70-285 Exam Study Notes
About These Notes
These are notes that I took while studying for the 70-285 exam. I've taken a slightly different angle with these notes. Since Exchange is largely new material, with dozens of new terms and concepts, I've provided more definitions and lengthier explanations. It's more to read through, but I hope that it serves as a better resource for areas that some may be weak in or confused by.
I hope that these notes prove helpful to you and good luck on the exam!
General Advice
I highly recommend studying for and taking 70-284 before this exam. You should always take the administration exams before their design counterparts, anyways. After passing 70-284, you should be able to pass 70-285 within the next week.
I could not find a single book on 70-285. Instead, I had to rely on reading a lot of white papers and other internet resources, links to many of which I've included here. In addition, you may find it useful to pick up a 70-225 book such as the
ExamCram 70-225 book (check out the used prices), since very little is different between 2003 and 2000 where design is concerned. I didn't go this route because I didn't think about it until it was too late, but I would probably pick up a 70-225 book if I were to do it over again.
This exam is a moderately difficult one, so you shouldn't take it lightly at all.
My main pieces of advice are:
- Consider taking your own notes while studying. Writing things down helps the memorization process. Besides, it's possible that a topic that I know well and didn't think to include is one that you may not be so strong in.
- Print these notes out and carry them with you (along with your own notes) on the day of the exam. Go over them on breaks, in the car and, most importantly, immediately before walking into the exam room (leave them outside, of course). For the most part, I've designed them to be succint and memorizable.
- Bring a pen with you and, should you fail the exam, as soon as you leave the testing center, write down (on the back of the printout or paper that you brought with you) everything from the exam that you can remember, especially questions and answers that you weren't sure of. Spend a good 15-30 minutes. You won't recall much even a few hours later, unless you have a better memory than I do. It really, really helps if you made good use of the "Select for Review" checkboxes while taking the test, since it means that all of the questions and answers that you weren't sure of are the freshest things in your mind when you leave the testing center. Use everything that you wrote down as the basis for your re-take studying.
Exam Format
Format: Case study. Total of 6 case studies with answers in multiple-choice and drag-and-drop
Questions: 30
Time Limit: 150 minutes (+20 minutes for comments and reading the pre-exam disclaimers)
Passing score: 700
This exam is presented in case study format, a format that you should already be familiar with at this point. You will have 5 different businesses to work with, answering 4-10 questions each according to their business requirements.
Though this format is a little extra challenging, don't let it scare you. It's really not that hard if you know what to expect and what to look for. Here are some tips:
- Don't read through the entire case study at the start. By this I mean don't spend a lot of time on it reading it carefully like it's a novel; it's too long to memorize. Some people find skimming through the case study helps them and others (like me) prefer to start immediately on the questions and reference the case study for each question. It's mostly a matter of personal preference, but just don't spend more than a couple minutes on the case study at the start or you may really handcuff yourself when it comes to time.
- Pay special note to what the question asks. Very often, the question will tell you exactly where in case study to find your answer. For example, it'll say "...that complies with the business requirements" or "...that addresses the concerns of the Chief Information Officer," telling you exactly where to look. Just keep in mind that, sometimes, you won't find the complete answer there.
- Skim through the Background and Existing Infrastructure sections of the case study, but don't waste too much time reading them. All of your questions will involve implementing new infrastructure and procedures. I usually don't check these sections until I can't find the answer elsewhere or if I suspect that the answer may hinge on the pre-existing infrastructure (such as legacy systems that can't be upgraded or the number of people in each office).
- The "meat" of most case studies is the Business Requirements section. This is the section that you'll be referencing the most. Also, if you're not sure where to look to find an answer, try there first. The Technical Requirements section is a close second.
- After you complete all questions for a case study, choose the Review All button and check all of your answers. This is much more important for case study exams because buried in the case study might be a piece of information that changes your answer to question #2 and that you didn't happen to stumble upon until you were on question #7.
Resources
Microsoft Second Shot Offer - Microsoft periodically offers FREE exam re-takes. Important: you must sign up with Microsoft before scheduling the exam the
first time! You can't wait until after you've failed. Follow the link to see if the Second Shot offer is currently available. If the URL re-directs you elsewhere, then it's not.
Exchange introduces a lot of new terms and a necessary early step toward passing the exam is developing a strong understanding about what each component does and how each fits into the Exchange environment. If you're at all unclear about any of them, it would behoove you to sit down and really study each of them thoroughly before attempting 70-285.
Mail-enabled - having an e-mail address in the organization, but no mailbox. E-mail to the address will be routed elsewhere.
Tell me more
Mail-enabling an account associates an e-mail address with the account, but does not allow for a mailbox in the Exchange organization. Mail-enabled accounts are often used to forward messages to e-mail addresses outside of the organization. For example, if Jane wants to have company e-mail sent to her personal e-mail account (ex. jane@aol.com), you can mail-enable her user account to deliver to her personal account any mail that gets sent to her domain address (ex. jane@company.com). Another common reason to mail-enable an account is if you're dealing with a security or distribution group. All e-mails sent to the group's address (ex. managers@company.com) would be sent to everyone who is a member of the group.
Mailbox-enabled - having an e-mail address in the organization
and a mailbox. E-mail to the address will be stored in the mailbox.
Tell me more
Mailbox-enabled means that the account has a mailbox in the Exchange organization. This is typically what your users have if they check their e-mail with Outlook while on your network. You can still do everything (that I know of) with a mailbox-enabled account that you can do with a mail-enabled one, but, in this case, copies of mail may also be stored in a mailbox on the Exchange server. Why would you not always use mailbox-enabled accounts? Because creating mailboxes when they're not needed adds a lot of clutter and often unnecessary storage.
Administrative group - a collection of servers, routing groups, public folder trees and policies for the purpose of delegation.
Public folder tree - a message store for public perusal and uploading, like a file share, but accessed through the messaging client.
Recipient Update Service (RUS) - a service that updates address lists and e-mail addresses in AD according to an update interval.
Organization - the outer bounds of a messaging infrastructure, like a forest.
Routing group - a group of well-connected Ex2000/2003 servers, very much like AD or Ex5.5 sites.
Bridgehead server - a server in a routing group that, on behalf of its group, communicates (through connectors) with servers outside of its group.
Routing group connector - an association between two routing groups (via bridgehead servers) for the purpose of message routing within an organization.
SMTP connector - an association between a routing group and, usually, an extra-organizational bridgehead server.
Routing group master - a single server in each routing group that maintains a table with the statuses of each of the group's connectors.
Active Directory Connector (ADC) - a service that bridges and synchronizes the Ex2000/2003 (AD) and Ex5.5 directories for the purpose of coexistence.
Connection Agreement (CA) - the policy settings that the ADC uses to know what to synchronize. A single ADC can have multiple CAs.
Site Replication Service (SRS) - a service that runs on an Ex2000/2003 server and emulates the Ex5.5 directory service.
Smart host - a server on a perimeter network (not necessarily running Exchange) that relays e-mail to and from internal e-mail servers.
That is just a quick rundown of some of the most important terms. More detail relevant to this exam can be found further down the page.
Routing groups are similar to AD sites in that they are groups of servers connected by high-quality, permanent network links. As with AD sites, a client will use any services that exist within its own routing group before looking elsewhere.
The fewer routing groups, the better, but you may be required to add more if offices are connected by slow or unreliable network links.
Routing group connectors and SMTP connectors are one-way (unidirectional)! If you have one in group A that points to B, messages can be routed from A to B. If you also add one in B that points to A, messages can be routed both ways.
Windows IT Pro - Exchange 2000 and SMTPKnow the purpose and distinction between routing group connectors and SMTP connectors:
Routing group connectors and SMTP connectors are both created in Routing Groups\Connectors in ESM. They both allow fine-tune control over which messages go where and when. You can, for example, make decisions based on address, sender, size and content.
Routing group connectors determine the route that mail takes
within your Exchange organization; SMTP connectors determine the route that mail takes
out of your organization (to the internet and external organizations). You would create a routing group connector to connect bridgehead servers in separate routing groups and you would create an SMTP connector to connect an SMTP virtual server in your organization to a specific SMTP server on the internet, WAN or DMZ.
ComputerPerformance - Routing Groups for E-mailKnow the purpose and distinction between SMTP virtual servers and SMTP connectors:
SMTP virtual servers handle messages directly to and from the internet and relay them to their destination. They have a built-in SMTP connector for this purpose, but it applies to all traffic, is not very configurable and does not support custom routing. SMTP connectors that you add to the routing group will supersede the built-in one and provide fine-tune control over which messages go where and when. For example, you could create an SMTP connector that routes e-mails to your partner company directly over the WAN link to them (bypassing the internet).
SMTP connectors can have TLS (certificate) encryption enabled on them as a cheap alternative to VPNs between offices or partner companies. TLS encryption can be enabled on SMTP virtual servers, as well, by enabling the Require secure channel option, but that would require all SMTP servers that the server connects to be support TLS encryption, making it a bad idea for internet use.
A Routing Group Master stores in a link state table the status of all connectors in its routing group. If a connector goes down, the table is updated so as to maintain efficient message routing. The first server in a routing group becomes the routing group master. If you remove the server from the routing group, you must set another server as the routing group master.
A bridgehead server acts as a designated endpoint for a routing group connector, like a proxy for the rest of its routing group. If you remove a bridgehead server, you must designate another server as the endpoint for any connectors that point to the server being removed.
Public folder referrals allow users to access public folders in other routing groups across connectors. They are enabled by default, but can be disabled. If you disable referrals on the connector in group A that points to B, users in A will not be allowed to access public folders in B.
Windows IT Pro - Exchange 2000 and SMTP (in
Connecting Routing Groups section)
Active Directory Connector (ADC) acts as a bridge between Active Directory and the directory built into Ex5.5, allowing coexistence of Ex2003/2000 servers with Ex5.5 servers. The ADC keeps the two directories synchronized, allowing you to manage legacy Exchange objects from Active Directory Users and Computers during the coexistence phase. You may disable the ADC once all Exchange objects (mailboxes, public folders, etc.) have been migrated to Active Directory. For example, if the ADC finds a legacy distribution list in the EX5.5 organization, it will create a universal distribution group in AD with the same e-mail address and members, thus enabling Ex2003/2000 users to look up and send e-mail to Ex5.5 users.
Know the distinction between ADC and CAs:
Active Directory Connector (ADC) stores its configuration parameters in AD objects called Connection Agreements (CAs). CAs specify the legacy Exchange server to connect to, which objects to synchronize and the schedule on which to do it.
Site Replication Service (SRS) is installed automatically on the first Ex2003/2000 server in an Exchange 5.5 site. If you remove the server hosting SRS from the administrative group, move the service to another server. If you've removed the last of the 5.5 servers from the site, you should remove the SRS service.
Know the distinction between SRS and ACD:
SRS emulates the 5.5 directory service on Ex2003/2000, thus making Active Directory aware of the contents of 5.5 databases; ADC, on the other hand, does the actual synchronizing of objects between 5.5 and Active Directory.
Windows IT Pro - The Site Replication ServiceConnection Agreement Types
There are two types of connection agreements that you can create:
Recipient connection agreement - Synchronizes mailboxes, distribution lists, and custom recipients.
Public folder connection agreement - Synchronizes public folders.
Recipient connection agreements can be one-way (in either direction) or two-way.
One-way CAs may also become inter-organizational CAs by having their "This is an Inter-Organizational Connection Agreement" checkbox ticked. Inter-organizational CAs create mail-enabled contacts for Ex5.5 mailboxes, rather than the default mailbox-enabled user accounts. This is because you may not want users from other organizations to have permissions in your AD infrastructure. Inter-organizational CAs cannot be two-way, but you *can* have two one-way inter-organizational CAs going in opposite directions; in fact, Microsoft recommends this. If you don't want to make the connection agreement inter-organizational, the Ex2003 and Ex5.5 organizations will have to have the same name.
Migrating Mailboxes, User Accounts & Lists
The Active Directory Migration Tool is used to migrate user accounts from one domain to another.
The Exchange Migration Wizard migrates mailboxes to another Exchange organization by matching up each mailbox with a single user account. The Exchange Migration Wizard may be accessed from the Exchange Tasks action in both Exchange System Manager and Active Directory Users and Computers.
Synchronizing Ex5.5 distribution lists (DLs) requires target Win2000 domains to be in native mode if the DLs are being used (instead of individual mailboxes) to assign permissions to public folders. This is because they will be converted to universal distribution groups, but the AD security model doesn't allow distribution groups be used in ACLs. The public folders will then have incorrect permissions set on them after the migration unless the domain is in native mode, enabling a second conversion to universal security groups.
Windows IT Pro - 5 Things They Never Told Your About the ADC (tip #5)
Coexistence & Migration Strategies
Each migration path may have more than one correct sequence of steps and I may have also missed something or made a minor mistake; however, the number of different migration paths is easily confusing so I hope that the following helps a little.
Coexistence with Ex5.5: Run ForestPrep and DomainPrep, use Active Directory Connector (ADC) to sync the Ex5.5 directory service with Active Directory and then install Ex2003 on a new server.
Migrating from Ex5.5 to Ex2003 in the same organization/forest: Same as coexistence, followed by using the Move Mailbox Exchange task in Active Directory Users and Computers.
Migrating from Ex5.5 to Ex2003 in a different organization/forest: Run ForestPrep and DomainPrep, sync with ADC, ensure that a two-way trust exists between the forests, use the Active Directory Migration Tool to migrate user accounts, install Ex2003 on a new server in the other organization and then use the Exchange Migration Wizard to migrate mailboxes.
Upgrading from Ex5.5 to Ex2003: Upgrade to Ex2000 and then upgrade to Ex2003. There is no direct upgrade path between Ex5.5 and Ex2003.
Upgrading from Ex2000 to Ex2003: Uninstall any Ex2000 services that were removed from Ex2003 (such as IM, Chat and connectors for cc:Mail and MsMail) and then upgrade that server in place.
Migrating from Ex2000 to Ex2003 in a different organization/forest: Ensure that a two-way trust exists between the forests, use the Active Directory Migration Tool to migrate user accounts, install Ex2003 on that server and then use the Exchange Migration Wizard to migrate mailboxes.
Note: This is all assuming that you've fulfilled the minor prerequisites for each step, such as permissions requirements for many of the steps and the existence of certain Windows services (WWW, SMTP and NNTP) for installation of Ex2003.
This is a helpful, real-life example of how to merge two companies. It involves many of the very procedures that you'll need to know for the exam.
Windows IT Pro - When Companies Merge:
Non-Exchange Messaging Environments
Coexistence with Lotus Notes/Domino and Novell GroupWise usually comes down to installing a Lotus Notes or GroupWise "connector" on an Exchange server. Additionally, to provide shared calendar and free/busy information, install the Calendar connector.
Might be good to know the requirements for supporting foreign mail systems in an Ex2003 environment:
* Lotus Notes, Novell GroupWise and X.400 - Connectors are included in Ex2003. Complete migration to Ex2003 is possible.
* cc:Mail and MS Mail - Connectors are NOT included in Ex2003. Ex2000 servers will have to coexist to provide these connectors.
* PROFS, TAO and SNADS - Connectors are NOT included in either Ex2003 or Ex2000. Ex5.5 servers will have to coexist to provide these connectors.
Migrating Public Folders
The ideal and preferred network design is to configure Outlook Web Access (OWA) servers as front-end servers in Network Load Balancing (NLB) clusters on the perimeter network, Exchange database servers as back-end servers in Cluster Service clusters (active/passive or active/active) on the internal network, open the required ports on the internal firewall and then configure both sets of servers to communicate with each other securely using IPsec. This is the design that you'll see most on the exam and be expected to know how to set up.
Internet
||
=External Firewall= (ports 80 for HTTP and/or 443 for HTTPS open)
||
OWA front-end servers in an NLB cluster (configured to communicate with the internet with SSL and the internal Ex servers using IPsec)
||
=Internal Firewall= (ports for IPsec, DNS, LDAP and possibly others open)
||
Exchange back-end mailbox servers in an active/passive cluster (configured to communicate with the OWA servers using IPsec)
Front-end servers will usually be in the perimeter network and back-end servers on the internal network. A Microsoft-recommended alternative is to replace the internal firewall with an ISA Server and then put the front-end servers behind it on the internal network.
Microsoft wants you to know how versatile ISA Server is and how it can protect your network from all kinds of external threats. Know that it can act as a firewall, block malicious e-mail attacks, stop the penetration of worms and trojans, perform content and URL filtering, and enforce encryption and/or authentication so that the OWA servers don't have to, among other things.
MSExchange.org - Protecting Microsoft Exchange with ISA Server 2004 FirewallsKnow the common ports to open to enable messaging through firewalls:
25 SMTP
53 DNS
80 HTTP (insecure OWA)
110 POP3
143 IMAP4
389 LDAP (Address list retrieval)
443 HTTP SSL (secure OWA)
993 IMAP4 SSL
995 POP3 SSL
Note: Keep in mind that not all of these will be necessary in any given situation. Read the question carefully.
When a smart host is being used, a greater instance of non-delivery reports indicates a problem with the smart host; a rising external mail queue indicates a problem with the Exchange server. This is because a smart host does not have a queue and will attempt to send off mail even if no network connectivity or DNS is available.
Clustering
You do not need to know Network Load Balancing (NLB) other than that it's the best solution for making front-end OWA servers in the perimeter network highly-available.
The steps for creating an Exchange cluster are as follows:
1. Upgrade any Win2000 servers to SP4.
2. Configure the cluster service on each node.
3. Install the
Microsoft Distributed Transaction Controller (MSDTC) on one of the nodes.
4. Run Exchange's ForestPrep and DomainPrep.
5. Install Ex2003 on each node.
6. Use Cluster Administrator to create resource groups called Exchange virtual servers on each active node.
7. Configure failover and failback for the virtual servers.
Failover is when a cluster node fails and the resource group successfully transfers from a preferred owner to a possible owner.
Failback is when a failed node comes back online and a resource group successfully transfers from a possible owner back to a preferred owner.
Failover cannot be enabled directly (you enable it by ensuring that possible owners exist), but failback can be enabled directly.
Exchange virtual servers are the access points for clients needing to connect to Exchange server clusters. Do not connect clients to the names of the individual nodes or the cluster, itself! For example, if two servers named MAIL1 and MAIL2 are part of a cluster named MAILCLUSTER and host an Exchange virtual server named EVS, mail clients need to be pointed to EVS.