Configuring Exchange 2000 Server (Mission Critical! Series)

, Syngress

ISBN:1928994253, Edition: 1, 2001-01

Price: $49.95

Table of Contents

Foreword xxvii

Chapter 1 What’s New in Exchange 2000 1
Introduction 2
Product Versions and Components 2
Exchange 2000 Server 3
Exchange 2000 Enterprise Server 4
Exchange 2000 Conferencing Server 4
Overview of Features 4
Windows 2000 and Active Directory Integration 5
Windows 2000 Security 5
Active Directory Connector 5
Microsoft Management Console Integration 6
Using the Help Files 8
Server Features 8
Multiple Information Stores 8
Transaction Logs 9
Installable File System 10
The Web Store 10
Storage Groups and Multiple Message Stores 11
Multiple Public Folder Trees 14
On-Demand Content Conversion 14
Policy Settings for Information Stores 15
Clustering 15
Routing and Networking Features 15
SMTP Routing of Messages between Servers 16
Integration with Internet Information Services 16
Improved System Monitoring of Exchange 16
Message Restrictions to Reduce Spamming 17
Client Features 17
Increased Protocol Support 18
Outlook 2000 and Outlook for Macintosh 8.2.2 18
Accessing the Exchange Store from Microsoft Office and Win32-Compliant Utilities 19
Accessing the Exchange Store from Browsers 19
Searching the Exchange Store Faster 20
Development Changes and Features 20
Application Development 21
OLE DB 2.5 Support 21
Utilization of Web Store Content in Web Sites 21
Event Modeling and Workflow Improvements 21
Advanced Concepts and Implementations 21
Instant Messaging 22
Chat Services 22
Data and Video Conferencing 22
Conferencing and Real-Time Communication Clients 23
Application Service Provider and Internet Service Provider Solutions 23
Exchange 2000 Resource Requirements 23
Exchange 2000 Resource Minimum Requirements 24
Exchange 2000 Resource Recommended Requirements 24
Exchange 2000 Licensing 25
Summary 25
FAQs 26

Chapter 2 Active Directory Integration with Exchange 2000 29
Introduction 30
Why Use Exchange 2000 on Active Directory 30
The Role of Active Directory in Exchange 2000 32
Exchange Server’s Need for a Directory Service 32
Understanding Active Directory Architecture 32
Hierarchical Structure 33
Domain Trees 34
Organizational Unit Tree Structure 36
Global Catalog 37
Storage 39
Internet Standard Protocols 42
Domain Name System 42
Lightweight Directory Access Protocol (LDAP) 45
Kerberos Version 5 46
Replication 46
Policies 49
Working with the Architectural Details 49
How Exchange Connects to Active Directory 52
Administrative Tools 53
Planning for Active Directory 55
Sizing Domain Controllers 55
Exchange Server’s Impact on Design 56
Forest 59
Domains/DNS 62
Organizational Units 65
Sites 66
Implementing Active Directory and Exchange 2000 69
DCPromo 69
Active Directory Connector 72
ForestPrep 74
DomainPrep 78
Setting Up Your Active Directory 80
Troubleshooting Exchange 2000 during Implementation 82
Problems with the DNS 82
Active Directory Connector 84
ForestPrep and Site Configuration 85
Removing an Exchange Server from the Active Directory 86
More Information 87
Summary 87
FAQs 89

Chapter 3 Security Applications that Enhance Exchange 2000 91
Introduction 92
Understanding Your Security Needs 93
What Needs to Be Protected? 93
Who Is the Enemy? 93
What Are We Protecting Against? 95
Impersonation and Forgery 95
Unauthorized Access to the Corporate Infrastructure 97
Viruses 97
How Do We Protect Ourselves? 98
Windows 2000 and Exchange 2000 Security Architecture 101
Active Directory 101
Public Key Infrastructure 102
Public Key Infrastructure and Active Directory 102
Digital Certificates 103
Certification Authority 103
Digital Envelopes 103
Secure Networking 104
Client Access 105
Windows 2000 and Exchange 2000 Internal Security 106
Protocols 106
NT LAN Manager 107
Kerberos 109
Secure Sockets Layer 111
Certificates 112
Delegation in Exchange 116
Integrating Roles 116
Separating Roles 116
Permissions 117
Administration Delegation Wizard 117
Roles 118
Levels of Administration 119
IPSec 121
Security Policies 122
Account Policies 123
Group Policy 124
IP Security Policies 125
Firewalls 125
Firewall Strategies and Exchange 2000 127
Firewall Placement 127
Firewall Administration 131
Configuring Client Security 131
Securing Outlook 131
Encrypting File System 131
Securing Web Browsers 133
User Authentication 133
Encryption 136
Implementing a Smart-Card Environment 138
Authentication 139
Interactive Logon 139
Logon Request 139
Offline Logon 140
Smart Cards and Exchange 2000 Security 140
Summary 141
FAQs 142

Chapter 4 Basic Administration 145
Introduction 146
Exchange Administration Tools 149
Active Directory Users and Computers 150
Exchange System Manager 152
Administering Users, Contacts, and Groups 153
Administering User Accounts 155
Creating Mailbox-Enabled User Accounts 155
Configuring User Account Properties 157
Mailbox-Enabling an Existing User Account 167
Administering Contacts 168
Creating Mail-Enabled Contacts 168
Administering Groups in Exchange 2000 171
Considering Administrative and Routing Groups 171
Managing Security and Distribution Groups 173
Mail-Enabling an Existing Security Group 177
Administering Exchange Server 179
Configuring Exchange Global Settings 180
Administering Address Lists 181
Managing Online Address Lists 182
Default Address Lists 182
Creating Custom Address Lists 184
Editing and Removing Address Lists 184
Setting Client Permissions for Online Address Lists 186
Managing Offline Address Lists 187
Creating Offline Address Lists 187
Editing and Removing Offline Address Lists 189
Rebuilding Offline Address Lists 189
Customizing Address Book Templates 190
Managing Policies on Exchange 2000 191
Administering System Policies 192
Configuring Server Policy 192
Configuring Mailbox Store Policy 194
Configuring Public Store Policy 197
Administering Recipient Policies 198
Creating a New Recipient Policy 199
Changing Recipient Policy Priority 200
Forcing Recipient Policy Updates 201
Administering Exchange Server Protocols 201
Configuring SMTP Virtual Servers 203
Configuring IMAP4 and POP3 Virtual Servers 207
Managing Exchange Data Storage 207
Administering Mailbox Stores 207
Administering Public Folders 212
Maintaining Public Folder Store 212
Managing Connectors 213
Configuring Routing Group Connectors 214
Configuring SMTP Connectors 216
X400 Connectors 218
Connectors to Foreign Systems 218
Summary 219
FAQs 220

Chapter 5 Client Access to Exchange 2000 for E-Mail 223
Introduction 224
Physical Access 224
Local Area Networks 226
Wide Area Networks 227
Dial-Up Connections 228
Virtual Private Networks 230
VPN Authentication and Encryption Protocol Considerations 231
VPN Security Considerations 234
Using Windows 2000 Routing and Remote Access Servers 237
Clients 237
MAPI Clients 238
Outlook 2000 240
Outlook 98 252
Outlook Web Access Clients 252
Migrating from Exchange 5.5 OWA 255
Outlook Web Access Authentication 256
Exchange Server Placement 259
Internet Explorer, Version 5 262
Netscape Navigator 263
POP3 and IMAP4 Clients 264
Migrating a POP3 Client to Use Exchange 2000 Server 264
Outlook Express 264
Netscape Navigator Mail 266
Eudora 267
LDAP Clients 268
LDAP Background 268
Outlook Express LDAP 270
Troubleshooting 271
Stuck in the Middle of the Outbox 272
The Missing Files 272
POP3 Oddities 273
User Misunderstanding 273
Attachments 274
Protocol Logging 274
Summary 275
FAQs 276

Chapter 6 Deploying Exchange 2000 Server 279
Introduction 280
Green Field Deployment 281
Preparing Active Directory 281
Using ForestPrep 282
Preparing Your Domains 285
Using DomainPrep 285
Deploying Servers Running Exchange 2000 287
Establishing the First Administrative Group 287
Deploying Exchange Using Terminal Services 288
Deploying Support for Multiple Languages 289
Deploying Exchange on a Windows 2000 Cluster 290
Unattended Installation 291
Deploying Exchange System Manager 292
Upgrading from Previous Versions of Exchange 292
Upgrading the Directories to Active Directory 293
When to Consolidate before Deploying 297
Tools Used to Upgrade the Windows NT 4.0 SAM 298
Using the Active Directory Migration Tool 298
Tools Used to Upgrade the Exchange Server 5.5 Directory 299
Using the Active Directory Connector 299
Site Replication Service 305
Using the Active Directory Account Cleanup Wizard 306
Directory Upgrade Scenarios 307
Using the In-Place Upgrade Method 307
Upgrade Using ADMT then ADC 308
ADC then In-Place Upgrade then ADClean 309
Upgrade Using ADC then ADMT then ADClean 312
Directory Upgrade Considerations 314
When to Require a Native Mode Domain 315
How to Successfully Use Universal Groups 316
Upgrading the Messaging Environment 317
Performing an In-Place Upgrade 318
Performing a Move-Mailbox Upgrade 318
Using the Leapfrog Method 319
Moving to a New Organization 321
Using the Exchange Mailbox Migration Program 321
Upgrading Supporting Servers 321
Upgrading Connector Servers 322
Upgrading Client Access Using Front-end Servers 323
Testing Your Scenario 323
Summary 324
FAQs 327

Chapter 7 Defending Exchange 2000 from Attack 329
Introduction 330
What Are the Potential Threats to Exchange 2000? 330
Unsolicited Commercial E-Mail 331
Considering Defense Strategies 332
Setting Policy 332
Educating Users 333
Protecting the Message Store 334
Physical Security 334
Antivirus Protection for Exchange 334
Vendor Solutions 338
Client-Side Protection 341
Protecting the Workstation 341
Protecting the Outlook Client 341
Microsoft Outlook Security Patch 343
Vendor Solutions 345
Firewall and Gateway Strategies 346
Point of Entry Protection 347
Handling Inbound UCE 347
Vendor Solutions 348
Preventing Unwanted SMTP Mail Relay 349
Configuring SMTP Protocol Logging 351
Hosting 352
Managing Exchange 2000 Security 352
Summary 353
FAQs 354

Chapter 8 Real-Time Communication in Exchange 2000 355
Introduction 356
The Value of Instant Messaging to Your Business 356
Architecture 357
MSN Messenger Service 357
Exchange 2000 Instant Messaging Client 357
Exchange 2000 Instant Messaging Server 358
Before You Install Your Instant Messaging Servers 360
Implementing Instant Messaging 361
User Administration 363
Client Configuration 365
Troubleshooting 365
Using Chat Services 366
Implementing Chat Services 366
Server-Side Installation 367
Client-Side Configuration 370
Troubleshooting Chat 370
Can Conferencing Server Keep Your Travel Budget Down? 372
Background 373
Components 373
Reserving a Conference Room 375
Joining and Managing Conferences 376
Installing Exchange Conferencing Server 379
Configuration 380
Server Side Configuration 381
Client-Side Configuration 387
Troubleshooting 391
More Information 394
Summary 394
FAQs 395

Chapter 9 Application Service Providers 397
Introduction 398
Defining Application Service Providers 398
ASP Definitions 398
ASP Messaging Service Models 400
Dedicated Service Model 400
Shared Service Model 400
Hosting Services Using Exchange 2000
and Active Directory 401
Using Exchange 2000 to Host Basic Messaging 401
Using Exchange 2000 to Host Premium Messaging 402
Using Exchange 2000 to Host Basic Web Messaging 402
Using Exchange 2000 to Host Premium Web Messaging 402
Hosting Other Services Integrated with Exchange 2000 and Active Directory 403
Exchange 2000 Conferencing Server 403
Exchange 2000 Instant Messaging 403
Custom Applications 403
Third-Party Add-ons 403
Architecture for Shared Hosting 404
Architectural Overview 404
DMZ 404
Back-end Servers 407
Scaling Exchange 2000 and Active Directory 409
Planning and Configuring the Active Directory and Exchange 2000 Hosting Infrastructure 410
Windows 2000 and Active Directory 411
Forest and Domains 411
Domain Controllers and Global Catalogs 411
User Identification 411
Creating Organizational Units 413
Configuring Security Groups 413
Securing Organization Units 414
Configuring Exchange 2000 417
Configuring Front-end Exchange 2000 Servers 417
Configuring Recipient Policies 417
Configuring SMTP Connectors 420
Configuring Address Lists 421
Configuring POP3/IMAP4 426
Configuring HTTP 426
Configuring Storage Groups 429
Security Considerations 430
Additional Resources 430
Summary 430
FAQs 431

Chapter 10 Is Your Backup and Restore Really Working? 433
Introduction 434
Exchange 2000 Architecture Overview 434
Database Components 434
Transaction Logging 435
Internet Information Server 436
Certificate Authority/Key Management Server 437
Site Replication Service 437
Exchange 2000 Back Up Basics 438
Online Backups 438
Offline Backups 438
Exchange 2000 Restore Basics 438
Restoring Individual Mailboxes 440
Tools and Products to Back Up Your Exchange 2000 Data 441
NTBackup 441
Third-Party Backup Products 442
ExMerge Utility 443
Mailbox Recovery and Deleted Item Recovery 443
Types of Backup Procedures 443
Normal Backups 444
Differential Backups 445
Incremental Backups 445
Copy Backups 445
When to Back Up 446
Preventing Data Loss: What to Back Up and Why 447
Types of Data to Back Up 447
Types of Losses 448
Planning Data Loss Prevention and Recovery 450
Backup Devices 450
Tape Library 450
Local Tape Drives 451
Backup to a File 451
Best Practices for Backups and Restores 451
Test Your Backups Monthly 451
Consider Services Related to Exchange 452
Keep Half Your Database Drive Space Free 452
Keep an Eye on the Backup Logs 452
Keep an Eye on the Event Logs 452
Document Your Exchange Network 454
Have Components in a Central Location 454
Have Backup Hardware Standing By 454
Store Backup Tapes at a Safe Offsite Location 455
Implementing Backup 455
Using NTBackup to Back Up Exchange Databases 455
Using NTBackup for Other Exchange Databases 457
Backing Up Other Services 457
Internet Information Services 457
Certificate Authority 458
Using ExMerge to Back Up Mailboxes 458
Test Your Backups 459
Implementing Restore Scenarios 460
Restoring an Exchange 2000 Server 460
Performing a Full Restore 460
Restoring a Corrupted Database 460
Restoring the KMS and CA Databases 462
Restoring the Site Replication Service 462
Restoring the Active Directory 463
Deleted Mailbox Recovery 464
Deleted Item Recovery 464
From Brick-Level Backup 465
From ExMerge 465
From a Complete Database Restore 465
Restoring an Exchange Connector 467
Troubleshooting 468
Understanding the LegacyExchangeDN Identifier 468
Backup Problems 470
Corrupted Database 470
Errors in the Backup Log 471
Summary 471
FAQs 472

Chapter 11 Clustering Your Exchange 2000 Server 473
Introduction 474
Understanding Cluster Service and NLBS 475
What Is Microsoft Cluster Service? 476
What Is Network Load Balancing? 476
Architecture 478
Cluster Service Basics 478
Quorum Drives 479
Networking Details 480
Resource Groups 480
The Failover Process 482
Exchange 2000 Cluster Basics 484
Network Load Balance Basics 485
Advanced Exchange Clustering 489
Active/Active Clusters 490
Datacenter Server 493
Planning Your Exchange Cluster 495
When to Use Clustering 495
When Not to Use Clustering 496
Database Corruption 496
Service Startup Time 496
Load Balancing Information Stores 497
Database Maintenance 497
Extra Work 497
Capacity Planning 497
Exceed Storage Group Limit During Failure 499
The Failback Option 500
Using Cluster Utilities 500
Installing an Exchange Cluster 501
Building a New Windows 2000 Cluster 501
Installing Exchange 2000 on a Cluster 509
How to Upgrade from an Exchange 5.5 Cluster 515
How to Install and Configure Network Load Balancing 518
Troubleshooting 518
Database Corruption 518
Quorum Drive Failure 519
Accidentally Stopping an Exchange Service 519
Summary 520
FAQs 521

Chapter 12 Basic Monitoring and Troubleshooting Methodology 523
Introduction 524
Basic Troubleshooting Methodology for Exchange 2000 526
Wait and Refresh 526
Know Your Services 526
Event Viewer Logs 529
Diagnostic Logging 530
Monitoring Services and Objects 531
Message Stores and Storage Groups 535
Message Stores and Storage Group Architecture 535
Information Stores 535
Transaction Logs 536
Reserve Logs 537
Storage Groups and Multiple Message Stores 538
Multiple Public Folder Trees 541
Problems with Databases, Storage Groups, and Public Folder Trees 541
Isinteg 542
Eseutil 545
Message Flow and Routing 548
Message Flow and Routing Architecture 549
Delivering a Message Within the Same Server 549
Delivering a Message Within the Same Routing Group 551
Delivering a Message to a Different Routing Group 553
Problems with Message Flow and Routing 555
Message Tracking Center 555
Queues Viewer 558
Protocol Logging 562
WinRoute 565
Message Flow Guidelines. 566
Summary 570
FAQs 571

Appendix A TCP and UDP Ports 573

Appendix B Physical Networking and VPN Protocol Details 577
Physical Networking 578
Types of Connections via Remote Access Servers 580
Analog 580
DSL 582
ISDN 583
VPN Protocol Details 586
IPSec 586
PPTP 587
L2TP 588

Index 591