8/10/2019 5047B_DA01

1/9

8/10/2019 5047B_DA01

2/9

8/10/2019 5047B_DA01

3/9

Answers for Module 1: Overview of Microsoft Exchange Server 2007 and the Active Directory Directory Service 1

Lesson 1: Review of Active Directory

Discussion: Review of Active Directory ComponentsQ What is the definition of a domain?

A An Active Directory domain is a collection of computers defined by the administrator

of a Windows network. These computers share a common directory database, security

policies, and security relationships with other domains. An Active Directory domain

provides access to the centralized user accounts and group accounts maintained by the

domain administrator. Computer accounts and user accounts within an Active Directory

domain can be organized into a hierarchy based on organizational units (OUs).

Discussion: Review of Active Directory ComponentsQ What is the definition of a tree?

A A tree is set of domains that share the same Domain Name System (DNS) namespace

and have automatic trust relationships between them. The trust relationships allow

administrators to grant users in one domain access to resources in another domain.

Q What is the definition of a forest?

A A forest is a set of one or more trees that share common configuration and schema

information. When multiple trees exist in a forest, there is an automatic trust

relationship between the trees, which enables users in one tree to access resources in

another tree. There can be only one Exchange Server organization per forest.

Q Where do user accounts exist?

A User accounts are stored in each domain.

Q What type of information is shared between domains in a forest?

A All domains in a forest share the same Active Directory configuration information,

Active Directory schema information, and a common global catalog.

Q What type of information is shared among forests?

A By default, no information is shared among forests. However, you can configure forest

trusts to share resources among forests. In addition, you can use Microsoft Identity

Integration Server (MIIS), the Identity Integration Feature Pack (IIFP), or the Microsoft

Identity Lifecycle Manager (ILM) 2007 to synchronize information among forests.

8/10/2019 5047B_DA01

4/9

8/10/2019 5047B_DA01

5/9

Answers for Module 1: Overview of Microsoft Exchange Server 2007 and the Active Directory Directory Service 3

Demonstration: Viewing Active Directory Partitions and

ReplicationQ How can you tell when replication is not working?

A On a day-to-day basis, the most common indicator is replication errors that produce

inconsistent results when querying a domain controller or global catalog. For example,

the list of users in the Microsoft Office Outlook address book is different depending

on the global catalog server that the client is using. The Repadmin tool can identify

replication errors and report them to you. Repadmin also will identify the last time that

a replication completed successfully between two replication partners.

Q How do you monitor replication in your organization?

A Many people will not monitor replication in their organizations. However, they can

monitor replication by selecting a consistent time each week to run Replmon and check

for errors. Repadmin, a command-line utility, also can be used to verify replication

within an Active Directory forest.

Q What steps do you take when Active Directory replication is not working?

A Some of the steps you can take to troubleshoot and repair replication problems are:

! View error messages in Event Viewer.

! Verify network connectivity.

! Verify network configuration.

! Verify DNS configuration.

! Verify correct DNS records.

! Attempt to force replication by using Replmon or Repadmin.

! Try configuring a direct connection between domain controllers in Active Directory

Sites and Services or by using RepAdmin.

! Remove and reinstall Active Directory from the server. (This step should be used as

a last resort and only if a server will not replicate with other domain controllers in

the forest.)

8/10/2019 5047B_DA01

6/9

4 Answers for Module 1: Overview of Microsoft Exchange Server 2007 and the Active Directory Directory

Service

Lesson 2: Introduction to the Integration of ActiveDirectory and Exchange Server 2007

Demonstration: Active Directory and Exchange ServerPermissions

Q How would you give a user full administrative permissions for both Active Directory

and Exchange Server?

A Most Exchange Server configuration information is stored in Active Directory. Making

users a member of the Domain Admins group will allow them to manage all aspects of

both Active Directory and Exchange Server within a domain. For example, a member

of the Domain Admins group can create mailboxes for users within the domain, as well

as create and delete users. Enterprise Admins can manage Active Directory and

Exchange Server for the entire forest.

Demonstration: Active Directory and Exchange Server

PermissionsQ How would you give a user as few Active Directory rights as possible, but with full

Exchange Server permissions?

A Making users Exchange Server administrators is not dependent on giving them full

rights to Active Directory. You can give users rights to Exchange Server by making

them members of the appropriate Exchange Server administration group. To give users

full Exchange Server rights, place them in the Exchange Organization Administrators

group.

Demonstration: Understanding the Integration of Active Directory

and Exchange Server 2007Q How will you use ADSI Edit in your workplace?

A ADSI Edit is not used often. It is used only to configure specific Exchange Server

or Active Directory characteristics that cannot be accessed by using a graphical

administration tool. The risk of making an incorrect edit using ADSI is much higher

than when using an administrative tool specifically designed for managing Exchange

Server.

8/10/2019 5047B_DA01

7/9

Answers for Module 1: Overview of Microsoft Exchange Server 2007 and the Active Directory Directory Service 5

Demonstration: Understanding the Integration of Active Directory

and Exchange Server 2007Q Did you see any information in Active Directory that you did not expect to find?

A The configuration partition stores the vast majority of Exchange Server configuration

information to ensure that all computers running Exchange Server can query the

characteristics of other computers running it. Many students might expect that

information to be in the domain partition instead.

Lab: Overview of How Exchange Server 2007 andActive Directory Work Together

Exercise: Explaining How Exchange Server 2007 and Active

Directory Work TogetherQ What are the components that Exchange Server relies on and which need to be in place?

A Exchange Server relies on Active Directory to function properly, such as the required

correct placement of domain controllers and global catalog servers. DNS must also be

properly implemented to allow Exchange servers and clients to query information for

Active Directory.

Q For scenario 1, what Active Directory changes should be made?

A The two existing Active Directory forests should be merged into a single forest. This

enables them to have a single Exchange Server organization with a single global

address list. They may also consider migrating into a single domain with multiple OUs,

but this would not affect the Exchange Server deployment.

Q For scenario 1, what Active Directory sites should be configured?

A A site should be configured for each physical location. Three Active Directory sites

should be created for Miami, Vancouver Tailspin Toys, and Vancouver Adventure

Works. If network links are fast enough, it may be possible to combine both Vancouver

locations into a single site.

Q For scenario 1, where should deployment of domain controllers and global catalog

servers occur?

A Domain controllers and global catalog servers should be implemented at each site witha computer running Exchange Server. The current configuration has a separate domain

for each site and should have a domain controller and global catalog server for each site.

8/10/2019 5047B_DA01

8/9

6 Answers for Module 1: Overview of Microsoft Exchange Server 2007 and the Active Directory Directory

Service

Q For scenario 2, what Active Directory changes should be made?

A No Active Directory changes are required, although consideration could be given to

migrating to a single domain.

Q For scenario 2, what Active Directory sites should be configured?

A A site should be configured for each physical location. Five Active Directory sites

should be created for Miami and the four other states.

Exercise: Explaining How Exchange Server 2007 and Active

Directory Work TogetherQ For scenario 2, where should domain controllers and global catalog servers be

deployed?

A Domain controllers and global catalog servers should be implemented at each site with

a computer running Exchange Server. The current configuration has a separate domain

for each site and should have a domain controller and global catalog server for each site.

Q For scenario 3, what Active Directory changes should be made?

A No Active Directory changes are required.

Q For scenario 3, what Active Directory sites should be configured?

A A: A site should be configured for each physical location. Three Active Directory sites

should be created. The current slow logon problem is indicative of sites not being

configured.

Q For scenario 3, where should domain controllers and global catalog servers be

deployed?

A Domain controllers and global catalog servers should be implemented at each site with

a computer running Exchange Server. The domain controller at each site should also be

configured as a global catalog server.

Q When scaled out, why does routing become critical?

A In a small organization with a single site, routing is relatively unimportant because

communication among all of the servers is fast and reliable. In a larger organization,

with many physical sites, routing is important. When the large organizations physical

sites are poorly implemented, such as when site links are configured with incorrect

costs (causing inefficient routing), unnecessary network traffic is created that

overwhelms network links. In addition, incorrectly configured routing may result in

unreliable message delivery.

8/10/2019 5047B_DA01

9/9

Answers for Module 1: Overview of Microsoft Exchange Server 2007 and the Active Directory Directory Service 7

Q Will your organization need to make changes to your Active Directory configuration

before deploying Exchange Server 2007?

A Answers will vary. However, in most cases, students will already have a well defined

Active Directory structure implemented. This structure will likely have been in place

for some time. The most common change would be to refine the sites and site links.