Home > Sample chapters

How to Install, Configure, and Manage the Mailbox Role in Microsoft Exchange Server 2013

Answers

This section contains the solutions to the Thought experiments and answers to the objective review questions in this chapter.

Objective 1.1: Thought experiment

  1. The Hyper-V administrator recommends using dynamic VHDX files located on the SAN volume for virtual machines for the Exchange 2013 server roles. While the recommendation by itself might not be an issue, the administrator also stated his goal of achieving consolidation ratio of 100 VMs per virtualization host. This could mean the storage volume might be shared with multiple VMs. When sharing single volume with multiple VMs, I/O characteristics of the volume needs to be able to sustain a peak load of all VMs, while meeting storage I/O and latency requirements of virtualized Exchange server roles.

    The stated goal of achieving the consolidation ratio of 100 VMs per virtualization host is a concern. If more than two virtual CPUs are allocated per physical CPU core, the virtualized Exchange server role configuration will be unsupported.

  2. The storage administrator prefers to create large RAID arrays consisting of multiple disks and creates multiple volumes from the existing array, as needed. The concern with this idea is, as more volumes are created, despite the ability to spread I/O from multiple workloads to multiple underlying spindles, the possibility of competing I/O is higher. This situation becomes more pronounced during peak usage periods. While the proposed solution might not be an issue, the concern should be discussed and a solution should be tested using Jetstress with load simulation that represents an expected concurrent I/O from all applications that will share the array.
  3. To provide the best possible user experience in remote locations when connectivity is provided by slower WAN links, it’s ideal to locate public folder mailboxes that host content frequently accessed by users in the datacenters that provide fast and robust connectivity to such locations. Careful planning of a public folder hierarchy is required, because only one writable copy can exist for any given public folder active at a time.

Objective 1.1: Review

  1. Correct answer: C

    1. Incorrect: While both RAID5 and SSD disks are supported for use with Exchange 2013 mailbox server roles, it fails to meet the stated goal of achieving the best possible cost benefits for large mailboxes allocated to each user. SSD disks are fast, but they don’t provide a large capacity at a low cost.
    2. Incorrect: NFS storage isn’t supported for use by physical or virtualized Exchange 2013 roles.
    3. Correct: While 15,000 RPM SCSI disks on Fibre-Channel SAN might not be the cheapest option, it is the only supported configuration that is cheaper of the two valid options, making it the only correct choice for the given objective.
    4. Incorrect: Even though DAS deployments might be cheaper, when combined with RAID10 configuration, the number of disks required will increase the cost of overall solution.
  2. Correct answer: B

    1. Incorrect: Exchange Profile Analyzer is designed for Exchange 2007 and doesn’t work with Exchange 2010 servers.
    2. Correct: Performance counters from Exchange 2010 servers contain information required to determine the user profiles for a given environment.
    3. Incorrect: Transaction log files might seem like a legitimate choice to determine user profile data, but they aren’t human readable text files that can be parsed to obtain user profile information.
    4. Incorrect: Exchange Log Analyzer is a tool to analyze message tracking logs. However, it can’t provide required profile analysis per user.
  3. Correct answer: A

    1. Correct: New-Mailbox is the cmdlet used to create a new public folder mailbox in Exchange 2013. The IsExcludedFromServingHeirarchy parameter prevents Exchange from serving the public folder hierarchy to its user.
    2. Incorrect: New-Mailbox is the correct cmdlet, but IsHeirarchyReady is a parameter managed by Exchange server. Its value is automatically changed to true by Exchange server when the hierarchy synchronization is complete.
    3. Incorrect: The New-PublicFolder cmdlet is used to create a folder in the hierarchy after the public folder mailbox is created using the New-Mailbox cmdlet. The IsHierarchyReady parameter is irrelevant due to the wrong cmdlet usage.

Objective 1.2: Thought experiment

  1. Because Litware requires the ability to limit the Address Book views to the Address Book, segmentation should be deployed. Creating separate address lists for each acquired company and assigning appropriate Address Book policies can provide required segmentation. The Address Book policy-routing transport agent should also be installed and enabled to block name resolution across logical boundaries created by ABPs.
  2. An existing stated environment implies centralized design. Proposed public folder goals require installation of an Exchange server hosting public folder mailboxes in remote locations to avoid latency and poor performance. Availability requirements also implies that DAG should be deployed. The impact of these design changes require that Exchange servers be deployed in remote locations, departing from current centralized deployment, which has all Exchange servers deployed in a central location.

Objective 1.2: Review

  1. Correct answer: C

    1. Incorrect: Preparing a schema is required only once per organization during setup or when applying updates.
    2. Incorrect: Preparing Active Directory is required only once per organization during setup or when applying updates.
    3. Correct: Preparing a domain is required once per domain that will host recipient objects or Exchange servers. In this example, a new domain is introduced after a deployment of Exchange servers was made in a different domain. Because the new domain was never prepared for Exchange server objects and is to be host recipients, it needs to be prepared.
  2. Correct answer: C

    1. Incorrect: The Move-OfflineAddressBook cmdlet is used to set the OAB generation server in Exchange 2010.
    2. Incorrect: The Set-OfflineAddressBook cmdlet doesn’t have parameters to move OAB generation to a different server.
    3. Correct: In Exchange 2013, OAB generation is moved to an arbitration mailbox. To move OAB generation to a different server, you must move the arbitration mailbox with OAB generation capabilities to a mailbox database hosted on the desired server.
    4. Incorrect: Update-OfflineAddressBook cmdlet forces an update to generate updated OAB files downloaded by users. It does not move generation to different server.
  3. Correct answer: A

    1. Correct: To change the display order of the CEO’s mailbox, the seniority index must be set on the mailbox object.
    2. Incorrect: Changing the seniority index on the distribution group changes the display order of the group object, but not of its member recipient objects.
    3. Incorrect: Set-OrganizationConfig has no impact on the display order of recipients in the HAB.
    4. Incorrect: Set-AddressList cmdlet does not change seniority property for a mailbox.

Objective 1.3: Thought experiment

  1. The DAG design needs to account for a 60/40 split of users between two datacenters. A single DAG stretching two datacenters can provide service to all users during normal operation. But when connectivity between datacenters is lost, depending on the location of file share witness, only one of the two datacenters can obtain a majority and continue servicing users. Affecting 40 percent of users due to network outage isn’t a desirable outcome. Creating two DAGs stretching across sites can provide users from each datacenter with uninterrupted service even during the outage of a network link between sites because each DAG can maintain the majority for its location. This design also has a higher cost impact. Because site resiliency is not a stated requirement, a single DAG for each location can provide the same level of availability, while saving money.
  2. If a single DAG is deployed per location with no mailbox servers located across the sites, a file share witness should be located in the same site as the mailbox servers for DAG. If one stretched DAG per site is deployed, the file share witness should be located at the primary site being served by the DAG. A third site for a file share witness can’t be recommended because there’s no mention of availability of a third site, planned or existing. Also, network link quality and redundancy is an unknown. Locating a file share witness in a third site requires robust and redundant network links from each site to a third site where the file share witness is to be located.

Objective 1.3: Review

  1. Correct answer: B

    1. Incorrect: Failover Cluster functionality required to create a cluster without an administrative point doesn’t exist in Windows Server 2008 R2.
    2. Correct: Failover Cluster functionality required to create a cluster without an administrative point was introduced in Windows Server 2012 R2.
    3. Incorrect: Failover Cluster functionality required to create a cluster without an administrative point doesn’t exist in Windows Server 2012.
  2. Correct answers: B and D

    1. Incorrect: Database files of a database with circular logging can’t be moved to a different location.
    2. Correct: Circular logging is required to be disabled before moving a database file to a different location.
    3. Incorrect: Database doesn’t need to be dismounted before moving database files to a different path. The Move-DatabasePath cmdlet automatically dismounts the database and mounts it again. If a database is manually dismounted before running the Move-DatabasePath cmdlet, the cmdlet won’t automatically mount the database after moving the database file to a new location.
    4. Correct: The Move-DatabasePath cmdlet dismounts the database, moves the database file to new path, and mounts the database.
  3. Correct answers: B and C

    1. Incorrect: By default, DAG manages networks automatically Setting ManualDagNetworkConfiguration to $false is similar to automatic management of networks. The required goal is opposite.
    2. Correct: By setting ManualDagNetworkConfiguration to $true, you are enabling ability to manage DAG networks manually. This is required to achieve stated goal.
    3. Correct: to remove SCSI network from DAG networks, you need to set IgnoreNetwork to $true.
    4. Incorrect: Until IgnoreNetwork is congifured to $true, DAG automatically uses all networks. Setting IgnoreNetwork to $false does not help achieve the stated objective.

Objective 1.4: Thought experiment

You need to address two primary concerns. One is frequent failovers of the databases. It is important to find out why the failovers are occurring in the first place. Using CollectOverMetrics.ps1 is the best way to collect data from all servers in the DAG and correlate the events that could be causing the databases to fail over. This could also help prevent the failovers from happening if the root cause can be remediated. The concern about activation preference can be addressed by explaining the process of BCS, which uses an activation preference as one of many factors of determining which copy is the best copy for activation, given its health and the possibility of data loss or performance degradation. Along with a review of data collected by script, as previously discussed, it can be determined why the preferred copy wasn’t selected. Lastly, as discussed in the section, Troubleshooting database copy activation, you can force activation of local copies only by configuring intrasite only property on the mailbox server configuration.

Objective 1.4: Review

  1. Correct answers: A, B, and C

    1. Correct: CollectOverMetrics.ps1 can collect logs from a specified mailbox server or from all servers in the DAG. The CSV file and HTML report can help determine if the copy failed over due to an error or as the result of an administrative action.
    2. Correct: While not as efficient as CollectOverMetrics.ps1, crimson event logs can help determine if the copy failed over due to an error or as the result of an administrative action. This process requires more work because the administrator must manually collect all events from all servers and correlate the events manually.
    3. Correct: Searching admin audit logs can help determine what actions the administrator performed and if an action could have affected the active database copy, resulting in a switchover or a failover of the database. If the database failed over due to an error on the server, and not as an administrative action, searching the administrative log isn’t effective and can only partially address the concern.
    4. Inorrect: Get-DatabaseAvailabilityGroup only returns database availability group properties and does not help achieve stated goal
  2. Correct answers: A and B

    1. Correct: Low disk space can prevent logs from being copied over to database copies.
    2. Correct: A missing or corrupt log file required for database copies to be consistent can cause copy queue length greater than zero as the system can’t replicate required data until the missing or corrupt log file is restored.
    3. Incorrect: Because it’s stated that all the servers are able to communicate to the server hosting active database copy, a network issue causing transmission failure was ruled out.
    4. Incorrect: TCP chimney offload helps improve processing of network data.
  3. Correct answer: A

    1. Correct: Configuring MaximumActiveDatabases parameter using Set-MailboxServer cmdlet defines how many databases can be active on a mailbox server at a time.
    2. Incorrect: Update-MailboxDatabaseCopy cmdlet does not have option to configure maximum databases per server.
    3. Incorrect: Set-DatabaseAvailabilityGroup cmdlet allows configuration of DAG but can’t set maximum databases per server.
    4. Incorrect: Add-ServerMonitoringOverride cmdlet allows override of managed availability probes, monitors and responders.

Objective 1.5: Thought experiment

While it might seem that a 14-day maximum limit on lagged copies might not be able to meet the requirements of a litigation hold, which could be up to six months on average, the retention of deleted data is provided by a single item retention and legal hold features. These features store deleted data in folders hidden from a user, but they are part of the user’s mailbox. The discovery and restoration of deleted data can be performed using a single-item recovery process and rarely requires the use of lagged copy. Lagged copies have the required data if the single item recovery and legal hold limits are configured appropriately. Lagged copies are merely holding the same data already protected by retention settings.

Objective 1.5: Review

  1. Correct answer: B

    1. Incorrect: Suspending a lagged copy suspends all operations including a copy of the log files from the active copy of the database and replay of the log files that meet the lag requirements. This doesn’t meet the stated goal.
    2. Correct: Only suspending a lagged copy for activation doesn’t completely suspend the database copy. It only suspends the activation of the lagged copy by removing it from the BCS process. This allows a lagged copy to receive log files and replays them if the lagged configuration requirements are met. Because activation is blocked, manual intervention is required if the copy must be activated.
    3. Incorrect: Removing permissions assigned to Exchange Trusted Subsystem (ETS) on an Exchange server should never be recommended. It has undesired and unexpected consequences because Exchange server relies on the permissions to carry out required tasks on the server.
    4. Incorrect: Removing permissions assigned to Exchange Trusted Subsystem (ETS) on an Exchange server should never be recommended. It has undesired and unexpected consequences because Exchange server relies on the permissions to carry out required tasks on the server.
  2. Correct answer: C

    1. Incorrect: Only one repair request can run against a mailbox database at any given time.
    2. Incorrect: While up to 100 active mailbox repair requests can be active on a server, only one request can be active against a given database.
    3. Correct: Distributing mailboxes to multiple databases allows multiple repair requests to run against mailboxes simultaneously. While this requires moving mailboxes, it’s the only option that meets the stated goal of fixing corruption on all mailboxes in the shortest amount of time.
    4. Incorrect: performing offline repair on the database does not achieve stated goal.
  3. Correct answer: C

    1. Incorrect: cumulative updates are full Exchange installs. If a CU fails, simply trying a reinstall does not fix the issue.
    2. Incorrect: cumulative update uninstalls Exchange before installing new updates. You can’t uninstall a CU after it is installed.
    3. Correct: you must recover Exchange server using setup if CU fails to install, since CU install uninstalls Exchange from the server first before installing updated version of Exchange server.
    4. Incorrect: you can’t recover a failed CU install by using last known good configuration option

Objective 1.6: Thought experiment

Mail storms caused by Reply All from multiple recipients on the distribution groups can be addressed by moderating the distribution group. Moderators can reject all unnecessary replies, or simply ignore them and only approve valid responses.

A data leak of sensitive information might be seen as best addressed by DLP features of Exchange 2013. But, at the core of the requirement, you’re required to configure approval when certain content is detected in a message. Because moderation is a transport function, you can meet the stated requirement with moderation.

Objective 1.6: Review

  1. Correct answer: C

    1. Incorrect: The Set-ADPermission cmdlet enables you to configure Send As permissions on a mailbox. It doesn’t address a stated requirement.
    2. Incorrect: The Set-Mailbox cmdlet doesn’t have the capability to configure auto-mapping properties on a shared mailbox.
    3. Correct: Auto-mapping properties can only be configured when assigning permissions using the Add-MailboxPermission cmdlet. If already assigned, you must remove the permissions to change the property of auto-mapping behavior.
    4. Incorrect: Set-CASMailbox cmdlet can’t be used to configure auto mapping properties of a mailbox.
  2. Correct answer: D

    1. Incorrect: Adding an administrator account to the Domain Admins group in resource forest provides access to domain administration functions in resource forest only.
    2. Incorrect: Adding an administrator account to the Domain Admins group in account forest provides access to domain administration functions in account forest only.
    3. Incorrect: Adding an administrator account to the Enterprise Admins group in account forest provides access to enterprise administration functions in account forest only.
    4. Correct: When an account forest trusts a resource forest, adding a linked mailbox can proceed without requiring an administrator to provide credentials due to an existing trust.
  3. Correct answer: D

    1. Incorrect: Default configuration of a new distribution group only allows internal users to submit messages.
    2. Incorrect: AcceptMessagesOnlyFrom parameter allows you to configure recipients who can send messages to the distribution group. It is not practical for external senders who may not be known.
    3. Incorrect: BypassModerationFromSendersOrMembers parameter is used for moderation of a group. It does not allow external senders to submit messages to a distribution group.
    4. Correct: for external senders to be able to send messages to a distribution group, you must allow unauthenticated sender to submit messages. RequireSenderAuthenticationEnabled parameter allows you to do that.

Objective 1.7: Thought experiment

When using Add-MailboxPermission or EAC to assign delegate permissions on the mailbox, you need to account for few important aspects. One is the type of permissions you can assign to the mailbox. Most commonly discussed permissions are full access to the mailbox, but it may not be desired in all instances. Exchange allows you to assign other permissions such as read only, change permission and change if the delegate created the item.

Inheritance is another consideration. When permissions are assigned, you can configure the permission to apply to all folders within the mailbox. Again, this may not be desired and in such instances, do not set InheritanceType parameter to All.

When users have full or other limited access to another mailbox, chances are, they would also like to send email on behalf of the user or as the user if necessary. For an example, a support desk analyst may not want to be identified individually when responding to a support request. In such instance, you would need to assign send as permissions on the mailbox.

Objective 1.7: Review

  1. Correct answer: D

    1. Incorrect: AllBookInPolicy applies to all users who can schedule the resource if their request is within defined policy requirements.
    2. Incorrect: AllRequestInPolicy applies to all users who are allowed to request scheduling of resource when their request is within defined policy requirements.
    3. Incorrect: AllRequestOutOfPolicy applies to all users. Users are allowed to request scheduling of resource if request is out of policy.
    4. Correct: RequestOutOfPolicy allows specified user to request resource scheduling even if the request is out of policy parameters configured for given resource mailbox.
  2. Correct answer: A

    1. Correct: when AddNewRequestTentatively parameter is set to $false, the resource mailbox stops adding in-policy scheduling requests to be added to the resource calendar tentatively while awaiting approval from delegate.
    2. Incorrect: AutomateProcessing parameter allows you to configure calendar processing on the resource mailbox. This parameter affects all requests and isn’t designed to handle tentative processing only.
    3. Incorrect: Confirm parameter applies to all PowerShell cmdlets and is used to stop processing when a confirmation from administrator is needed. It does not help achieve stated objective.
    4. Inorrect: ScheduleOnlyDuringWorkHours parameter allows you to control whether the resource mailbox should accept meeting requests outside of configured working hours of the resource mailbox. It does not help address stated requirement.
  3. Correct answer: B

    1. Incorrect: Set-Mailbox cmdlet allows you to modify settings of an existing mailbox. It can’t be used to configure send as permissions.
    2. Correct: Add-ADPermission cmdlet allows you to configure send as permissions on a mailbox using impersonation.
    3. Incorrect: Set-CASMailbox cmdlet is used to configure client access settings of a mailbox.
    4. Incorrect: Set-SharingPolicy cmdlet is used to modify free/busy sharing with users outside the organization.