Useful

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 30

BASIC

01

What is Exchange 2003 Forestprep?

Exchange 2003 Forestprep extends the AD schema to include Exchange specific information.

02

What is Exchange 2003 Domainprep?

Exchange 2003 Domainprep creates the groups and permissions necessary for Exchange servers to read and
modify user attributes.

03

What is a DC?

A DC is a Windows 2000 or 2003 Domain Controller that holds active directory partitions for a domain (used
for things like user authentication).

04

What is a GC?

A GC is a Global Catalog Server. A GC holds a full set of attributes for the domain in which it resides and a
subset of attributes for all objects in the Active Directory Forest.
05

What is DDNS and why do I need it?

Dynamic DNS (described in RFC 2136) allows servers to dynamically update and create records in DNS.
Dynamic DNS is used by the Exchange server to create server records and other entries used by the Exchange
Servers for things like message routing. In a simple Exchange organization, DDNS is not strictly necessary, but
makes administration much easier.

06

What is a border server?

A border server is an Exchange server that communicates with external servers. In a single server
organization, your server is by default a border server. In a multi-server configuration, you may have one or
more dedicated servers that communicate directly or indirectly with foreign servers and then pass the mail
to other internal Exchange servers.

07

What is a mixed mode Exchange environment?


An Exchange environment which contains Exchange 2003 or Exchange 2000 and Exchange 5.5 servers.
08

How does an Exchange 5.5 site compare to an Exchange 2003 Routing Group or Administrative Group?

In a mixed mode Exchange environment the Exchange 2003 Administrative Group and Routing Group
correspond to the Exchange 5.5 site. In a native Exchange 2000 environment, the Administrative Group is a
group of Exchange objects sharing a common set of permissions and routing groups define how those servers
communicate with one another. A single Administrative Group can contain several Routing Groups. Example:
Your North American Exchange servers might be grouped in a single Administrative Group, but subdivided
into several Routing Groups to optimize interserver communication. An Administrative Group contains zero
or more Routing Groups.

09

Where’s the Instant Messaging Server?

The Exchange Instant Messaging Service is being replaced by the Microsoft Office Real-Time Communications
(RTC) server. It is no longer a component of the Exchange Server. For more information, see
http://www.microsoft.com/office/preview/rtcserver/.

10

What is OMA?

Outlook Mobile Access and Exchange Server ActiveSync features, formerly found in Microsoft Mobile
Information Server 2002, are now built-in with all Exchange Server 2003 Standard installations.

Complementing the Outlook 2003 and Outlook Web Access mobile improvements, Outlook Mobile Access and
Exchange Server ActiveSync help enable secure corporate e-mail on a range of mobile devices including
browser-based mobile phones, Microsoft Windows Powered Pocket PC, and Microsoft Windows Powered
Smartphone devices.

Adding this functionality to the core Exchange Server 2003 product reduces the need to deploy additional
mobile server products in the corporate environment, thus lowering the total cost of ownership.

11

Why should I go to Exchange 2003 now?

There are several reasons. A few are:

1.     Opportunity for Server Consolidation From Exchange 5.5 and Exchange 2000 because you can get more
mailboxes on an Exchange 2003 Server.

2.     Better security features. The server is secure by default and has added things like automatic logoff for
an inactive OWA session, Connection filtering, and has more junk mail features like real-time blacklists.

3.     Availability enhancements such as End-to-End Outlook Monitoring, Improvements in ESM, Mailbox
Recovery Center, and a Recovery Storage Group.

4.     Increase in Mobile device support for Pocket PC’s, Pocket PC Phones and Microsoft Windows®-powered
Smartphones.
12

What are the differences between Exchange 2000 and Exchange 2003?

Some features that are new in Exchange 2003 are:

Volume Shadow Copy Service for Database Backups/Recovery

Mailbox Recovery Center

Recovery Storage Group

Front-end and back-end Kerberos authentication

Distribution lists are restricted to authenticated users

Real-time Safe and Block lists

Inbound recipient filtering

Attachment blocking in Microsoft Office Outlook Web Access

HTTP access from Outlook 2003

cHTML browser support (i-Mode phones)

xHTML (Wireless Application Protocol [WAP] 2.0) browser support

Queues are centralized on a per-server basis

Move log files and queue data using Exchange System Manager

Multiple Mailbox Move tool

Dynamic distribution lists


1,700 Exchange-specific events using Microsoft Operations Manager (requires Microsoft Operations
Manager)

Deployment and migration tools

13

What is the difference between Exchange 2003 Standard and Exchange 2003 Enterprise editions?

Standard Edition

16 GB database limit

One mailbox store

One public folder store

NEW: Server can act as a front-end (post-Beta 2)

Enterprise Edition

Clustering

Up to 20 databases per server

X.400 Connectors

Both Editions support features such as:

Database snapshot

OMA and ActiveSync

AirMAPI

Recovery Storage Group

Exchange Management Pack for MOM


Note: It is not possible to in-place upgrade Exchange 2000 Enterprise Edition to Exchange 2003
Standard Edition.
14

What’s the difference between Exchange 2003 and Windows 2003?

Windows Server 2003 provides significant enhanced functionality that Exchange 2003 takes advantage of:

Outlook HTTP access


IIS 6.0 and Windows RPC Proxy service in Windows Server 2003 enable communication between Outlook
2003 and Exchange Server 2003 by means of HTTP. Outlook 2003 users can synchronize directly with the
server running Exchange Server 2003 over a HTTP or HTTPS connection.

Internet protocol support


IIS 6.0 provides Exchange with its support for many common Internet access protocols that increase the
flexibility of the operating system, such as HTTP, Post Office Protocol version 3 (POP3), Internet Message
Access Protocol version 4 (IMAP4), and Simple Mail Transfer Protocol (SMTP).

Active Directory
Windows provides Active Directory, upon which Exchange depends for user information, mail routing
information, user authentication, and LDAP read and write functions.

Support for clustering


Exchange Server 2003 provides better support for clustering, which enables high availability of a company’s
infrastructure. Customers can choose to run up to 8-node clusters, with at least one passive node, when
running Exchange 2003 on Windows Server 2003, Enterprise Edition. (In Windows 2000 Advanced Server,
clustering was limited to two nodes, one active and one passive; if a company chose to run Windows 2000
Datacenter Server, clustering was limited to four nodes.)

Volume Shadow Copy service


This and Virtual Disk Service are part of a storage framework that provides heterogeneous interoperation of
storage hardware, storage software, and applications. Exchange 2003 writes to the Volume Shadow Copy
service on Windows Server 2003, reducing dramatically the backup and restore times for Exchange
messaging environments. This enables IT departments to support greater numbers of users per server and
reduces the total number of servers running Exchange in their environment.

SETUP/UPGRADE

01

How can I merge multiple directories to create a unified Exchange organization?

Microsoft‘s Meta-Directory Services (MMS)

HP’s LDAP Directory Synchronization Utility

CPS Systems’ SimpleSync

ADSI (code, code code)


02

Can I upgrade from the evaluation edition of Exchange 2003 Enterprise Server to the RTM standard
version of Exchange 2003 Server?

No this is technically a downgrade from enterprise to standard. You can only upgrade the evaluation version
of Exchange 2003 Enterprise to Exchange 2003 Enterprise RTM.
03

How can you tell how many days remain until the evaluation copy of Exchange 2000 Server expires?

The Exchange Server Setup Progress Log includes the date on which the Exchange server was installed. Take
the difference between that date and today’s date and subtract it from 120 to determine how many days
remain in your evaluation.
04

My evaluation version has expired! Are my databases toast?

No. Install a full version of Exchange 2000 Enterprise and you can continue to use your existing databases.
05

I plan to run Exchange in a hosted environment, where can I find information on how to configure my
Exchange server to host multiple companies

06

What happened to the M: drive?

The EXIFS (M: drive) feature has been disabled by default. If the feature is still needed, it can be assigned to
an available drive letter with a registry setting.
07

Can Exchange 5.5 or Exchange 2000 run on Windows 2003?

NO. Windows 2003 uses IIS 6.0, which has been re-engineered to keep up with best practices and industry
standards. Windows 2003 has an IIS 5.0 compatibility mode, however, it is not compatible with Exchange 5.5
or Exchange 2000. Therefore, neither Exchange Systems are compatible with Windows 2003.
08

Can I run Exchange 2000 with an AD infrastructure with Windows 2003 DC’s?

YES, all exchange versions will run in an AD 2003 environment. Exchange 2000 will benefit from some of the
new features in AD 2003 and Exchange 5.5 has an ADC specifically for an Exchange 5.5/ AD 2003
environment. If AD 2000 is upgraded to AD 2003, the ADC will need to be upgraded also.*
09

Can I upgrade Exchange 2003 Beta 2 to RTM?

NO. Microsoft will not support any deployment of Beta 2 into a production environment. Their official
position is, “Exchange 2003 Beta 2 should not be deployed in a production environment. You can deploy
Exchange 2003 Beta 2 in a test environment only.

10
Can I upgrade Exchange 5.5 in place to Exchange 2003?

NO. In place upgrades to Exchange 2003 must already be Exchange 2000 SP3 and Windows 2000 SP3 or later.
The only upgrade paths from 5.5 to 2003 are; an in place upgrade to Exchange 2000 then an in place upgrade
to Exchange 2003 or the leap frog migration which requires another server.

11

How should I upgrade from Exchange 5.5 to Exchange 2003?

Since Exchange 5.5 can not be upgraded in place, The Active Directory should be upgraded to AD 2003, setup
the new ADC and then install a new Exchange 2003 server. Then move users from 5.5 to 2003.

12

Where’s the Instant Messaging Server?

The Exchange Instant Messaging Service is being replaced by the Microsoft Office Real-Time Communications
(RTC) server. It is no longer a component of the Exchange Server.

13

What are the Supported FE/BE scenarios? (i.e. E2003 FE with E2k BE etc.)

It is not sufficient to simply upgrade front-end servers to Exchange 2003 for users to get the new interface.

You must upgrade back-end servers to Exchange 2003 as well

Interface matrix

Ex2000 FE + Ex2000 BE = Ex2000 OWA


Ex2003 FE + Ex2000 BE = Ex2000 OWA
Ex2000 FE + Ex2003 BE = Not supported (AG protected)
Ex2003 FE + Ex2003 BE = Ex2003 OWA

Ability to Reply and Forward to Messages and Posts in Public Folders is only enabled when the client is using
a front-end server. Forms-based authentication (FBA) is functional for deployments where the FE is Exchange
2003, but the mailbox is still on Exchange 2000. However, session timeouts are handled much better if the
BE are also Exchange 2003

14

What do I need to get RPC over HTTP working?

Client

Outlook 2003, Windows XP with Service Pack 1 + Q331320

Server-side

Exchange 2003 on Windows 2003 for FE (if FE is deployed)


Exchange 2003 on Windows 2003 for BE

Exchange 2003 on Windows 2003 for Public Folders

Exchange 2003 on Windows 2003 for System Folders

Windows 2003 for Global Catalog server

When used with the Microsoft Windows Server 2003 RPC Proxy Service and Exchange 2003, Outlook 2003
clients can connect simply using HTTP or HTTPS, thereby reducing the need for virtual private networks
(VPNs) or dial-up remote access. If remote users only need to gain access to corporate messaging
information, your IT department may not need to deploy VPN infrastructure. VPN-less access reduces costs
and provides for increased security by ensuring that remote Outlook users don’t need access to the entire
network.

15

What do I need in order to install Exchange 2003?

A partial list includes:

DNS (preferably DDNS)

Active Directory 2000 or 2003

Permissions to update the Schema

Hardware sufficient to run Exchange 2003

Windows 2000 SP3 applied to all DCs, GC, and all (future) E2K2 servers, or Windows 2003.

16

I’m running Exchange 5.5 and would like to upgrade to Exchange 2003. Can I upgrade directly?

No. The only supported upgrade in place is from Exchange 2000 SP3 or later. You would need to first upgrade
your Exchange 5.5 server to at least Exchange 2000 SP3 and then upgrade in place to Exchange 2003.
Another option is to exmerge out your current users and exmerge them into an Exchange 2003 server. And
the only other option is called the leap frog migration. You configure the Active Directory Connector (ADC)
for Exchange 2003 between the Active Directory and Exchange 5.5 Directory Service. Install a new Exchange
2003 server into the enterprise and move the Exchange 5.5 users to Exchange 2003.
17

Can I install Exchange 2003 on Windows 2000 server?


Yes, but Windows 2000 must have SP3 loaded first.
18

Can I rename or move the default groups created by Exchange during domainprep and forestprep?

Only if you want to horribly break your Exchange installation.

19

What are the minimum hardware requirements for Exchange 2003?

The minimum practical hardware requirements in our experience are 1.25 times the disk space one would
allocate under Exchange 2000, 1GB RAM (4GB minimum if the Exchange server also serves any other
function) and the fastest processor(s) you can afford.

20

Am I better off with one really fast processor or two somewhat slower processors?

You’re better off with two really fast processors. But, with all other things being equal, two processors are
better than one with Exchange 2003. In most instances, a 2-processor machine would be preferable.

21

Can I have multiple Exchange 2003 organizations in a single forest?

No. Only a single E2K3 organization can exist within a single forest. Delegation of administration within the
organization can be accomplished using OUs in AD and Administrative/ Routing Groups in the Exchange
system manager.

22

Can an Exchange 2003 organization span multiple forests?

No. All domains in a forest share a common schema and the Exchange organization exists within this
configuration naming context. The GC, which provides the Global Address List is populated only with items
within the forest
23

What ports does Exchange use?

A partial list of the ports your Exchange server might use is included below

25 SMTP

53 DNS

80 HTTP
88 Kerberos

102 X.400

110 POP3

119 NNTP

135 RPC

137 – NetBIOS Session Service

139 – NetBIOS Name Service

143 IMAP4

379 LDAP (SRS)

389 LDAP

443 HTTP (SSL)

445 – NetBIOS over TCP

465 SMTP (SSL)

563 NNTP (SSL)

636 LDAP (SSL)

691 LSA

993 IMAP4 (SSL)


994 IRC (SSL)

995 POP3 (SSL)

1503 T.120

1720 H.323

1731 Audio conferencing

1863 – MSN IM

3268 GC

3269 GC (SSL)

6001 Rpc/HTTP Exchange Store

6002 HTTP Exchange Directory Referral service

6004 Rpc/HTTP NSPI Exchange Directory Proxy service/Global Catalog

6667 IRC/IRCX

6891 – 6900 – MSN IM File transfer

6901 – MSN IM Voice

7801 – 7825 – MSN IM Voice


24

Exchange Group Policy Notes, what should I do?

A: Do Not delete the Default Domain Policy or Default Domain Controller Policy in your Active Directory.

The Exchange domain prep operation targets a policy with GUID 6AC1786C-016F-11D2-945F-00C04fB984F9 for
its operations. If it doesn’t find it, domain prep will fail.
ADMINISTRATION

01

What happened to the M: drive?

The EXIFS (M: drive) feature has been disabled by default. If the feature is still needed, it can be assigned to
an available drive letter with a registry setting.

02

Do I need Windows XP to use Outlook RPC over HTTP?

Yes. Windows XP with Service Pack 1 + KB331320

03

When will Exchange 2003 SP1 be available?

When it is ready

04

How do I configure the Recovery Storage Group?

In Exchange 2003, there is a new feature called the “Recovery Storage Group” (RSG). This is a special
instance of ESE (a 5th instance) which can be spun up to provide:
a. Item/Folder/Mailbox level restore without the need for a spare server
b. “Dial tone” (blank mailbox) support if you lose a database and need to get the users quickly up and
running for send/receive

To create the RSG, go into Exchange 2003 ESM, right-click on your server object and choose to create a new
Recovery Storage Group.
Once the RSG exists, you can add a database to it (any MDB from any Storage Group from any server inside
the same Admin Group). Then, use NTBackup or similar to restore a backup into the RSG. Now, you can use
ExMerge to extract the data from the RSG and merge it into the production database (for scenario a.), or you
can swap the RSG-restored database for the temporary production database (for scenario b).

One of the goals for the Recovery Storage Group

05

Under Exchange 5.5 I couldn’t restore a single mailbox without 3rd party products. With Exchange 2003,
is it any easier to restore a single mailbox or back up a single mailbox?

Yes and no. Under Exchange 2003, a mailbox is not deleted immediately when a Windows account is deleted.
Although restores have been greatly improved with the new Recovery Storage Group (RSG) and the Volume
Shadow Copy Service, there is no built in mechanism for backing up a single Exchange mailbox. This would
still require a 3rd party brick level backup utility.
06

Can I back up the EXIFS drive using NT Backup or another backup application?
You can, but you will be sad. Do NOT back up the EXIFS drive of an Exchange 2003 server. It can result in
messages and attachments being inaccessible via the Outlook client.

07

How can I prevent a user from sending and receiving Internet mail?

Follow the steps outlined below:

1.     Create a group called InternalOnly.

2.     Create a recipient policy that gives them a fake SMTP address. i.e. @fake.domain. Leave the X400
address alone so they can receive internal mail.

3.     Drill down through Routing Groups > Group Name > Connectors > SMTP internet connector(s), choose its
properties. Choose the Delivery Restrictions tab, and under “reject”, add this group. Do this for each
connector.

4.     Follow the steps in KB277872, regarding Connector Restrictions.


[Now they can't use the SMTP connector(s) to send external mail]
08

What tools are used to administer Exchange 2003?

Active Directory Users & Computers – Used to create users, distribution groups and contacts.

Exchange System Manager – Used to manage the Exchange Server, create address lists, recipient policies,
and now does some user level actions…
09

Can I use Exchange 2000 tools to manage Exchange 2003 Servers?

No, the property sheets of the 2003 servers will appear as read-only. You should avoid using Exchange 2000
ESM in environments where Exchange 2003 is installed. Not only will you not be able to access new Exchange
2003 features, but there is also the risk of damage to new objects that Exchange 2000 does not understand.
If you must continue to use Exchange 2000 ESM, apply the latest Exchange 2000 SP3 roll-up to your Admin
workstation(s) – http://microsoft.com/downloads/details.aspx?FamilyId=E247C80E-8AFA-4C2A-96B3-
F46D1808C790&displaylang=en

The roll-up includes support for the msExchMinAdminVersion attribute (also known as ESM versioning).
Essentially, each Exchange object in the AD is stamped with a minimum admin version. If ESM detects that
the data value is greater than the version of ESM running, it will not allow edits to that object.

10

Can I use Exchange 2003 tools to manage Exchange 5.5 and Exchange 2000 Servers?

Yes, with the exception of the following Exchange 2000 components; Key Management Server, Exchange
Instant Messaging, Chat, MS-Mail / Schedule+ / DirSync / cc:Mail Connectors

11
I created a user in AD Users and Computers, but in the Exchange system manager it doesn’t appear
under Mailbox Store | Mailboxes. What did I do wrong?

Probably nothing. A mailbox will not appear under Mailbox Store | Mailboxes until either someone has logged
into the mailbox or the mailbox has received a mail message. Some administrators send a welcome message
to a mailbox shortly after it has been created, which would cause it to appear.

12

I created a secondary Public Folder Hierarchy, but only the original public folder hierarchy appears in
Outlook.

Current versions of Outlook only support a single public folder hierarchy. Secondary Public Folder hierarchies
can be accessed with the web.

13

In Exchange 5.5, I could have multiple mailboxes associated with a single user account. How do I do that
in Exchange 2003?

Exchange 2003 requires a user object for each mailbox. You can create a disabled user object, associate a
mailbox with it, and then grant another user object ‘receive as’ and ‘send as’ permissions to that mailbox.

14

What is the difference between ‘receive as’ and ‘send as’?

‘Receive as’ allows a user object to open a mailbox. ‘Send as’ allows a user to send out a mail message as
the mailbox that has been opened.

15

How do I restrict a user or domain from sending mail to my users?

First, add the address or domain you wish to filter to the Filtering Tab of the Message Delivery Global
Settings. Next, you need to apply the filter to the SMTP virtual server you wish to filter. (Administrative
Group | Server | Protocols | SMTP | <SMTP Virtual Server> | Properties | Advanced | <select the IP address
for which you wish to enable filtering> | Edit | Apply Filter). Normally, you would only want to apply
message filtering to the border SMTP servers (servers that communicate directly with External servers).
16

I’ve created more than one address list. Which list will users see for their GAL?

The following criteria are used when determining what a client will see for the Global Address List.

Which Address List do you have permissions to see?

Which Address List contains your mailbox object as an entry?

If your mailbox appears as an object in more than one address list:


Which of the remaining Address Lists contains more entries?

17

What do the event IDs mean in the message tracking log?

They are listed in Appendix A

18

Is Single Instance Storage maintained when moving users between servers | storage groups | databases?

Yes…

19

In my native E2K3 organization is there any requirement for RPC connectivity between servers?

In order to move users between servers, RPC connectivity is required.

20

How can I archive messages sent or received by my users?

1.     Messages can be archived on a per store basis by enabling the option on the general properties tab of
the Mailbox Store in the Exchange System Manager.

2.     Use an event sink (either write your own or use the simple one provided by Microsoft and described in
“Archive Sink Readme.txt”

3.     Use a 3rd party message archival tool.


21

Why when I try to add an additional mailbox store do I receive the following error? This storage group
already contains the maximum number of stores allowed. ID no: c1034a7a

You are running the standard version of Exchange 2003 which is limited to a single 16GB private information
store.
22

How do I get the Exchange Advanced Tab in Active Directory Users and Computers?

Open Active Directory Users and Computers. Click on the View menu item at the top of the application.
Select “Advanced Features” on the menu list. When you open a property page for an Active Directory object
that has a mailbox associated with it, you will now see the “Exchange Advanced” tab at the top.
23

How do I control the format of the addresses before the @ sign in a recipient policy?

You can use the following variables: %g Given Name, %s Surname, %i initials in the recipient policy.
Examples:

User: Tommy Lee Jones


Domain: company.com

%g.%[email protected] = [email protected]
%1g%[email protected] = [email protected]
%g%[email protected] = [email protected]

Less commonly used variables include, %m (alias) and %d (display name).

24

How do I make Exchange automatically send a welcome message to all newly created users?

There is nothing in the product that will do this. You can create a WELCOME.MSG that you deploy with
Outlook, but that only applies the first time Outlook is opened after creating a new profile. Otherwise, you
could script mailbox creation and send a message at the end of the script.

25

Is there any way to append a text message to all out bound email for Exchange 2003?

On a single Exchange server deployment, there is no 100% reliable way to accomplish this with an SMTP
Transport Event Sink; even though KB273233 suggests that creating a second SMTP Virtual Server works.
However, at startup the Exchange Information Store binds to the SMTP Virtual Server that starts first and you
can not rely on the routing of the mail from SMTP VS 1 to SMTP VS 2 as the KB273233 proposes. Also note
that under special circumstances the database can become corrupted if you use an SMTP Transport Event
Sink to manipulate outgoing (MAPI) message contents. This is currently under investigation by Microsoft and
a QFE to prevent the store corruption is under development. ****

There are 3rd party products that will do this too.


26

How do I add a disclaimer to outgoing SMTP messages in Visual Basic/Visual Basic Script?

You can do it, however, see there are limitations. It reliably works only on a border server, which can be
either a Windows 2000 or 2003 SMTP Server with or without Exchange 2000/2003 installed. For more
information, see KB317327 and KB317680

27

How can you tell the exact version of Exchange you are running?

Here is a list of build numbers for Exchange 2000/2003:

Exchange 2000

4417.5 = Exchange 2000 RTM

4712.7 = Exchange 2000 SP1


5762.4 = Exchange 2000 SP2

6249.4 = Exchange 2000 SP3

6396.1 = Exchange 2000 Post-SP3 Super Roll-up

63xx/64xx = Exchange 2000 Post-SP3 Hotfixes

Exchange 2003

6728.12 = Exchange 2003 Beta 1

6803.8 = Exchange 2003 Beta 2

6851.10 = Exchange 2003 Release Candidate 0

6895.5 = Exchange 2003 Release Candidate 1 (Candidate)

28

How do I add a disclaimer to outgoing SMTP messages in Visual Basic?

How To: Add a Disclaimer to Outgoing SMTP Messages in Visual Basic – KB317327

29

Resource / Conference room scheduling

Outlook 2003 offers basic resource booking functionality through Direct Booking. For more information refer
to “Direct Booking of Resource Without a Delegate Account”

There are 3rd party products such as Exchange Resource Manager and AutoAccept Sink for Exchange that
will automatically accept/decline meeting requests for conference rooms and other resources.

31

How do I find an SMTP mail address in Active Directory if Active Directory Users and Computers tells me
it is in use when I try to create a new user?

Either open Outlook to create a new message with that SMTP address and hit “CTRL+K” to resolve it, or use
a Windows Scripting Host script to find it. For the latter, see
http://www.cdolive.net/download/adusermanagement.zip (look for FindUserWithADSI.wsf and
FindUserWithCDO.wsf)
32

How do I Enable the Security Tab for the Organization Object?

This tab is not enabled by default. For instructions on how to enable it see KB264733

33

How do I restrict users from Creating Top-Level Folders?

For Exchange 2000 public folders, you can follow the instructions in this article KB256131. But with
Exchange 2000, however, any time a new server is added to the organization, these permissions will be
reset.

In Exchange 2003 these permission are restricted by default so to install Exchange 2003, you will
automatically restrict them.

“Allow create top-level public folder access control entry for everyone” permissions and “allow anonymous
logon from the organization container” permissions are removed during the installation of Exchange
2003.*****

34

Why do the storage quota settings not take effect immediately?

This problem has been fixed in AN Microsoft Exchange 2000 Server Post-Service Pack 3 MDB patch. For more
information see KB327378

35

How do I limit which Outlook client versions can access my server?

You need to create the Disable MAPI Clients registry value to disable MAPI client access. For more
information, see KB288894

37

How do I disable the “Automatically update e-mail addresses based on recipient policy” on all users or
contacts?

‘ Default setting for “msExchPoliciesExcluded” is empty


‘ Once disabling the automatic e-mail address update it is:
‘ “{26491CFC-9E50-4857-861B-0CB8DF22B5D7}”

‘ Default setting for “msExchPoliciesIncluded” is:


‘ “{26491CFC-9E50-4857-861B-0CB8DF22B5D7}” plus a unique GUID for each applied Recipient Policy
separated by a comma
‘ And after turning off the automatic update “msExchPoliciesIncluded” is only:
‘ “{26491CFC-9E50-4857-861B-0CB8DF22B5D7}”

Migration

01
Can I use Exchange 2003′s OWA to access a mailbox on an Exchange 5.5 or Exchange 2000 server?

Yes and No. Exchange 2003 can access a 2000 back-end server however, it will remain the same as Exchange
2000 OWA. As for Exchange 5.5, the enhanced OWA is built directly into the store technology and only a
mailbox residing on an Exchange 2003 server can be accessed using the enhanced OWA interface. Nice try,
though.

02

Can I use Exchange 5.5′s OWA to access a mailbox on an Exchange 2003 server?

Yes. But you will not get the look and feel or the added features from the 2003 servers.

03

How do I remove the ADC after moving all of my users to an Exchange 2003 server?

First, you need to use the Exchange 5.5 Admin program to delete the directory replication connectors (Org |
Site | Configuration | Connections). Once you have deleted the connections, you need to be logged on with
an account with Schema Admin privileges to delete the ADC connector.

04

How many Global Catalog servers should I deploy?

There is no hard and fast rule in this regard. Some potential guidelines include:

1.     At least 1 per routing group

2.     One for every 4 Exchange servers in a routing group

3.     One (or more) for each physical location

Transport

01

What additional queues have been exposed?

All the system queues like the failed message retry queue, DNS messages pending submission, and messages
queued for deferred delivery are now exposed to enhance trouble shooting.

02

Is there any way to append a text message to all out bound email for Exchange 2003?

On a single Exchange server deployment, there is no 100% reliable way to accomplish this with an SMTP
Transport Event Sink; even though KB273233 suggests that creating a second SMTP Virtual Server works.
However, at startup the Exchange Information Store binds to the SMTP Virtual Server that starts first and you
can not rely on the routing of the mail from SMTP VS 1 to SMTP VS 2 as the KB273233 proposes. Also note
that under special circumstances the database can become corrupted if you use an SMTP Transport Event
Sink to manipulate outgoing (MAPI) message contents. This is currently under investigation by Microsoft and
a QFE to prevent the store corruption is under development. ****
There are 3rd party products that will do this too.

03

How do I add a disclaimer to outgoing SMTP messages in Visual Basic/Visual Basic Script?

You can do it, however, see there are limitations. It reliably works only on a border server, which can be
either a Windows 2000 or 2003 SMTP Server with or without Exchange 2000/2003 installed. For more
information, see KB317327 and KB317680

04

Can I view the queues on a per server basis?

Yes, in the new Queue Viewer in the Exchange 2003 System Manager.

05

How do I move SMTP queues and badmail directories?

Exchange 2003 allows you to change the location of queue directories for SMTP virtual servers and X.400.

The Directions are in the document entitled “Exchange Titanium Getting Started Guide”
06

What do the various queue names mean?

DNS messages pending submission – Contains delivery status notifications (DSN), also known as non-delivery
reports that are ready to be delivered by Exchange. The Delete All Messages (no NDR) and Delete All
Messages (NDR) functions are unavailable for this queue.

Messages queued for deferred delivery – Contains the messages marked by the client for deferred delivery or
messages simply awaiting delivery at a different time.

Failed message retry – Contains messages that have been marked as retry due to a delivery failure. This
queue also does not have the NDR functions mention in the DNS messages pending submission queue.

07

How do I activate the real time safe block list?

Enabling connection filter involves two steps:

1.     Create the recipient filter using the Connection Filtering tab on the Message Delivery Properties under
Global Settings.

2.     Apply the filter at the SMTP virtual server level.

08

How do I filter incoming mail by subject or attachment?


Exchange 2003 does not have any built-in function to accomplish that. Either look for a third party tool or
develop your own Windows SMTP Transport Event Sink.

09

How do I limit the maximum amount of messages the SMTP queue can hold?

You have to use the MaxMessageObjects registry key.

10

How do I strip the attachment from an NDR?

You can do this through a registry entry. But there are two drawbacks. Once this is done, the details that are
necessary to display the notification in the preview pane are stripped, and the originator of the message
cannot use the Send Again option.

11

How do you restrict Distribution Lists?

Submissions can be restricted to a limited number of security principles though the standard Windows
Discretionary Access Control List (DACL). This feature prevents non-trusted senders, such as unauthorized
Internet users, from sending mail to an internal only distribution list. An example of this would be an “All
Employees” distribution list which should not be available to anyone outside the company (by spoofing or
otherwise). Note Restricted distribution lists will only work on the bridgehead servers or SMTP gateway
servers running Exchange 2003.

To set restrictions on a distribution list

1.     Click Start, point to All Programs, point to Microsoft Exchange, and then click Active Directory Users
and Computers.

2.     Expand your organizational unit container, and double-click Users.

3.     Right-click the distribution list for which you want to restrict submissions, and then click Properties.

4.     Click the Exchange General tab.

5.     Under Message Restrictions, under Accept messages, select one of the following options:

Click From everyone to allow anyone to send to this distribution list. This includes anonymous users
from the Internet.

Click From authenticated users only to allow only authenticated users to send mail to this distribution
list.

Click Only from to specify a select set of users or groups that can send to this group and then click Add
to specify the users or groups that you want to permit to send mail to this distribution list.
Click From everyone except to allow everyone but a select set of users or groups to send to this
distribution group and then click Add to specify the list of users or groups that you want to restrict from
sending to this distribution list.

STORE

What happened to the M: drive?

The EXIFS (M: drive) feature has been disabled by default. If the feature is still needed, it can be assigned to
an available drive letter with a registry setting.

02

What is the STM file?

the .stm file is part of the information store database that contains the native internet formatted items. It is
used to improve the performance of the database.

03

Why does the size of the EDB file not change when I move users out of that store?

The .edb file will only decrease in size once a database defrag is performed.

04

How do I move the log files?

The new ESM allows the administrator to move the log files through the GUI.
05

Is there an easier way to move mailboxes grouped by mailbox.store?

Yes, you can now move mailboxes through ESM grouped by mailbox store.

06

Will an in place upgrade from Exchange 2000 remove the M: drive?

Yes, In both the clean install and upgrade from Exchange 2000 scenarios, Exchange 2003 does not present
EXIFS as drive letter M:

07

If there is still an M: drive mapped, why does the free space number look funny?

The free space number shown on the M: drive is based on the main install drive for Exchange. It is not
related to the drive space on the drives where the stores actually exist.
CLUSTERING

01
Which cluster configuration is preferred?

Microsoft recommends Active/Passive clustering because it:

Scales better

sizes the same way as a stand alone Exchange server

can have up to 8 nodes in the cluster

always fails over to a fresh node

02

What happened to Active/Active Clustering?

Active/Active clustering is only supported with a 2-node cluster limited to 1900 concurrent connections.

03

Do I still have to cycle the services on fail back like in 2000 Active/Passive mode?

The Exchange services are automatically shutdown on failover so when fail back happens the services are
automatically brought back online for a clean address space.

04

How many cluster nodes are supported by each version of Exchange?

Exchange 2003 and Windows 2003, Standard Edition will run up to a 4-node cluster. Exchange 2003 and
Windows 2003 Enterprise will run an 8-node cluster with at least one passive node.
05

Are there any other differences between Win2k and Win2k3 clustering?

Win2k3 Enterprise and Datacenter both support 8-node clusters. MSCS (Microsoft Clustering Services) is now
available for high availability. NLB Manager allows the administrator to configure the NLB service in a central
location thus avoiding mistakes from repetitive actions. For more information see the “Technical Overview
of Clustering in Windows Server 2003″ and “Windows Server 2003 Server Cluster Architecture”
documents.

06

Why am I getting the 9582′s and what is VM Fragmentation?

VM fragmentation is when the virtual memory becomes fragmented and can prevent stores form mounting.
The 9582 event is the event that warns about this condition. For more information refer to “The Extensible
Storage Engine Database Engine Contributes to Virtual Memory Fragmentation (324118)”
ADC

01

What are the new ADC Tools?

The Active Directory Connector management console now contains an ADC Tools option. ADC Tools is a
collection of wizards and tools that help you set up connection agreements by scanning your current Active
Directory and Exchange 5.5 Directory and organization, and automatically creating the recommended
connection agreements. The following wizards are included in the ADC Tools:

Resource Mailbox Wizard This wizard identifies Active Directory accounts that match more than one
Exchange 5.5 mailbox. Using this wizard, you can match the appropriate primary mailbox to the Active
Directory account and stamp other mailboxes with the NTDSNoMatch attribute, which designates the
mailboxes as resource mailboxes. You can either make these changes online or export a commaseparated
value (.csv) file that you can update and import into the Exchange 5.5 directory.

Connection Agreement Wizard This wizard recommends connection agreements based on your Exchange 5.5
directory and Active Directory configuration. You can review the list of recommended connection
agreements and select those you want the wizard to create.

The Exchange Server Deployment Tools lead you through the process of installing Active Directory Connector
and running ADC Tools.

02

Can I use the Windows 2003 Active Directory connector with Exchange 2003?

No, you need to install the Exchange 2003 ADC.


03

How can I get a list of connection agreements in Exchange 2003 ADC?

Run the ExchDump utility with the /CA switch.

OWA

How do I disable OWA for a single user in Exchange 2000/2003?

In Active Directory Users and Computers (Advanced Features view) open the properties for the user object
and choose Exchange Advanced | Protocol Settings | HTTP | Settings | and uncheck the ‘Enable for mailbox’
check box.

03

How do I make OWA work properly with Extended Characters?

Beginning in Exchange 2000, messages with extended characters are encoded with UTF-8, by default. For
more information see KB273615 and KB281745

04

How do I stop users from going to a bookmarked /LOGON.ASP page after conversion to 2003 OWA?
After converting from Exchange 5.5 OWA to 2000 OWA, all the users had book marked the URL of
mail.company.com/exchange/logon.asp, since in 5.5 OWA it automatically would pull the user from the root
URL into a logon page (since it used ASP) but now the user only sees the same base URL of
mail.company.com/exchange. So once the users used the book mark or in some cases the “autocomplete”
feature in IE they would be pulled to a dead address.

Go into the front-end server that is hosting your OWA.

Start up IIS admin and locate the /Exchange virtual directory

Right click on the /Exchange directory and using the “wizard” create a new virtual directory called
logon.asp. When it prompts where the content is located just put something like c:\inetpub\wwwroot

Once the virtual root has been created, right click it, select properties then select the tab labeled
“Virtual Directory”

Select the “A redirection to a URL” and then in the “Redirect to” URL enter /exchange/

What happens is when the user hits the virtual root of /exchange/logon.asp it pulls the user back to only
/exchange*

05

How do I activate session timeouts for OWA users?

Outlook Web Access user credentials are now stored in a cookie. When the user logs out of Outlook Web
Access, the cookie is cleared and is no longer valid for authentication. Additionally, by default the cookie is
set to expire automatically after 20 minutes of user inactivity. See Logon Modifications for OWA Users for
the instructions.
06

How do I disable potions of the OWA interface?

Exchange 2000 SP2 introduced the concept of OWA segmentation. This is where you can selectively
enable/disable certain features in the web client. Exchange 2003 extends the segmentation options found in
Exchange 2000. You can either set global (per server) segmentation via a registry parameter, or set the
msExchMailboxFolderSet attribute on user objects. A bit mask determines the functionality available to the
user.

07

What are the new OWA Hot Keys?

Ctrl+N: New Mail (or Post, if in public folders)

Ctrl+R: Reply to currently selected mail in view


Ctrl+Shift+R: Reply all to currently selected mail in view

Ctrl+Shift+F: Forward currently selected mail

Ctrl+U: Mark currently selected message(s) as unread

Ctrl+Q: Mark currently selected message(s) as read .

OMA

01

Can I deploy OMA in a mixed environment?

In a mixed Exchange environment, you must use Exchange 2003 for both the front-end and back-end servers
to gain access to mailboxes through Outlook Mobile Access (OMA) and Exchange ActiveSync. For mailboxes on
Exchange 5.5 and 2000, you need to deploy Microsoft Mobile Information Server.

02

What is OMA?

Outlook Mobile Access and Exchange Server ActiveSync features, formerly found in Microsoft Mobile
Information Server 2002, are now built-in with all Exchange Server 2003 Standard installations.

Complementing the Outlook 2003 and Outlook Web Access mobile improvements, Outlook Mobile Access and
Exchange Server ActiveSync help enable secure corporate e-mail on a range of mobile devices including
browser-based mobile phones, Microsoft Windows Powered Pocket PC, and Microsoft Windows Powered
Smartphone devices.

Adding this functionality to the core Exchange Server 2003 product reduces the need to deploy additional
mobile server products in the corporate environment, thus lowering the total cost of ownership.
03

Which devices are supported by Microsoft to be used with OMA?

Device support for Outlook Mobile Access (OMA) Browse is dictated by the Device Update package installed
on the Exchange 2003 server. When you run Exchange 2003 Setup today, the DU2 package is silently installed
as part of the installation.

Approximately, every 6 months, new Device Update packages are released. This will add support for more
devices to your Exchange server.

The current Device Update package is DU4. The full list of devices and which DU package they are included
in is available here.

04

I have just upgraded and I can’t use OMA, why?


The setting to enable/disable OMA Browse is actually set during ForestPrep. Exchange 2003 ForestPrep will
no longer enable OMA Browse by default. Exchange 2003 ForestPrep/Reinstall will keep it enabled if it was
already enabled. This means that OMA Browse WON’T be enabled when running ForestPrep to upgrade from
Exchange 2000. You can find OMA Browse settings in ESM, under Global Settings -> Mobile Services ->
Properties

Note: ActiveSync and AUTD remain unchanged.

05

I have an Exchange 2003 server on a member server that I promoted to a DC, what happened to my
OMA, it no longer works?

Amongst other problems, the ASP.NET account changes which causes OMA to cease functioning.

06

How do I verify OMA is functioning?

You can verify Outlook Mobile Access (OMA) is functioning from a desktop machine running IE 6.0 Assuming
that SERVER1 is running Exchange 2003:

1.     From a desktop PC running IE6.0, navigate to http://server1/oma

2.     Enter the logon credentials for an existing mailbox which resides on server1

3.     Click the OK hyperlink when you receive the warning about your device being unsupported

4.     Welcome to OMA!

OUTLOOK 2003

01

What do I need to get RPC over HTTP working?

Client

Outlook 2003, Windows XP with Service Pack 1 + Q331320

Server-side

Exchange 2003 on Windows 2003 for FE (if FE is deployed)

Exchange 2003 on Windows 2003 for BE

Exchange 2003 on Windows 2003 for Public Folders


Exchange 2003 on Windows 2003 for System Folders

Windows 2003 for Global Catalog server

When used with the Microsoft Windows Server 2003 RPC Proxy Service and Exchange 2003, Outlook 2003
clients can connect simply using HTTP or HTTPS, thereby reducing the need for virtual private networks
(VPNs) or dial-up remote access. If remote users only need to gain access to corporate messaging
information, your IT department may not need to deploy VPN infrastructure. VPN-less access reduces costs
and provides for increased security by ensuring that remote Outlook users don’t need access to the entire
network.

02

Do I need Windows XP to use Outlook RPC over HTTP?

Yes. Windows XP with Service Pack 1 + Q331320

03

How can I enable/disable an attribute used by the Outlook client for ambiguous name resolution

“Registry Modification Required to Allow Write Operations to Schema” – KB216060

“Setting an Attribute’s searchFlags Property to Be Indexed for ANR” – KB243311.

04

What are the differences in compression between Outlook 2002/2003 and Exchange 2002/2003?

The following tables illustrate how RPC compression and buffer packing works on the wire between the
Outlook client and Exchange Server.

Outlook 2002 against Exchange 2000 / 2003


Mod Network Buffer Data Buffer Size on
Data Flow Compressed
e Client Size Size Wire
Download/Uploa
Online LAN 32Kb 32Kb 32Kb No
d
Download/Uploa
Online WAN 4Kb/8Kb 4Kb/8Kb 4Kb/8Kb No
d
Download/Uploa
Offline All 32Kb 32Kb 32Kb No
d
Outlook 2003 against Exchange 2003
Mod Data Network Buffer Data Buffer Size on
Compressed
e Flow Client Size Size Wire
Online Download All 32Kb 32Kb <32Kb Yes
Online Upload All 32Kb 32Kb <32Kb Yes
Cached Download All 96Kb >96Kb 96Kb Yes
Cached Upload All 32Kb 32Kb <32Kb Yes
Offline Download All 32Kb >32Kb 32Kb Yes
Offline Upload All 32Kb 32Kb <32Kb Yes

The compression technology used between Outlook 2003 and Exchange 2003 is called XPRESS(tm) and is
based on the Lempel-Ziv (LZ-77) algorithm. This is the same technology that Active Directory uses to
perform compression of its’ RPC data when replicating between servers. All data over the size of 1 KB is
compressed, and the technology is built into both client and server; therefore the compression is full duplex.

The compression gain is dictated by the message format and attachment(s) type. Because the compression is
performed at the RPC level, all message data is compressed.

Plain text and HTML messages usually compress between 60% and 80% (on the wire saving)

Rich-text (RTF) messages usually compress up to 20% (on the wire saving)

Word documents compress down better than PowerPoint files

Logon Modifications for OWA Users

You can enable a new logon page for Outlook Web Access that will store the user’s user name and password
in a cookie instead of in the browser. When a user closes their browser, the cookie will be cleared.
Additionally, after a period of inactivity, the cookie will be cleared automatically. The new logon page
requires users to enter either their domain name\alias and password or their full UPN e-mail address and
password to access their e-mail.

To enable forms-based authentication


1.     In Exchange System Manager, expand the Servers node.

2.     Expand the Protocols node under the Exchange server for which you wish to enable forms-based
authentication.

3.     Expand HTTP, and then right-click the Exchange Virtual Server.

4.     On the Exchange Virtual Server properties page, select the check box next to Enable Forms Based
Authentication for Outlook Web Access.

5.     Click Apply, and then click OK.

Cookie Authentication Timeout


Outlook Web Access user credentials are now stored in a cookie. When the user logs out of Outlook Web
Access, the cookie is cleared and is no longer valid for authentication. Additionally, by default the cookie is
set to expire automatically after 20 minutes of user inactivity.

The automatic timeout is valuable for keeping a user’s account secure from unauthorized access. Although
this timeout does not completely eliminate the possibility that an unauthorized user might access an account
if an Outlook Web Access session is accidentally left running on a public computer, it greatly reduces this
risk.

Note: Cookie Authentication Timeout is available for the rich experience version of Outlook Web Access
only.

The inactivity timeout value can be configured by an administrator to match the security needs of your
organization.

Note: The default value for the cookie timeout is 10 minutes. If you want to set this value to something
other than 10 minutes, you must modify the registry settings on the server. Warning This section
contains information about editing the registry. Before you edit the registry, make sure you understand
how to restore it if a problem occurs. For information about restoring the registry, see the “Restore the
Registry” Help topic in Regedit.exe or Regedt32.exe

To set the Outlook Web Access cookie timeout value


1.     Click Start, click Run, and type Regedit in the box next to Open. Click OK.

2.     Navigate to the following registry key:


HKey_local_machine\system\ CurrentControlSet\Services\MSExchangeWeb\OWA\

3.     Create a new Dword value and name it KeyInterval.

4.     Right-click the KeyInterval Dword value and click Modify.

5.     In the Base window, click the button next to Decimal.

6.     In the Value Data field, enter a value (in minutes) between 1 and 1440.

7.     Click OK.

You might also like