Data Systems Administrator Course, Annex D – Microsoft Exchange 2019

Last Modified: 4/8/2022 9:54 AM

Modified by: Barton, GySgt Michael A

Lab 3: Routine Exchange Management

Objective: Continuing from Lab 2. Throughout this Lab you will be using multiple virtual
machines (VMs) that you built inside of your groups pod. During this lab the primary focus will
be routine management functions of Microsoft Exchange Mailbox Server Role.
Required VM’s
Domain Controllers, Exchange Servers, Dag Witness Server, Workstations.

Tasks:
 Create Mailboxes for Existing Accounts
 Manage Mailbox Permissions
 Move Mailboxes to another Database
 Set Message Size Limits
 Access and use OWA
 Install Microsoft Office
 Setup Microsoft Outlook with Autodiscover
 Using Microsoft Outlook

Task One: Use the EAC to create mailboxes for the existing user accounts
1. In the EAC, go to Recipients > Mailboxes.

This is a living document and is subject to change. Be sure to check the modification information often to ensure you have
the most recent version of this document.
1
 NOTE- You may see a mailbox was automatically created for the administrator account
that installed exchange but best practice is to not allow administrator accounts to have
access to email and the Internet. An account with administrative access, especially one
with Domain Administrator privileges, to access his/her e-mail and the internet via
their administrative account makes it easier for attackers to introduce malware via
phishing attacks or gain those credentials by using impersonation, which is a very
common attack in the Microsoft Windows environment.

A. Click the New ( ) button and then select User mailbox.

2. On the New user mailbox page, configure the following settings:

A. Verify Existing user is selected, then click Browse.

2
B. Select your user account and click OK.

(DO NOT CREATE MAILBOXES FOR ADMIN ACCOUNTS).

3
C. The account has been added to the wizard and the grayed out boxes will automatically get
filled in from the users Active Directory Account Information as long as it was created
properly. Click More options to configure the following additional settings:

4
1. Mailbox database:

A. Click Browse to choose from available mailbox databases to hold the mailbox and
associated data (E-mails, Attachments, and more).

B. Select a database for the mailbox and click OK. (Assign new mailboxes across
all databases equally).

5
2. Create an on-premises archive mailbox for this user:

A. Select the checkbox to create an on-premises archive mailbox database that

will hold old e-mails. Items are automatically moved from the primary mailbox to the
archive based on retention policy settings. Then click Browse.

B. For simplicity select the same mail box database that the main mailbox is in,
then click OK. (Some organizations will have a separate storage policy or separate
Datastore or device for the archive mailbox databases).

6
 3. For your information, Address book policy (ABP): ABP’s define a Global Address
List (GAL), an offline address book (OAB), a room list, and a set of address lists. An
ABP gives the user access to a customized GAL in Outlook and Outlook on the web. You
have not created an ABP so click Save to finish creating the mailboxes.

D. Click Save to finish creating the e-mail mailbox for the account.

E. Create mail boxes for all your existing users except for administrator accounts. Half
should be on Mailbox Database 01 and half on Mailbox Database 02.

At this point you should be able to send and receive internal organization E-mails and E-
mails to and from anyone that you have made send connectors or Stub Zones with,
assuming you and they set everything up correctly. We will continue making more
configurations before sending E-mails.

3. Delete Administrator Mailbox

Normally you will disable an account and not delete an account, even after a user has left an
organization. There are federal and Department of Defense laws and regulations governing the
retention of certain information including E-mails which are considered official communications
documents and they must be retained per the law and the law will guide local policies. However,
Admin Accounts should never have a mailbox, especially Domain Admins. There are
additional management considerations that will be covered in the supervisor and chiefs courses.

7
A. In the EAC, go to Recipients > Mailboxes, then select the administrator Account
mailbox that was created during the exchange installation and click the Delete Icon (Trash
Can).

B. Click on the three dots, then click Disable.

8
C. Click Yes to confirm that you want to disable the mailbox. This does not delete the
account but it will get rid of the mailbox.

D. If you click on New user mailbox and click Browse you will see that the account was
returned to the list of accounts that do not have mailboxes. Click Cancel to go back.

9
Task Two: Use the EAC to Manage Mailbox Permissions

1. Use the EAC to manage mailbox permissions

A. In the EAC, click Recipients in the feature pane. You can assign permissions to several
types of mailboxes and groups:

1. Mailboxes: User or linked mailboxes.

2. Groups: Distribution, Security, and Dynamic Distribution Groups

3. Resources: Room or equipment mailboxes.

4. Shared: Shared mailboxes.

2. Select the Mailboxes Tab

3. In the list of user mailboxes, select a mailbox that you want to assign permissions to someone
else, then click Edit .

10
A. On the mailbox properties page that opens, click Mailbox delegation. Select at least one
account to send on behalf of.

B. There are THREE options under Mailbox Delegation:

1. Send As: Messages sent by a delegate appear to come from the mailbox.

2. Send on Behalf: Messages sent by a delegate have "<Delegate> on behalf of

<Mailbox>" in the From address. Note that this permission isn't available in the EAC for
shared mailboxes.

3. Full Access: The delegate can open the mailbox and do anything except send
messages.

11
C. Configure at least one account to send on behalf of and test out when you are sending E-
mails. You can play with the other options if time permits.

D. To assign permissions to delegates, click Add under the appropriate permission.

12
E. A dialog box appears that lists the users or groups that you can give permissions to. Select
a user from the list, click Add, and then click OK. You can also search for users or groups
in the search box by typing all or part of the name, and then clicking Search. When you're
finished selecting delegates, click OK.

F. The user has been added to the list.

13
 G. To remove permission for a user, select the user in the list under permission, and then
click Remove.

H. When you're finished, click Save.

Task Three: Move Mailboxes to another Database

1. Use the EAC to create a local move request

A. In the EAC, go to Recipients > Migration. Click Add , Select Move to a different
database.

14
B. The New local mailbox move wizard opens. Click Add .

C. Select one or more mailboxes to move from MBDB01 to MBDB02, then click add.
When you're finished, click OK. Check the database column to determine their database.

15
D. When you're finished adding names, click Next.

E. On the Move configuration page, configure these settings and then click Next:

1. New migration batch name: Enter a descriptive name for the mailbox move
operation.

2. Archive: (Note the other two options)

a. Move the primary mailbox and the archive mailbox if one exists

3. Target database: This setting affects moves for primary mailboxes. To specify
the new database for the primary mailbox, click Browse and then select the
Mailbox Database. If you don't specify a database, the automatic distribution
logic in Exchange will randomly select a database in the Active Directory site.

4. Target archive database: This setting affects moves for archive mailboxes. To
specify the database for the archive mailbox, click Browse. In the Select Mailbox
Database dialog box that appears, select the database. If you don't specify a
database, the archive mailbox is moved to the same location as the primary mailbox.

5. Bad item limit: Specifies the maximum number of corrupted items that are
allowed in the mailbox before the request fails. The default value in the EAC is 10.
Don't specify a value greater than 50 here. If you want to set the limit to 51 or higher,
use the BadItemLimit parameter and the AcceptLargeDataLoss switch in the
Exchange Management Shell.

16
F. On the Start the batch page, configure these settings:

1. After the batch is complete, a report will be sent to the following recipients: Click
browse and select YOUR NON-ADMIN E-mail address, then click OK.

2. Select the preferred option to start the batch:

a. Automatically start the batch: This is the default value.

3. Please select the preferred option to complete the batch:

a. Automatically complete the migration batch: This is the default value.

4. When you're finished, click New.

17
H. It may take a while for the move operation to complete. (You can leave the migration tab
to do other things and come back to it to check on the status).

18
I. The Mailbox has moved to the other Database. If there are errors try to fix them,

then click the Resume Button.

J. When the move completes you will see that the batch finalized.

K. You can see details of the move.

19
L. More statistical information. You can click View Details for even more information.

20
Task Four: Set Message Size Limits
Emails may seem small but they can quickly take up a lot of space, especially when there are
attachments like word documents, spreadsheets, presentations, and pictures. By restricting the
size of an email you can reduce the amount of space each E-mail can take up in the sent items
folder. The user may think twice about whether what they are sending is necessary or split the
message and attachments into multiple emails.

1. USING the EAC to set message size limits:

A. In the EAC, navigate to Recipients > Mailboxes. In the list of user mailboxes, click the
mailbox that you want to change the message size limits for, and then click Edit .

21
B. On the mailbox properties page, click Mailbox Features, then scroll down and under
Message Size Restrictions, click View details to view and change message size limits.

C. Configure the following limits:

Note- To convert MB to KB you multiply the digital storage value by 1000. Local Limit
Policies may differ, check your unit or higher unit policy for guidance. If you cannot do this
math then you don’t belong in this MOS.

10 MB = 10000 KB and 35 MB = 35000 KB

1. Sent messages: Set a maximum size for messages sent by this user to 15 MB. Select
the Maximum message size (KB) check box and type the value in the box. The message
size must be between 0 and 2,097,151 KB. If the user sends a message larger than the
specified size, the message will be returned to the user with a descriptive error message.

2. Received messages: Set a maximum size for messages received by this user to 25
MB. Select the Maximum message size (KB) check box and type the value in the box.
The message size must be between 0 and 2,097,151 KB. If the user receives a message
larger than the specified size, the message will be returned to the sender with a
descriptive error message.

D. Click OK.

22
E. Click Save to save your changes.

23
2. Optionally, you can use Exchange Management Shell (EMS) to change the message limits:
A. Adjust the following syntax to meet your requirement:

Set-Mailbox -Identity "Bender.B.Rodriguez" -MaxSendSize 15MB -

MaxReceiveSize 25MB

Note- With Exchange Management Shell you can enter the size in MB instead of KB

B. To verify that this worked:

Get-Mailbox -Identity "Bender.Rodriguez" | Format-List

MaxSendSize, MaxReceiveSize

24
Task Five: User Functions
As a member of the helpdesk you may be asked to assist users with issues they are having. Some
common issues are Accessing OWA, setting up Outlook, and many other tasks regarding sending
and receiving E-mails.

1. Accessing OWA.
A. Recall back to setting up virtual directories, record the OWA URL’s.

25
B. On one of your Windows 10 workstations, log in with any of your user accounts, and
use a web browser to go to the OWA URL, then log in using the users credentials.

(HTTPS://OWA.XXMEU.USMC.MIL/OWA) (Chrome works well)

C. Users can use their OWA URL to access their work emails through their web browser and
the website feels very similar to other online email services like Gmail. With network and
domain configuration users can access their mailbox through OWA from home. Try
sending and receiving some emails between your internal XXMEU users and then try
sending some emails to users from other MEU’s and your instructor.

26
2. Installing Microsoft Office- Usually Microsoft Office will be installed as part of the image
that is pushed to the computer or set up with another method but there is no copy of Office on the
workstation you built. THESE STEPS ARE DONE WITH USER ACCOUNTS ONLY!

A. After Mounting the Microsoft Office ISO, run the application’s installer.

B. Enter your admin credentials, then click Yes.

27
C. Accept the License Agreement, then click Continue.

D. Click Install Now.

28
E. It will take a few minutes to install.

F. Click Close.

29
G. Go to START and type Outlook, then click Open.

H. in the Wizard, click Next.

30
I. Select Yes, then click Next.

J. Because you configured Autodiscover in DNS, Outlook Setup will use the Autodiscover
Service Record (.SRV) to connect to Exchange and configure the user’s information to set up
the mailbox.

31
K. It may take a while to retrieve the settings for the first time.

L. You need to install a certificate so the computer knows that you trust the Exchange Server

1. Click on View Certificate. (If this box doesn’t come up, check behind the wizard
window).

32
2. Click on Install Certificate.

3. Select Curent User, then click Next.

33
4. Choose Automatically Select the Certificate Store, then click Next.

5. Click Finish to Complete the Certificate Import.

34
6. Click Yes to install the certificate.

Do you trust it?

7. Your Certificate import worked, click OK.

35
M. Click Finish.

N. The Microsoft Office software has not been registered with an activation key yet, click
Close.

36
O. Do not check for updates, Click Accept.

P. If the Security Alert is still open, click Yes.

37
Q. Outlook has completed. Most of the options are self-explanatory, Explore and ask your
instructor for help on things you don’t know. Try sending and receiving some emails between
your internal XXMEU users and then try sending some emails to users from other MEU’s and
your instructor.

Your Instructor can walk you through the finer details of using outlook, you will spend many,
many, many, hours helping your users with their E-mail to include but not limited to:

Encrypting and Digitally Signing Emails with the Certificates on your CAC.
Creating a signature for the bottom of the E-mail.
Deleting E-mails that were sent on accident.
Creating .PST files.

38