Lab 04 - Using Exchange 2010 Management Tools

Exchange 2010 Ignite Lab 4: Using
Exchange 2010 Management Tools


DISCLAIMER
© 2009 Microsoft Corporation. All rights reserved.
Microsoft®, Hyper-V™, Internet Explorer®, Outlook®, Windows®, Windows PowerShell®,
and Windows Server® are either registered trademarks or trademarks of Microsoft
Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks
of their respective owners.
THE CONTENTS OF THIS PACKAGE ARE FOR INFORMATIONAL AND TRAINING PURPOSES ONLY
AND ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
No part of the text or software included in this training package may be reproduced or
transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or any information storage and retrieval system, without
permission from Microsoft®. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft,
and Microsoft cannot guarantee the accuracy of any information presented after the
date of publication. The names of actual companies and products mentioned herein
may be the trademarks of their respective owners.
To obtain authorization for uses other than those specified above, please visit the
Microsoft Copyright Permissions Web page at
http://www.microsoft.com/about/legal/permissions
This content is proprietary and confidential, and is intended only for users described in
the content provided in this document. This content and information is provided to
you under a Non-Disclosure Agreement and cannot be distributed. Copying, disclosing
all or any portion of the content and/or information included in this document is
strictly prohibited.

© 2009 Microsoft Corporation. All rights reserved. 1
Lab: Using Exchange 2010 Management Tools
During this lab, you will use the DC01, EX01, and Client01 virtual computers to gain hands-
on experience with new features of Exchange 2010.
Estimated time to complete this lab: 75 minutes
Before you begin
This lab does not depend on the completion of any previous labs. Log on to the Microsoft
®

Windows Server 2008 Hyper-V™ R2 virtual machine either by pressing the CTRL+ALT+END
key combination or by clicking the CTRL+ALT+DELETE button on the toolbar.
What you will learn
After completing the exercises, you will be able to:
 Review the built-in Exchange 2010 roles.
 Create users, create custom roles, and assign and test user roles.
 Use the Exchange Control Panel (ECP).
 Use WinRM to connect to an Exchange 2010 server.
 Create a new resource mailbox by using Remote PowerShell.
2 © 2009 Microsoft Corporation. All rights reserved.
Scenario


Contoso Ltd. is beginning to prepare for the next version of Microsoft Exchange. As the
Exchange administrator, you have already developed a lab environment and are ready to
learn how to leverage the new Role-Based Authorization Control (RBAC) features of
Exchange 2010. You will also learn how to use the Exchange Control Panel (ECP) and learn
about connectivity and management of Exchange 2010 using Remote PowerShell on a client
computer that does not have the Exchange management tools installed.


© 2009 Microsoft Corporation. All rights reserved. 3
Exercise 0: Preparing the Lab Environment
In this exercise, you will prepare the lab environment by connecting to the necessary virtual
machines using the Windows Server 2008 R2 Hyper-V Manager.
Scenario
This lab uses SetB Snapshot 1 and requires the following virtual machines:
 SetB-DC01 – Domain Controller, DNS, CA with 512 megabytes (MB) of memory.
 SetB-EX01 – Exchange 2010 with 1536 MB of memory.
 SetB-Client01 – Windows Server 2008 R2– Aero theme with 1024 MB of memory.
Tasks
1. Turn off all virtual machines.
a. On the host computer, switch to the Hyper-V Manager. If it is not already
open, click Start, click Administrative Tools, and then click Hyper-V
Manager.
b. In Hyper-V Manager, select all SetB virtual machines that are running, and
then in the Actions pane, click Turn Off.
c. Click Turn Off.
2. Apply the Snapshot.
a. In Hyper-V Manager, in the Virtual Machines window, click SetB-DC01.
b. In the Snapshots window, right-click Snapshot 1 and then click Apply.
c. In the Apply Snapshot dialog box, click Apply.
d. Repeat steps a through c for SetB-EX01 and SetB-Client01.
3. Connect and log on to the SetB-DC01 virtual machine.
a. In Hyper-V Manager, in the Virtual Machines window, right-click SetB-
DC01 and then click Start.
b. Right-click SetB-DC01 and then click Connect.
Wait for this Virtual Machine to fully start up before continuing.
c. On the SetB-DC01 Virtual Machine Connection, click the
CTRL+ALT+DELETE button on the toolbar.
d. Log on as Contoso\Administrator with a password of pass@word1

4. Start and log on to the SetB-EX01 virtual machine.
4 © 2009 Microsoft Corporation. All rights reserved.
a. In Hyper-V Manager, in the Virtual Machines window, right-click SetB-EX01
and then click Start.
b. Right-click SetB-EX01 and then click Connect.
c. On the SetB-EX01 Virtual Machine Connection, click the
CTRL+ALT+DELETE button on the toolbar.
d. Log on as Contoso\Administrator with a password of pass@word1
5. Start and log on to the SetB-Client01 virtual machine.
a. In Hyper-V Manager, in the Virtual Machines window, right-click SetB-
Client01 and then click Start.
b. Right-click SetB-Client01 and then click Connect.
c. On the SetB-Client01 Virtual Machine Connection, click the
CTRL+ALT+DELETE button on the toolbar.
d. Log on as Contoso\Holly with a password of pass@word1

© 2009 Microsoft Corporation. All rights reserved. 5
Exercise 1: Reviewing the Built-in Exchange 2010 Roles
In this exercise, you will review the built-in roles available in Exchange 2010.
Scenario
As Contoso Ltd. becomes more geographically dispersed, you realize that the organization
will be required to have delegated management control over certain aspects of its Exchange
organization. You want to utilize the new Role Based Access Control (RBAC) groups in
Exchange 2010. You must first familiarize yourself with them.
Tasks
1. Examine built-in roles. Management roles are part of the RBAC permissions
model that is used in Microsoft Exchange 2010. Roles act as a logical grouping of
components that come together to define what a user or universal security group
(USG) is allowed to do in an Exchange 2010 organization. Rather than modifying
access control lists (ACLs) as was done in Exchange Server 2007, RBAC enables you
to define and assign management roles to control, at a granular level, what
administrators and end-users can do.
a. Switch to EX01.
b. Click Start >All Programs >Microsoft Exchange Server 2010 >Exchange
Management Shell.

Important:
Cmdlets used throughout this exercise may wrap in the text box. Pay particular
attention to hyphens (-). For example: Get-Mailbox –Identity with a space after
Get-Mailbox but no space between the hyphen and Identity. If you execute a
cmdlet and it fails, verify that the cmdlet syntax is correct and that it does not
contain additional white space or spelling errors.

Tip:
The TAB key can be used to complete or scroll through a list of available cmdlets
after typing a partial cmdlet. For example, you can type get-mailb and press the
TAB key to have the cmdlet complete as Get-Mailbox. The TAB key can be
pressed to complete parameters of cmdlets as well. For example, typing Get-
Mailbox –Id and pressing the TAB key will complete the parameter –Id to –
Identity.
The up arrow, ↑, on the keyboard can be used in PowerShell to replay previously
typed cmdlets.

c. At the PS Prompt, type the following and then press ENTER:
Get-ManagementRole
6 © 2009 Microsoft Corporation. All rights reserved.
Review the built-in roles.
d. At the PS Prompt, type the following and then press ENTER:
Get-ManagementRole –Identity “Organization Configuration” | FL
Review the Organization Configuration Role.
e. Management role assignments apply a management role and the
management role scope, if specified, to a user or universal security group.
Without a role assignment, a role cannot be used.
At the PS Prompt, type the following and then press ENTER:
Get-ManagementRoleAssignment
There are a large number of built-in Organization Configuration Role
assignments.
f. At the PS Prompt, type the following and then press ENTER:
Get-ManagementRoleAssignment –Identity “Organization
Configuration–Organization Management” | FL
Review the Organization Configuration Role.
g. You can use the Get-ManagementRoleEntry cmdlet to retrieve a list of
role entries. When you use the Get-ManagementRoleEntry cmdlet, you
must specify a value that contains the role name that contains the role
entries you want to list, and also the cmdlet name of the role entry you want
to list. By combining the role name and cmdlet name with the wildcard
character ( * ), you can return very specific or very broad lists of role entries.
At the PS Prompt, type the following and then press ENTER:
Get-ManagementRoleEntry *\Set-Mailbox
Review the Management Roles associated with the Set-Mailbox cmdlet.
© 2009 Microsoft Corporation. All rights reserved. 7
Exercise 2: Creating Users, Custom Roles, and Assigning
and Testing User Roles
In this exercise, you will create new users and new custom roles that will be used to manage
different aspects of the Exchange organization and user account attributes.
Scenario
Having familiarized yourself with RBAC, you are now ready to create and test certain roles
and role assignments that can be used when you deploy the Exchange 2010.
Tasks
1. Create a new organizational unit (OU) and move users.
a. On EX01, click Start >Administrative Tools >Active Directory Users and
Computers.
b. In the navigation pane, expand Contoso.com.
c. Right-click Contoso.com, click New, and then click Organizational Unit.
d. In the New Object – Organizational Unit window, in the Name field, type Sales
and then click OK.
e. Click the Users OU.
f. Select John Woods and Mike Ray.
g. Drag and drop the John Woods and Mike Ray user accounts into the Sales OU.
h. In the warning message dialog box, click Yes.
2. Create a new security group.
a. Switch to the Exchange Management Shell.
b. At the PS Prompt, type the following and then press ENTER:
New-DistributionGroup -Name "USG-HR Admins" -OrganizationalUnit
Sales –SamAccountName "USG-HR Admins" -Type Security
3. Create new administrative user accounts and add users to security groups.
a. On EX01, at the PS Prompt, type the following and then press ENTER:
New-Mailbox -Alias Investigator -Name Investigator -
UserPrincipalName [email protected] -OrganizationalUnit
Sales
b. At the Password prompt, type pass@word1 and then press ENTER.
8 © 2009 Microsoft Corporation. All rights reserved.
c. At the PS Prompt, type the following and then press ENTER:
New-Mailbox -Alias HumanResources -Name “Human Resources” -
UserPrincipalName [email protected] -
OrganizationalUnit Sales
d. At the Password prompt, type pass@word1 and then press ENTER.
e. At the PS Prompt, type the following and then press ENTER:
Add-DistributionGroupMember –Identity “USG-HR Admins” –Member
HumanResources
4. Add Investigator to the built-in Discovery Management role group.
a. At the PS Prompt, type the following and then press ENTER:
Add-RoleGroupMember –Identity “Discovery Management” –Member
Investigator
b. Create a new discovery mailbox that will be used by the Investigator to store
discovery search results. At the PS Prompt, type the following and then press
ENTER:
New-Mailbox –Name “Sales Discovery Mailbox” –Discovery –
UserPrincipalName [email protected] –
OrganizationalUnit Sales
c. Assign the Investigator account access to the Sales Discovery Mailbox. Click
Start >All Programs >Microsoft Exchange Server 2010 >Exchange
Management Console.
d. In the Navigation pane, click Microsoft Exchange On-Premises.
e. Expand Microsoft Exchange On-Premises, expand Recipient
Configuration, and then click Mailbox.
f. In the Result pane, click Sales Discovery Mailbox.
g. In the Actions pane, under Sales Discovery Mailbox, click Manage Full
Access Permissions.
h. On the Manage Full Access Permissions page, click Add.
i. In the Select User or Group window, click Investigator, click OK, and then
click Manage.
j. On the Completion page, click Finish.
5. Create custom management roles and assign users.
a. Switch to the Exchange Management Shell.
© 2009 Microsoft Corporation. All rights reserved. 9
b. Create a new management role that will allow the Human Resources
department to update user information. At the PS Prompt, type the
following and then press ENTER:
New-ManagementRole –Name “MR-HR Administrators” –Parent “Mail
Recipients”
c. Create a new management role assignment. At the PS Prompt, type the
following and then press ENTER:
New-ManagementRoleAssignment –Name “RA-HR Administrators” –
SecurityGroup “USG-HR Admins” -Role “MR-HR Administrators”
d. Review the HR management role and view the role assignments. At the PS
Prompt, type the following and then press ENTER:
Get-ManagementRoleEntry -Identity “MR-HR Administrators\*”
e. Remove management role entries in order to restrict the role assignment. At
the PS Prompt, type the following and then press ENTER:
Get-ManagementRoleEntry -Identity “MR-HR Administrators\*” |
where {$_.Name –ne “Get-User”} | Remove-ManagementRoleEntry –
Confirm:$False
f. Add additional management role entries to allow the HR Administrators to
perform tasks.
“MR-HR Administrators\Set-User",“MR-HR Administrators\Get-
Mailbox”,“MR-HR Administrators\Get-Recipient” | Add-
ManagementRoleEntry
g. Verify that the Get-Mailbox, Get-Recipient, Set-User, and Get-User
entries are the only management role entries enabled. At the PS Prompt,
type the following and then press ENTER:
Get-ManagementRoleEntry -Identity “MR-HR Administrators\*”
6. Test custom management roles using the Exchange Control Panel.
a. Click Start and then click Internet Explorer.
b. In the Address field, type https://mail.contoso.com/owa and then press
ENTER.
c. Log on as Contoso\HumanResources with a password of pass@word1
d. On the Outlook Web App page, click OK.
e. In the Inbox, in the upper-right corner, click Options.
10 © 2009 Microsoft Corporation. All rights reserved.
f. Click the Select what to manage drop-down list and then click My
Organization.
g. Under Mailboxes, double-click Mike Ray.
h. Expand Organization, and then in the Department field, type Sales and then
click Save.
Note that Human Resources is able to update the Department information.
i. Under Mailboxes, double-click John Woods.
j. Expand E-Mail Options.
Notice that the area for adding additional e-mail addresses is not available for
editing.
k. Close the Mailbox window and then close the Exchange Control Panel.
7. Test the Discovery Management Role assigned to Investigator.
a. Click Start and then click Internet Explorer.
b. In the Address field, type https://mail.contoso.com/owa and then press
ENTER.
c. Log on as Contoso\Mike with a password of pass@word1
d. On the Outlook Web App page, click OK.
e. In the Inbox, click New.
f. In the To field, type John Woods and then press CTRL+K to resolve the
name.
g. In the Subject field, type New Inventory
h. In the message box, type the following and then click Send:
Hi John,
We’ve received the new Project X items in inventory.
i. Close OWA.
j. Click Start and then click Internet Explorer.
k. In the Address field, type https://mail.contoso.com/ecp and then press
ENTER.
l. Log on to the ECP as Contoso\Investigator with a password of
pass@word1
m. On the Outlook Web App page, click OK.
n. In the Navigation pane, click Reporting.
© 2009 Microsoft Corporation. All rights reserved. 11
o. Under Multi-Mailbox Search, click New.
p. In the Keywords box, type Project X
q. Expand Mailboxes to Search.
r. Under Search specific mailboxes or the mailboxes of members of
public groups, click Add.
s. Select John Woods and Mike Ray, click Add, and then click OK.
t. Expand Search Name and Storage Location.
u. In the Search name field, type Project X Discovery
v. Under Select a mailbox in which to store the search results, click
Browse.
w. In the Select Mailbox window, click Sales Discovery Mailbox, click OK,
and then click Save.
Notice in the Project X Discovery pane that the Search Status is In Progress.
x. Click Refresh until the status reads Succeeded.
8. Review the discovery results.
a. In the Exchange Control Panel, in the Project X Discovery result pane, next
to Results: [email protected], click open.
b. In OWA, click OK.
c. In the Navigation pane, under Sales Discovery Mailbox, notice the
discovery folder named Project X Discovery. Expand the Project X
Discovery folder.
Notice the two folders created that correspond to the mailboxes added to
the search criteria.
d. Expand John Woods, expand Primary Mailbox, and then click Inbox.
Notice the e-mail message from Mike Ray that was discovered by using the
search criteria.
e. Expand Mike Ray, expand Primary Mailbox, and then click Sent Items.
Notice the e-mail message sent from Mike Ray that was discovered by using
the search criteria.
f. Close OWA.
g. Close the Exchange Control Panel.

12 © 2009 Microsoft Corporation. All rights reserved.
Exercise 3: Using the Exchange Control Panel (ECP)
In this exercise, you will review the features of the Exchange Control Panel.
Scenario
The Exchange Control Panel will be used for some of the delegated administrative tasks as
well as personal account management. In order to train your delegates, you must first
familiarize yourself with the features of the ECP.
Tasks
1. Review the ECP features.
a. On EX01, click Start and then click Internet Explorer.
b. In the Address field, type https://mail.contoso.com/ecp and then press
ENTER.
c. Log on to the ECP as Contoso\Administrator with a password of
pass@word1
d. On the Outlook Web App page, click OK.
e. The Exchange Control panel allows Administrators and delegates to manage
aspects of the Exchange organization as well as personal options. Click the
Select what to manage drop-down list and then click Myself.
In this area, use the navigation pane on the left to configure available
Microsoft
®
Office Outlook
®
and user features.
f. Click the Select what to manage drop-down list and then click My
Organization.
g. In the My Organization section of the ECP, administrators and delegates are
able to manage organizational features for which they have been authorized.
Navigate through the options and review these features. Notice the
difference in management options from the delegated options in the
previous exercise.
h. Close ECP.
2. Review the Manage Myself ECP features.
a. Click Start and then click Internet Explorer.
b. In the Address field, type https://mail.contoso.com/ecp and then press
ENTER.
c. Log on to the ECP as Contoso\Holly with a password of pass@word1
d. On the Outlook Web App page, click OK.
© 2009 Microsoft Corporation. All rights reserved. 13
e. Review the Home page for Holly Holt. Notice that her account has no option
to manage any aspect of the organization.
f. Use the Navigation pane and browse through the options available in each
section to become familiar with this area. The ECP can also be accessed from
within the OWA by clicking Options.
g. Close ECP.

14 © 2009 Microsoft Corporation. All rights reserved.
Exercise 4: Using Remote Management to Connect to an
Exchange 2010 Server
In this exercise, you will configure and test connectivity to an Exchange 2010 server by using
Windows PowerShell V2.
Scenario
As the Exchange administrator for Contoso Ltd., you might need to manage your Exchange
2010 organization without having the Exchange Management tools installed. You will
configure the Windows PowerShell environment with a PowerShell session needed to
connect to a remote Exchange 2010 server.
Tasks
1. Create a connection runspace to EX01. PowerShell uses the concept of a
runspace. In simple terms, a runspace is an environment in which PowerShell runs.
Cmdlets, variables, and other PowerShell components within the same runspace can
share data with each other. In Exchange Server 2007, cmdlets were always run in the
local runspace on the local Exchange Server 2007 server. In Exchange 2010, Remote
PowerShell enables you to connect to a remote runspace on a remote Exchange 2010
computer in order to perform commands on that remote computer. The runspace
on the remote computer is known as a server-side runspace. The runspace on the
local computer is known as the client-side runspace.
a. Switch to Client01 logged on as Holly Holt.
b. Click Start >All Programs >Accessories >Windows PowerShell
>Windows PowerShell.
c. At the PS Prompt, type the following and then press ENTER:
$UserCredential = Get-Credential
d. In the Credential Request window, in the User name field, type
Contoso\Administrator with a password of pass@word1 and then click
OK.
e. At the PS Prompt, type the following and then press ENTER:
$rs = New-PSSession -ConfigurationName Microsoft.Exchange -
ConnectionUri http://ex01.contoso.com/powershell -Credential
$UserCredential
f. At the PS Prompt, type the following and then press ENTER:
Get-MailboxDatabase
© 2009 Microsoft Corporation. All rights reserved. 15
Notice that the cmdlet fails.
g. At the PS Prompt, type the following and then press ENTER:
Invoke-Command {Get-MailboxDatabase} –Session $rs
Review the output of the command.
h. At the PS Prompt, type the following and then press ENTER:
Enter-PSSession $rs
Notice the change in the PowerShell prompt.
i. At the PS Prompt, type the following and then press ENTER:
Get-MailboxDatabase
j. At the PS Prompt, type the following and then press ENTER:
Exit-PSSession

16 © 2009 Microsoft Corporation. All rights reserved.
Exercise 5: Creating a New Resource Mailbox Using
Remote PowerShell
In this exercise, you will create a new resource mailbox by connecting to a remote Exchange
2010 server using PowerShell and then creating a new resource mailbox.
Scenario
You need to create a new resource mailbox; however, the Exchange Management tools are
not installed on the computer you are using. Windows PowerShell V2 and Windows
Remote Management (WinRM) are installed on the computer. After you have created the
resource mailbox, you need to verify that it is available in the Global Address List (GAL).
Tasks
1. Create a new resource mailbox using Remote PowerShell.
a. On Client01, at the PS Prompt, type the following and then press ENTER:
Set-ExecutionPolicy Unrestricted
b. Read the Execution Policy Change notification and then press ENTER to
accept the default answer Yes.
c. Importing the PSSession will allow you to complete cmdlets by using the
Tab key. At the PS Prompt, type the following and then press ENTER:
Import-PSSession $rs
d. Create the resource mailbox. At the PS Prompt, type the following and then
press ENTER:
New-Mailbox –Alias CRMichigan –Name “Conference Room Michigan”
–FirstName “Conference Room” –LastName “Michigan” –DisplayName
“Conference Room Michigan” -UserPrincipalName
[email protected] –OrganizationalUnit Users -Room
2. Test the newly created resource mailbox.
a. On Client01, click Start and then click Microsoft Outlook 2010 (Beta).
a. In the Navigation pane, click Calendar, and then in the Ribbon bar, click
New Meeting.
b. In the Untitled-Meeting window, click Rooms.
Notice that Conference Room Michigan appears as an available resource.
c. Close the Select Rooms window and then close the Untitled-Meeting
window.
© 2009 Microsoft Corporation. All rights reserved. 17
d. Close Outlook, close PowerShell, and log off Client01.

18 © 2009 Microsoft Corporation. All rights reserved.
Exercise 6: Collect and Review Organizational Health Data
In this exercise, you will use the Exchange Management Console to update the
Organization, Server, and Recipient summary information of the Exchange 2010
organization.
Scenario
As the Exchange administrator, you know that Exchange 2010 can provide you with concise
reports about specific areas of your Exchange organization. You want to be able to leverage
this information for future reporting and quick analysis of the Exchange deployment.
Tasks
1. Collect organizational health data.
a. Switch to EX01 and the Exchange Management Console.
b. In the Navigation pane, click Microsoft Exchange On-Premises
(ex01.contoso.com).
c. In the Results pane, notice that organizational health data has not been
collected.
d. In the menu bar, click Action and then click Collect Organizational
Health Data.
e. On the Introduction page, verify that Immediately is selected and then
click Next.
f. On the Collect Organizational Health Data page, review the configuration
summary and then click Collect.
g. On the Completion page, click Finish.
2. Review organizational health data.
a. In the Results pane, notice that data has now been updated.
b. Review the information for Organization, Servers, and Recipients
summaries.
c. Scroll down to the bottom of the report and click the link for Last
Updated….. Click here to access the latest data. This will start a new data
collection for the organization and update the report.
d. Click Cancel and close the Exchange Management Console.