mime (smime-type "enveloped-data") type
for data enveloping (encrypting): the whole (prepared) MIME entity to be enveloped is encrypted and packed into
an object which subsequently is inserted into an application/pkcs7-mime MIME entity.
S/MIME functionality is built into the vast majority of modern e-mail software and interoperates between them.

S/MIME CERTIFICATES
Before S/MIME can be used in any of the above applications, one must obtain and install an individual
key/certificate either from one's in-house certificate authority (CA) or from a public CA such as one of those listed
below. Best practice is to use separate private keys (and associated certificates) for Signature and for Encryption,
as this permits escrow of the encryption key without compromise to the non-repudiation property of the signature
key. Encryption requires having the destination party's certificate on store (which is typically automatic upon
receiving a message from the party with a valid signing certificate). While it is technically possible to send a
message encrypted (using the destination party certificate) without having one's own certificate to digitally sign, in
practice, the S/MIME clients will require you install your own certificate before they allow encrypting to others.
A typical basic personal certificate verifies the owner's identity only in terms of binding them to an email address
and does not verify the person's name or business. The latter, if needed (e.g. for signing contracts), can be obtained
through CAs that offer further verification (digital notary) services or managed PKI service. For more detail on
authentication, see Digital Signature.
Depending on the policy of the CA, your certificate and all its contents may be posted publicly for reference and
verification. This makes your name and email address available for all to see and possibly search for. Other CAs
only post serial numbers and revocation status, which does not include any of the personal information. The latter,
at a minimum, is mandatory to uphold the integrity of the public key infrastructure.

128.What are the IPSec usage scenarios for Exchange 2003?

Used for communications between Front-End and Back-End Exchange servers.
129.How do you enable SSL on OWA?
SSL Enabling OWA 2003 using your own Certificate Authority
Why spend money on a 3rd party SSL certificate, when you can create your own for free? In this article I will show you
step by step how you create your own SSL Certificate, which among other things is needed in order to properly secure
Outlook Web Access on your Exchange 2003 Server.
Configuring the Certificate Authority
The first thing to do is to decide which server should hold the Certicate Authority (CA) role, it could be any server as long
as its at least a member server. If you have a single box setup, such as a Small Business Server (SBS), the decision
shouldnt be very hard.
Note:
In order to add the Certificate Service Web Enrollment component (subcomponent to CA), which were going to use in
this article, the server needs to be running IIS, so if you havent already done so, install IIS before continuing with this
article. If you plan on installing the CA component on the Exchange server itself, then theres nothing to worry about,
because as you know, Exchange 2003 relies heavily on IIS, which means Its already installed.
To install the CA component, do the following:
Click Start > Control Panel > Add or Remove Programs
Select Add/Remove Windows Components
Put a checkmark in Certificate Services
Below screen will popup as a warning, just click Yes > then Next

We now have to select what type of CA to use, choose Enterprise root CA and click Next

In the following screen we have to fill out the Common name for our CA, which in this article is mail.testdomain.com.
Leave the other fields untouched and click Next >

We now have the option of specifying an alternate location for the certificate database, database log, and configuration
information. In this article we will use the defaults, which in most cases should be just fine.
Now click Next >

The Certificate Service component will be installed, when its completed, click Finish

Creating the Certificate Request

Now that we have installed the Certificate Services component, its time to create the Certificate Request for our Default
Website. We should therefore do the following:
Click Start > Administrative Tools > Internet Information Services (IIS) Manager
Expand Websites > Right-click Default Website then select Properties
Now hit the Directory Security tab
Under Secure Communications click Server Certificate

As were going to create a new certificate, leave the first option selected and click Next >

Because were using our own CA, select Prepare the request now, but send it later, then click Next >

Type a descriptive name for the Certificate and click Next >

We now need to enter our organization name and the organizational unit (which should be pretty self-explanatory), then
click Next >

In the next screen we need to pay extra attention, as the common name reflects the external FQDN (Fully Qualified
Domain Name), to spell it out, this is the address external users have to type in their browsers in order to access OWA
from the Internet.
Note: As many (especially small to midsized) companies dont publish their Exchange servers directly to the Internet, but
instead runs the Exchange server on a private IP address, they let their ISPs handle their external DNS settings. In most
cases the ISP creates a so called A record named mail.domain.com pointing to the companys public IP address, which
then forwards the appropriate port (443) to the Exchange servers internal IP address.
When your have entered a Common Name click Next >

Now its time to specify the Country/Region, State/Province and City/locality, this shouldnt need any further explanation,
when you have filled out each field, click Next >

In the below screen we have to enter the name of the certificate request were creating, the default is just fine, click
Next >

In this screen we can see all the information we filled in during the previous IIS Certificate Wizard screens, if you should
have made a mistake, this is your last chance to correct it. If everything looks fine click Next >

And finally we can click Finish.

Getting the Pending Request accepted by our Certificate Authority
Now that we have a pending Certificate Request, we need to have it accepted by our CA, which is done the following
way:
On the server open Internet Explorer
Type http://server/certsrv
Note: In order to access the Certsvr virtual folder, you may be prompted to enter a valid username/password, if this is
the case use the Administrator account. When you have been validated the Windows 2003 Server will most probably
block the content of the CertSrv virtual folder, which means you wil have to add it to your trusted sites in order to
continue.
Now that youre welcomed by the Certificate Services, select Request a Certificate

Click advanced certificate request

Under Advanced Certificate Request click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file,
or submit a renewal request by using a base-64-encoded PKCS #7 file

Now we need to insert the content of the certreq.txt file we created earlier, you can do this by clicking the Browse for a
file to insert or by opening the certreq.txt file in notepad, then copy/paste the content as shown in the screen below,
then click Submit >

Now select Base 64 encoded then click Download certificate

Click Save

Choose to save the certnew.cer on the C: drive > then click Save

Close the Microsoft Certificate Services IE window.

Appending the Certificate to the Default Website
Okay its time to append the approved Certificate to our Default Website, to accomplish this we need to do the following:
Click Start > Administrative Tools > Internet Information Services (IIS) Manager
Expand Websites > Right-click Default Website then select Properties
Now select the Directory Security tab
Under Secure Communications click Server Certificate > then Next

Select Process the pending request and install the certificate > click Next >

Unless you have any specific requirements to what port SSL should run at, leave the default (443) untouched, then click
Next >

You will now see a summary of the Certificate, again if you should have made any mistakes during the previous wizard
screens, this is the final chance to correct them, otherwise just click Next >

The Certificate has now been successfully installed and you can click Finish

Enabling SSL on the Default Website

We have now appended the Certificate to our Default Website, but before the data transmitted between the clients and
the server is encrypted, we need to click the Edit button under Secure Communications.
Here we should put a checkmark in Require Secure Channel (SSL) and Require 128-bit encryption just like below:

Now click OK.

Testing our SSL enabled Default Website
Now that we have gone through all the configuration steps necessary to enable SSL on our Default Website, its time to
test if our configuration actually works.
From the server (or a client) open Internet Explorer, then type:
http://exchange_server/exchange

You should get a screen similar to the one shown below:

This is absolutely fine, as we shouldnt be allowed to access the Default Website (and any virtual folders below) through
an unsecure connection. Instead we should make a secure connetion which is done by typing https, therefore type below
URL instead:
https://exchange_server/exchange
The following box should appear:

Note: You may have noticed the yellow warning sign, this informs us The name on the security certificate is invalid or
does not match the name of the site. Dont worry theres nothing wrong with this, the reason why it appears is because
we arent accessing OWA through the common name, which we specified when the certificate was created. When you
access OWA from an external client through mail.testdomain.com/exchange, this warning will disappear.
Click Yes
You will now be prompted for a valid username/password in order to enter your mailbox, for testing purposes just use
the administrator account, like shown below:

Now click OK
We should now see the Administrator mailbox.

Notice the yellow padlock in the lower right corner, a locked padlock indicates a secure connection, which means OWA
now uses SSL.
Final words
Even though its possible to run your OWA environments without securing it with a SSL certificate, I strongly advise
against doing so, as this would mean any traffic send between the external OWA clients, and the Exchange server would
be sent in cleartext (this includes the authentication process). As you now know SSL provides us with 128-bit encryption,
but be aware enabling SSL in your OWA environment isnt an optimal security solution, in addition to enabling SSL, you
should at least have some kind of firewall (such as an ISA server) placed in front of your Exchange server(s).
You might also consider enabling the new Exchange 2003 functionality Forms Based Authentication, which provides a few
additional benefits such as a new logon screen, which, among other things, uses session cookies to make the OWA
sessions more secure, unfortunately the Forms Based Authentication functionality is out of the scope of this article, but I
will at some point of time in the near future write another article covering this funtionality.
130.What are the considerations for obtaining a digital certificate for SSL on Exchange?
131.Name a few 3rd-party CAs.
Verisign, Entrust, GlobalSign, Comodo, Thawte, Geotrust
132.What do you need to consider when using a client-type AV software on an Exchange server?
133.What are the different clustering options in Exchange 2003? Which one would you choose and why.
It is not sufficient to simply upgrade front-end servers to Exchange 2003 for users to get the new
interface.
You must upgrade back-end servers to Exchange 2003 as well
Interface matrix
Ex2000 FE + Ex2000 BE = Ex2000 OWA
Ex2003 FE + Ex2000 BE = Ex2000 OWA
Ex2000 FE + Ex2003 BE = Not supported (AG protected)
Ex2003 FE + Ex2003 BE = Ex2003 OWA
Ability to Reply and Forward to Messages and Posts in Public Folders is only enabled when the client is using a
front-end server. Forms-based authentication (FBA) is functional for deployments where the FE is Exchange
2003, but the mailbox is still on Exchange 2000. However, session timeouts are handled much better if the BE
are also Exchange 2003

134. What do you have to do to secure a Exchange server from being a relay?
135. When a full backup runs what does it do to the log files?
136. What the basic steps to recovering a Lost Exchange/DC server?
137.what are the component of exchange 2003?

138.what are the pre windows requirement of exchange? s

139.how to configure server to keep deleted item?
140.is it possible to install exchange wethout ads?
141.what is use of .net framework and asp.net in exchange?

Exchange 2003 Enterprise Questions

142. What is the maximum number of exchange sites in a domain?

143. what is the maximum number of Exchange sites can you run in a forest?
144.What is the maximum number of containers can you create in an exchange server enterprise?
145.How can you convert a server into Domain controller, where exchange is running on top? )-: Tricky one
146.Can you rename Exchange server? Why or Why not?
147.What is the difference speaking of ISinteg and EseUtil ?
Now here is the hard one
148.What event log shows up on the Exchange servers, shows available white space (1221)
149.What is an Mx record.
150.What are valid values for an Mx record? (IP, Glue, Cname?)
151.What happens if two mx records have the same preference? Different preference?
152.What is a TTL value? And why should I care?
153.What is the difference between EHLO and HELO?
154.How do front-end / back-end servers handle SMTP and OWA
155.How do you open a firewall to allow Outlook clients to get to the Exchange server (this is partially a trick
question. I want to see if they know that the ports can be statically mapped, but that it is a bad practice and
either OWA should be used or RPC over HTTP)

156.What is a good way to secure OWA servers that are accessible from the Internet (I'm looking for
reverse-proxy solutions)

157. Understanding of antivirus solutions, message scanning, and what type of software to
use on the server

158.Philosophy on service packs, updates, hotfixes, and scheduled maintenance

159. If clusters are involved, how to manage failovers, what can / can't

you run on a cluster (such as IS, MTA, SA, Chat, SRS, etc...), starting and stopping services,
updates/service packs, etc...

160. If you are monitoring your Exchange server, what 5 - 10 important things would you monitor and

how

often?
Ethical type questions, such as is it okay to look at other user's mail recreationally. (I have seen
admins fired for that)

several

161.Minimum permissions to create mailboxes? Move mailboxes? Delete mailboxes

162.Exchange and Active Directory interaction, especially knowledge of global catalogs
163. Testing / diagnosis approach to Exchange problems (TELNET, NSLOOKUP,
Port Query, DCDIAG, NETDIAG, etc...)

164.How would you get ExMerge running? Permissions required to run it to extract mail data.
165.Tell me about recipient policies and what the RUS does. What occasionally goes wrong with the

RUS during

infrastructure changes.
166.What would you do to make Exchange more resilient / available?

167.If a migration is involved, tell me about the ADC and the SRS functions.
168.Describe the IIS SMTP service. Others might be more concerned about architecture:
Describe how you'd configure a server for $number users.
169.Which is better? More databases in fewer storage groups or more storage groups with fewer
databases? Why?
Others might be more concerned about day to day user support:
Jane has gotten married, how would you modify her account? The CEO can't connect to Exchange,
he's
getting the error 'unable to open your default folder', what would you do to troubleshoot?

Troubleshoot 10 common Exchange problems

170.Users cannot access server If you users can not access your Exchange system, but your system and Exchange
services are running, there are several possible explanations. The first thing to check is that your network is
responding properly. If users do have lost network connectivity, you will need to check their overall connectivity
status, connectivity to other servers on the same switch as the Exchange server, also check the network controller in
your Exchange system and verify that the system has connectivity to elsewhere on your network. Another possible
reason for users not being able to connect to your Exchange system is if your Active Directory has stopped
authenticating users. If your users cannot authenticate, then they will not be able to log into your Exchange system.
171.Users messages are disappearing from their mailbox If messages are disappearing from users mailbox, one
common cause of this is the auto archive feature in Outlook. This happens when the PST file being archived to
becomes corrupt. To correct this you must find the PST, and run the ScanPST.exe tool (included with Outlook) to
repair the PST file.
172.A users account was mistakenly deleted from Active Directory, and now they cannot access their mail If a users
account has been deleted from Active Directory, their association to their mailbox is deleted. Normally, you can just
right click the mailbox in Exchange System Manager and reconnect the mailbox to a new account. If this option is not
available, you may need to run the Mailbox Cleanup on the Information Store containing the mailbox.

173.Outgoing mail is not being delivered, and is stuck in your queue If your outgoing mail is not being delivered, and is
stuck in your queue, the first corrective action you should take is to restart your SMTP service. If this does not work,
you should check your DNS resolution. Perform an nslookup (with type=mx) on your mail server, and see if you can
resolve several domains you commonly exchange mail with. If you cannot pull MX records for those domains, then
you should perform and IPCONFIG /FLUSHDNS to flush your DNS cache. If this does not work, then you will need to
begin troubleshooting your DNS infrastructure.
174.Mail is not being delivered to a Distribution List -If you have one (or more) distribution lists that are not receiving
mail that is being sent to them, you need to check that the group type in Active Directory has not been changed
from the group type Distribution to the group type Security.
175.Mail to a certain user is not being delivered, and a trace shows it as stopping at the step Submitted to Categorizer
If you have a message that is not being delivered, and a trace shows that it never goes past the step Submitted
to Categorizer it shows that Exchange is unable to determine what should be done with the mail. One common
cause of this, is that the message is being sent to a users contact. If this is the case, delete the contact and recreate
it. This will often correct the problem, as the contact has become corrupt.
176.Some users passwords are rejected when attempting to access your system through IMAP --If a users password
contains a special ASCII character (such as ), they will not be able to access IMAP. Passwords must contain only
standard characters and symbols to access IMAP.
177.SMTP Service keeps crashing-- If you SMTP service keeps crashing, the first thing you should do is to empty your
mail queues, then restart the service. Many times a corrupt piece of mail will cause the service to crash when it
attempts to process it.
178.After switching your outgoing mail to deliver to a smart host, you mail sits in your queue- This is due to a common
mistake when setting up smart hosts. The IP address of the smart host must be surrounded in brackets, such as
[192.168.1.1]. If you do not use the brackets, mail will not be delivered.
179.Your Exchange system must be restarted due to out of memory issues, when there is physical memory available-
In Exchange 2003, if your system has more than 1gb of physical ram, you must use the /3gb switch in the boot.ini
file. This will allow Exchange to address 3 GB of virtual address, and only 1 GB of virtual address space is allotted to
the operating system.
How to defragment Exchange databases
180.I am planning for offline defragmentation (store Wise). As per my understanding we require 110% free space w.r.t
the store size which need to be defragmented. But presently we have 50% free space only w.r.t store size. Can
someone pl. tell me some idea so that defrag will be possible for such stores for which free space is only 50%
instead of 110%
You can try the following options:
1. Copy the stores to another computer where there is enough space.
2. Specify the temporary path to another drive with the /t switch.
3. Specify the temporary path to a shared folder on another computer with the /t switch. (Really NOT recommended.
We are taking risk if the defragmentation cannot be finished successfully.)
Refer to the below link
328804.KB.EN-US How to Defragment Exchange Databases
http://support.microsoft.com/default.aspx?scid=KB;EN-US;328804

181.Checking the Exchange Service Pack Level

Follow the instructions provided below:
1. Open Windows Explorer and go to the install folder of the Exchange server.
2. From the BIN directory, search for and select STORE.exe.
3. From to the Explorer menu, select File > Properties to view the properties of STORE.exe. Alternatively, you can
right-click on STORE.exe to view the properties.
4.Select the Version tab to view the Exchange Service Pack Level of the Microsoft Exchange server.

182.HOW TO Configure Connectors to Reject Messages from Specific

1. Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
2. Expand the Administrative Groups object, expand the First Administrative Group object, expand the Routing
Groups object, and then expand the routing group that you want to work with.
3. Expand the Connectors container, right-click the connector that you want to work with, and then click Properties.
4. Click the Delivery Restrictions tab.
5. Under By default, messages from everyone are, make sure that Accepted is selected.
6. Under Reject messages from, click Add.

7. In the Select Recipient dialog box, click the users, contacts, and groups from which you do not want to accept
messages. All other senders are accepted automatically.
Note To select a group of recipients, press and hold the CTRL key while you select the recipients.
8. Click OK twice.
Note After you complete the procedure, enable restriction checking in the registry
[/u]
183.Recipients do not recieve a email when it was replied to all
We are using Exchange 2003 with sp1 , some user do not recieve an copy of email when it was replied to all also no
NDR is received. This problem can occur when a user clicks Reply to all in an e-mail message, and a recipient is
included whose e-mail address is malformed. For example, the e-mail address for one of the intended recipients may
contain a mismatched delimiter, such as only one of the following pairs of delimiters:
"",{},<>
Microsoft is having a hotfix for the same , please follow the below link to download the same
http://support.microsoft.com/kb/KB900719
184.New Features in Exchange Server 2003 SP 2
Storage - Database Size Limit Configuration and Management Video
Intelligent Message Filtering
Sender ID Filtering
Specifying the Servers to Exclude from Connection Filtering
Improved Offline Address Book Performance
Moving Public Folder Content to a Different Server
Manage Public Folders Settings Wizard
Synchronizing the Public Folder Hierarchy
Manually Stopping and Resuming Replication
Tracking Public Folder Deletion
Enabling/disabling MAPI Access for a Specific User
Enabling Direct Push Technology
Remote Wiping of Mobile Devices
Global Address List Search for Mobile Devices
Certificate-Based Authentication and S/MIME on Mobile Devices
Exchange Server 2003 SP2 Overview
Add even better protection, reliability, and easier administration as well as improved mobile messaging to your
Exchange Server 2003 messaging environment when used with compatible devices.
What Is SP2?
SP2 is a cumulative update that enhances your Exchange Server 2003 messaging environment with:
Mobile e-mail improvements
Better protection against spam
Mailbox advancements
Mobile E-Mail Improvements
SP2 offers a huge leap forward in mobility capabilities. With SP2, Exchange Server 2003 can offer a significantly
improved Microsoft Outlook experience on mobile devices as well as additional security and device control. As
always, the Exchange ActiveSync protocol does not require expensive software or outsourcing fees to access data on
your server running Exchange Server.
The mobility enhancements in SP2 give you:
New seamless Direct Push Technology e-mail experience. No longer is there a reliance on short message service
(SMS) to notify and ensure that your device automatically retrieves new e-mail from your Exchange server. SP2 uses
an HTTP connection, maintained by the device, to push new e-mail messages, calendar, contact, and task
notifications to the device.
Additional data compression. This translates to a faster experience when sending and receiving
messages and reduced sync times.
Additional Outlook properties. This includes support for task synchronization and pictures in your list of
contacts. In addition, you can now look up people by using the Global Address
List (GAL) over the air.
Greater control over device security. This includes:

Policy setting. Unlock a device with a password.

Local wipe. Decide how many incorrect logon attempts are permitted before your data might be at risk.
Remote wipe. Lost, stolen, or misplaced devices are never out of reach. You decide when its prudent to
reset devices remotely over the Web.Such policies help to ensure corporate data or applications
are not compromised when devices are lost or get into the wrong hands.
New optional support for certificate-based authentication. This eliminates the need to store corporate credentials on
a device.
Added support for Secure/Multipurpose Internet Mail Extensions (S/MIME). With S/MIME, you can sign and encrypt
messages coming to and from mobile devices.
For details about the other mobility features in Exchange Server 2003, see New Mobility Features in Exchange Server
2003 SP2.
Most mobile e-mail improvements, with the exception of support for tasks and for pictures in contacts lists, require
that your device or the software on the devices be compatible with Exchange Server 2003 SP2. Windows Mobilebased devices require the Messaging and Security Feature Pack f or Windows Mobile 5.0.
Licensees of the Exchange ActiveSync protocol can take advantage of these improvements through updates to their
messaging applications or devices. The roadmap for those devices is owned and managed by the licensee.
Better Protection Against Spam
SP2 delivers improved protection against spam to help ensure a secure and reliable messaging environment,
including:
Updated and integrated Exchange Intelligent Message Filter. Based on the same patented SmartScreen filtering
technology developed by Microsoft Research and now incorporated in Microsoft Office Outlook 2003, MSN Internet
Software and Services, and MSN Hotmail, SP2 incorporates the latest data and updates to the Exchange Intelligent
Message Filter. Improvements to this filter ensure a continued focus on identifying spam and reducing false positives.
These updates include new capabilities in the fight against spam including blocking phishing schemes. Phishing
schemes attempt through deception to fraudulently solicit sensitive personal information by masquerading as
legitimate Web sites.
New support for Sender ID e-mail authentication protocol. This new feature further helps prevent unwanted mailbox
phishing and spoofing schemes by verifying the IP address of the e-mail sender against the purported owner of the
sending domain. Spoofing attacks occur when one person or program is able to masquerade successfully as another
to gain access to personal e-mail messages. The result of the Sender ID check is used as input to the Exchange
Intelligent Message Filter. The sender must have registered a list of the valid IP addresses in DNS for accuracy. To
learn more about Sender ID, see the Sender ID page on the Microsoft Safety site.
Sender ID framework

Mailbox Advancements
Drive down operational costs and the complexity of your messaging environments with advances such as:
Increase in mailbox storage size limits to 75 gigabyte (GB) for Exchange Server 2003 Standard Edition in response
to your feedback and evolving mailbox storage needs.
New offline address book format offers significantly improved performance particularly when Outlook clients are
operating in cached mode.
Cached mode enforcement with added flexibility. You can grant access to a user who has configured Microsoft Office
Outlook to run in cached mode, but deny access otherwise. This new feature is especially beneficial to organizations
seeking to further site and server consolidation by taking advantage of the performance improvements enabled by
cached mode.

Finer controls for public folders, including better replication and permissions management, safe removal of servers,
and folder deletion logging to increase administrative efficiency.
Full support for Novell GroupWise 6. x connectors and migration tools.
Iberian and Brazilian Portuguese spelling checker for Microsoft Office Outlook Web Access.

4. What is the new major feature introduced in Exchange 2003, which was not included in Exchange
2000?
5. How can you recover a deleted mail box ?
7. What are the port Numbers for pop3, imap, smtp port, smtp over ssl, pop3 over ssl, imap over ssl ?
8. Difference between Exchance 2003 and 2007?
9. what is RPC over Http ?
10. What is required for using RPC over Https with MS Outlook ?
11. If you have deleted the user, after you recreated the same user. How you will give the access of
previous mail box ?
12. What are the prequisite for installation of Exchange Server ?
13. What is the use of NNTP with exchange ?
14. If NNTP service get stoped, what features of exchange will be effected ?
15. Which protocol is used for Public Folder ?

51. What are administrative templates? 52. What's the

difference between software publishing and assigning? 53.
Can I deploy non-MSI software with GPO? 54. You want to
standardize the desktop environments (wallpaper, My
Documents, Start menu, printers etc.) on the computers in one
department. How would you do that?
Answer What
When
#2

are application partitions?

do I use them
Application Directory
Partition is a partition
space in Active Directory which an
application can use to
store that application specific
data. This partition is
then replicated only to some
specific domain controllers.
The application directory partition
can contain any type of
data except security principles
(users, computers, groups).

Premkumar

Technical Interview Questions? 7. Can a workstation computer be configured to

browse the Internet and yet NOT have a default gateway? 8. What is a subnet?
9. What is APIPA? 10. What is an RFC? Name a few if possible (not
necessarily the numbers, just the ideas behind them) 11. What is RFC 1918? 12.
What is CIDR? 13. You have the following Network ID: 192.115.103.64/27.
What is the IP range for your network? 14. You have the following Network ID:
131.112.0.0. You need at least 500 hosts per network. How many networks can
you create? What subnet mask will you use? 15. You need to view at network
traffic. What will you use? Name a few tools 16. How do I know the path that a
packet takes to the destination? 17. What does the ping 192.168.0.1 -l 1000 -n
100 command do? 18. What is DHCP? What are the benefits and drawbacks of
using it? 19. Describe the steps taken by the client and DHCP server in order to
obtain an IP address. 20. What is the DHCPNACK and when do I get one?
Name 2 scenarios. 21. What ports are used by DHCP and the DHCP clients? 22.
Describe the process of installing a DHCP server in an AD infrastructure. 23.
What is DHCPINFORM? 24. Describe the integration between DHCP and
DNS. 25. What options in DHCP do you regularly use for an MS network? 26.
What are User Classes and Vendor Classes in DHCP? 27. How do I configure a
client machine to use a specific User Class? 28. What is the BOOTP protocol
used for, where might you find it in Windows network infrastructure? 29. DNS
zones describe the differences between the 4 types. 30. DNS record types
describe the most important ones. 31. Describe the process of working with an
external domain name 32. Describe the importance of DNS to AD. 33. Describe
a few methods of finding an MX record for a remote domain on the Internet.
34. What does "Disable Recursion" in DNS mean? 35. What could cause the
Forwarders and Root Hints to be grayed out? 36. What is a "Single Label
domain name" and what sort of issues can it cause? 37. What is the "inaddr.arpa" zone used for? 38. What are the requirements from DNS to support
AD? 39. How do you manually create SRV records in DNS? 40. Name 3
benefits of using AD-integrated zones. 41. What are the benefits of using
Windows 2003 DNS when using AD-integrated zones? 42. You installed a new
AD domain and the new (and first) DC has not registered its SRV records in
DNS. Name a few possible causes. 43. What are the benefits and scenarios of
using Stub zones? 44. What are the benefits and scenarios of using Conditional
Forwarding? 45. What are the differences between Windows Clustering,
Network Load Balancing and Round Robin, and scenarios for each use? 46.
How do I work with the Host name cache on a client computer? 47. How do I
clear the DNS cache on the DNS server? 48. What is the 224.0.1.24 address
used for? 49. What is WINS and when do we use it? 50. Can you have a
Microsoft-based network without any WINS server on it? What are the
"considerations" regarding not using WINS? 51. Describe the differences
between WINS push and pull replications. 52. What is the difference between
tombstoning a WINS record and simply deleting it? 53. Name the NetBIOS
names you might expect from a Windows 2003 DC that is registered in WINS.
54. Describe the role of the routing table on a host and on a router. 55. What are
routing protocols? Why do we need them? Name a few. 56. What are router
interfaces? What types can they be? 57. In Windows 2003 routing, what are the
interface filters? 58. What is NAT? 59. What is the real difference between NAT
and PAT? 60. How do you configure NAT on Windows 2003? 61. How do you
allow inbound traffic for specific hosts on Windows 2003 NAT? 62. What is
VPN? What types of VPN does Windows 2000 and beyond work with natively?
63. What is IAS? In what scenarios do we use it? 64. What's the difference
between Mixed mode and Native mode in AD when dealing with RRAS? 65.
What is the "RAS and IAS" group in AD? 66. What are Conditions and Profile
in RRAS Policies? 67. What types or authentication can a Windows 2003 based