You need to ensure that members of a group named Relecloudadmins can create user accounts and mailboxes for new employees after the planned upgrade

###BeginCaseStudy###
Topic 2, Relecloud
Directory Environment
The network contains a single Active Directory forest named relecloud.com. The forest contains a single
domain and a single Active Directory site.
All servers run Windows Server 2012 R2 and are members of the domain. All client computers run Windows 10
and are members of the domain.
The Active Directory forest is prepared for Exchange Server 2016.
Exchange Environment
Relecloud has an Exchange Server 2013 Service Pack 1 (SP1) organization. The organization contains six servers.
The servers are configured as shown in the following table.

The organization has the following configurations:
EX1, EX2, and EX3 are members of a database availability group (DAG) named DAG1.
Edge Synchronization is configured for the Active Directory site.
All client computers have Microsoft Outlook 2013 SP1 installed.
All inbound and outbound mail flow is routed through EdgeEx.
Antispam transport agents are configured on EdgeEX.
Active Directory split permissions are enabled.
Outlook anywhere is enabled.
Developers are Relecloud develop applications that send email notifications. These notifications are sent by
using an SMTP client.
Planned Changes Relecloud plans to upgrade all of the Mailbox and Client Access servers to Exchange Server
2016.
The servers will host all of the mailboxes in the organization. The SMTP clients used by the development
department users will use the new email servers to relay email messages
Connectivity Requirements
Relecloud identifies the following connectivity requirements:
The default connection method for the Outlook clients must be MAPI over HTTP.
All Exchange ActiveSync users must be prevented from sending email messages that are larger than 1 MB.
Compliance Requirements
Relecloud identifies the following connectivity requirements:
Prevent all users in the organization from deleting email messages that contain the word RelecloudFutures.
Log all of the details that relate to the creation of new mailboxes.
Availability Requirements
Relecloud identifies the following availability requirements:
Implement a new Exchange Server 2016 DAG.
Maintain multiple copies of the mailbox information during the upgrade process to Exchange Server 2016.

###EndCaseStudy###

You need to ensure that members of a group named Relecloudadmins can create user
accounts and mailboxes for new employees after the planned upgrade. What should you do first?

###BeginCaseStudy###
Topic 2, Relecloud
Directory Environment
The network contains a single Active Directory forest named relecloud.com. The forest contains a single
domain and a single Active Directory site.
All servers run Windows Server 2012 R2 and are members of the domain. All client computers run Windows 10
and are members of the domain.
The Active Directory forest is prepared for Exchange Server 2016.
Exchange Environment
Relecloud has an Exchange Server 2013 Service Pack 1 (SP1) organization. The organization contains six servers.
The servers are configured as shown in the following table.

The organization has the following configurations:
EX1, EX2, and EX3 are members of a database availability group (DAG) named DAG1.
Edge Synchronization is configured for the Active Directory site.
All client computers have Microsoft Outlook 2013 SP1 installed.
All inbound and outbound mail flow is routed through EdgeEx.
Antispam transport agents are configured on EdgeEX.
Active Directory split permissions are enabled.
Outlook anywhere is enabled.
Developers are Relecloud develop applications that send email notifications. These notifications are sent by
using an SMTP client.
Planned Changes Relecloud plans to upgrade all of the Mailbox and Client Access servers to Exchange Server
2016.
The servers will host all of the mailboxes in the organization. The SMTP clients used by the development
department users will use the new email servers to relay email messages
Connectivity Requirements
Relecloud identifies the following connectivity requirements:
The default connection method for the Outlook clients must be MAPI over HTTP.
All Exchange ActiveSync users must be prevented from sending email messages that are larger than 1 MB.
Compliance Requirements
Relecloud identifies the following connectivity requirements:
Prevent all users in the organization from deleting email messages that contain the word RelecloudFutures.
Log all of the details that relate to the creation of new mailboxes.
Availability Requirements
Relecloud identifies the following availability requirements:
Implement a new Exchange Server 2016 DAG.
Maintain multiple copies of the mailbox information during the upgrade process to Exchange Server 2016.

###EndCaseStudy###

You need to ensure that members of a group named Relecloudadmins can create user
accounts and mailboxes for new employees after the planned upgrade. What should you do first?

A.
Run the New-ManagementRole cmdlet.

B.
Run the New-ManagementRoleAssignment cmdlet.

C.
Run setup.exe and specify the /PrepareDomain parameter.

D.
Run setup.exe and specify the/prepareAD parameter.



Leave a Reply 7

Your email address will not be published. Required fields are marked *


Mahoney

Mahoney

Are there some suitable management role we could use for role assignment? If we use “Mail Recipient Creation” role, it enables to “create mailboxes, mail users, mail contacts, and regular and dynamic distribution groups in an organization”…

Sam

Sam

There is no requirements to least rights privileges. IMHO, add admins to Organization Config role with cmdlet New-ManagementRoleAssignment

DSKyo

DSKyo

While we are not asked to assign the least privilege, this is really a principle in practice. So, if this was a real world scenario and I would’ve had that kind of requirement, I would run the New-ManagementRole cmdlet to create a custom role that would only allow new-mailbox and enable-mailbox commands to be run. For that reason I would go with A.

PNCK

PNCK

Correct answer is D.

Active Directory split permissions are enabled.

So first of all you should disable it. To disable ad split permission you should run setup.exe /PrepareAD /ActiveDirectorySplitPermissions:false

tmkreddy55

tmkreddy55

I Agree with PNCK, since the AD split permissions are enabled, the first thing to do is to disable Split permission model before we move with Role Assignment, fail in which the group members will not be able to create AD User accounts.