Infrastructure, Recipients, Security Flashcards
(106 cards)
What OS versions for the Domain Controller are supported by Exchange 2016?
• For Exchange 2016 CU1 and CU2:
– Windows Server, 2008 through 2012 R2
• For Exchange 2016 CU3 and later:
– Adds support for Windows Server 2016 DCs
What are Exchange’s requirements and recommendations for Domain Controllers?
- Windows Server 2008 or later
- 64-bit recommended, but not required
- At least one Global Catalog server per site that has either Exchange or Outlook clients
- Read-only Domain Controllers are not supported (just ignored by Exchange)
What unique requirements and restrictions exist when Installing Exchange on a Domain Controller?
- AD split permissions model cannot be used
- DC must be a global catalog (not enough to just have a GC in the site)
- All Exchange server computer accounts will become domain admins
- Cannot demote or promote a DC when Exchange has been installed
- Not supported for DAG members
- May impact performance stability.
What is meant by Exchange “extending the AD Schema”?
When and why is this done?
- Most of Exchange’s configuration data is stored in AD.
- The AD Schema defines all the objects and attributes for AD to store data.
- For AD to support Exchange, Exchange extends and modifies this schema.
- It occurs when the first Exchange installation occurs in an organization. It may further be extended whenever a new CU is installed.
- The cmdlet must be run from the site that contains the Schema Master for the domain.
What are the preparatory steps for Active Directory when installing Exchange?
1) Extend the AD schema
2) Prepare AD
3) Prepare AD Domains
What does the “Prepare Active Directory” step accomplish?
It creates the containers and objects in AD that make up the Exchange organization itself.
It will also prepare one domain (the root domain) of the forest.
How do you Extend the AD Schema as required before installing Exchange 2016 for the first time in an organization?
- This can only be completed from the within the same AD site as the schema master
- It will happen automatically when running Exchange setup, as long as you have the required permissions.
- But if you’d like to do it manually or in separate steps, run this command before installing:
Setup.exe /PrepareSchema
How do you Prepare AD as required before installing Exchange 2016 for the first time in an organization?
- This can only be completed from the within the same AD site as the schema master
- It will happen automatically when running Exchange setup, as long as you have the required permissions.
- But if you’d like to do it manually or in separate steps, run this command before installing:
Setup.exe /PrepareAD /OrganizationName:”Contoso”
How do you Prepare an AD Domain as required before installing Exchange?
And what Domains need to be prepared?
- If the forest contains a single domain, /PrepareAD will already have prepared that domain.
- You only need to prepare additional domains that will have Exchange objects in them.
For all domains:
• /PrepareAllDomains
For specific domains:
• /PrepareDomain:sub.contoso.com
What Permissions Models exist for Exchange, and what does each do?
• Shared Permissions Model
– Used by default
– Simplest and most common model
– Allows Exchange management roles to both create and manage security principals (e.g. users, groups) in AD
• Split Permissions Model
– Optional
– Separates the ability to create security principals from the ability to manage Exchange attributes
– Useful in large, complex organizations that require separation of administrative rights.
How is a Split Permissions model configured?
During the PrepareAD stage of AD preparation for an Exchange install:
Setup.exe
/PrepareAD
/ActiveDirectorySplitPermissions:True
/OrganizationName:”Contoso”
What is a Resource Forest?
An Active Directory Forest can only have one Exchange organization.
However, multiple Active Directory Forests can be configured to trust each other, and access each other’s resources.
A Resource Forest is a dedicated forest where Exchange is hosted, separate to the forests that contain user accounts.
What are the advantages of a Resource Forest?
- Separation of security boundaries
* Flexibility for mergers and divestitures
What is a Throttling Policy?
- Throttling Policies prevent a user from consuming excessive Exchange server resources.
- E.g. Max number of concurrent connections a user may have with a particular client access protocol; max amount of CPU time a user’s requests can consume.
- A default throttling policy is created by Exchange setup and applied to all mailboxes.
- Custom policies can be created and assigned to mailboxes using PowerShell.
Using Exchange Shell, how do you customize the Throttling Policy for a specific mailbox?
New-ThrottlingPolicy
-Name
MyLittlePolicy
[set your parameters]
Set-Mailbox
john.smith
-ThrottlingPolicy
MyLittlePolicy
What is the definition of a “recipient”?
Any mail-enabled object in AD that can have email delivered or routed to it by Exchange.
What are examples of common recipient types?
- User mailbox (AD user accounts that have been enabled with a mailbox hosted on an Exchange mailbox database)
- Mail contact (Contact objects in AD that have been enabled for email)
- Distribution group
- Mail-enabled security group
- Shared mailbox
- Room mailbox
- Equipment mailbox
- Mail-enabled Public Folder
What is the difference between a “mail contact” and a contact with an e-mail address?
- A contact object in AD can have an e-mail address, but not be enabled for email. This is because the email address can be used for other purposes, such as simply being part of the postal address.
- A Mail Contact is a Contact Object that has been enabled as a recipient for email.
What is a Shared Mailbox?
Mailboxes that are usually configured to allow access by multiple users who need to read and respond to messages.
They are associated with AD user objects, but those objects are left disabled and their passwords are managed by Exchange.
What is a Room Mailbox?
They represent bookable meeting room resources, allowing users to book a room when they need to hold a meeting.
What is an Equipment Mailbox?
Similar to a Room mailbox, but allows user to book the use of shared resources such as a shared vehicle, laptop, etc.
What is a Dynamic Distribution Group, and how does it work?
- A distribution group that does not contain a static list of members, but is instead based on a query that is assessed each time an email is sent to the group.
- The query is based on recipient attributes.
- For example, it could be configured for users who have “Sales” for their Department attribute.
What is a Linked Mailbox?
A mailbox in an Exchange organization that is associated with a user account in a separate forest.
(Used in Multi-forest / Resource forest setups)
What is a Linked User?
A user in a forest that is associated with a mailbox in a separate forest.
(Used in Multi-forest / Resource forest setups)