70-284 Exam Study Notes

70-284: Implementing and Managing Microsoft Exchange Server 2003

About These Notes

These are notes that I took while studying for the 70-284 exam. I've taken a slightly different angle with these notes. Since Exchange is largely new material, with dozens of new terms and concepts, I've provided more definitions and lengthier explanations. It's more to read through, but I hope that it serves as a better resource for areas that some may be weak in or confused by.

I hope that these notes prove helpful to you and good luck on the exam!

General Advice

For this exam, I used and recommend the ExamCram2 70-284 book. I stayed away from the Microsoft Training Kit for this exam because it has a bunch of awful reviews at Amazon.com. If you're unsure about using an ExamCram2 because you've found them to be insufficient in the past, you should know that this is a much longer book (528 pages) than is typical of ExamCram2 and one of its authors co-wrote the MS 70-292/70-296 and 70-299 books, which are two of the best study guides that I've ever used.

This exam isn't a very difficult one, but you shouldn't take it too lightly. My main pieces of advice are:

See if Microsoft is offering their "Second Shot" (free re-take) promotion and take advantage of it (even if you think that you'll pass. There's no reason not to, since you can use it more than once. You must sign up with Microsoft and use the special promotion code when scheduling your first sitting in order to be eligible to re-take it free (should you fail).
Consider taking your own notes while studying. Writing things down helps the memorization process. Besides, it's possible that a topic that I know well and didn't think to include is one that you may not be so strong in.
Print these notes out and carry them with you (along with your own notes) on the day of the exam. Go over them on breaks, in the car and, most importantly, immediately before walking into the exam room (leave them outside, of course). For the most part, I've designed them to be succint and memorizable.
Bring a pen with you and, should you fail the exam, as soon as you leave the testing center, write down (on the back of the printout or paper that you brought with you) everything from the exam that you can remember, especially questions and answers that you weren't sure of. Spend a good 15-30 minutes. You won't recall much even a few hours later, unless you have a better memory than I do. It really, really helps if you made good use of the "Select for Review" checkboxes while taking the test, since it means that all of the questions and answers that you weren't sure of are the freshest things in your mind when you leave the testing center. Use everything that you wrote down as the basis for your re-take studying.

Exam Format

Format: Multiple-choice, drag-and-drop, hotspot, etc.

Questions: 35

Time Limit: 100 minutes (+20 minutes for comments and reading the pre-exam disclaimers)

Passing score: 700

Resources

Microsoft Preparation Guide for 70-284 -- List of exam objectives.

MCSE World Forums - Exam 70-284 Review -- Excellent notes, mainly on what to expect.

MCPmag - Exam Review: 70-284 -- Very good review of the exam.

Microsoft Exchange Server 2003 Technical Documentation Library - Great white papers.

MSExchange.org - Articles & Tutorials -- Many good articles and tutorials on Exchange.

Microsoft Exchange 2000 Glossary -- Good resource for keeping the many Exchange terms straight.

Free (or demo) 70-284 practice exams:

MeasureUp demo

Retail 70-284 practice exams:

MeasureUp ($59-89)
SelfTest Software ($109)
Transcender ($109-$149)

Forums and newsgroups that cover 70-284:

Important!: I strongly suggest reviewing my 70-285 Study Notes in addition to these. Because I studied for both exams at the same time, there's a very good chance that I assigned some notes to 70-285 that are as or more relevant to this exam, and vice-versa. Besides, it'll help to have an understanding of both administration and design for both exams.

Study Notes

Exchange introduces a lot of new terms and a necessary early step toward passing the exam is developing a strong understanding about what each component does and how each fits into the Exchange environment. If you're at all unclear about any of them, your ability to fully understand advanced scenarios and how Exchange works will suffer.

Mail-enabled - having an e-mail address in the organization, but no mailbox. E-mail to the address will be routed elsewhere. Tell me more

Mailbox-enabled - having an e-mail address in the organization and a mailbox. E-mail to the address will be stored in the mailbox. Tell me more

Administrative group - a collection of servers, routing groups, public folder trees and policies for the purpose of delegation.

Public folder tree - a message store for public perusal and uploading, like a file share, but accessed through the messaging client.

Recipient Update Service (RUS) - a service that updates address lists and e-mail addresses in AD according to an update interval.

Organization - the outer bounds of a messaging infrastructure, like a forest.

Routing group - a group of well-connected Ex2000/2003 servers, very much like AD or Ex5.5 sites.

Bridgehead server - a server in a routing group that, on behalf of its group, communicates (through connectors) with servers outside of its group.

Routing group connector - an association between two routing groups (via bridgehead servers) for the purpose of message routing within an organization.

SMTP connector - an association between a routing group and, usually, an extra-organizational bridgehead server.

Routing group master - a single server in each routing group that maintains a table with the statuses of each of the group's connectors.

Active Directory Connector (ADC) - a service that bridges and synchronizes the Ex2000/2003 (AD) and Ex5.5 directories for the purpose of coexistence.

Connection Agreement (CA) - the policy settings that the ADC uses to know what to synchronize. A single ADC can have multiple CAs.

Site Replication Service (SRS) - a service that runs on an Ex2000/2003 server and emulates the Ex5.5 directory service.

Smart host - a server on a perimeter network (not necessarily running Exchange) that relays e-mail to and from internal e-mail servers.

That is just a quick rundown of some of the most important terms. More detail relevant to this exam can be found further down the page.

In order to install Ex2003:
1. ForestPrep must be run in the domain that contains the Schema Master (usually the forest root domain) and requires Enterprise Administrator, Schema Administrator, Domain Administrator and Local Machine Administrator permissions.
2. DomainPrep must be run in any domain with mail-enabled users and requires Domain Administrator and Local Machine Administrator permissions.

Ex2003 installation will run DomainPrep (and ForestPrep, if you're in the Schema Master's domain) automatically. You will need to manually run DomainPrep only if you are delegating installation duties to someone without the required permissions. Keep an eye out for trick questions of this sort. MSExchange.org - ForestPrep and DomainPrep Explained in Detail

A forest can support only a single Exchange 2003/2000 organization! Beware of possible answers that suggest otherwise. Ex5.5 organizations don't count because they do not integrate with Active Directory.

Ex2003 requires Win2000 to have SP3 (or SP4 for clustering) on all DCs, GCs and Exchange servers. Also, all Ex2000 servers need SP3 before upgrading.

SMTP, NNTP and World Wide Web Service (IIS) are required to be installed prior to installing Exchange.

Two setup switches to know are:
/choosedc - Lets you specify a common domain controller when installing Exchange on multiple servers simultaneously. This avoids conflict as well as the need to wait for replication to occur.
/disasterrecovery - Installs Exchange without writing anything to Active Directory. Use for disaster recovery.

On systems with over 1GB of RAM, the /3GB and /USERVA switches should be added to boot.ini to improve Exchange Server performance: Windows IT Pro

Exchange 5.5 cannot be directly upgraded to 2003. You must upgrade it to 2000 first and then to 2003.

Be aware of the Ex2000 components that are unsupported by Ex2003 and must be uninstalled before migration.

A mailbox-enabled object is one that has a mailbox on an Exchange server where it can store e-mail; a mail-enabled object has no mailbox, but still has a network e-mail address where it receives e-mail only to immediately route it to an external address.

Know the ways to enable forwarding of e-mail to external e-mail addresses.
Mailbox-enabled user account - Use if you need to keep a copy of all of the user's e-mail (for retention or backup purposes, for example).
Mail-enabled user account - Use if the user needs permissions on the network, but there is no need for e-mail retention. Use the Delivery Options button to configure the account to forward e-mails.
Mail-enabled contact - Use if the user should not have permission on the network. Add an SMTP address for all of the user's e-mail to be routed to.
Note: Keep in mind that you should grant the least amount of privilege to accomplish the goal.

Understand the difference between Global Address Lists (GALs), Custom Address Lists and Offline Address Lists.

Users have access to only one Global Address List at a time, so create Custom Address Lists if you want to allow users to find others easily by department or division.

Query-based distribution groups require at least one Ex2003 server, as well as any Ex2000 servers to be patched to SP3. In addition, if any GCs are not Win2003, any Ex2000 servers need the following registry value:
HKLM\System\CurrentControlSet\Services\SMTPSVC\Parameters\
DynamicDLPageSez DWORD 31

To prevent users from opening a custom address list, deny users the Open Address List permission on the list. To prevent users from seeing a custom address list, nest a list inside an otherwise empty "container" list and deny users the Open Address List permission on the container list.

Expansion servers are Exchange servers that are designated in the properties of a mail-enabled group to be the only servers capable of expanding the group and sending the message to all of its members. This is most useful when dealing with multiple routing groups because it prevents a single message to a distribution group from being expanded into many messages to its members before being sent over the low-bandwidth connection to the other routing group.

Recipient Update Services updates address lists and e-mail addresses in Active Directory according to an update interval. If newly-created memberships or addresses are not showing up, wait for the update interval or force an update. RUS is installed automatically on the first Exchange server in a domain. If you remove the server from the domain, you must move the RUS service to another server.

Routing groups are similar to AD sites in that they are groups of servers connected by high-quality, permanent network links. As with AD sites, a client will use any services that exist within its own routing group before looking elsewhere.

When a smart host is being used, a greater instance of non-delivery reports indicates a problem with the smart host; a rising external mail queue indicates a problem with the Exchange server. This is because a smart host does not have a queue and will attempt to send off mail even if no network connectivity or DNS is available.

Know the common ports to open to enable messaging through firewalls:
25 SMTP
53 DNS
80 HTTP (insecure OWA)
110 POP3
143 IMAP4
389 LDAP (Address list retrieval)
443 HTTP SSL (secure OWA)
993 IMAP4 SSL
995 POP3 SSL
Note: Keep in mind that not all of these will be necessary in any given situation. Read the question carefully.

Know the purpose and distinction between SMTP virtual servers and SMTP connectors:
SMTP virtual servers handle messages directly to and from the internet and relay them to their destination. They have a built-in SMTP connector for this purpose, but it applies to all traffic, is not very configurable and does not support custom routing. SMTP connectors that you add to the routing group will supersede the built-in one and provide fine-tune control over which messages go where and when. For example, you could create an SMTP connector that routes e-mails to your partner company directly over the WAN link to them (bypassing the internet).

Open relay should not be enabled on SMTP virtual servers. That would allow spammers to use your server as a distribution point. A sudden, dramatic increase in outgoing mail that doesn't originate from your internal users might indicate an open relay.

The first Ex2003 server in an organization runs the Recipient Update Service (RUS).
The first Ex2003 server in a routing group is the routing group master.
The first Ex2003 server in an Exchange 5.5 site runs the Site Replication Server (SRS).
These roles must be transferred if Exchange is to be uninstalled on these servers.

The ideal and preferred network design is to configure Outlook Web Access (OWA) servers as front-end servers in Network Load Balancing (NLB) clusters on the perimeter network, Exchange database servers as back-end servers in Cluster Service clusters (active/passive or active/active) on the internal network, open the required ports on the internal firewall and then configure both sets of servers to communicate with each other securely using IPsec. This is the design that you'll see most on the exam and be expected to know how to set up.

Internet
||
=External Firewall= (ports 80 for HTTP and/or 443 for HTTPS open)
||
OWA front-end servers in an NLB cluster (configured to communicate with the internet with SSL and the internal Ex servers using IPsec)
||
=Internal Firewall= (ports for IPsec, DNS, LDAP and possibly others open)
||
Exchange back-end mailbox servers in an active/passive cluster (configured to communicate with the OWA servers using IPsec)

You do not need to know Network Load Balancing (NLB) other than that it's the best solution for making front-end OWA servers in the perimeter network highly-available.

The steps for creating an Exchange cluster are as follows:
1. Upgrade any Win2000 servers to SP4.
2. Configure the cluster service on each node.
3. Install the Microsoft Distributed Transaction Controller (MSDTC) on one of the nodes.
4. Run Exchange's ForestPrep and DomainPrep.
5. Install Ex2003 on each node.
6. Use Cluster Administrator to create resource groups called Exchange virtual servers on each active node.
7. Configure failover and failback for the virtual servers.

Failover is when a cluster node fails and the resource group successfully transfers from a preferred owner to a possible owner.
Failback is when a failed node comes back online and a resource group successfully transfers from a possible owner back to a preferred owner.
Failover cannot be enabled directly (you enable it by ensuring that possible owners exist), but failback can be enabled directly.

Exchange virtual servers are the access points for clients needing to connect to Exchange server clusters. Do not connect clients to the names of the individual nodes or the cluster, itself! For example, if two servers named MAIL1 and MAIL2 are part of a cluster named MAILCLUSTER and host an Exchange virtual server named EVS, mail clients need to be pointed to EVS.

Default public folder trees can be accessed by MAPI, HTTP and NNTP.
General-purpose public folder trees can be accessed by HTTP and NNTP only. Outlook does not support NNTP; Outlook Express does.

Outlook Web Access can view general-purpose public folders! Outlook Express can, as well. Outlook cannot!

Know the public folder user roles. OutlookExchange

Public folders can be set to be replicated to other servers (which are then said to contain replicas of the public folders) on a schedule. All replicas can be written to.

Public folder referrals allow users to access public folders in other routing groups across connectors. They are enabled by default, but can be disabled. If you disable referrals on the connector in group A that points to B, users in A will not be allowed to access public folders in B. Windows IT Pro - Exchange 2000 and SMTP (in Connecting Routing Groups section)

Free/Busy information is stored in system public folders and can be replicated on a schedule.

Full-text indexing is performed on public folder stores, not on the folders, themselves. This is similar to Indexing Service or Volume Shadow Copies for files.

Exchange Server 2003 Enterprise supports up to four storage groups. Each storage group shares a set of transaction logs and can contain five databases. Each database can contain one mailbox store or public store. It is common to have all regular users in one storage group and all management personnel in another. This facilitates restoration, applying different limits and performance (separate set of transaction logs). ComputerPerformance - Exchange 2003 Store Groups

Transaction logs are not your ordinary log files. The transaction logs contain every change to the Exchange database since the last time the database was backed up. Full and incremental backups (the same backup types that clear the archive bit) purge the transaction logs; differential do not. Therefore, recovering from total failure = restoring the database + replaying the existing transaction logs. When restoring the database, make sure to restore the transaction logs to a temporary directory so as not to overwrite the existing logs. So that you don't lose the transaction logs when you lose the database, keep the transaction logs on a separate hard drive. DTI Data Recovery Forum - Logs Make Disk Full

When you lose the database due to a hard drive problem, you can restore it but Exchange will refuse to mount it until it is brought up to date with the information in the transaction logs. In order to replay the transaction logs and bring the database up to date, thereby allowing you to mount the Exchange database, choose the Last Restore Set option in Windows Backup or run the eseutil /cc utility from the transaction log directory.

Circular logging is an option that reclaims disk space by overwriting transaction log files. Because you then can't replay the logs in the event of media failure, it should not be used when recoverability is critical (which is almost always) and incremental and differential backups cannot be performed with it enabled. Instead of enabling circular logging, try first to reclaim space by moving the oldest transaction logs to another drive or performing more frequent full/incremental backups (which purge the transaction logs).

Circular logging is great for front-end servers or servers hosting public folders, but should never be used for servers hosting production mailboxes because disaster restoration options are very limited.

Be aware that all backup types backup transaction logs, but only full backups backup databases.

Know the two common methods of restoring Exchange data: Recovery Storage Group and alternate recovery forest.
Recovery Storage Group - involves restoring to a temporary storage group
Alternate recovery forest - involves restoring to a separate forest that has all of the same names as the production forest. The restored data can then be merged with the Exchange organization with minimal downtime for the storage group. Alternate recovery forests have more advantages than recovery storage groups but are more of an investment in time and money. Keep in mind when using the alternate recovery forest method that the "legacyExchangeDN" attribute of the administrative group in question must be identical in the production and recovery forests. Microsoft Documentation - How to Use LegacyDN.exe...

Be familiar with the procedure to restore a deleted mailbox using a Recovery Storage Group:
1) Create the Recovery Storage Group by right-clicking the server in Exchange System Manager and choosing New Recovery Storage Group.
2) Run Windows Backup and select the proper backup to restore.
3) Specify a temporary location for the transaction logs (so as not to overwrite the existing logs).
4) Select the Last Restore Set option (to replay the transaction logs once restoration completes to bring the database up-to-date).
5) Start the restoration and wait for it to complete.
6) Use ExMerge to merge the mailbox with the database.
7) Mount the database.
MSExchange.org - Exchange 2003 Backup and Restore

It would be smart to have a general knowledge of Eseutil's command parameters.
The most important commands to know (in order of emergency) are:
eseutil /cc - use after a successful restore in order to replay transaction logs and get the database up to date.
eseutil /r - use if a database won't mount even after a server reboot.
eseutil /p - use only if /r doesn't work; some data loss is possible.
ComputerPerformance - Troubleshooting mailstores with eseutil (see bottom of page for a quick list of all parameters)

Be very familiar with the various messaging clients and the capabilities of each. Know how Outlook, Outlook Web Access and Outlook Express are all better-suited for different scenarios. You'll very likely have to choose one when presented with a scenario.
Outlook - Only client to use IMAP4. Can use POP3. Can use HTTP only if RPC over HTTP is supported. Cannot access general-purpose public folders!
Outlook Web Access - Only client to use a web browser and to use HTTP without additional configuration. Can access general-purpose public folders.
Outlook Express - Can use POP3. Can access general-purpose public folders.

RPC over HTTP uses IIS Basic Authentication, hence the need for SSL to encrypt the connection. Be familiar with the requirements for RPC over HTTP.

An administrative group is a collection of servers, routing groups, public folder trees and policies for the purpose of delegating administration.

Exchange servers cannot be moved between administrative groups. You must select the appropriate administrative group during installation.

Know the three Exchange roles:
Exchange Full Administrator - Full control. Ability to delegate permissions and to install Exchange. Assign with extreme care.
Exchange Administrator - All administration tasks except delegating permissions and installing Exchange. Assign to junior Exchange administrators.
Exchange View Only Administrator - Ability to create user mailboxes and modify mailbox rights, but nothing else. Assign to junior Active Directory administrators.
Note: Microsoft is most concerned that you know to assign Exchange Administrator to junior administrators rather than Exchange Full Administrator.

To show administrative groups in Exchange System Manager, you must edit the properites of the organization object and select the Display Administrative Groups option.

If the System Policy container is missing in an administrative group, right-click the group and choose the action to create one.

Auditing Object Access and Audit Directory Service Access both audit mailbox access, but the former records to the security log on the Ex server, whereas the latter records to the DC.

Know the Send on Behalf of/Delegate and Send As permissions and how to configure them.
The Send on Behalf permission may be configured on the user's Exchange General tab (Delivery Options) or from the Delegates tab in Outlook's options.
The Send As permission can be configured only from the security tab for a user (choose Advanced). In order to see the security tab, Active Directory Users and Computers must be set to Advanced Features view.

To use S/MIME for signing, encryption or both, an enterprise CA should be used because of the vital need for autoenrollment.

In order for mailbox stores to support S/MIME, they must have the Clients Support S/MIME Signatures option selected on their General tab.

Exchange relies heavily on global catalog servers, especially when looking up universal distribution groups. Ensure that Exchange servers can always reach a global catalog server over a fast, reliable link.

Review simple subnet calculation. Know, for example, if a given IP address with a given subnet mask can connect to a given gateway or not.
Remember that Windows Calculator is allowed on the exam (if you need it) and to switch it to scientific mode to make binary<->decimal conversion easier!

Coexistence with Lotus Notes/Domino and Novell GroupWise usually comes down to installing a Lotus Notes or GroupWise "connector" on an Exchange server. Additionally, to provide shared calendar and free/busy information, install the Calendar connector.

When monitoring performance counters, queue lengths of greater than 2 generally indicate bottlenecks.

Full-text indexing can speed up searches, but requires an additional ~20% of the size of the store that it indexes.

Know how Reverse DNS Lookups can help stop spoofing.

Ex2003 Native mode enables query-based distribution groups and mailboxes to be moved between administrative groups, among other things. You can switch to Native mode from the organization's properties in Exchange System Manager.

Creating a filter (which is done in Global Settings) does not put it into effect. You must access the properties of each SMTP Virtual Server and apply the filters there in order for them to take effect. The filters that can be created are connection filters (by IP), sender filters (by address) and recipient filters (by destination).