Recover mails / items that shift-deleted !!!

Recover Shift-Deleted mails / items

Me have many Outlook users come to me asking to recover messages they've just accidentally
deleted. When asked, they confess to have used Shift-Delete (permanent delete).

Outlook has the feature of being able to Recover Deleted Items, but by default it is only active for
the Deleted Items folder. All other folders show the selection under the Tools menu grayed-out.

Through the registry on a workstation, you can configure Outlook to allow Recover Deleted Items
for any folder.

1. Exit Outlook (if open)

2. Launch the Registry Editor (regedit or regedt32)
3. Expand HKLM\Sofware\Microsoft\Exchange\Client\Options
4. In the right pane, if there is a DWORD entry named DumpsterAlwaysOn, skip to step 7
5. Go to Edit-->New-->DWORD Value
6. Without any spaces, type the name DumpsterAlwaysOn
7. Set the DWORD value to 1 (value of 0 disables the feature)
8. Exit the registry editor
9. Launch Outlook
1. Public folder security
Public Folders have two types of security mechanisms – administration and client access.
Public Folder Administration security can only be set by Exchange System Manager. It allows you
to decide which of the Exchange administrators have the right to manage security for the public
folder and administrate the database (also called information store).

In most cases, in a small to medium company you would mostly need to set client permissions
and not administrative rights. These can be set by the Outlook client and Exchange System
Manager, but not the Outlook Web Access client

The above screenshots show the default security settings for Public Folders. The owner of a public
folder is the user who created it and gets full control of the folder. Authenticated users
(designated here as Default) are granted the right to add items and delete their own items and
anonymous users can add items but not read them.
When creating a new public folder that you want a user to administer, you can simply add the
user to the permission list and change the permission level to Owner.

The owner would be able to create subfolders for the folder you created and set further
permissions on it.

Public Folder in Exchange Server 2003

Creating a Public Folder

Public folders can be created using Exchange System Manager or the Outlook client.

Outlook 2003 sort of hides the public folders, so you first have to access the Folder list,
then on the right side, open the Public Folder List, All Public Folders and the select “New
Folder…”
Exchange System Manager can only create folders that hold mail items, such as your
Inbox and Sent Items folders, while Outlook can also create other types of folders such as
Calendar items.

You can also create Public Folders using Outlook Web Access.
Configure OWA to use SSL
Outlook Web Access (or OWA for short) is one of Exchange Server's best features,
allowing you to connect to your corporate mailbox from virtually any spot on earth as
long as you have an Internet connection and a decent web browser.

OWA transmits traffic to and from the web browser in HTTP (based upon TCP, port
80) and in clear text, meaning that anyone could potentially "listen" to your talk and
grab frames and valuable information from the net.

To secure the transmission of information between Exchange Server 2003 and

Outlook Web Access clients, you can encrypt the information being transmitted by
using SSL (Secure Sockets Layer).

Configure SSL

To configure SSL for Outlook Web Access on Exchange Server 2003 complete the
following steps:

Note: Although the screenshots are made with Exchange 2003 on Windows Server
2003, the same procedure applies for Exchange 2000 and Windows 2000.

Note: If you already have a valid certificate for your website skip this phase and
continue at the next one.

1. Click Start, point to All Programs, point to Administrative Tools, and then
click Internet Information Services (IIS) Manager.
2. In Internet Services Manager, in the console tree,
expand SERVERNAME (your local computer), and then expand Web
Sites.
3. In the console tree, right-click Default Web Site, and then click Properties.
4. In the Default Web Site Properties dialog box, click Directory Security.

5. On the Directory Security tab, click Server Certificate.

6. In the Welcome to the Web Server Certificate Wizard, on the Welcome

page, click Next.

7. On the Server Certificate page, verify that Create a new certificate is

selected, and then click Next.

8. On the Delayed or Immediate Request page, click Send the request

immediately to an online certification authority, and then click Next.
 Note: If you don't have a Certificate Authority (CA) installed on your
server or on a different server on the network you can prepare the request
but you'll need to manually send it to the CA. You can try this link for some
more information (thank you Abid Ali for the link):

9. On the Name and Security Settings page, in the Name box,

typeyourservername.domainname.com (or .net, .org, .mil etc. Use your
own registered domain name, the one you want people to use when
browsing to your site) and then click Next.

Important note - Internet use: You must make sure that either the Name
or the Common Name fields (one of them or both of them) exactly match
the external FQDN of the website. For example, if your server's NetBIOS
name is SERVER1, and it is located in the MYINTERNALDOM.LOCAL
domain, but it will host a website that will require users to enter
WWW.KUKU.CO.IL to reach it, you must then use WWW.KUKU.CO.IL as
the Name or Common Name in the certificate request wizard, and DO
NOT use SERVER1.MYINTERNALDOM.LOCAL.
Important note - Intranet use: For Intranet-only purposes you CAN use
the internal FQDN of the server, or even just it's NetBIOS name. For
example, if your server's NetBIOS name is SERVER1, and it is located in
the MYINTERNALDOM.LOCAL domain, you can use
SERVER1.MYINTERNALDOM.LOCAL or just SERVER1 for the Name or
the Common Name fields.

You can also change the Bit Length for the encryption key if you want.
10. On the Organization Information page, in the Organization box, type your
own company name. In the Organizational Unit box, type a descriptive
name and then click Next.

11. On the Your Sites Common Name page, in the Common name box,
typeyourservername.domainname.com and then click Next.

12. On the Geographical Information page, in the State/province box, type the
required info and then click Next

13. On the SSL Port page, in the SSL port this web site should use box, verify
that 443 is specified, and then click Next.
14. On the Choose a Certification Authority page, in the Certification
Authorities box, verify that your online CA is selected, and then click Next.

15. On the Certificate Request Submission page, click Next to submit the
request, and then click Finish to complete the wizard.
10 Tips to Optimize Exchange 2003 Performance
There are some obvious things that you can do to improve performance, such as buying new
processors (and use hyper-threading), adding more memory, and migrating to a faster storage
system. You won’t see hardware related tips on the list I’m about to give you, but it’s always a best
practice to monitor server performance with Windows Performance Monitor, in order to detect
physical bottlenecks.

The following recommendations apply to Exchange Server 2003 installed on Windows

Server 2003, because probably that’s the most common scenario nowadays. And
Exchange Server 2003 combined with Windows Server 2003 make a perfect couple.
When I started writing these lines, I even thought to recommend the use of Windows
2003 as my first tip, because it adds some enhancements and functionality to an
Exchange 2003 infrastructure. You’ll only get the full user experience of Exchange 2003
if you use Windows 2003 (it’s the recommended OS by Microsoft,
checkhttp://www.microsoft.com/technet/prodtechnol/exchange/2003/bestconfig.mspx).
So, now that it’s said, you can make that tip number 0.

You should also have present that, although these are general recommendations,
depending on your Exchange implementation you may have to do some adjustments.
That would be the case if you have a large implementation of Outlook Web Access
(OWA), Outlook Mobile Access (OMA), ActiveSync or RPC over HTTP.

1. DOCUMENT YOURSELF

Let’s face it, a knowledgeable IT staff makes a better Exchange environment. Although
I’ll try to give you some clues on how to improve Exchange performance, there’s no way
I could cover all possible scenarios of a complex infrastructure as any e-mail system can
be.

There’s lots of information about Exchange on the Internet. There’s a whole community
willing to help you with your most difficult tasks. I’m never tired of saying what a great
job the Microsoft Exchange Team has done on documenting the product. I strongly
advise you to visit Exchange Server 2003 Technical Documentation Library
(http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/default.mspx) on
a regular basis. And you’re always welcome on the Exchange Server Community
(http://www.microsoft.com/exchange/community/default.mspx), where you can find lots
of technical resources, related external sites, check out the latest webcasts or even
discover the many blogs that exist and give you valuable information.

2. REMOVE OBSOLETE EXCHANGE 2000 TUNING

PARAMETERS

You document every change you do on your production servers, right? No? Oh, oh…
Now it’s the time to remove deprecated Exchange 2000 tuning parameters.

It’s a fact that some Microsoft recommendations change over time, either because they
modify the software by launching service packs or new releases, or just because they
come to a conclusion that their previous recommendation was wrong (or less right). Some
tuning parameters for Exchange 2000 or Windows 2000 are no longer valid for the new
2003 versions, so make sure you undo those modifications.

You can find detailed information about the settings that must be removed, in "Removing
Exchange 2000 Tuning Parameters" from the Exchange Server 2003 Deployment Guide
(http://go.microsoft.com/fwlink/?LinkId=21768).

3. OPTIMIZE EXCHANGE MEMORY UTILIZATION

You know Exchange loves memory. The store.exe process is mainly responsible for this
behaviour, since it will grab as much memory as it can possibly get. This doesn’t
represent any kind of problem or a memory leak, but actually it’s a normal and expected
operation.

What you should also know is that if you have more than 1GB of RAM you can make
Exchange’s use of memory more efficient. Yeah, that’s right, the famous /3GB switch.
But this switch is not a one-size-fits-all. You should be aware that this setting is not
recommended on front-end servers, dedicated bridgeheads or when you have Exchange
installed on a Domain Controller (which is, by the way, not recommended).

• Add the switches /3GB and /USERVA=3030 to boot.ini. The /3GB switch
modifies the way virtual address space is created so that 3 gigabytes are
available for user mode applications;

• Configure the HKLM\SYSTEM\CurrentControlSet\Control\Session

Manager\HeapDeCommitFreeBlockThreshold registry value to 0x00040000.
The HeapDecommitFreeBlockThreshold registry key specifies the number of
contiguous bytes above which the memory is decomitted rather than retained for
reuse, thus avoiding virtual memory fragmentation.

• Verify that the HKLM\SYSTEM\CurrentControlSet\Control\Session

Manager\Memory Management\SystemPages registry value is set to 0.
If you have a server with more than 2 GB of memory, it may help to increase the size of the Store
Database Cache (aka ESE

4. IMPLEMENT AN EFFECTIVE STORAGE DESIGN

Storage design is very important, because disk subsystem bottlenecks cause more
performance problems than processor or memory deficiencies. The most common error
people do when planning an Exchange server is that they tend to design for capacity
and not for performance.

Many of us know that we should use separate disk volumes for the OS, Exchange logs
and Exchange store(s), with the following RAID levels:

OS: RAID 1

Logs: RAID 1

Database: RAID 0+1

But the thing most people forget is IOPS (I/O per second), which is the measure of
throughput you should use. To implement an effective storage design you must calculate
the necessary IOPS for your system.

The theoretical calculations require you should know in advance some numbers, such as
user behaviour and disk specifications.

One can assume that an average user requires 0.5 IOPS or, being a little more
aggressive, 0.75 IOPS. If you don’t want to estimate anything and you already have a
live system, you can measure your true needs. There’s a good document, “Optimizing
Storage For Exchange Server 2003”
(http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/optimizestorage.m
spx) that has detailed instructions on how to do that.

Next, for our calculations, we need to know the average performance of the disks.
Typically a 10K RPM disk will do 130 IOPS, and a 15K RPM will achieve 180 IOPS.

Since we’re using RAID, there’s a penalty that depends on the RAID level. Assuming
there are 3 reads for every write, the penalty factor for RAID 5 is 0.57 and 0.8 for RAID 1
(or 0+1).
Finally, here’s the formula we’ll use:

Total IOPS = #Disks x IOPS/Disk x RAID Penalty factor

So, for example, if you want to know how many 15K RPM disks you’ll need for 1000
users, assuming 0.5 IOPS/user and RAID 0+1:

0.5 x 1000 = #Disks x 180 x .8 <-> #Disks = 500 /(180 x .8) = 3.47
We must round up the result to the next even number (RAID 0+1 requires an even
number of disks), which is 4. That’s how many disks we’ll need.

Although this entire math is true for every Exchange disk, this is particularly critical for
database drives, since 90% of the IO on the system goes to the databases and only
10% goes to the logs.

The next thing we can do to improve storage performance is to work on disk geometry.
Microsoft provides a tool, Diskpar, which allows aligning the disk tracks with sector
tracks. For partitions created by Windows 2000 and Windows Server 2003, the default
starting sector for disks that have more than 63 sectors per track is the 64th sector,
causing one out of every eight blocks of data written to your disk to span two disk tracks.
Diskpar can increase disk performance as much as 20 percent, but you should always
consult your hardware vendor before using this tool. Some disk configurations will have
no benefit from the tool.

The Diskpar utility can be found in the Windows 2000 Server Resource Kit. With the
release of Windows Server 2003 SP1, diskpart will include this functionality, with the
new switch /align.

To resume:

• Keep Exchange transaction logs and databases stored on separate disk volumes
to provide both data protection and efficiency (separation of sequential writes and
random read/write access, respectively);

• Calculate the number of spindles needed to provide the necessary IOPS;

• Use Diskpar if your hardware vendor recommends it;

• If your RAID controller has a mirrored, battery-backed, write-back cache, set the
ratio to 100 percent write. Also configure the page size to be 4 KB.

• When you format the hard disks stay away from quick format. Configure the
partition to use NTFS and to use an allocation unit size of 4096 (4 KB).

It’s impossible to cover all issues regarding the storage subsystem, so I strongly
recommend further reading:

“Optimizing Storage for Exchange Server 2003”,

http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/optimizestorage.m
spx

“A few basic concepts in disk sizing”,

http://blogs.msdn.com/exchange/archive/2004/10/11/240868.aspx
“Some more thoughts on disk IO and calculations…”,
http://blogs.msdn.com/evand/archive/2004/10/14/242127.aspx

5. ENSURE THAT YOU HAVE FAST ACCESS TO AD

When planning your Exchange deployment, it is crucial that you consider your Windows
Server network topology, because Exchange requires Active Directory to store
configuration settings and also to provide user authentication, permissions management
and directory information.

From every kind of AD server, one has a particular relevance: the global catalog. A
global catalog is required in each domain that contains Exchange servers. As a rule of
thumb, one might say that every mailbox server needs a global catalog by its side, since,
as I said before, this particular server is critical for some Exchange services (including
log on, group membership, store services) and access to the global address list (GAL).

Consider the following when placing global catalog servers:

• All Exchange servers and users should have fast access to a global catalog
server. Address lookups will become much faster if you contact a local global
catalog, as opposed to a remote one which, besides increasing network traffic,
will also impair the user experience. Verify that the DSAccess list only contains
local DC/GC servers.

• There should generally be a 4:1 ratio of Exchange processors to global catalog

server processors, assuming the processors are similar models and speeds.
However, depending on your situation, higher global catalog server usage, a
large Active Directory, or large distribution lists can necessitate more global
catalog servers.

• In addition, using multiple domain controllers within domains distributes the

lookup traffic and provides redundancy if a domain controller fails.

• Use the/3GB switch on global catalogs. It will increase the JET cache from
512MB to 1GB, so you’ll have more AD objects in memory.

6. IMPROVE BACKUP PERFORMANCE

Online backup is one of the most important operations to keep a healthy Exchange
infrastructure. You’ll want to make sure that your daily backups have finished within the
time frame available, so that you can use them in case of a disaster, or just to recover
some mailboxes.

Currently there are many backup solutions available from different vendors, but you
have one that is 100% supported and for free: Windows Backup aka NTBackup.
Unfortunately NTBackup doesn’t come pre configured for performance, so there are a
couple of things you can do to improve it.

I already wrote an article dedicated to this issue, Improve your Exchange Backup
(http://www.msd2d.com/newsletter_tip.aspx?section=exchange&id=cb6e0238-9a1f-
4dc1-85a9-1e69a8abfaad), so I’ll just post the necessary tweaks:

Modify specific registry values that optimize the data throughput of the built-in backup
engine. These entries are located under the key
HKEY_CURRENT_USER\Software\Microsoft\Ntbackup\BackupEngine\ (if you don’t see
the BackupEngine subkey you’ll have to run Windows Backup at least once):

Logical Disk Buffer Size = 64

Max Buffer Size = 1024

Max Num Tape Buffers = 16

These settings will boost data throughput from 640MB/min to 1200MB/min.

Obtain a new version of NTBackup (http://support.microsoft.com/?kbid=839272). The

revised version of NTBackup, which will be included on Windows Server 2003 Service
Pack 1, provides a new command-prompt switch, /FU. This switch enables a “file
unbuffered” setting to bypass the cache manager and thus resolving a cache contention
issue. This change provides a number of benefits during the disk-to-disk backup
process:

• Sustainable throughput over time (remember the 1200 MB/min data throughput?
Without the revised version that throughput will suffer some degradation)

• Reduction in processor utilization (peak utilization reduced to 30 percent on

average)

• Elimination of impacts to the system process during the backup job

7. INSTALL AND USE EXCHANGE BEST PRACTICES

ANALYZER (EXBPA) TOOL

The ExBPA Tool, available as a free download, is one of those pieces of software that no
administrator can live without. The Microsoft Exchange Team has really done a great
job. Most of the tips I’m writing in this article are probably referenced in that tool.

The tool helps you to proactively identify configuration problems and by that, keeping
your Exchange Server messaging infrastructure running smoothly. You can quickly get a
report with critical configuration issues, potential problems, and non-default product
settings, by collecting and analyzing data from each server in the topology.

So, the advice here is to run a Health Check with ExBPA, carefully read all the issues and
critical errors listed and take the proper actions to correct them. By implementing the
recommendations made by the tool, you can expect to achieve an overall improvement to
your experience with Exchange Server, achieve greater performance, scalability,
reliability, and uptime.
As Microsoft states, it has State-of-the-Art Expert System Analysis and you should
demand nothing less than State-of-the-Art for your messaging system.

8. USE OUTLOOK 2003

Outlook 2003 has some great new features, most of them were designed to work
together with Exchange Server 2003. When you combine the power of these two
products you get an instant performance increase.

Cached mode, traffic compression and incremental synchronization are just some of the
features that will contribute to the effective use of your resources.

The Microsoft Exchange Team has done some thorough measures of the traffic
generated by different Outlook versions and they concluded that Outlook 2003 is the
most efficient of the clients, mainly due to compression. They’ve compiled the results on
the document “Client Network Traffic with Microsoft Exchange Server 2003”, available
for download
athttp://www.microsoft.com/technet/prodtechnol/exchange/2003/clinettraf.mspx.

If you want to prevent previous versions of Outlook from connecting to your Exchange
servers, all you have to do is some registry modification. There are detailed instructions
in the KB article “XADM: Feature to Disable MAPI Client
Access”, http://support.microsoft.com/?kbid=288894.

9. ENSURE THAT ONLINE MAINTENANCE RUNS

Online Database Maintenance helps keeping mailbox and public stores in good health. It
does that by performing three major tasks:

• Checks Active Directory for any deleted mailboxes.

• Permanently deletes messages and mailboxes older than the configured

retention period.

• Performs online database defragmentation.

By eliminating objects and rearranging them you get a much more efficient database,
with data stored optimally, reducing disk I/O.
By default, online database maintenance is scheduled to run between 01:00 and 05:00.
As this is a very disk-intensive task and affects the server where the online maintenance
is being run, it should be run during non-business hours when the server can better
handle the additional load.

You must ensure your online backups don’t conflict with your scheduled maintenance
interval for any databases in the same storage group. If they overlap, backup will stop
the online defragmenting part of the scheduled maintenance and the database may not
be able to finish defragmenting.

So, the advice here is to ensure coordination between online maintenance with the
online backup strategy. Make sure you have at least a 15 minutes gap between start
times and never disable online maintenance.

If you want to know more about IS Maintenance, there’s a great post on JeremyK’s
Blog:http://blogs.msdn.com/jeremyk/archive/2004/06/12/154283.aspx.

10. USE ANTIVIRUS AND ANTISPAM

I think this one turns out to be quite obvious. Besides avoiding virus effects, you’ll have
to handle fewer messages, as unwanted ones are barred outside your messaging system.

Ensure that adequate antivirus software is installed on all your servers. Keep the software
up-to-date with the latest virus signature files. If possible, use the automatic update
feature of your antivirus application.

Don’t forget that special care must be taken if you’re using file-level antivirus. If you
want to use a file-level scanner, you should exclude Exchange directories from the scan.
There’s a Microsoft Knowledge Base article with further guidelines, "XADM: Exchange
and Antivirus Software", (http://support.microsoft.com/?kbid=328841).
There is some tuning you can do regarding your AV engine. Here, your best approach is
to use the Exchange Best Practices Analyzer Tool (ExBPA). ExBPA will advise you with
the optimum configuration for your server.

For antispam you may consider using Microsoft Intelligent Message Filter (IMF) or any
other product commercially available. You should use antispam at the edge of your
organization. Depending on your email volume, you may want to consider using a
dedicated server for this purpose, as spam identification can be resource intensive.

Microsoft Exchange Server 2003 – It’s Not Just About E-mail

Microsoft Exchange Server 2003 is a scalable solution to a company’s
information dissemination and collaboration needs. In an age when messaging
has become an integral part of a company’s daily grind, the importance of all
members of your team to get connected and stay connected cannot be
overemphasized. Microsoft Exchange Server provides you with a comprehensive
solution that can also bring down the Total Cost of Ownership, infrastructure, and
administration that such needs entail.
So while other vendors claim that their messaging and collaboration services
have MS Office and MS Outlook integration, you should start asking: To what
extent is the integration?
• Can it support basic e-mail using SMTP, POP, and IMAP?
• How about the MAPI protocol for e-mail and collaboration?
• Or optimized synchronization to reduce bandwidth requirements?
• Or complete support for Outlook contacts, tasks, and notes?
• Built-in folders for discussions and information sharing?
• Offline folder support for e-mail, calendar, contacts, and discussions?
• Or even MS Pocket Outlook for Windows-based mobile devices?
The thing is, the above mentioned are only some of the basic features that an
enterprise messaging and collaboration service should provide. If all that a
particular solution practically does is deliver an e-mail message into your Outlook
Inbox, then maybe you should start looking for a better one. Surely you would
want to avail of services that can provide for example:
• The capability of a single application, say Outlook, to allow you to check
on an employee’s availability, schedule an appointment, or reserve a
 conference room for an important meeting, all in the comfort of your
terminal.
• Mobile device access to e-mail, calendar and contacts through Microsoft
Pocket Outlook. This means employees equipped with mobile devices
running Microsoft Pocket PC Phone Edition and Microsoft Windows
Mobile can be updated with the either the latest change in a meeting’s
schedule or a newly arranged appointment.
• The ability to have offline access to Outlook e-mail, schedules, contacts,
tasks, and collaboration folders, which can be synchronized seamlessly
the moment you go back online.
So if you think the only important feature in a messaging and collaboration
service is e-mail, think again. You probably haven’t heard of Microsoft Exchange
Server.
PLANNING FOR EXCHANGE SERVER 2003
IMPLEMENTATION

When planning for an Exchange Server 2003 implementation, it is recommended

that you create an Exchange Server 2003 design document that encompasses
the following aspects of the Exchange Server 2003 implementation:

• Company objectives.
• Document the existing Exchange design.
• Determine Exchange Mailbox server placement.
• Determine front-end servers.
• Determine Brideghead servers.
• Determine Global Catalog placement.
• Determine the number of Exchange Organizations.
• Determine the number of Administrative Groups.
• Determine the number of Storage Groups.
• Determine the number of Routing Groups.
• Determine whether to use Mixed Mode or Native Mode.
• Determine the following for each server
• Role of each server
• Recovery requirements
• Redundancy requirements
• Determine Recipient policies.
• Determine the virus protection strategy.
• Determine the administrative model.
• Determine Recipient policies.
• Determine System policies.
• Determine the Exchange monitoring strategy.
• Determine the Exchange backup strategy.
• Determine the Exchange recovery strategy.

You should consider building an Exchange test environment, which should

include the following:

• Creation of Exchange Server 2003 in the testing lab.

• Testing of your Exchange design.
• Testing of Exchange failover and recovery.
• Testing of email operations.
• Testing of email features.
When dealing with complex multiple domain environments, the factors listed
below should be considered:

• Security groups should be created for each existing administrative role. The appropriate
members should be added to these security groups.
• Consider setting up a deployment team that includes messaging administrators and
Active Directory administrators. It is recommended that one administrator have
permissions for Windows Server and Exchange Server 2003.
• The existing Active Directory design should be examined for any weaknesses before you
install Exchange.
• Before installing Exchange Server 2003, attempt to combine the domains into fewer
Windows domains

As a component of your planning phase, you have to determine whether any

third-party applications are going to be added to improve on your Exchange
implementation:

• Antivirus scanning
• Spam filtering
• Fax software
• Backup

EXCHANGE SERVER 2003 HARDWARE

REQUIREMENTS

The minimum hardware requirements for installing Exchange Server 2003 are
listed here:

• Processor – Pentium 133

• Operating system – Windows 2000 Server with Service Pack 3
• Memory – 256 MB RAM
• Disk space – 200 MB on system drive
• Disk space – 500 MB on partition being used for Exchange installation.
• File system requirements: Exchange Server 2003 must be installed on a NTFS partition.
This includes the following partitions and files:
• System partition
• Partition being used for the following:
• Exchange database files
• Exchange transaction logs
• Exchange binaries
• All other Exchange files
• Drive – CD-ROM drive
• Display – VGA at least
The hardware requirements recommended for a cluster server configuration are
detailed below:

• A central hard disk system that is common to the nodes in the cluster.
• A local hard disk on each node for the operating system and any additional program files.
• Dedicated LAN link between the cluster nodes.
• TCP/IP support between the cluster and clients.

The recommended hardware requirements for installing Exchange Server 2003

are listed here:

• Processor for Exchange Server 2003 Standard Edition – Pentium III 500
• Processor for Exchange Server 2003 Enterprise Edition – Pentium III 733
• Operating system – Windows Server 2003
• Memory – 512 MB RAM
• Disk space – 200 MB on system drive
• Disk space – 500 MB on partition being used for Exchange installation.
• File system requirements: Exchange Server 2003 must be installed on a NTFS partition.
This includes the following partitions and files:
• System partition
• Partition being used for the following:
• Exchange database files
• Exchange transaction logs
• Exchange binaries
• All other Exchange files

Use separate physical disks for the Exchange binaries, Exchange database files, and
Exchange transaction logs.

• Drive – CD-ROM drive

• Display – SVGA at least

WINDOWS SERVICES AND COMPONENTS REQUIRED

FOR EXCHANGE SERVER 2003

Because of Windows and Exchange integration, there are a number of Windows

Server 2003 components and services that have to be installed and enabled
before you can install Exchange Server 2003.

These Windows services are:

• Simple Mail Transfer Protocol (SMTP) service

• Network News Transfer Protocol (NNTP) service
 • World Wide Web service
• Microsoft ASP.NET
• Microsoft .NET Framework

In order to install your first Exchange 2003 server, the Active Directory
infrastructure andDNS has to be running, and running correctly and efficiently,
that is, with no errors. Exdeploy can be utilized to move through all the necessary
pre-installation health checks before you run the Exchange Server 2003 Setup
program.

IMPACT OF WINDOWS ON THE EXCHANGE SERVER

2003 INSTALLATION

Since Windows forms the basic infrastructure for an Exchange Server 2003
installation, there are a number of factors which have to be considered before
you proceed with your Exchange Server 2003 installation. These factors are:

• Global Catalog placement: The Global Catalog server has to be available for the
recipient's address to be resolved when messages are addressed by users. The Global
Catalog maintains the address list which a user utilizes to address a message.

When planning Global Catalog placement, consider the following recommendations:

o For each Active Directory site that has an Exchange 2003 server, you should
minimally have one Global Catalog server.
o For large Active Directory sites, you should have at least two Global Catalog
servers to provide redundancy.
o For single Active Directory domain models, you should consider making all your
domain controllers Global Catalog servers.
o For performance optimization, place the Global Catalog server close to the
clients so that fast address list access is assured.
o To reduce the overhead realized with having Global Catalog servers in each
Active Directory site, ensure that the design of your Active Directory site is sound
and optimized.
o You can utilize the Active Directory Replication Monitor (ReplMon) utility to assist
you with determining how many Global Catalogs are required in the Active
Directory forest.
• Windows Mixed or Native Mode: With mixed mode, mailboxes cannot be moved between
various administrative groups. Servers from the same administrative group reside in a
routing group. Native mode should be utilized when you are not utilizing any prior
Exchange Server versions. With native mode, routing groups can include servers from
many administrative groups. None of the prior limitations of the previous versions of
 Exchange are applicable in native mode. It is impossible to switch from native mode to
mixed mode.
• Group type utilized: Group type could become a major planning and design issue if you
are running multi-domain Windows 2000 Active Directory environments or Windows 2003
Active Directory environments.

A few important changes made with regard to groups are listed here:

o The distribution lists which was utilized by the Exchange 5.5 version has been
replaced by Windows 2000 groups in Exchange Server 2003.
o The distribution lists utilized by the Exchange 5.5 version has been replaced by
distribution groups in Active Directory.
o A Windows 2000 or Windows 2003 distribution group is identical to the Exchange
5.5 version distribution list, other than it not being assigned permissions on an
access control list.

A few important factors on how group types affect visibility are listed here. Visibility
refers to the ability of users being able to view the domain membership of a group:

o Domain Local group: Domain membership does not appear in the Global
Catalog. This means that the users in a domain can only view membership of
domain local groups from their own specific domain. While they can view the
group entry in the Global Address List (GAL) for domain local groups from
different domains, they cannot view membership details.
o Global group: Domain membership does not appear in the Global Catalog. This
means that the users in a domain can only view membership of global groups
from their own specific domain. While they can view the group entry in the Global
Address List (GAL) for global groups from different domains, they cannot view
membership details.
o Universal group: Domain membership appears in the Global Catalog. This
basically means that users are able to view membership of the group,
irrespective of the location of the group.

You need to define security groups so that you can assign permissions for Exchange
resources, calendars and public folders. A security group is a collection of users who
have the same permissions to resources, and the same rights to perform certain system
tasks. These are the groups to which you assign permissions so that its members can
access resources. Security groups therefore remove the need for an Administrator to
individually assign permissions to users. Users that need to perform certain tasks can be
grouped in a security group, and then assigned the necessary permissions to perform
these tasks. Each user that is a member of the group would have the same permissions. In
addition to this, any e-mail sent to a security group is received by each member of that
particular group.
The different group scopes make it possible for groups to be used differently to assign
permissions for accessing resources. The scope of a group defines the place in the
network where the group will be used or is valid. This is the degree to which the group
will be able to reach across a domain, domain tree, or forest. The group scope also
determines what users can be included as group members.

With domain local group, the functional level set for the domain determines which
members can be included in the domain local group.

o Windows 2000 Mixed: User accounts, computer accounts, and global groups
from any domain can be added as group members.
o Windows 2000 Native / Windows Server 2003: User accounts, computer
accounts, global groups, and universal groups from any domain can be added as
group members. You can also add other domain local groups from the same
domain as group members.

With Global groups, the domain functional level set for the domain determines which
members can be included in the global group.

o Windows 2000 Mixed: Only user accounts and computer accounts from the
domain in which the group was created, can be added as group members.
o Windows 2000 Native / Windows Server 2003: User accounts, computer
accounts, and other global groups from the domain in which the group was
created, can be added as group members.

With Universal groups; user accounts, computer accounts, global groups, and other
universal groups, from any domain in the Active Directory domain tree or forest can be
defined as members. This basically means that you can add members from any domain in
the forest to a Universal group. Universal groups are not available when domains are
functioning in the Windows 2000 Mixed domain functional level.

• Extending the Active Directory schema: One of the first steps that you need to perform for
an Exchange Server 2003 deployment is to extend or update the Active Directory
schema. The Active Directory schema defines what types of objects can be stored in
Active Directory. It also defines what the attributes of these objects are. The schema is
defined by two types of schema objects or metadata. Schema class objects define the
objects that can be created and stored in Active Directory. The schema attributes store
information on the schema class object when you create a new class.Schema attribute
objects provide information on object classes. The attributes of an object is also called
the object’s properties.

A few other elements associated with the Active Directory schema are:
 o Class Derivations define the way for forming new object classes using existing
object classes.
o Schema Rules: The Active Directory directory service implements a set of rules
into the Active Directory schema that control the manner in which classes and
attributes are utilized, and what values classes and attributes can include.
Schema rules are organized into Structure Rules, Syntax Rules, and Content
Rules.
o Structure Rules: The structure rule in Active Directory is that an object class can
have only specific classes directly on top of it. These specific classes are
called Possible Superiors.Structure rules prevent you from placing an object
class in an inappropriate container.
o Syntax Rules define the types of values and ranges allowed for attributes.
o Content Rules dictate what attributes can be associated with a particular class.

Before proceeding with extending the Active Directory schema, consider the points listed
below:

o You have to extend the Active Directory schema on the server assuming the
Schema Master Flexible Single Master Operations (FSMOs role.

To find the server configured as the Schema Master,

1. Open the Active Directory Schema MMC snap-in.

2. Right-click the Active Directory Schema.
3. Select Operations Master to view the Schema Master server.
o To extend the schema, the service account being used must meet the following
requirements:

 Member of the Schema Admins group.

 Member of the Enterprise Admins group.
o Bear in mind that when you extend the Active Directory schema, a full replication
occurs for the following Active Directory components:
 Active Directory domain databases
 Global catalog information

To extend the Active Directory schema, you will need to run ForestPrep. ForestPrep
extends or updates the Active Directory schema so that the necessary Exchange 2003
classes and attributes are added.

• Preparation of the Active Directory domain: Before you install Exchange Server 2003,
you have to prepare the Windows 2000 domain or Windows Server 2003 domain that will
be used to host the Exchange 2003 servers. The account which you utilize to prepare
you domains by running DomainPrep, must be a member of the Domain Admins group in
 the specific domain. DomainPrep creates the necessary Active Directory groups and
permissions that Exchange Server 2003 will change.

DomainPrep must be run in each of these domains:

• Forest root domain.

• In each domain which will host Exchange Server 2003.
• In each domain that will host Exchange mailbox-enabled objects. Whether the domain
hosts an Exchange Server 2003 server is irrelevant.

The changes made to the domain when DomainPrep is run are listed here:

• The global security group, Exchange Domain Servers, is created.

• The domain local security group, Enterprise Exchange Servers, is created.
• The Exchange Domain Servers group is added to the Enterprise Exchange Servers
group.
• For the domain controller being used for the Recipient Update Service, the necessary
permissions are assigned.

Before you start to install Exchange Server 2003, verify that the following
installation preparations have occurred:

• Use the Services applet to verify that IIS, NNTP, SMTP, and the WWW services are
installed and running.
• Verify that the forest was prepared, that the Active Directory schema was extended.
• Verify that the domain was prepared.
• Check all relevant log files for any detected errors.

EXCHANGE SERVER 2003 SERVICE ACCOUNT

REQUIREMENTS

It is recommended that the service account which you plan to use to install
Exchange Server 2003 be a dedicated service account.

For auditing purposes, this would enable you to more quickly determine what
activities are being performed by Exchange services.

To install Exchange Server 2003, the following permissions are needed:

• To initially run ForestPrep in a forest to update/extend the Active Directory schema –

Member of the Schema Admins group and Enterprise Admins group.
• To run ForestPrep in a forest after the initial instance – Exchange Administrator
permissions at the Exchange organization level.
 • To run DomainPrep to prepare for Exchange Server 2003 installation – Member of the
Domain Admins group in the specific domain.
• To install the initial server in the domain – Exchange Administrator permissions at the
Exchange organization level.
• To install any additional servers in the domain – Exchange Administrator permissions at
the administrative group level. The machine account must be included in the Exchange
Domain Servers group.
• To install a server with Site Replication Service (SRS) – Exchange Administrator
permissions at the Exchange organization level.

DETERMINING WHICH EXCHANGE 2003 VERSION TO

USE

The different versions of Exchange 2003 are:

• Exchange 2003 Standard Edition: This version of Exchange 2003 is suited for a small
organization. It also works well as a utility server in a large environment and as a
bridgehead server for an Exchange organization. The Exchange 2003 Standard Edition
provides the basic message server version of the software, and supports one mailbox
database of up to 16GB. Exchange 2003 Standard Edition includes support for Web
access, support for mobile access, and support for server recovery functionality.
• Exchange 2003 Enterprise Edition: This version of Exchange 2003 is ideal for
organizations that need more than a single 16GB Exchange messaging database, and
for organizations that need to use the advanced capabilities and features of Exchange.
Exchange 2003 Enterprise Edition can support a maximum of 20 Exchange messaging
databases per server.

The features not supported in the Standard version of Exchange Server 2003 are
noted here:

• Only a single database is supported.

• The database cannot be over 16GB in size.
• The existence of multiple databases and storage groups are not supported.
• Clustering is not supported.
• X.400 Connectors for remote site connectivity is not supported.

DETERMINING WHETHER TO USE MULTIPLE

EXCHANGE DATABASES AND STORAGE
GROUPS

A storage group in Exchange pertains to the logical grouping of Exchange

databases that have common logs.
Exchange Server 2003 provides the following features with regard to Exchange
databases:

• You can create multiple Exchange databases on a single server.

• You can Exchange databases bigger than 16GB.

A single Exchange Server 2003 Enterprise version can support the following:

• Up to 4 storage groups per server.

• A storage group can host up to 5 databases.

A few advantages of implementing multiple Exchange databases are listed here:

• Having multiple smaller Exchangedatabases results in a reduction in the time needed to

perform database restores.
• You can distribute user processing load over multiple databases. This results in a
reduction in the loss of user mail connectivity.
• You can define and configure different storage limits for each database.
• You can define and create a recovery storage group to which entire Exchange databases
can be restored.

BEST PRACTICES FOR EXCHANGE SERVER 2003

DESIGN

A few best practices for Exchange Server 2003 design are listed here:

• Exchange Server 2003 should be installed on Windows Server 2003.

• A dedicated service account should be used to install Exchange Server 2003.
• You should maintain a simple Active Directory design.
• Consider decreasing the number of Active Directory sites to decrease the number of
Exchange servers that need to be installed.
• Use DNS on your Active Directory domain controllers.
• Where simplicity is an important factor, use an external Active Directory DNS
namespace.
• Where security is an important factor, use an internal Active Directory DNS namespace.
• Use separate physical disks for the following:
• Exchange binaries.
• Exchange database files.
• Exchange transaction logs.
• You should have a local copy of the Global Catalog near to the Exchange servers.
• Include a backup and recovery strategy in your Exchange Server design.
• Include an antivirus strategy in your Exchange Server design.
 • Ensure that you keep the Windows operating system and Exchange updated with regard
to installation of the latest released service packs and hotfixes.
• Supported client access methods should be matched to the proper Exchange technology.

HOW TO CREATE AN EXCHANGE SERVER 2003

SERVICE ACCOUNT

1. Click Start, Administrative Tools, and then click Active Directory Users And Computers to
open the Active Directory Users And Computers console.
2. In the console tree, expand the domain.
3. Right-click the Users container and select New, and then User from the shortcut menu.
4. When the New Object - User dialog box opens, enter the necessary information.
5. Enter the logon name for the account in the User Logon Name field, and select the
domain to which the account should be associated with.
6. Click Next.
7. Proceed to set the password of the service account in the Password and Confirm
Password fields, and enable any applicable options available in the dialog box for the
new service account.
8. Ensure that you select the Password Never Expires option. This option is generally
enabled for accounts utilized by Windows services or programs.
9. Click Next
10. Click Finish.
11. Right-click the service account that you created, and select Properties from the shortcut
menu.
12. The service account Properties dialog box opens.
13. Click the Member Of tab.
14. Click Add.
15. Proceed to add the service account to the groups listed here:
o Schema Admins group
o Enterprise Admins group
o Domain Admins group
16. Click OK.
17. Click OK in the Properties Dialog box of the service account.

HOW TO INSTALL THE WINDOWS SERVICES FOR

EXCHANGE SERVER 2003 IMPLEMENTATION

To install the SMTP service,

1. Click Start, Control Panel, and click Add/Remove Programs.

2. Click Add/Remove Windows Components in the Add Or Remove Programs dialog box.
3. The Windows Components Wizard starts.
 4. Click Application Server in the Windows Components dialog box, and then click the
Details button.
5. The Application Server dialog box appears next.
6. Click Internet Information Services (IIS) and then select the Details button.
7. Click the SMTP Service checkbox.
8. Click OK.

To install the NNTP service,

1. Click Start, Control Panel, and click Add/Remove Programs.

2. Click Add/Remove Windows Components in the Add Or Remove Programs dialog box.
3. The Windows Components Wizard starts.
4. Click Application Server in the Windows Components dialog box, and then click the
Details button.
5. The Application Server dialog box appears next.
6. Click Internet Information Services (IIS) and then select the Details button.
7. Click the NNTP Service checkbox.
8. Click OK.

To install the World Wide Web service and ASP,

1. Click Start, Control Panel, and click Add/Remove Programs.

2. Click Add/Remove Windows Components in the Add Or Remove Programs dialog box.
3. The Windows Components Wizard starts.
4. Click Application Server in the Windows Components dialog box, and then click the
Details button.
5. Click the ASP.NET checkbox.
6. Click OK.
7. Click Internet Information Services (IIS) and then select the Details button.
8. Click the World Wide Web Service checkbox.
9. Click OK.

To enable ASP,

1. Click Start, Administrative Tools, and then click Internet Information Services (IIS)
Manager to open the Internet Information Services console.
2. In the console tree, select Web Service Extensions.
3. Select ASP.
4. Click Allow to enable ASP.
HOW TO RUN FORESTPREP

1. Using an account that belongs to the Schema Admins group and Enterprise Admins
group, access the Windows Server 2003 server.
2. Place the Exchange Server 2003 installation CD in the CD-ROM drive.
3. Click Start, and then Run to access the Run command-line.
4. Execute D:\setup\i386\setup.exe/forestprep, where D is the drive letter for the CD-ROM
drive.
5. The Exchange Installation Wizard starts.
6. Click Next on the Exchange Installation Wizard Welcome screen.
7. Read and accept the End User License Agreement. Click Next.
8. The Component Selection page is displayed
9. Ensure that ForestPrep is selected.
10. Provide the installation path, if necessary. Click Next.
11. Provide the account information for the account being used to install Exchange Server
2003, and then click Next.
12. After the ForestPrep process has run, a message dialog box is displayed, indicating that
the process has been completed.
13. Click Finish to end the Exchange Installation Wizard.

HOW TO RUN DOMAINPREP

1. Using an account that belongs to the Domain Admins group, access the Windows Server
2003 server.
2. Place the Exchange Server 2003 installation CD in the CD-ROM drive.
3. Click Start, and then Run to access the Run command-line.
4. Execute D:\setup\i386\setup.exe/domainprep, where D is the drive letter for the CD-ROM
drive.
5. The Exchange Installation Wizard starts.
6. Click Next on the Exchange Installation Wizard Welcome screen.
7. Read and accept the End User License Agreement. Click Next.
8. When the Component Selection page is displayed, ensure that DomainPrep is selected.
9. Provide the installation path, if necessary. Click Next.
10. Provide the account information for the account being used to install Exchange Server
2003, and then click Next.
11. After the DomainPrep process has run, a message dialog box is displayed, indicating that
the process has been completed.

Click Finish to end the Exchange Installation Wizard.