###BeginCaseStudy###
Testlet 1
Topic 1, Fabrikam, Inc
Overview
Fabrikam, Inc., is a pharmaceutical company located in Europe. The company has 5,000 users.
The company is finalizing plans to deploy an Exchange Server 2013 organization.
The company has offices in Paris and Amsterdam.
Existing Environment
Active Directory Environment
The network contains an Active Directory domain named fabrikam.com. An Active Directory
site exists for each office.
Network Infrastructure
The roles and location of each server are configured as shown in the following table.
Client computers run either Windows 7 or Windows 8 and have Microsoft Office 2010 installed.
The Paris office uses the 192.168.1.0/24 IP range. The Amsterdam office uses the 192.168.2.0/24 IP range.
The offices connect to each other by using a high-speed, low-latency WAN link. Each office has a 10-Mbps
connection to the Internet.
Planned Exchange Infrastructure
The company plans to deploy five servers that run Exchange Server. The servers will be configured as shown
in the following table.
The company plans to have mailbox databases replicated in database availability groups (DAGs). The mailbox
databases and DAGs will be configured as shown in the following table.
DAG1 will use FS1 as a file share witness. DAG2 will use FS3 as a file share witness.
You plan to create the following networks on each DAG:
A dedicated replication network named DAGNET1
A MAPI network named DAGNET2
All replication traffic will run on DAGNET1. All client connections will run on DAGNET2. Client connections must
never occur on DAGNET1. Replication traffic must only occur on DAGNET2 if DAGNET1 is unavailable.
Each Exchange Server 2013 Mailbox server will be configured to have two network adapters.
The following two mailbox databases will not be replicated as part of the DAGs:
A mailbox database named AccountingDB that is hosted on EX1
A mailbox database named TempStaffDB that is hosted on EX4EDGE1 will have an Edge Subscription configured, with both EX1 and EX2 as targets.
Requirements
Planned Changes
An external consultant reviews the Exchange Server 2013 deployment plan and identifies the following areas of
concern:
The DAGs will not be monitored.
Multiple Edge Transport servers are required to prevent the potential for a single point of failure.
Technical Requirements
Fabrikam must meet the following technical requirements:
Email must be evaluated for SPAM before the email enters the internal network.
Production system patching must minimize downtime to achieve the highest possible service to users.
Users must be able to use the Exchange Control Panel to autonomously join and disjoin their department’s
distribution lists.
Users must be able to access all Internet-facing Exchange Server services by using the names of
mail.fabrikam.com and autodiscover.fabrikam.com.
The company establishes a partnership with another company named A. Datum Corporation. A Datum uses the SMTP suffix adatum.com for all email addresses. Fabrikam plans to exchange sensitive information with A.
Datum and requires that the email messages sent between the two companies be encrypted. The solution must
use Domain Security.
Users in the research and development (R&D) department must be able to view only the mailboxes of the users
in their department from Microsoft Outlook. The users in all of the other departments must be prevented from
viewing the mailboxes of the R&D users from Outlook.
Administrators plan to produce HTML reports that contain information about recent status changes to the
mailbox databases.
Fabrikam is evaluating whether to abort its plan to implement an Exchange Server 2010 Edge Transport server
and to implement a Client Access server in the Paris office instead. The Client Access server will have antispam agents installed.
###EndCaseStudy###
You need to recommend a design that meets the technical requirements for communication between Fabrikam and A Datum.
Which three actions should you perform in fabrikam.com? (Each correct answer presents part of the solution. Choose three.)
A.
Create a remote domain for adatum.com.
B.
Exchange certificates with the administrators of adatum.com.
C.
From EDGE1, create a Send connector that has an address space for adatum.com
D.
Run the Set-TransportConfigcmdlet.
E.
Run the Set-TransportServercmdlet.
F.
From a Mailbox server, create a Send connector that has an address space for adatum.com.
Explanation:
NOT A
Applies to: Exchange Server 2013, Exchange Online
Remote domains are SMTP domains that are external to your Microsoft Exchange organization. You can create
remote domain entries to define the settings for message transferred between your Exchange organization and
specific external domains. The settings in the remote domain entry for a specific external domain override the
settings in the default remote domain that normally apply to all external recipients. The remote domain settings
are global for the Exchange organization.
You can create remote domain entries to define the settings for message transfers between your Exchange
Online organization and external domains. When you create a remote domain entry, you control the types of
messages that are sent to that domain. You can also apply message format policies and acceptable character
sets for messages that are sent from users in your organization to the remote domain.
NOT C
Edge1 is in the perimeter network and the send connector needs to be created on a mailbox server
NOT E
Set-TransportServercmdlet.
Use the Set-TransportServer cmdlet to set the transport configuration options for the Transport service on
Mailbox servers or for Edge Transport servers.
This example sets the DelayNotificationTimeout parameter to 13 hours on server named Mailbox01.
Set-TransportServer Mailbox01 -DelayNotificationTimeout 13:00:00Need Set-TransportConfig and the TLSReceiveDomainSecureList parameter to specify the domains from
which you want to receive domain secured email by using mutual Transport Layer Security (TLS)
authentication.
B
To activate SSL encryption on an Exchange server, you need a server certificate on the Client Access Server in
each company. The client access server is the internet facing server in an organization.
An SSL certificate is a digital certificate that authenticates the identity of the exchange server and encrypts
information that is sent to the server using Secure Sockets Layer (SSL) technology
Mailbox server certificates
One key difference between Exchange 2010 and Exchange 2013 is that the certificates that are used on the
Exchange 2013 Mailbox server are self-signed certificates.
Because all clients connect to an Exchange 2013 Mailbox server through an Exchange 2013 Client Access
server, the only certificates that you need to manage are those on the Client Access server.
The Client Access server automatically trusts the self-signed certificate on the Mailbox server, so clients will not
receive warnings about a self-signed certificate not being trusted, provided that the Client Access server has a
non-self-signed certificate from either a Windows certification authority (CA) or a trusted third party.
There are no tools or cmdlets available to manage self-signed certificates on the Mailbox server. After the
server has been properly installed, you should never need to worry about the certificates on the Mailbox server.
D
Set-TransportConfig.
Use the Set-TransportConfig cmdlet to modify the transport configuration settings for the whole
Exchange organization.
EXAMPLE 1
This example configures the Exchange organization to forward all DSN messages that have the DSN codes
5.7.1, 5.7.2, and 5.7.3 to the postmaster email account.
Set-TransportConfig -GenerateCopyOfDSNFor 5.7.1,5.7.2,5.7.3
The TLSReceiveDomainSecureList parameter specifies the domains from which you want to receive domain
secured email by using mutual Transport Layer Security (TLS) authentication.
F
If you want to ensure secure, encrypted communication with a partner, you can create a Send connector that is
configured to enforce Transport Layer Security (TLS) for messages sent to a partner domain. TLS provides
secure communication over the Internet.
Use the EAC to create a Send connector to send email to a partner, with TLS applied
To create a Send connector for this scenario, log in to the EAC and perform the following steps:
In the EAC, navigate to Mail flow > Send connectors, and then click Add .
In the New send connector wizard, specify a name for the send connector and then select Partner for the Type.
When you select Partner, the connector is configured to allow connections only to servers that authenticate with
TLS certificates. Click Next.
Verify that MX record associated with recipient domain is selected, which specifies that the connector uses the
domain name system (DNS) to route mail. Click Next.
Under Address space, click Add . In the Add domain window, make sure SMTP is listed as the Type. For Fully
Qualified Domain Name (FQDN), enter the name of your partner domain. Click Save.
For Source server, click Add . In the Select a server window, select a Mailbox server that will be used to send
mail to the Internet via the Client Access server and click Add . After you’ve selected the server, click Add .
Click OK.
Click Finish.
Once you have created the Send connector, it appears in the Send connector list.
Send Connector
In Microsoft Exchange Server 2013, a Send connector controls the flow of outbound messages to the receiving
server.
They are configured on Mailbox servers running the Transport service. Most commonly, you configure a Send
connector to send outbound email messages to a smart host or directly to their recipient, using DNS.
Exchange 2013 Mailbox servers running the Transport service require Send connectors to deliver messages to
the next hop on the way to their destination.Send connectors that are created on Mailbox servers are stored in Active Directory and are available to all
Mailbox servers running the Transport service in the organization.
Send Connectors: Exchange 2013 Help