Pro Exchange Administration: Understanding On-premises and Hybrid Exchange Deployments 1484295900, 9781484295908
Move to the current version of Exchange Server, whether it be stand-alone, on-premises, or in a hybrid configuration wit
122 77 15MB
English Pages 953 [945] Year 2023
Table of contents :
Table of Contents
About the Authors
About the Technical Reviewer
Introduction
Part I: Infrastructure and Exchange Server
Chapter 1: Exchange 2019 Introduction
Exchange Server 2019 Editions
What’s New in Exchange Server 2019
What Has Been Discontinued or Deprecated in Exchange Server 2019
Exchange 2019 and Active Directory
Integration with Active Directory
Active Directory Partitions
Active Directory Permissions
Active Directory Sites
Exchange Online and Azure Active Directory
Exchange Server 2019 Architecture
Exchange 2019 Services
Exchange 2019 Client Access Services
Exchange 2019 Mailbox Services
Exchange Server 2019 Management
Exchange Admin Center
Exchange Admin Center in Exchange Online
Exchange Management Shell
PowerShell
Additional Modules
Remote PowerShell
PowerShell ISE
Exchange Online PowerShell
Virtualization
Summary
Chapter 2: Exchange Infrastructure
Designing Your Exchange 2019 Environment
Exchange 2019 Server Role Requirements Calculator
Installation of Exchange 2019
Hardware Requirements
Software Requirements
Installing Exchange 2019
Disk Configuration
Installing Prerequisite Software
Exchange 2019 Unattended Setup
Prepare the Schema Partition
Prepare the Configuration Partition
Prepare the Domain Partition
Exchange 2019 Unattended Setup
Exchange 2019 Graphical Setup
Configuring the Exchange 2019 Server
Configuring Exchange 2019
Virtual Directories
Configure an SSL Certificate
Request an SSL Certificate Using EMS
Exporting an Existing SSL Certificate
Importing an Existing SSL Certificate
Create a Send Connector
Receive Connectors
Accepted Domains
Create an Email Address Policy
Relocate the Initial Mailbox Database (GUI Setup Only)
Relocate the SMTP Queue Database (Optional)
Relocate IIS Log Files (Optional)
Enter a Product Key
Add Additional Mailbox Databases
High Availability
Mailbox Service High Availability
Cluster Nodes and the File Share Witness
Cluster Administrative Access Point
Replication
File Mode Replication
Block Mode Replication
Seeding
Replication (Copy) Queue and Replay Queue
Lagged Copies
Active Manager
DAG Across (Active Directory) Sites
DAG Networks
DAG Creation
Creating the Database Availability Group Object
Adding Exchange Servers
Adding the Mailbox Database Copies
Configuring the DAG Networks
Exchange Transport
Transport Pipeline
Routing Destinations
Delivery Groups
Queues
Shadow Redundancy
Managing Queues
Safety Net
Send and Receive Connectors
Send Connectors
Receive Connectors
SMTP Relay
Create a New Receive Connector
Modify Permissions on the Receive Connector
Message Tracking
Edge Transport Server
Installing and Configuring Edge Transport Servers
Prepare the Edge Transport Server
Unattended Installation of the Edge Transport Server
Create an Edge Subscription
Relocate the Transport Database
Test the Edge Transport Server
Export and Import Edge Configuration
Protocol Logging
SSL Certificates
Load-Balancing the Edge Transport Servers
Upgrading from Exchange 2013 or Exchange 2016
Moving to Exchange 2019
Installing Exchange 2019
Namespaces with Exchange
Virtual Directories
SSL Certificates
SMTP Mail in a Coexistence Scenario
Using an Edge Transport Server
Continuing with the Previous Edge Transport Server
Introducing a New Exchange 2019 Edge Transport Server
Moving Resources to Exchange 2019
Moving Mailboxes to Exchange 2019
Address Lists in Exchange 2019
Decommissioning the Previous Exchange Server
Summary
Chapter 3: Managing Exchange
Managing Databases
Rename a Mailbox Database
Move a Mailbox Database
Circular Logging
Quota Settings
Assign an Offline Address Book
Create a New Mailbox Database
Delete a Mailbox Database
Online Maintenance
Deleted Items Retention
Online Maintenance
Managing Mailboxes
Create a User Mailbox
Mailbox-Enabling an Existing User Account
Remove a Mailbox
Managing Mailboxes
Active Directory Properties
Quota Settings
Regional Settings
Assign Address Book Policies
Adding Email Addresses
Archive Mailboxes
Cmdlet Extension Agents
Mailbox Delegation
Moving Mailboxes
Importing and Exporting Mailboxes to PST Files
Resource Mailboxes
Shared Mailboxes
Linked Mailboxes
Managing Groups
Create a New Distribution Group
Mail-Enable an Existing Group
Manage Group Membership
Group Membership Approval
Dynamic Distribution Groups
Moderated Distribution Group
Expansion Server
Remove a Distribution Group
Managing Contacts
Mail-Enabled Contacts
Mail-Enabled Users
Cumulative Updates and Security Updates
Cumulative Updates
Security Updates
Monitoring and Reporting
Monitoring Tools
Event Viewer
Crimson Channel
Performance Monitoring
Task Manager
Performance Monitor Tool
Real-Time Monitoring
Performance Monitor Logging
Managed Availability
End-to-End Monitoring
Managed Availability Architecture
Exchange 2013 CAS and Managed Availability
Monitoring Using the Exchange Management Shell
Server Health
Queue Monitoring
Mailbox Database Replication
Workload Management
Managing Workloads by Monitoring System Resources
Workloads and Performance
Workload Classifications
Workload Management Policy Settings
Managing Workloads for Individual Users
Summary
Part II: Office 365 Integration
Chapter 4: Azure AD Identities
Cloud Identities
Synchronized Identities
Federated Identities
Azure AD Connect
AD Connect Deployment
AD Connect Health
Chapter 5: Exchange Online
Exchange Hybrid Topologies
Deploying Exchange Hybrid
Hybrid Configuration Wizard
PowerShell: Connecting to Office 365
Connecting to Exchange Online
Connecting to Azure Active Directory
OAuth
Autodiscover in Exchange Hybrid
Mailbox Migration
Managing Remote Mailboxes
Federation with Azure Active Directory
Sharing of Information
Organizational Relationships
Sharing Policies
Internet Calendar Publishing
Mail Transport
Inbound Mail
Centralized Mail Transport
Outbound Mail
Enhanced Filtering
Exchange Online Archiving
Message Tracking
Recipient Management Only
Summary
Part III: Security
Chapter 6: Publishing Exchange Server
Virtual Directories
Namespaces
Split DNS
Certificates
Requesting Certificates
Exporting Certificates
Importing Certificates
Autodiscover
Domain-Joined Clients
Non-Domain-Joined Clients
Autodiscover Redirect
Autodiscover SRV Records
Autodiscover V2
Client Connectivity
Outlook
MAPI over HTTP
Web-Based Clients
Offline Settings
Outlook Apps
Exchange Admin Center
Exchange Web Services
REST API
Mobile Clients
IMAP and POP
High Availability
Load Balancing
Health Check Monitors
SSL Offloading
Load Balancer Transparency
Up-Level and Down-Level Proxying
Azure AD Application Proxy
Azure Front Door
Chapter 7: Email Authentication
Sender Policy Framework
Constructing the SPF Record
Checking the SPF Record
DKIM
Exchange and DKIM
DKIM and Exchange Online Protection
DMARC
Implementing DMARC
DMARC Reporting
DNSSEC and DANE
DNSSEC
DANE
MTA-STS
Summary
Chapter 8: Message Hygiene and Security
Exchange Online Protection Introduction
Connection Filtering
IP Allow and IP Block Lists
Tenant Allow/Block Lists (TABL)
Allow or Block Addresses and Domains
Spoofed Senders
Antimalware
Content Filtering
Anti-spam
Anti-phishing
Preset Security Policies
Directory-Based Edge Blocking (DBEB)
Summary
Chapter 9: Authentication
Hybrid Modern Authentication
Configuring an Enterprise Application
Multifactor Authentication
Conditional Access
Client Access Rules
SMTP AUTH
Certificate Authentication
Windows Extended Protection
PowerShell Serialization Payload Signing
Summary
Chapter 10: Permissions and Access Control
Role-Based Access Control
RBAC Components
The Who
Custom Role Group
Linked Role Groups
The What
Management Roles and Management Role Entries
Custom Management Roles
Managing Parameters
Unscoped Top-Level Management Roles
Clean Up Unscoped Top-Level Management Roles
The Where
Regular Scopes
Implicit Scopes
Explicit Scopes
Custom Scopes
Management Scopes
Exclusive Scopes
1+1+1=3: Management Role Assignments
Role Assignment Policy
Split Permissions
RBAC Split Permissions
Active Directory Split Permissions
Summary
Part IV: Compliance
Chapter 11: Backup and Restore
Back Up an Exchange Server
Backup Technologies
VSS Backup
Back Up a Mailbox Database
Using Windows Server Backup in PowerShell
Using Windows Server Backup GUI
Back Up Other Configuration Information
Restoring Exchange Server
Restoring to Its Original Location
Restoring to Another Location
The Restore Process
Recovery Database
Dial-Tone Recovery
Recovering an Exchange Server
Rebuilding an Exchange Server
ESEUTIL and Corrupt Databases
Summary
Chapter 12: Policy and Compliance
In-Place Archiving
In-Place Archive Mailbox
Enabling Archive Mailboxes
Disabling In-Place Archive Mailboxes
Reconnecting Archive Mailboxes
Checking and Modifying Archive Mailbox Quotas
Relocating the Archive Mailboxes
Exporting and Importing Archive Mailboxes
Messaging Records Management
Retention Policy Tags
Assigning Personal Tags
Understanding System Tags
Retention Policies
Assigning a Retention Policy
Managed Folder Assistant
In-Place Hold and Litigation Hold
Enabling In-Place Hold
Disabling In-Place Hold
Litigation Hold
Enabling Litigation Hold
In-Place eDiscovery
Management of In-Place eDiscovery
Discovery Mailbox
Searching Mailboxes
Mail Flow Rules
Create a Transport Rule
Priority Ranking for Transport Rules
Journaling
Options for Journaling Rules
Create a Standard Journal Rule
Create a Premium Journal Rule
Configure an Alternative Journal Recipient
Data Loss Prevention
Creating DLP Policies
Importing and Exporting DLP Policies and Templates
Customizing Your DLP Policy
DLP Document Fingerprinting
Auditing
Administrator Audit Logging
Administrator Audit Logging Options
Custom Logging Entries
Auditing Log Searches
Mailbox Audit Logging
Mailbox Audit Logging Options
Searches of the Mailbox Audit Logging
Bypass of Mailbox Audit Logging
Summary
Index
Table of Contents
About the Authors
About the Technical Reviewer
Introduction
Part I: Infrastructure and Exchange Server
Chapter 1: Exchange 2019 Introduction
Exchange Server 2019 Editions
What’s New in Exchange Server 2019
What Has Been Discontinued or Deprecated in Exchange Server 2019
Exchange 2019 and Active Directory
Integration with Active Directory
Active Directory Partitions
Active Directory Permissions
Active Directory Sites
Exchange Online and Azure Active Directory
Exchange Server 2019 Architecture
Exchange 2019 Services
Exchange 2019 Client Access Services
Exchange 2019 Mailbox Services
Exchange Server 2019 Management
Exchange Admin Center
Exchange Admin Center in Exchange Online
Exchange Management Shell
PowerShell
Additional Modules
Remote PowerShell
PowerShell ISE
Exchange Online PowerShell
Virtualization
Summary
Chapter 2: Exchange Infrastructure
Designing Your Exchange 2019 Environment
Exchange 2019 Server Role Requirements Calculator
Installation of Exchange 2019
Hardware Requirements
Software Requirements
Installing Exchange 2019
Disk Configuration
Installing Prerequisite Software
Exchange 2019 Unattended Setup
Prepare the Schema Partition
Prepare the Configuration Partition
Prepare the Domain Partition
Exchange 2019 Unattended Setup
Exchange 2019 Graphical Setup
Configuring the Exchange 2019 Server
Configuring Exchange 2019
Virtual Directories
Configure an SSL Certificate
Request an SSL Certificate Using EMS
Exporting an Existing SSL Certificate
Importing an Existing SSL Certificate
Create a Send Connector
Receive Connectors
Accepted Domains
Create an Email Address Policy
Relocate the Initial Mailbox Database (GUI Setup Only)
Relocate the SMTP Queue Database (Optional)
Relocate IIS Log Files (Optional)
Enter a Product Key
Add Additional Mailbox Databases
High Availability
Mailbox Service High Availability
Cluster Nodes and the File Share Witness
Cluster Administrative Access Point
Replication
File Mode Replication
Block Mode Replication
Seeding
Replication (Copy) Queue and Replay Queue
Lagged Copies
Active Manager
DAG Across (Active Directory) Sites
DAG Networks
DAG Creation
Creating the Database Availability Group Object
Adding Exchange Servers
Adding the Mailbox Database Copies
Configuring the DAG Networks
Exchange Transport
Transport Pipeline
Routing Destinations
Delivery Groups
Queues
Shadow Redundancy
Managing Queues
Safety Net
Send and Receive Connectors
Send Connectors
Receive Connectors
SMTP Relay
Create a New Receive Connector
Modify Permissions on the Receive Connector
Message Tracking
Edge Transport Server
Installing and Configuring Edge Transport Servers
Prepare the Edge Transport Server
Unattended Installation of the Edge Transport Server
Create an Edge Subscription
Relocate the Transport Database
Test the Edge Transport Server
Export and Import Edge Configuration
Protocol Logging
SSL Certificates
Load-Balancing the Edge Transport Servers
Upgrading from Exchange 2013 or Exchange 2016
Moving to Exchange 2019
Installing Exchange 2019
Namespaces with Exchange
Virtual Directories
SSL Certificates
SMTP Mail in a Coexistence Scenario
Using an Edge Transport Server
Continuing with the Previous Edge Transport Server
Introducing a New Exchange 2019 Edge Transport Server
Moving Resources to Exchange 2019
Moving Mailboxes to Exchange 2019
Address Lists in Exchange 2019
Decommissioning the Previous Exchange Server
Summary
Chapter 3: Managing Exchange
Managing Databases
Rename a Mailbox Database
Move a Mailbox Database
Circular Logging
Quota Settings
Assign an Offline Address Book
Create a New Mailbox Database
Delete a Mailbox Database
Online Maintenance
Deleted Items Retention
Online Maintenance
Managing Mailboxes
Create a User Mailbox
Mailbox-Enabling an Existing User Account
Remove a Mailbox
Managing Mailboxes
Active Directory Properties
Quota Settings
Regional Settings
Assign Address Book Policies
Adding Email Addresses
Archive Mailboxes
Cmdlet Extension Agents
Mailbox Delegation
Moving Mailboxes
Importing and Exporting Mailboxes to PST Files
Resource Mailboxes
Shared Mailboxes
Linked Mailboxes
Managing Groups
Create a New Distribution Group
Mail-Enable an Existing Group
Manage Group Membership
Group Membership Approval
Dynamic Distribution Groups
Moderated Distribution Group
Expansion Server
Remove a Distribution Group
Managing Contacts
Mail-Enabled Contacts
Mail-Enabled Users
Cumulative Updates and Security Updates
Cumulative Updates
Security Updates
Monitoring and Reporting
Monitoring Tools
Event Viewer
Crimson Channel
Performance Monitoring
Task Manager
Performance Monitor Tool
Real-Time Monitoring
Performance Monitor Logging
Managed Availability
End-to-End Monitoring
Managed Availability Architecture
Exchange 2013 CAS and Managed Availability
Monitoring Using the Exchange Management Shell
Server Health
Queue Monitoring
Mailbox Database Replication
Workload Management
Managing Workloads by Monitoring System Resources
Workloads and Performance
Workload Classifications
Workload Management Policy Settings
Managing Workloads for Individual Users
Summary
Part II: Office 365 Integration
Chapter 4: Azure AD Identities
Cloud Identities
Synchronized Identities
Federated Identities
Azure AD Connect
AD Connect Deployment
AD Connect Health
Chapter 5: Exchange Online
Exchange Hybrid Topologies
Deploying Exchange Hybrid
Hybrid Configuration Wizard
PowerShell: Connecting to Office 365
Connecting to Exchange Online
Connecting to Azure Active Directory
OAuth
Autodiscover in Exchange Hybrid
Mailbox Migration
Managing Remote Mailboxes
Federation with Azure Active Directory
Sharing of Information
Organizational Relationships
Sharing Policies
Internet Calendar Publishing
Mail Transport
Inbound Mail
Centralized Mail Transport
Outbound Mail
Enhanced Filtering
Exchange Online Archiving
Message Tracking
Recipient Management Only
Summary
Part III: Security
Chapter 6: Publishing Exchange Server
Virtual Directories
Namespaces
Split DNS
Certificates
Requesting Certificates
Exporting Certificates
Importing Certificates
Autodiscover
Domain-Joined Clients
Non-Domain-Joined Clients
Autodiscover Redirect
Autodiscover SRV Records
Autodiscover V2
Client Connectivity
Outlook
MAPI over HTTP
Web-Based Clients
Offline Settings
Outlook Apps
Exchange Admin Center
Exchange Web Services
REST API
Mobile Clients
IMAP and POP
High Availability
Load Balancing
Health Check Monitors
SSL Offloading
Load Balancer Transparency
Up-Level and Down-Level Proxying
Azure AD Application Proxy
Azure Front Door
Chapter 7: Email Authentication
Sender Policy Framework
Constructing the SPF Record
Checking the SPF Record
DKIM
Exchange and DKIM
DKIM and Exchange Online Protection
DMARC
Implementing DMARC
DMARC Reporting
DNSSEC and DANE
DNSSEC
DANE
MTA-STS
Summary
Chapter 8: Message Hygiene and Security
Exchange Online Protection Introduction
Connection Filtering
IP Allow and IP Block Lists
Tenant Allow/Block Lists (TABL)
Allow or Block Addresses and Domains
Spoofed Senders
Antimalware
Content Filtering
Anti-spam
Anti-phishing
Preset Security Policies
Directory-Based Edge Blocking (DBEB)
Summary
Chapter 9: Authentication
Hybrid Modern Authentication
Configuring an Enterprise Application
Multifactor Authentication
Conditional Access
Client Access Rules
SMTP AUTH
Certificate Authentication
Windows Extended Protection
PowerShell Serialization Payload Signing
Summary
Chapter 10: Permissions and Access Control
Role-Based Access Control
RBAC Components
The Who
Custom Role Group
Linked Role Groups
The What
Management Roles and Management Role Entries
Custom Management Roles
Managing Parameters
Unscoped Top-Level Management Roles
Clean Up Unscoped Top-Level Management Roles
The Where
Regular Scopes
Implicit Scopes
Explicit Scopes
Custom Scopes
Management Scopes
Exclusive Scopes
1+1+1=3: Management Role Assignments
Role Assignment Policy
Split Permissions
RBAC Split Permissions
Active Directory Split Permissions
Summary
Part IV: Compliance
Chapter 11: Backup and Restore
Back Up an Exchange Server
Backup Technologies
VSS Backup
Back Up a Mailbox Database
Using Windows Server Backup in PowerShell
Using Windows Server Backup GUI
Back Up Other Configuration Information
Restoring Exchange Server
Restoring to Its Original Location
Restoring to Another Location
The Restore Process
Recovery Database
Dial-Tone Recovery
Recovering an Exchange Server
Rebuilding an Exchange Server
ESEUTIL and Corrupt Databases
Summary
Chapter 12: Policy and Compliance
In-Place Archiving
In-Place Archive Mailbox
Enabling Archive Mailboxes
Disabling In-Place Archive Mailboxes
Reconnecting Archive Mailboxes
Checking and Modifying Archive Mailbox Quotas
Relocating the Archive Mailboxes
Exporting and Importing Archive Mailboxes
Messaging Records Management
Retention Policy Tags
Assigning Personal Tags
Understanding System Tags
Retention Policies
Assigning a Retention Policy
Managed Folder Assistant
In-Place Hold and Litigation Hold
Enabling In-Place Hold
Disabling In-Place Hold
Litigation Hold
Enabling Litigation Hold
In-Place eDiscovery
Management of In-Place eDiscovery
Discovery Mailbox
Searching Mailboxes
Mail Flow Rules
Create a Transport Rule
Priority Ranking for Transport Rules
Journaling
Options for Journaling Rules
Create a Standard Journal Rule
Create a Premium Journal Rule
Configure an Alternative Journal Recipient
Data Loss Prevention
Creating DLP Policies
Importing and Exporting DLP Policies and Templates
Customizing Your DLP Policy
DLP Document Fingerprinting
Auditing
Administrator Audit Logging
Administrator Audit Logging Options
Custom Logging Entries
Auditing Log Searches
Mailbox Audit Logging
Mailbox Audit Logging Options
Searches of the Mailbox Audit Logging
Bypass of Mailbox Audit Logging
Summary
Index
- Author / Uploaded
- Jaap Wesselius
- Michel de Rooij
