Home > Articles

This chapter is from the book

Performing Postinstallation Configurations

After Exchange 2003 has been installed and customized, there are a few cleanup and implementation steps you should take:

  • Disable unnecessary services.

  • Remove information stores that won't be used.

  • Set up routing group connections.

  • Enable logging and message tracking.

  • Delete mailbox and public folder stores.

Disabling Services

Although Exchange 2003 does a much better job by not automatically installing dozens of different utilities and services the way previous versions of Exchange did, it still installs some default services that might not be used by the organization. For security and administration purposes, if a service is not used, it should be disabled. To disable services that are commonly unused—such as IMAP, POP3, NNTP, or SMTP—do the following:

  1. Select Start, All Programs, Administrative Tools, Services.

  2. Scroll down to the IMAP4 Service.

  3. Double-click on the service.

  4. Under the Startup Type section, choose Disabled.

  5. Under the Service Status section, click Stop.

  6. Repeat steps 1–5 for POP3, NNTP, and SMTP, as applicable.

NOTE

If IMAP, POP3, and NNTP are used on a server, such as a front-end system hosting remote mail users, those services should not be disabled. It's common on back-end servers where IMAP or POP3 is not used that the service could be disabled; it's also common for organizations that use Exchange just for email and do not need NNTP on any of their servers. For servers or systems that are not routing mail, such as those set up solely as Exchange System Manager administration servers, the SMTP service should be disabled.

Removing Information Stores

By default, an information store that holds Exchange databases is created on each Exchange server installed in the organization. However, dedicated front-end servers that are just the Web front-end systems do not require information stores or databases. In those cases, the information stores should be deleted. To delete the information stores that are unneeded on front-end servers, follow these steps:

  1. Select Start, All Programs, Microsoft Exchange, System Manager.

  2. Navigate to Administrative Groups, Administrative Group Name, Servers, Server Name, Storage Groups.

  3. Right-click on the mailbox store and choose Delete.

  4. Click Yes.

  5. Click OK and delete the database files manually.

CAUTION

Before deleting any database or information store, unless you are positive the database or information store is completely empty and unused, you might want to do a full backup of the database, store, and system—in case a user's mailbox was inadvertently hosted on the system. Sometimes during an early implementation of Exchange, an organization might start with just one or two servers in a pilot test environment. If a mailbox was stored on one of the test servers, it might eventually become the front-end server for the organization. Backing up a system is safer than making assumptions and regretting the decision later. Using the NTBackup utility covered in Chapter 31, "Backing Up the Exchange Server 2003 Environment," is a quick way to back up a system.

Setting Up Routing Group Connectors

Routing group connectors should be used in situations where there is greater than 64KB of available bandwidth between the routing groups. If there is not sufficient bandwidth, SMTP or X.400 connectors should be used to connect the routing groups. Routing group and routing group connector designs should follow the organization's physical connectivity links. Four basic routing group connector strategies can be implemented based on the organization's physical network links:

  • Full Mesh In a full mesh all routing groups connect to all other routing groups. Unless there are only a few routing groups the administrative overhead for implementation becomes unbearable. This design can also be a waste of administrative resources if there isn't the WAN link redundancy to support the design.

  • Partial Mesh A partial mesh tries to create the benefits of a full mesh without the added administrative overhead. If the WAN design is a partial mesh, build the routing groups to follow the partial mesh.

  • Hub and Spoke In a hub and spoke design one routing group becomes the center of the universe and all other routing groups connect to it. In larger networks there can be multiple hubs in the enterprise, and the hubs are joined together in a full or partial mesh. This design is simple to implement and maintain but creates a single point of failure at the hub. This design is an option for locations that do not have any WAN link redundancy.

  • Linear In a linear design routing groups connect to only one other routing group in a straight line. Linear designs are not recommended.

To create a new routing group, follow these steps:

  1. Navigate to Administrative Groups, Admin Group I, Routing Groups, HO, as shown in Figure 3.7.

  2. Figure 3.7Figure 3.7 Traversing the Exchange System Manager for routing groups.

  3. Right-click Connectors and choose New Routing Group Connector.

  4. Type a name for the connector, as shown in Figure 3.8.

  5. Figure 3.8Figure 3.8 Routing group configuration screen.

  6. Click These servers can send mail over the connector, and click Add to choose a server or check Any local server can send mail over the connector.

  7. The General tab of the routing group connector defines a few significant items that administrators should understand when configuring the connector:

    • Connect this routing group with Specifies the destination routing group for the RGC.

    • Cost Arbitrary cost assigned by the administrator, which can be used to control which connector is used first if multiple connectors exist.

    • Server Allows any server, or specifies specific servers allowed, to transfer mail to the destination routing group. By specifying specific servers, a bridgehead server is nominated. By specifying multiple servers, backup bridgehead servers are identified. The order of the servers in the list specifies which server is used first.

    • Do not allow public folder referrals Disables the user's ability to access public folder content that is homed in the routing group connected to that server.

  8. Click on the Remote Bridgehead tab and click Add to choose a server. After entering the bridgehead server selection, you will see a screen similar to Figure 3.9.

  9. Figure 3.9Figure 3.9 Bridgehead server configuration.

  10. Click OK.

  11. Select Yes to create a routing group connector in the remote routing group.

Enabling Logging and Message Tracking

Logging and message tracking are common functions enabled by Exchange administrators early on in an Exchange implementation to help the administrator validate that messages are flowing through the environment. By enabling the logging and message tracking function, the administrator can then run a report to find out which route a message took to get from one server to another, and how long it took for the message to be transmitted.

Many administrators never use the logging and message tracking function and simply assume that messages are getting from point A to point B successfully. In many environments, although messages reach their destination, they are routed from one site to another and once around the globe before being received by a mail user in the same site facility. Misconfigured routing group connectors, DNS errors, or other networking problems are often the cause. So it's usually helpful to monitor messages to ensure that they are being routed and processed as expected.

To enable logging and message tracking, follow these steps:

  1. Open Exchange System Manager.

  2. Navigate to Administrative Groups, Admin Group I, Servers, Server Name.

  3. Right-click on the server object and choose Properties.

  4. Select Enable subject logging and display and enable message tracking.

  5. Type a number indicating days to keep the message tracking log files, as shown in Figure 3.10.

Figure 3.10Figure 3.10 Configuring logging for message tracking.

Dismounting and Deleting Public Folder Stores

Unused public folder stores should be removed for security and administration purposes. Frequently, organizations that separate mailbox servers from front-end servers from public folder servers do not need public folder databases on the front-end or mailbox servers.

To dismount and delete public folder stores, follow these steps:

  1. Expand the servers and storage group.

  2. Right-click the public folder store and choose Dismount.

  3. Click Yes to dismount the store.

  4. Right-click the public folder store and choose Delete.

  5. Click Yes twice.

  6. Click Yes to delete the store.

  7. Select OK to the message that says you have to select another public folder store for the system folders and that public folder store will have to be dismounted and remounted for the changes to take effect.

  8. Choose a new public folder store for this server's system folders.

  9. Click OK. You have to manually delete the database files for the store by going to the mdbdata directory and deleting pub1.edb and pub1.stm.

  10. Right-click the mailbox store and choose Dismount.

  11. Click Yes to dismount the store.

  12. Right-click the mailbox store and choose Delete.

  13. Click Yes.

  14. Click OK. You have to manually delete the database files again as previously stated.

CAUTION

Unless you are positive that the database or information store is empty, you should do a full backup of the database, store, and system, in case the public folder store hosted the authoritative copy of the public folder information.

Using System Policies to Manage Mailbox and Public Stores

Many of the settings that can be manually set on each mail and public store can be set through a system policy to simplify the settings configuration. Standardizing Exchange server settings in a large deployment was always tough for Exchange Server 5.5 because each setting had to be manually set on every server. With a system policy, the mail and public store settings for limits, deleted item retention, and so on can be set through the policy, and the policy can be applied to the stores. Each administrative group has its own set of policies for the stores. When a policy is applied, the setting that the policy overrides displays as grayed out on the mailbox or public store. Administrators have the choice of choosing for which property pages for the mail or public store they want to configure policies.

To configure and apply a policy, follow these steps:

  1. In the Exchange System Manager, in the Administrative Groups container, right-click on the administrative group you want to manage and select New, System Policies Container.

  2. Right-click on the System Policies container and select New. Then select either Mailbox policy, Public store policy, or Server policy.

  3. When a properties pages appears, enter a name you want to identify with this policy.

  4. NOTE

    Because the icon for the Mailbox or Public policies are the same, name the policy something descriptive to indicate it's a Mailbox or Public store policy.

  5. Right-click the new policy and select Add Mailbox Store, Add Public Store, or Add Server, and then select the appropriate store or server. Click on OK to complete this task.

  6. To force the policy to be applied immediately to all stores, right-click the policy and select Apply Now.

  7. After the policy is created, it can be modified by right-clicking the policy and selecting Properties.

Best Practices for Configuring Storage Groups and Databases

After configuring hundreds—if not thousands—of storage groups and databases in beta and production environments, the following best practices have been determined:

  • Keep databases small to keep restore and maintenance intervals short. The database size is organization-specific and depends on the speed that maintenance and restores run on the server hardware and the organization's Service Level Agreements for messaging services.

  • Choose to create additional databases before creating additional storage groups to avoid overhead on the server for log file management.

  • Use no more than four databases per storage group. This will leave one database position open in each storage group for offline database maintenance.

  • Do not use circular logging.

  • Verify that a successful backup is performed every day and the logs have been purged.

  • Use full backups every day if possible.

  • Periodically verify the backup using an isolated lab.

  • Leave online system maintenance on and stagger the database maintenance times so that all databases and storage groups aren't trying to run maintenance at the same time.

  • Do not use the prohibit-send option when configuring storage limits as a courtesy to end-users.

  • Keep deleted items for at least seven days and deleted mailboxes for 30 days. Use the option to not remove the items permanently until the store is backed up.

Delegating Administration in Exchange 2003

The delegation of permissions can occur at the organizational or administrative levels. There are three levels of permissions that exist in Exchange 2003:

  • Exchange Full Administrator This level enables the administrator to add, delete, modify, and rename objects, with the ability to change security permissions. These rights are granted to global messaging administrators and at the administrative group where boundary of control changes.

  • Exchange Administrator This administrator level offers the add, delete, modify, and rename objects permissions. However, this level cannot change security permissions. This level is usually the standard level granted to individuals who need to manage or administer Exchange on a regular basis.

  • Exchange View Only Administrator With this level, you can view the configuration settings in Exchange System Manager. This level is usually granted to administrators who provide operational support (reviewing logs, creating reports, validating connectivity, and message routing) and do not necessarily need to change settings or configurations directly.

It's easier to delegate administration to a group than to a user. To delegate administration, right-click the administrative group or organization and select Delegate Control to launch the Delegation Wizard. Select the group or user from the Active Directory object picker dialog box and set the Exchange administration role, as shown in Figure 3.11. Then click Next and Finish to apply the permissions throughout the Exchange organization.

Figure 3.11Figure 3.11 Delegating administration to an AD group.

NOTE

Being an Exchange Full Administrator or Exchange Administrator also requires that the group or user be a member of the server local administrator group. View-only administrators only need to be able to log on locally to the Exchange server. The Exchange Administration Delegation Wizard will not set permissions on the server itself, so permissions on the server must be set manually through Computer Management.

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020