Guide to secure better Exchange admin jobs
A comprehensive collection of articles, videos and more, hand-picked by our editors
Many new Exchange administrators have the unfortunate luck to walk into another admin’s mess. If you’ve inherited...
an Exchange organization that someone else designed, you can’t make any assumptions about how well it adheres to Microsoft’s best practices.
It’s imperative to find out as much as you possibly can about the design of the Exchange organization and correct any deficiencies right away. Remember: even if you didn’t create it, it’s your mess now and you’re required to manage it. Here’s a checklist of tasks to perform in an inherited Exchange architecture.
Validate your backups
Verify that your backups actually work. Then find out exactly what’s being backed up, how it is being backed up and when backups will occur.
In Exchange Server 2007 and Exchange 2010, I recommend that you focus on backing up mailbox servers and edge transport servers. Configuration information for other server roles is stored in the Active Directory, so you’ll have to verify that the domain controllers are being backed up.
- Ask about any recent Exchange-related problems
Ask Exchange Server users about any recent problems that may have occurred before you became the administrator. Even if no major outages have occurred, you still may find that users have been experiencing performance problems or intermittent connectivity problems. Knowing about these these issues up front means you can be on the lookout for their causes later.
Take a hardware inventory
There are two reasons why compiling a hardware inventory for your Exchange servers is so important. First, you must verify that all of your Exchange servers have sufficient hardware resources to run efficiently. This concept holds true, whether Exchange is running on physical or virtual hardware.
Taking a hardware inventory will also help you understand your server configurations. This will help you spot a problem like misallocated server memory.
Perform a software inventory and audit
Determine which versions of Exchange Server are running in your organization and which operating systems are running on them. It’s also important to know what patches have been applied to your Exchange servers.
During software inventory, be on the lookout for any software that doesn’t belong. For example, I once worked for an organization that ran its CRM software on an Exchange box.
It’s equally important to look for software that may be missing. Specifically, make sure that all applicable servers are equipped with backup agents, antivirus software and any other management utilities that may be required.
After performing the software inventory, I recommend cross-referencing it against your organization’s software licenses. You must ensure that all software running on Exchange servers is properly licensed.
- Run the Exchange Best Practices Analyzer
The Exchange Best Practices Analyzer (ExBPA) analyzes your Exchange organization, making sure it is configured according to Microsoft’s recommended best practices. Failure to comply with these recommendations could lead to Exchange performance and stability issues.
- Check Exchange server event logs
Browse through your Exchange server’s event logs to find out if anything suspicious has been going on that you need to address. When speaking with users, they may mention annoying outages or connectivity issues. Server event logs can give you more details on what’s causing some of those problems.
- Perform a security audit
Perform a security audit on all of your Exchange boxes. This requires you to document all of the policies and settings being used -- such as the ActiveSync policy and any retention policies. After doing so, compare your findings to the corporate security policy to ensure that your servers adhere to established policies.
ABOUT THE AUTHOR
Brien M. Posey, MCSE, is a seven-time Microsoft MVP for his work with Windows 2000 Server, Exchange Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. For more information visit www.brienposey.com.