Remote PowerShell extends PowerShell from servers to client computers so
Role Based Access
Role Assignment – The link that
Scope (Where) Defines the objects in
AD that the Role can act on.
For example, the Boston Users OU
Role Group (Who) A security
Client Access Server Array
Serves as a single contact point
HTTP, POP3, IMAP4
Anti-spam and anti-virus filters
• Connection Filter
• Sender Filtering
The Edge Transport server role cannot coexist on the same computer with any other server role. Recommendation: Install the Edge Transport server role on a computer that is not part of a domain. commands can be executed remotely.
Exchange Server 2010 takes advantage of new PowerShell v2.0 and Windows Remote Management Set-AddressList
holds together the Who, What, and Where.
group that defines Who gets a
specific scope applied to them. For example, the Boston Exchange Admins for all client connections within
an Active Directory site.
Can include one or many Client
• Recipient Filtering
• Sender ID Filter
• Content Filter
• Sender Reputation
Run once to establish and automatically configure SMTP connectors to route email to and from the Exchange organization and the Internet. All Exchange management tools are built on Remote PowerShell. Remote PowerShell enables administrators to run Exchange cmdlets on computers without the need to install Exchange management tools. Add/Del/Mod sers
Role (What) – Defines what can be done by a set of cmdlets and
Each Active Directory site can
have a single Client Access server array.
Does not provide load
• Attachment Filter
• Virus Scanning
• Outlook Junk E-mail F
Exchange Control Panel
Management Tools now include the Exchange Control Panel (ECP). A web-based parameters that can be run.
balancing. A separate load
balancing solution is still needed.
management console accessed from browsers that have no Exchange client-side software installed. ECP gives users the power to manage distribution lists, track messages, and edit personal information. Role Based Access Control (RBAC) enables you to control, at both broad and precise levels, what administrators and users can do. RBAC also enables you to more closely align roles you assign users and administrators with the actual roles they hold within your organization. Recommendation: Create
Client Access server array if you only have a single C Access server. saging
Administrators Specialty Users Users Three ways of assigning permissions:
Management Role Groups
Management Role Assignment Policies
Direct User Role Assignment
Configuration done using Exchange Control Panel
Dozens of default roles pre-configured and easily customizable RBAC is built into all management tools
soft Exchange EdgeSync service pushes information from Active Directory to AD LDS instance on Edge Transport server using secure LDAP.
Recipient management Perform multi-mailbox searches
View account information and manage settings
Monitoring Exchange components is important to understand the health state of servers and server roles. Management
Exchange Server 2010
Management Pack for...