Objective 3.3 Exchange 2010 Flashcards
Objective 3.3: Configure federated sharing.
You can use the EMS ______ cmdlet to change the certificate that verifies a trust. If you want to change this certificate, you need first to discover the thumbprint of the new certificate. You deploy the certificate on all Hub Transport servers and Client Access servers in your Exchange organization, identify the certificate as the next certificate, and then use the Set-FederationTrust cmdlet with the PublishFederationCertificate switch to configure the trust to use this certificate as the current certificate. For example, the following two commands configure the federation trust named Microsoft Federation Gateway to use the certificate with the thumbprint AC00F-12CBA8358253F412FD0984B5CCAF2AF4F27 as the next certificate and then deploy it as the current certificate: ______.
Set-FederationTrust,
Set-FederationTrust -Identity “Microsoft Federation Gateway” -Thumbprint AC00F12CBA8358253F412FD0984B5CCAF2AF4F27
Set-FederationTrust –Identity “Microsoft Federation Gateway” -PublishFederationCertificate
When you create a federation trust, you need to obtain the thumbprint of a trusted third-party CA that can validate the trust. For example, the following command creates a federation trust named Microsoft Federation Gateway using the thumbprint of an exportable certificate: ______.
New-FederationTrust -Name “Microsoft Federation Gateway” –Thumbprint AC00F12CBA8358253F412FD0984B5CCAF2AF4F27
The domain used for establishing a federation trust must be resolvable from the ______. A locally generated self-signed certificate ______ be used for this purpose.
Internet,
cannot
Remember that you need to obtain an ______ certificate from a trusted external CA before you can create a federation trust.
X.509
You should be aware that in order to use the Microsoft Federation Gateway, you must enroll your ______ cluster.
Active Directory Rights Management Services (AD RMS)
You can enroll by using the default AD RMS cluster certificate. You can also enroll with a valid trusted certificate, provided you know the thumbprint of that certificate. For example, the following command enrolls by using the default AD RMS cluster certificate: ______.
The second command enrolls by using a certificate with the thumbprint of AC00F12CBA8358253F412FD0984B5CCAF2AF4F27: ______.
Install-RmsMfgEnrollment
Install-RmsMfgEnrollment -CertificateThumbprint AC00F12CBA8358253F412FD0984B5CCAF2AF4F27
You need to configure DNS with a ______ resource record that provides proof-of-ownership for your domain name.
TXT
You can obtain the application identifier by using the EMS ______ cmdlet. For example, the following command retrieves properties (including identifiers) of federation trusts configured for the organization: ______.
Get-FederationTrust,
Get-FederationTrust | FL
Remember that the proof-of-ownership (or application identifier) is stored in DNS as a ______ resource record.
TXT
The exam might test that you know how to create and configure an organizational relationship. You can use the ______ Wizard in the EMC for this task. If instead you choose to use the EMS, you must access the Federated Organization Identifier (OrgID) by using the EMS ______ cmdlet. You then pipe the output from this cmdlet into the ______ cmdlet. For example, the following command creates an organization relationship with the Contoso organization, enabling free/busy information and specifying that the requesting organization receives free/busy, subject, and location information from the target organization: ______.
New Organizational Relationship,
Get-FederationInformation,
New-OrganizationRelationship
Get-FederationInformation -DomainName Contoso.com | New-OrganizationRelationship -Name “Contoso” -FreeBusyAccessEnabled $true -FreeBusyAccessLevel -LimitedDetails
If you enable the sharing of free/busy information, you can configure one of three levels of access. You can configure the following levels of access: ______.
- No Calendar sharing
- Calendar sharing with free or busy information only
- Calendar sharing with free or busy information, plus subject and location
You can use the ______ cmdlet to change settings of an organizational relationship. For example, the following command disables the organization relationship with Contoso: ______.
Set-OrganizationRelationship,
Set-OrganizationRelationship -Identity “Contoso” -Enabled $false
You can use the EMS ______ cmdlet to configure federated organization identifiers. You configure a federated organization identifier to create an account namespace for your Exchange organization with the Microsoft Federation Gateway and enable federation so that you can make use of the facilities that federation provides. For example, the following command configures and enables a federated organization identifier for the Adatum.com Exchange organization: ______.
Set-FederatedOrganizationIdentifier,
Set-FederatedOrganizationIdentifier -DelegationFederationTrust “Microsoft Federation Gateway” -AccountNamespace “Contoso.com” -Enabled $true
You might need to register multiple domain names in your Active Directory forest with Microsoft Federation Gateway. Although you can use a wildcard certificate, such as *.adatum.com, there are security implications in doing this. A more secure alternative is to list each of the required domains as ______ in the trusted X.509 certificate.
SANs
You use the EMS Get-Mailbox cmdlet to obtain the mailbox or mailboxes to which you want to apply the sharing policy and the EMS ______ cmdlet to apply the policy. For example, the following command configures all mailboxes associated with the Marketing department to use the Adatum Marketing federated sharing policy: ______.
Set-Mailbox,
Get-Mailbox –Filter {Department –eq “Marketing”} | Set-Mailbox –SharingPolicy “Adatum Marketing”
To enable federated sharing, you need to register your organization with the Microsoft Federation Gateway. You then configure a federated sharing relationship with another organization that also registers with the Microsoft Federation Gateway, which acts as a ______ for all connections that the organizations make with each other.
hub