5047B_DA01
Transcript of 5047B_DA01
-
8/10/2019 5047B_DA01
1/9
-
8/10/2019 5047B_DA01
2/9
-
8/10/2019 5047B_DA01
3/9
Answers for Module 1: Overview of Microsoft Exchange Server 2007 and the Active Directory Directory Service 1
Lesson 1: Review of Active Directory
Discussion: Review of Active Directory ComponentsQ What is the definition of a domain?
A An Active Directory domain is a collection of computers defined by the administrator
of a Windows network. These computers share a common directory database, security
policies, and security relationships with other domains. An Active Directory domain
provides access to the centralized user accounts and group accounts maintained by the
domain administrator. Computer accounts and user accounts within an Active Directory
domain can be organized into a hierarchy based on organizational units (OUs).
Discussion: Review of Active Directory ComponentsQ What is the definition of a tree?
A A tree is set of domains that share the same Domain Name System (DNS) namespace
and have automatic trust relationships between them. The trust relationships allow
administrators to grant users in one domain access to resources in another domain.
Q What is the definition of a forest?
A A forest is a set of one or more trees that share common configuration and schema
information. When multiple trees exist in a forest, there is an automatic trust
relationship between the trees, which enables users in one tree to access resources in
another tree. There can be only one Exchange Server organization per forest.
Q Where do user accounts exist?
A User accounts are stored in each domain.
Q What type of information is shared between domains in a forest?
A All domains in a forest share the same Active Directory configuration information,
Active Directory schema information, and a common global catalog.
Q What type of information is shared among forests?
A By default, no information is shared among forests. However, you can configure forest
trusts to share resources among forests. In addition, you can use Microsoft Identity
Integration Server (MIIS), the Identity Integration Feature Pack (IIFP), or the Microsoft
Identity Lifecycle Manager (ILM) 2007 to synchronize information among forests.
-
8/10/2019 5047B_DA01
4/9
-
8/10/2019 5047B_DA01
5/9
Answers for Module 1: Overview of Microsoft Exchange Server 2007 and the Active Directory Directory Service 3
Demonstration: Viewing Active Directory Partitions and
ReplicationQ How can you tell when replication is not working?
A On a day-to-day basis, the most common indicator is replication errors that produce
inconsistent results when querying a domain controller or global catalog. For example,
the list of users in the Microsoft Office Outlook address book is different depending
on the global catalog server that the client is using. The Repadmin tool can identify
replication errors and report them to you. Repadmin also will identify the last time that
a replication completed successfully between two replication partners.
Q How do you monitor replication in your organization?
A Many people will not monitor replication in their organizations. However, they can
monitor replication by selecting a consistent time each week to run Replmon and check
for errors. Repadmin, a command-line utility, also can be used to verify replication
within an Active Directory forest.
Q What steps do you take when Active Directory replication is not working?
A Some of the steps you can take to troubleshoot and repair replication problems are:
! View error messages in Event Viewer.
! Verify network connectivity.
! Verify network configuration.
! Verify DNS configuration.
! Verify correct DNS records.
! Attempt to force replication by using Replmon or Repadmin.
! Try configuring a direct connection between domain controllers in Active Directory
Sites and Services or by using RepAdmin.
! Remove and reinstall Active Directory from the server. (This step should be used as
a last resort and only if a server will not replicate with other domain controllers in
the forest.)
-
8/10/2019 5047B_DA01
6/9
4 Answers for Module 1: Overview of Microsoft Exchange Server 2007 and the Active Directory Directory
Service
Lesson 2: Introduction to the Integration of ActiveDirectory and Exchange Server 2007
Demonstration: Active Directory and Exchange ServerPermissions
Q How would you give a user full administrative permissions for both Active Directory
and Exchange Server?
A Most Exchange Server configuration information is stored in Active Directory. Making
users a member of the Domain Admins group will allow them to manage all aspects of
both Active Directory and Exchange Server within a domain. For example, a member
of the Domain Admins group can create mailboxes for users within the domain, as well
as create and delete users. Enterprise Admins can manage Active Directory and
Exchange Server for the entire forest.
Demonstration: Active Directory and Exchange Server
PermissionsQ How would you give a user as few Active Directory rights as possible, but with full
Exchange Server permissions?
A Making users Exchange Server administrators is not dependent on giving them full
rights to Active Directory. You can give users rights to Exchange Server by making
them members of the appropriate Exchange Server administration group. To give users
full Exchange Server rights, place them in the Exchange Organization Administrators
group.
Demonstration: Understanding the Integration of Active Directory
and Exchange Server 2007Q How will you use ADSI Edit in your workplace?
A ADSI Edit is not used often. It is used only to configure specific Exchange Server
or Active Directory characteristics that cannot be accessed by using a graphical
administration tool. The risk of making an incorrect edit using ADSI is much higher
than when using an administrative tool specifically designed for managing Exchange
Server.
-
8/10/2019 5047B_DA01
7/9
Answers for Module 1: Overview of Microsoft Exchange Server 2007 and the Active Directory Directory Service 5
Demonstration: Understanding the Integration of Active Directory
and Exchange Server 2007Q Did you see any information in Active Directory that you did not expect to find?
A The configuration partition stores the vast majority of Exchange Server configuration
information to ensure that all computers running Exchange Server can query the
characteristics of other computers running it. Many students might expect that
information to be in the domain partition instead.
Lab: Overview of How Exchange Server 2007 andActive Directory Work Together
Exercise: Explaining How Exchange Server 2007 and Active
Directory Work TogetherQ What are the components that Exchange Server relies on and which need to be in place?
A Exchange Server relies on Active Directory to function properly, such as the required
correct placement of domain controllers and global catalog servers. DNS must also be
properly implemented to allow Exchange servers and clients to query information for
Active Directory.
Q For scenario 1, what Active Directory changes should be made?
A The two existing Active Directory forests should be merged into a single forest. This
enables them to have a single Exchange Server organization with a single global
address list. They may also consider migrating into a single domain with multiple OUs,
but this would not affect the Exchange Server deployment.
Q For scenario 1, what Active Directory sites should be configured?
A A site should be configured for each physical location. Three Active Directory sites
should be created for Miami, Vancouver Tailspin Toys, and Vancouver Adventure
Works. If network links are fast enough, it may be possible to combine both Vancouver
locations into a single site.
Q For scenario 1, where should deployment of domain controllers and global catalog
servers occur?
A Domain controllers and global catalog servers should be implemented at each site witha computer running Exchange Server. The current configuration has a separate domain
for each site and should have a domain controller and global catalog server for each site.
-
8/10/2019 5047B_DA01
8/9
6 Answers for Module 1: Overview of Microsoft Exchange Server 2007 and the Active Directory Directory
Service
Q For scenario 2, what Active Directory changes should be made?
A No Active Directory changes are required, although consideration could be given to
migrating to a single domain.
Q For scenario 2, what Active Directory sites should be configured?
A A site should be configured for each physical location. Five Active Directory sites
should be created for Miami and the four other states.
Exercise: Explaining How Exchange Server 2007 and Active
Directory Work TogetherQ For scenario 2, where should domain controllers and global catalog servers be
deployed?
A Domain controllers and global catalog servers should be implemented at each site with
a computer running Exchange Server. The current configuration has a separate domain
for each site and should have a domain controller and global catalog server for each site.
Q For scenario 3, what Active Directory changes should be made?
A No Active Directory changes are required.
Q For scenario 3, what Active Directory sites should be configured?
A A: A site should be configured for each physical location. Three Active Directory sites
should be created. The current slow logon problem is indicative of sites not being
configured.
Q For scenario 3, where should domain controllers and global catalog servers be
deployed?
A Domain controllers and global catalog servers should be implemented at each site with
a computer running Exchange Server. The domain controller at each site should also be
configured as a global catalog server.
Q When scaled out, why does routing become critical?
A In a small organization with a single site, routing is relatively unimportant because
communication among all of the servers is fast and reliable. In a larger organization,
with many physical sites, routing is important. When the large organizations physical
sites are poorly implemented, such as when site links are configured with incorrect
costs (causing inefficient routing), unnecessary network traffic is created that
overwhelms network links. In addition, incorrectly configured routing may result in
unreliable message delivery.
-
8/10/2019 5047B_DA01
9/9
Answers for Module 1: Overview of Microsoft Exchange Server 2007 and the Active Directory Directory Service 7
Q Will your organization need to make changes to your Active Directory configuration
before deploying Exchange Server 2007?
A Answers will vary. However, in most cases, students will already have a well defined
Active Directory structure implemented. This structure will likely have been in place
for some time. The most common change would be to refine the sites and site links.