DRAG DROP
###BeginCaseStudy###
Case Study: 5
Proseware, Inc
Overview
General Overview
Proseware, Inc., is an international manufacturing company that has 1,000 users. Proseware
has a sales department, a marketing department, a research department, and a human
resources department. Proseware purchases another company named Contoso, Ltd. Contoso
has 500 users.
Physical Locations
Proseware has two main offices located in New York and London. The offices connect to
each other by using a WAN link. Each office connects directly to the Internet. Contoso has a
single office in Dallas.
Existing Environment
Active Directory Environment
The Proseware network contains an Active Directory forest named proseware.com. The
forest contains a single domain. All domain controllers run Windows Server 2012. Each
office contains three domain controllers. Each office is configured as an Active Directory
site. The Contoso network contains an Active Directory forest named contoso.com. The
forest contains a single domain. All domain controllers run Windows Server 2012.
Exchange Server Organization
Proseware has an Exchange Server 2013 organization that contains four servers. The servers
are configured as shown in the following table.
EX3 and EX4 are the members of a database availability group (DAG) named DAG1. DAG1
has two DAG networks. The networks are configured as shown in the following table.
Users connect to mail.proseware.com for Microsoft Outlook and Outlook Web App services.
Mail.proseware.com resolves to an IP address on a hardware load balancer. All Outlook
Anywhere users are enabled for Cached Exchange Mode. Proseware pilots a hybrid
deployment of Exchange Server 2013 and Microsoft Office 365. The mailbox of each pilot
user is moved to Office 365. For the pilot mailboxes, all inbound email messages from the
Internet are delivered to the Exchange Server organization, and then forwarded to Office 365.
Contoso has an Exchange Server 2010 organization.
Problem Statements
Proseware identifies the following issues:
• MapiNet is saturated with network traffic caused by the database replication between
the members of DAG1 over MapiNet.
• The pilot users report that entries added to their Safe Senders list and their Blocked
Senders list fail to work.
• A recent power outage in the New York office prevents all users from accessing their
mailbox.
• A user named User1 reports that email messages are being sent from her mailbox
without her consent.
Requirements
Planned Changes
Proseware plans to implement the following changes:
• Several users at Contoso will use a mailbox at Proseware as their primary mailbox.
The Contoso users will use Autodiscover to configure their client settings and will use single
sign-on.
• For a special project, an IT administrator will create 20 distribution groups that will
each contain 200 members.
• Certain users in both companies will have a ©contoso.com SMTP suffix as their
primary email address.
Technical Requirements
Proseware identifies the following technical requirements for the Exchange Server
organization:
• Internal email messages must be rejected if the messages cannot be protected by using
Shadow Redundancy.
• All database replication between DAG1 members must occur over the Rep1Net
network.
Site Resiliency Requirements
Proseware identifies the following site resiliency requirements for the Exchange Server
organization:
• All mailboxes must be available if a single site becomes unavailable. The solution
must not require administrator intervention.
• User traffic on the WAN links must be minimized.
Email Security Requirements
Proseware identifies the following requirements for securing email messages:
• Email recipients must be able to identify whether an email message was modified
during delivery.
• All email messages stored in the mailbox databases must be protected from theft.
• Users must be able to encrypt email messages from Outlook Web App.
Retention Requirements
Proseware plans to reduce mailbox server storage usage and to limit company liability.
Proseware identifies the following requirements:
• Email messages in the Deleted Items folder must be retained for only 30 days.
• Email messages in a mailbox folder named Projects must be retained for 540 days,
unless the messages contain contractual information.
• Email messages in the Projects folder that contain contractual information must be
retained indefinitely.
• All other email messages must be removed after one year.
###EndCaseStudy###
You need to recommend a solution to support the planned changes for the integration of the
Exchange Server organizations of Contoso and Proseware. What should you configure in
each organization? (To answer, drag the appropriate objects to the correct forests. Each
object may be used once, more than once, or not at all. You may need to drag the split bar
between panes or scroll to view content.)
Proseware:
Linked Mailboxes
One-Way Incoming Trust
Published Endpoint for “autodiscover.contoso.com”
Contoso:
Mail-enabled Users With @proseware.constoso.com Addresses
One-Way Outgoing Trust
Published Endpoint for “autodiscover.proseware.contoso.com”
You got the trust part wrong.
Refer to https://technet.microsoft.com/en-us/library/cc816877.aspx
—————————– snip ——————
A one-way, incoming, external trust allows users in your domain (the domain that you are logged on to at the time that you run the New Trust Wizard) to access resources in another Active Directory domain (outside your forest)
—————————- unsnip ——————
Meaning, if my account (which is local to my AD) want to access your resources (which is external to me), then it is an incoming trust from my point of view and outgoing trust from your point of view.
Outgoing trust = trusted AD
Incoming trust = trusting AD
NEEDED:
If you create a one-way outgoing trust where the Exchange forest (Contoso “resource” Mailboxes) trusts the account forest (Prosware linked Mailboxes), you will be prompted for administrator credentials in the account forest whenever you create a linked mailbox.
OPTIONAL:
To create a linked mailbox without being prompted for administrator credentials in the account forest, you have to create a two-way trust, or create another one-way outgoing trust where the account forest (Prosware linked Mailboxes) also trusts the Exchange forest (Contoso “resource” mailboxes). This step requires administrator credentials in the account forest.