3. Using Configuration Containers Instead of Administrative Groups
Exchange Server 2010 uses configuration containers instead of administrative groups to simplify the administrative model. As you can see in Figure 2
you can view the logical structure of the Exchange organization in the
Exchange Management Console. Start the Exchange Management Console by
clicking Start, selecting All Programs, selecting Microsoft Exchange
Server 2010, and selecting Exchange Management Console. When you are
logged on to a computer in the Exchange forest, you can work with the
local Exchange servers by using the subnodes of the Microsoft Exchange
On-Premises node. Otherwise, you need to connect to the Exchange forest
before you can work with Exchange servers and you need to establish one
connection for each online and on-premises implementation. To do this,
follow these steps:
-
In the Exchange Management Console, right-click the Microsoft Exchange node and then select Add Exchange Forest. -
In the Add Exchange Forest dialog box, specify the friendly name for
the Exchange implementation to which you want to connect. This is the
name that will be displayed in the Exchange Management Console. -
Enter the fully qualified domain name, host name, or IP address of
the Exchange server you want to connect to. Normally, this is a Client
Access server. However, all Exchange servers run the Remote PowerShell
Web application on their instance of Internet Information Services
(IIS). For an Exchange online organization, use the external name
provided to you. -
To log on with your current credentials, select Logon With Default
Credential, and then click OK. Otherwise, click OK, type the name and
password of a user account with Exchange administrator permissions, and
then click OK again.
Regardless of whether you are connected to the Exchange forest
automatically or connect to an Exchange forest manually, you are
connected to an automatically selected server. You can specify an
Exchange server to connect to by right-clicking the friendly name of the
forest and then clicking Properties. In the Properties dialog box, the
Specify A Server option is selected by default. Click Browse. Select the
Exchange server you want to connect to, and then click OK. Click OK
again to apply your changes.
Note
The Exchange Management Console establishes connections to a designated server in the Exchange organization via the Windows Remote
Management service. The server name you enter sets the URL that the
Exchange Management Console will use to connect to Exchange Server for remote management, such as https://MailServer23.cpandl.com/PowerShell/.
On a server running Exchange Server 2010, WinRM and related services
are set up automatically. On your management computer, you need to
install the required components and configure WinRM . You can customize the WinRM configuration
for your environment. In the Exchange Management Shell, the related
commands are New-PowerShellVirtualDirectory,
Get-PowerShellVirtual-Directory, Set-PowerShellVirtualDirectory, and
Test-PowerShellConnectivity. If you enter Get-PowerShellVirtualDirectory | Format-List, you'll get configuration
details for each Client Access server in the Exchange organization. You
can use Set-PowerShellVirtualDirectory to enable or disable
authentication mechanisms, including basic authentication, certificate
authentication, Live ID basic authentication, Live ID NTLM negotiate
authentication, and Windows authentication. You can also specify the
internal and external URLs for the PowerShell virtual directory on a
per-server basis. By default, servers have only internal URLs for
PowerShell. For troubleshooting issues related to the PowerShell virtual
directory, enter Test-PowerShellConnectivity followed by the URL to test, such as https://mailer1.cpandl.com/powershell.
Figure 2
shows the main window for the Exchange Management Console. In the
Exchange Management Console, the forest-level node is the starting point
for managing Exchange. When you select this node, you can use the
options on the Organizational Health tab to generate and view
organizational reports that include general health, licensing, and configuration
statistics. Select the Click Here To Access The Latest Data link to
generate or update the health statistics. Under the forest-level node,
you'll find three top-level containers:
-
Organization Configuration
Used to view and manage the global settings for all servers and
recipients in an organization. Settings are organized based on the
server role and applied globally throughout the organization. -
Server Configuration Used to view and manage the configuration of individual servers in an organization. Servers are organized by role. -
Recipient Configuration
Used to view and manage recipients in an organization. Recipients are
organized by type, independent of the Mailbox server on which they are
stored.
Note
In the Exchange Management Shell, you can get organization configuration information by entering $s=Get-OrganizationConfig; $os=$s.organizationsummary;$os | ft key,value.
The sections that follow discuss these Exchange components and explain how they fit into the overall organizational structure.
Working with the Organization Configuration Node
With Exchange Server 2010, the scope of the organization is the same
as the scope of your Active Directory organization. Because of this,
Organization Configuration node settings apply to all Exchange servers
and Exchange recipients in all domains in your Active Directory forest.
When you select the Organization Configuration node, the results pane
provides tabs for working with federation trusts and organizational relationships, as shown in Figure 3. You use these tabs as follows:
-
Federation Trusts
Create and manage
trusts between federated forests. Federated forests are Active Directory
forests from different organizations or from organizations having
different forest roots for which you've established trust relationships.
You also can manage the identities of domains in the organization that
should be federated. Every domain where users have primary e-mail
services should be identified and, as appropriate, enabled for
federation. -
Organizational Relationships
Enable and manage
organizational relationships with external organizations. You use these
relationships to enable secure information sharing using federation.
Note
After you have established federation trusts and organizational
relationships, you can manage sharing policies by expanding the
Organizational Configuration node, selecting the related Mailbox node,
and then clicking the Sharing Policies tab. The default sharing policy
allows for sharing calendar free/busy information with any external
domain.
The subnodes under the Organization Configuration node provide access
to the most common organization-level settings you'll work with:
-
Mailbox Allows you to manage Mailbox
server role settings that apply to your entire Exchange 2010
organization. Mailbox server role settings that you can manage include
address lists, managed folders, mailbox policies, databases, database
availability groups, and offline address books. -
Client Access Allows you to manage Client
Access server role settings that apply to your entire Exchange 2010
organization. Client Access server role settings allow you to create and
manage mailbox policies for Outlook Web App and Exchange ActiveSync. -
Hub Transport
Allows you to manage
Hub Transport server role settings that apply to your entire Exchange
2010 organization. Hub Transport server role settings you can manage
include antispam settings, remote and accepted domains, e-mail address
policies, transport rules, journal rules, send connectors, and Edge
subscriptions. -
Unified Messaging
Allows you to manage
Unified Messaging server role settings that apply to your entire
Exchange 2010 organization. Unified Messaging server role settings you
can manage include dial plans, gateways, mailbox policies, and
auto-attendants.
With Exchange Server organizations, most organization information is
stored in Active Directory. When you start the Exchange Management
Console, the console obtains the organization configuration details from
the authoritative domain
controller to which your computer is currently connected. In some
cases, such as when you need to work with recipients and objects in a
specific site or domain, you might want to connect to a specific
authoritative domain controller and obtain server and Organization Configuration node details from this server.
You can specify the domain controller from which to obtain Organization Configuration node details by completing the following steps:
-
Open the Exchange Management Console. -
Right-click the Organization Configuration node, and then select
Modify Configuration Domain Controller. The Configuration Domain
Controller dialog box appears, shown in Figure 4.
-
Select Specify A Domain
Controller. Click the Browse button to the right of the Domain text
box, and then use the Select Domain dialog box to select the domain to
use. -
In the specified domain, by default you are connected to the first
authoritative domain controller that responds to your request. To
specify a configuration domain controller to use, click the Browse
button to the right of the Configuration Domain Controller text box. Use
the Select Domain Controller dialog box to select the domain controller
to use according to its site membership in the previously specified
domain. -
When you click OK, the Exchange Management Console retrieves the topology information for the specified domain and site.
Working with the Server Configuration Node
All servers running Exchange Server 2010 have one or more server
roles. You can deploy the Mailbox, Client Access, Hub Transport, and
Unified Messaging server roles together. You can also manage these roles
together using the Server Configuration node in the Exchange Management
Console. When you select the Server Configuration node in the Exchange
Management Console, all Exchange servers in your Exchange Server 2010 organization
are listed in the results pane by name, the Exchange Server 2010 roles
installed, and the Exchange Server version, as shown in Figure 5.
You can work with the individual server entries in several ways:
-
If you right-click a server entry, you see a shortcut menu with
options for managing each configured role. Selecting one of those
options opens the corresponding subnode under Server Configuration, and
doing this is the same as selecting the subnode and then selecting the
server with which you want to work. -
If you right-click a server entry and then select Properties, you see the Properties dialog box, shown in Figure 6.
The General tab provides summary information about the Exchange
version, edition, roles, and licensing. The System Settings tab shows
the domain controllers being used by Exchange and the Global Catalog
servers being used by Exchange.
The subnodes under the Server
Configuration node provide access to the most common settings you'll
work with for individual servers according to their role:
-
Mailbox
Allows you to manage
the mailbox configuration of a selected server. In the top pane,
servers are listed by name, role, and Exchange version. If you select a
server in the top pane, the related databases are listed. -
Client Access
Allows you to manage the client access configuration of a selected
server. In the top pane, servers are listed by name, role, Exchange
version, and Outlook Anywhere state. If you select a server in the top
pane, you can view the Web sites and Uniform Resource Locators (URLs)
used with Outlook Web App, Exchange ActiveSync, POP3 And IMAP4, and
Offline Address Book Distribution. -
Hub Transport
Allows you to manage the hub transport configuration of a selected
server. In the top pane, servers are listed by name, role, Exchange
version, and message-tracking state. If you select a server in the top
pane, you can view the receive connectors and their status as well as
the status of IP Allow and IP Block lists for antispam. -
Unified Messaging
Allows you to manage
the unified messaging configuration of a selected server. In the top
pane, servers are listed by name, role, Exchange version, unified
messaging status, and associated dial plans. If you select a server in
the top pane, you can view the dial plans, IP gateways, mailbox policies, and auto-attendants for that server.
As with organization-level configuration details, the configuration
details for individual servers are stored in Active Directory. You can
specify the domain controller from which to obtain Server Configuration node details by completing the following steps:
-
Open the Exchange Management Console. -
Right-click the Server
Configuration node, and then select Modify Configuration Domain
Controller. The Configuration Domain Controller dialog box appears,
shown previously in Figure 4. -
Follow steps 5 in the procedure in the section Working with the Organization Configuration Node.
Working with the Recipient Configuration Node
A recipient is an entity that can receive Exchange mail. Recipients
include users, contacts, distribution groups, public folders, and
resources. Types of resources used with Exchange include rooms and
equipment used for scheduling.
You refer to recipients as either mailbox-enabled or mail-enabled.
Mailbox-enabled recipients (users and resources) have mailboxes for
sending and receiving e-mail messages. Mail-enabled recipients
(contacts, distribution groups, and public folders) have e-mail
addresses but no mailboxes. This allows users in your organization to
send messages to mail-enabled recipients. Keep in mind that when you
mail-enable a public folder and grant Send As permission on the folder
to a user, the user can send mail on behalf of the public folder.
In addition to users, contacts, groups, resources, and public folders, Exchange Server 2010 has two unique types of recipients: linked
mailboxes and dynamic distribution groups. Basically, a linked mailbox
represents a mailbox that is accessed by a user in a separate, trusted
forest. A dynamic distribution group is a type of distribution group
that you can use to build a list of recipients whenever mail addressed
to the group is received, rather than having a fixed member list.
To manage recipients in your organization, you need to know these key concepts:
-
How e-mail policies are used
E-mail address policies define the technique Exchange uses to create
e-mail addresses for users, resources, contacts, and mail-enabled
groups. For example, you can set a policy for users with Exchange mailboxes that creates e-mail addresses by combining an e-mail alias with @cpandl.com. Thus, during setup of an account for William Stanek, the e-mail alias williams is combined with @cpandl.com to create the e-mail address [email protected]. -
How address lists are used
You use address lists to organize recipients and resources, making it
easier to find the ones that you want to use, along with their related
information. During setup, Exchange creates a number of default address
lists. The most commonly used default address list is the global address list, which lists all the recipients in the organization. You can create custom address lists as well. -
How managed folders are used
Every recipient has a
default set of managed folders that are displayed in Outlook and
Outlook Web App. These folders include Inbox, Contacts,
Drafts, Deleted Items, Junk E-mail, Notes, Outbox, and Sent Items. To
the default folders, you can add custom managed folders. For example, if
managers need to approve certain types of messages before the messages
are sent, you can create a Pending Approval folder.
In the Exchange Management Console, Recipient Configuration node
settings apply to individual recipients in all domains in your Active
Directory forest according to their type. The subnodes under the
Recipient Configuration node provide access to recipients according to
their type or state:
-
Mailbox Allows you to view and manage user mailboxes, room mailboxes, equipment mailboxes, and linked mailboxes. -
Distribution Group
Allows you to view and manage standard and dynamic distribution groups. -
Mail Contact
Allows you to view and manage mail contacts. -
Disconnected Mailbox
Allows you to view and manage disconnected
mailboxes. A disconnected mailbox is a mailbox that is not associated
with an Active Directory user account because it has been removed and
marked for deletion. By default, when you remove a mailbox, it remains
as a disconnected mailbox in Exchange for 30 days. At the end of the
30-day period, the mailbox is permanently removed. -
Move Request
Allows you to view and manage mailboxes being moved from one Exchange environment to another.
When you select the Recipient Configuration node in the Exchange
Management Console, or any related subnodes, Exchange recipients for
your logon domain are listed in the results pane, as shown in Figure 7. Recipients are scoped
to the logon domain by default, rather than to all domains in the
Active Directory forest, because an enterprise can have many thousands
of recipients, and you typically will not want to work with all recipients in all domains simultaneously.
You can, however, configure the recipient scope so that you can do the following:
You can set the scope for recipient configuration by completing the following steps:
-
Open the Exchange Management Console. -
Right-click the Recipient Configuration node, and then select Modify
Recipient Scope. The Recipient Scope dialog box appears, shown in Figure 8. -
If you want to view all recipients in your Active Directory forest,
select View All Recipients In Forest. Information about recipients for
the forest is retrieved from the global catalog. If you'd like to
specify a Global Catalog server to use, select the Global Catalog check
box, click Browse, and then use the Select Global Catalog dialog box to
select the Global Catalog server to use according to its site membership
in the forest. -
If you want to view all recipients in a specific domain or
organizational unit, select View All Recipients In Specified
Organizational Unit. Information about recipients for the domain or
organizational unit is retrieved from a domain controller in the domain
or OU. If you'd like to specify a domain controller to use, select the
Recipient Domain Controller check box, click Browse, and then use the
Select Domain Controller dialog box to select the domain controller to
use according to its site membership in the related domain.
-
When you click OK, the recipient information for the specified forest, domain, or OU is retrieved.
When you select the Recipient Configuration node in the Exchange
Management Console, or any related subnodes, the maximum number of
Exchange recipients you can view at any time is limited by default to
1,000. You can change the maximum number of recipients to display by completing the following steps:
-
Open the Exchange Management Console. -
Right-click the Recipient Configuration node or the subnode you want to work with,
and then click Modify The Maximum Number Of Recipients To Display. This
displays the Maximum Number Of Recipients To Display dialog box, shown
in Figure 9.
-
In the text box provided, type the maximum number of recipients to display. -
When you click OK, the recipient display is refreshed using the specified maximum number of recipients.
|