exchange interview questions

Top 15 exchange interview questions

2101 Jobs openings for exchange

Export GFI MailArchiver e-mails for import into Exchange 2010 SP1 Personal Archiving

We have an existing installation of GFI MailArchiver 5 with several databases of archives (perhaps 100-150GB). The goal is to export each user's archived e-mail and then import it into Exchange 2010 SP1 Personal Archives. GFI has a tool to do this, but it's very rudimentary and has severe, frankly unworkable, limitations. It only allows me to query based on the e-mail headers. Due to the fact that we have multiple aliases that may show in multiple headers (To:, Cc:), not to mention the fact that this won't cover a user's membership in a distribution group at a given point in time, this tool will not suffice.

Another option is for me extract the e-mails from the GFI databases without using the tool, but this would require me to write my own tool to reconstruct them and I really would rather not go down that path.

I feel very stuck on this issue. Has anyone here done a similar migration? How can this best be handled?

Source: (StackOverflow)

Outline the quirks of Windows Small Business Servers (SBS)

I'm not much of a Microsoft administrator. However, I do work extensively with new and existing Microsoft Exchange deployments. That's just how the career-arc went.

I'm working with a small customer of 15 users who's not content with the local "PC guy". They've asked me to step in during a couple of system outages. One thing I noticed during this morning's "we can't access the internet" emergency was that the client had a Windows SBS 2011 server on premises.

  • A rogue DHCP server was accidentally started on the phone system and the SBS DHCP service actually shut itself down. I'd never seen this happen with normal Windows Servers, so this caused some downtime and confusion.

  • The main DHCP scope looks a bit odd, in that it defines the entire /24 subnet, but excludes a large swath of it. The local PC resource says that it has to be configure this way, or else "SBS won't work..."

enter image description here

  • There are a lot of funny OU's that seem to have been created; mostly under the parent "MyBusiness".

  • Exchange mail is convoluted, with desktop users requiring both POP3 and MAPI accounts, and inbound going to an offsite server. I can sort that out, but also happened to notice that Exchange wasn't even licensed. This server has been in production for 3 years, but this appears to be a configuration issue.

My recommendation is to avoid things like Small Business Server, even for 10-user businesses. However, that opinion was formed from lack of familiarity with SBS and hearsay. I'd like to understand the downsides/disadvantages more clearly.

  • Are there any other quirks I should know about in the process of making a case to the customer?
  • Given than there are so many odd behaviors and limitations associated with SBS, what is the intended or ideal use case for an SBS deployment?
  • Assuming a new set of Windows Standard 2012r2 servers can be deployed, are there any major caveats to migrating from SBS?

Source: (StackOverflow)

Migrating from Exchange 5.5 to Exchange 2010

I'm in the unenviable situation of being asked to migrate a mail server from Exchange 5.5 to Exchange 2010. The domain has two sites connected via T1 and an exchange 5.5 server (neither are installed on DCs). I know there is no direct path from 5.5 to 2010 so I've been working on trying to migrate to an Exchange 2003 VM first before migrating to 2010, but it's been hellish.

The domain only has about 150 users, I'm wondering if it's worth it to fight through this or to simply stand up a new mail server and manually recreate accounts, public folders, and calendars. Maybe, I can even export the calendars and recreate them, since they're fairly important. If I can convince the users to backup their entire mail box to PSTs, I think I can add them to a configuration in Postini that will push their mail to the new exchange server. I feel if we do this in small batches it won't be a complete disaster. Anyone have any thoughts on this? I'm not married to the idea, so I was hoping someone would be willing to either poke holes in it or give me some extra information with which to work. Thanks.

Source: (StackOverflow)

How do I audit user's mailbox actions performed via IMAP in Exchange 2010?

I read through the Technet article on Mailbox auditing but it seems to only be working for MAPI access.

I perform the following cmdlet to enable auditing of the owner:

> Set-Mailbox -Identity "Mr. Mel-Bin" -AuditEnabled $true -AuditOwner Create,SoftDelete,HardDelete,Update,Move,MoveToDeletedItems

That does not return any output. Then, I move some messages in the mailbox using IMAP client and peform the following cmdlet to see if the auditing worked:

>Search-MailboxAuditLog -Identity bfernan -LogonTypes Owner -ShowDetails -StartDate 10/9/2011

This returns no output. Is there something I am overlooking or does Exchange 2010 just not audit IMAP access?

Source: (StackOverflow)

Exchange 2010 Powershell command to check if an email address exists in the system

I'm looking for an Exchange 2010 command that would do the following:

  1. Given an email address (fully-qualified with domain and all) check if the email address is associated to some mailbox or group in the system;
  2. (Ideally) show which entity owns that email address

This would be very helpful for me to check my migration and make sure all of our aliases were moved correctly.

Source: (StackOverflow)

ActiveSync devices causing accounts to lockout

When a user changes his account password for whatever reason (read: expired), and the old password is stored in his mobile device connected through EAS. This will cause his account to lockout almost immediately - as it should according to the lockout policy defined in the AD. It was easy to figure out that part. The hard part is keeping it from happening. I looked everywhere. Nothing. Basically there are four parts to the puzzle: the EAS device, the TMG (ISA) server, the EAS protocol and finally the AD. None of them have a way to stop the EAS device from failing to authenticate. So I figured I'll have to come up with a clever workaround. And the only thing I could come up with is to create a group for all EAS users and exclude them from the lockout policy, which obviously defeats the whole purpose of the policy, or to educate the users to update their devices with the new passwords, which is impossible.

The question: Can you think of any other way to prevent EAS from locking out the accounts?

Environment: Mostly iOS devices all through EAS. TMG 2010. Exchange 2007. AD 2008 R2.

Source: (StackOverflow)

Meeting availability using iPhone/iOS calendars

Our management team all use iPhones with the built-in iOS calendar app. We're looking into getting Microsoft Exchange for everyone here, but that'll take us some weeks to plan and roll-out across the enterprise.

In the meantime, I need to provide something, so group meeting availability can be determined from those calendars. Google Calendar would be ideal ("find a time"), if I could find a way to link to/export the iCloud calendars, but Apple don't seem to want to do that.

I could ask the management team to recreate their events for the next few weeks in individual Google Calendars, but they don't want to do that and it's wasteful rekeying of data.

Any suggestions you can provide will be gratefully received.

Source: (StackOverflow)

Blackberry mail service basics?

Can someone explain very briefly the way Blackberry's email functions. I'm not looking for nuts and bolts, just answers to some very basic questions:

  • Does a Blackberry check with an Exchange server directly, or does it always/ever use an intermediate server?
  • If it uses an intermediate server, is that server managed by RIM, or the customer's mobile network operator?
  • To configure Exchange email on a Blackberry, do you enter the settings on the phone itself, or via a web interface?
  • What other email protocols can Blackberry devices use, and do they (also?) use an intermediate server?

Source: (StackOverflow)

Active Directory and Exchange Architecture Questions and Issues

Here's the background on our situation...

Right now, we are setup as three distinct companies with three complete Active Directory and Exchange systems. The three offices (One in the US, two in Europe) are connected via a three way VPN setup (so each office has secure communication to the other two). There is a two-way trust relationship setup in Active Directory for each setup. All systems are running Server 2003 and Exchange 2003.

There are about 160 mailboxes between the companies and 80 users (the additional mailboxes are either for IT subsystems, forwarding accounts or other uses).

The companies are officially merging together (instead of just having a trust relationship). So we're looking into a combined solution (based on a new name) where each office will be on the same systems (Exchange and Active Directory) as well as consolidating our IT infrastructure (there's a lot of duplication).

They hired an external company to come in and audit our IT infrastructure. They have made an official recommendation to outsource the IT infrastructure (and guess what, they want to provide the service).

I've been tasked with figuring out what to do. I've thought about it quite a bit, and I've come up with two options. The basic difference is where Exchange is hosted (internally our outsourced). Since outsourced is easy to fathom, I'll just detail the internal setup.

Since high availability is required, we want some geographic redundancy built in. So, what I've come up with is as follows (I'll call the offices Site1, Site2 and Site3):


  • FSMO Active Directory Role
  • Exchange Mailbox Role - Primary
  • Exchange Client Access, Hub Transport Server Roles
  • DFS File Share Role (for shared drives)


  • Active Directory Role - Replicated from Site1
  • Exchange Mailbox Role - Secondary, replicated using CCR Replication
  • Exchange Client Access, Hub Transport Server Roles
  • DFS File Share Role


  • Active Directory Role - Replicated from Site1
  • Exchange Client Access, Hub Transport Server Roles
  • File Share Witness (for failover)
  • DFS File Share Role

So basically the cluster should be able to survive a single site failure without bringing down any of the other sites (or any of the systems). In the event of a double site failure, Exchange would stop completely.

So, my concerns are as follows:

  1. Is this a reasonable setup? Or am I over complicating things?
  2. The number of servers required (3 at each site since CCR Mailbox roles must be the only role installed).
  3. Will it even work as summized (where it will automatically fail-over to the available node should a site or server go down)?
  4. Since each office would specify a local Client Access server for its users, that server becomes a single point of failure for all local requests (But this is solvable by a manual DNS change)
  5. Do all of these servers need to be on the same IP subnet for this to work? Or can I get away with using a hiearchial DNS for it (clientaccess.site1.foo.com, etc)?
  6. This will let me set each office as an MX record (since there is a hub transport server in each office to connect to the internet) so if one office goes down we still should be able to receive email in the others, correct?
  7. Maintainability. I have a fear that this setup will be too complicated to maintain in the long run (adding offices, removing offices, upgrading servers (both OS and hardware), etc). Is that a justified fear?

Now, there's also the question on whether to go with server 2003 or 2008... If we go the internal Exchange route, I think I can convince the powers to upgrade to 2008 (in fact we would need to upgrade to use Exchange 2010)... But is it really necessary or is that just one of my "wants" sneaking in to the plans (rather than a justifiable upgrade)...

Now, part of me just wants to go with outsourced Exchange since it'll alleviate some of these issues (or most of them). However after looking at the costs, the break-even point is about 1 year, so after that outsourcing will be considerably more expensive. Couple that with the fact that some features we depend upon are not possible outsourced -- at least with the companies we looked at-- (such as Shared Mailboxes, Active Directory coupling including SSO, centralized management, data security, etc). So I'm really torn as to where to go with this...

This is the first project of this scale that I'm attempting, so any help would be greatly appreciated...

Thanks in advance (and sorry for the book)...

Source: (StackOverflow)

What are the implications of converting all my groups to universal groups?

In Exchange 2010 distribution groups must be universal. This is supported by documentation

You can create or mail-enable only universal distribution groups.

I am trying to create a role based security group structure so that if someone leaves or changes jobs you only have to change the groups membership of a users "role" (Where the role is just another security group). In its simplest form roles would have users for members and the role would itself be a member of other resource-centric security groups e.g. a read-write group for a share. There is more to the model than that but it should be enough for the purpose of this question.

The problem comes from when I want to add these role groups as distribution members. If I try and add a "Marketing Manager" role to the "marketing@domain.com" distribution list it will not forward mail to the role members unless the role security group is universal.

Universal groups cannot be members of global groups though. So, if I wanted to convert my role groups to universal so that I can mail enable them I would then also have to change the groups the role itself is a member of as well. This means that I would be converting near all my security groups in AD to universal to support my proposed structure.

We are a single domain forest with about 1000 users and I would expect once all the groups for this are made to have 1000+. Functional level of the domain is 2008R2

I honestly don't know of the impact this might have in our active directory environment. Is making all the group universal really the only way to do this if I wanted to add my roles to distribution groups? The answer appears to be yes if I want them to be used for mail. I do want this so that way help desk users don't have to worry about what groups users need. They just need to know their "role".

The linked question answers why I cannot just have simple security groups but I want to know if my proposed structure, meaning that I will be converting near all my groups to universal, has any negative implications or is maybe considered a bad practice.

Source: (StackOverflow)

outlook requiring password after exchange reboot

We recently moved from Exchange 2003 to 2010, and have noticed a quirk that is annoying us.

If our exchange server (single server) goes down, ie it gets rebooted, or client loses connectivity (or for example a reboot is done overnight and the users computer is on at the time) they will be prompted to login, and will have to use the full domain\username notation in their username field in order to login again. Either that or reboot outlook.

Its not a big deal, but lots of inexperienced users are confused by this, and some dont realise they need to do something and thus their outlook sits there without receiving emails until they finally notice.

This used to be seamless, what do I have to do to get that back again?

Source: (StackOverflow)

Moving from Exchange 2003 to Exchange 2010

Consider a small-medium business' deployment of Exchange 2003. The question is around migrating to Exchange 2010. Here's a bit about the landscape:

  • Current state is 50-100 users/mailboxes with the majority using Outlook 2007
  • OWA enabled
  • desktop users are NOT running in Cached Exchange Mode
  • laptops users ARE running in Cached Exchange Mode
  • a single Exchange server with modest or reasonable specs for the day (3 GHz, multi-core, 4 GB, Windows 2003 32-bit)


  • What are your suggestions for the administration team regarding the upgrade path/steps from Exchange 2003 to 2010?

  • Considering the requirement of a 64-bit OS, consider a new separate machine as ready to go with Windows 2008. Have I missed any details?

  • Where might virtualization help in this project?

Any lessons learned in previous upgrades (2007 or 2010) would be appreciated!

Source: (StackOverflow)

Outlook security alert - The name on the security certificate is invalid or does not match the name of the site

SBS 2008 running Exchange 2007 and IIS6.0

CompanyA has two other companies that operate under the same roof. To accommodate email, we have 3 Exchange accounts per user to manage this. All users use their CompanyA account to log into the domain.

  • CORP\user user@companyA.com
  • CORP\user-companyb user@companyB.com <-- only used for email
  • CORP\user-companyc user@companyC.com <-- only used for email

Email works fine internally and via OWA. The problem exist when setting up Outlook for remote users who need access to companyB and companyC emails, Outlook pops up the certificate error.

The SSL cert SAN has the following DNS names:

  • webmail.companyA.com
  • www.webmail.companyA.com
  • CORP-SBS.local
  • autdiscover.companyA.com

I was told by the users who access companyC email address remotely that this never used to happen before. This started with the CEO changed DNS providers on his own and in the process the original DNS settings were lost. He mentioned something about an SRV record being created which corrected this issue but that's about it.

Looking for guidance on how to properly address this.

Source: (StackOverflow)

How bad is it to run Exchange 2016 on a Windows 2012 R2 domain controller for a small organization with assuredly fewer than 25 users?

I know that it has been officially unsupported forever and yet I have seen or heard about many small business installations of a single host running AD DS and Exchange simultaneously. For a resource-strapped small business the savings are compelling.

So assuming that we know somehow that usage requirements will never grow beyond 25 users, say 10 simultaneously,

  1. How "bad" is it really these days to run both Exchange and AD DS on the same machine (sans virtualization of any kind)?
  2. What specifically is bad about it? (Name the top 1 or 2 reasons that come to mind besides "Microsoft says so")
  3. What can be done to mitigate the "bad"ness, if anything?

You can assume that the business in question either:

  1. has a single physical on-site server with a reasonable commercial ISP or
  2. has a pool of virtual resources that is already tapped out and they do not want to spend more.

The situation I have in mind is the second, with just one VM that could possibly be a candidate for adding Exchange because it is the only Windows VM and has enough excess memory to make it happen.

In any case, the reasoning may not be all that, well, reasonable, but let's say those are the constraints you have to work with.

Source: (StackOverflow)

Exchange 2007 Client for Linux

Has anyone had success with a working Exchange 2007 client for Linux? I'm not looking for an IMAP client or anything of the sort...there's plenty of them around, but a client that actually supports the exchange 2007 protocol. I've tried Open Change MAPI to no success, I'm unsure if this is because I'm doing it wrong or because of our external hosts strange multi-client setup.

Does anyone have any working experience with any?


Source: (StackOverflow)