226
Chapter 5

Defining Policies and Security Procedures
Finally, we covered some additional tweaking you should do to make your Exchange organi-
zation as secure as possible. We investigated how you can secure your environment by delegating
Exchange Administrator roles and by securing SMTP email. To finish we covered Information
Rights Management.
Exam Essentials
Legal and company requirements for messaging policies There are both legal and company
requirements that force you to configure messaging policies to control mail flow and mail storage.
You need to know the difference between transport rules and journaling rules. You might also
receive a question about client licensing requirements, and about the archiving possibilities trans-
port rules offer. A lot of questions on the exam ask you about the possible configuration options
for messaging records management and about message classifications.
Antispam in Exchange Server 2007 The exam focuses very hard on the antispam options
in Exchange Server 2007, and what is added if you introduce Exchange Hosted Services and
Microsoft Forefront for Exchange to your Exchange environment. Make sure that you know
what the different antispam filtering options entail.
Exchange Administrative Permissions The exam will check if you know about the
new Exchange Administrator roles; make sure that you can list them and that you know
what rights users will get when they are delegated an Exchange Administrator role. You
have to know the advantages and possible disadvantages of securing SMTP email traffic,
and what Information Rights Management can offer your Exchange organization.
81461.book Page 226 Wednesday, December 12, 2007 4:49 PM
Review Questions
227
Review Questions
1. You are an Exchange administrator, and you have a single Exchange Server 2007 server with
250 mailboxes. Your management wants you to implement what is needed to make sure that
messages they send cannot be read by anyone other than the intended recipient. What should

you implement?
A. Sender filtering
B. Recipient filtering
C. Content filtering
D. Message encryption
E. Digital signatures
2. You are an Exchange administrator, and you have an Exchange Server 2007 organization
with one Client Access server/Hub Transport server Exchange Server 2007 instance, and one
Exchange Server 2007 Mailbox server with 250 mailboxes. Your Exchange server receives
more spam messages than legitimate emails, and you want to reduce the number of spam mes-
sages that reach your messaging environment, but you do not want to invest in new hardware
or software. What are your options?
A. Deploy antispam agents on the Mailbox server.
B. Deploy antispam agents on the Hub Transport server.
C. Deploy the Edge Transport server role in your environment.
D. Use Exchange Hosted Services.
3. You are an Exchange administrator, and you have an Exchange Server 2007 organization
with one Client Access server/Hub Transport server Exchange Server 2007 instance and one
Exchange Server 2007 Mailbox server with 250 mailboxes. Your Exchange server receives
more spam messages than legitimate mails, and you want to reduce the number of spam mes-
sages that reach your users’ mailboxes, but you do not want to invest in new hardware or soft-
ware. What are your options?
A. Deploy antispam agents on the Mailbox server.
B. Deploy antispam agents on the Hub Transport server.
C. Deploy the Edge Transport server role in your environment.
D. Use Exchange Hosted Services.
81461.book Page 227 Wednesday, December 12, 2007 4:49 PM
228
Chapter 5


Defining Policies and Security Procedures
4. You are an Exchange administrator, and you have a single Exchange Server 2007 server that
houses 300 mailboxes. You would like to keep track of the emails that are sent and received
by the legal department in your organization. You are using a Standard Edition license of
Exchange Server 2007, and you currently have five stores in use. What should you do? Choose
two answers; each part presents part of the solution.
A. Create a mail-enabled universal distribution group, U_Legal_Department, and make every
user of the legal department a member of that group.
B. Create a journaling rule that will journal every email sent and received by members of the
mail-enabled universal group U_Legal_Department.
C. Move all mailboxes of users in the legal department to a new mailbox store, Store_Legal.
D. Enable journaling on the new store, Store_Legal.
5. You are an Exchange administrator responsible for an Exchange 2007 organization that con-
tains two Exchange 2007 Mailbox servers, one Client Access server, and one Hub Transport
server. Your company recently acquired an Exchange 2007 organization. You do not intend
to merge the two companies, but it is important that you secure all mail flow between the two
organizations that have a dedicated T1 Line to link them together. What should you do?
A. Create a dedicated SMTP Send connector and require authentication.
B. Create a dedicated SMTP Send connector.
C. Install and configure MIIS.
D. Install and configure the Exchange organization’s connector.
6. You are an Exchange administrator responsible for a single Exchange Server 2007 organiza-
tion. You’ve received a request that when other SMTP servers perform Sender ID filtering your
domain name cannot be spoofed by nonauthorized users. What should you create?
A. Register an SPF record in DNS.
B. Create an SPF record in the registry of your Exchange server.
C. Register an MX record in DNS.
D. Register an MX record in the registry of your Exchange server record in DNS.
7. You are an Exchange administrator responsible for an Exchange 2007 organization that con-
tains two Exchange 2007 Mailbox servers, one Client Access server, and one Hub Transport

server. Your legal department requests that you include a disclaimer with all messages that
are sent out from your Exchange organization. How can you accomplish this with the least
amount of administrative effort?
A. Create and register a transport event sink on your Exchange Hub Transport server.
B. Create a transport rule that adds a disclaimer to all messages that are sent outside the
organization.
C. Create a transport rule that adds a disclaimer to all messages that are sent inside the
organization.
D. Educate your users to add a signature to all messages they send outside.
81461.book Page 228 Wednesday, December 12, 2007 4:49 PM
Review Questions
229
8. You are an Exchange administrator responsible for an Exchange 2007 organization that con-
tains two Exchange 2007 Mailbox servers, one Client Access server, and one Hub Transport
server. Your management would like you to investigate if it is possible to prepend the word
SPAM to every message that is delivered to a user’s Junk E-Mail folder. How can you accom-
plish this with the least amount of administrative effort?
A. Configure a transport rule to prepend the subject of an email with SPAM when a message
reaches a predefined SCL.
B. Configure a journaling rule to prepend the subject of an email with SPAM when a message
reaches a predefined SCL.
C. Create and register a transport event sink to prepend the subject of a mail with SPAM when
a message reaches a predefined SCL.
D. Create and deploy a group policy to prepend the subject of an email with SPAM when a
message reaches a predefined SCL.
9. You are an Exchange administrator responsible for an Exchange 2007 organization that con-
tains two Exchange 2007 Mailbox servers, one Client Access server, and one Hub Transport
server. Your management requests that you keep the size of your database files under control.
You have reached an agreement with your management to control the size of the mailboxes
by managing the amount of time messages are retained in the Deleted Items folder. You are

required to create two kinds of policies; the first one enables a user to keep items in the Deleted
Items folder for 7 days, the second one for 60 days. What should you do to successfully con-
figure these requirements? Select three; each answer is a part of the solution.
A. Create two mailbox stores.
B. Create two new managed default folders, type Deleted Items.
C. Move users to the mailbox store that is configured with the required deleted item reten-
tion time.
D. Create two new managed folder policies, each one responsible for a different managed
default folder, both called Deleted Items, and attach it to the users needed.
E. Create managed content settings that reflect the specified criteria for each new managed
default folder, type Deleted Items.
F. Configure the required deleted item retention time for the mailbox stores.
10. You are an Exchange administrator, and you have a single Exchange Server 2007 that houses
300 mailboxes. You have recently deployed an Exchange Server 2007 Edge Transport server,
and you need to configure a way to reject any mail that is coming from any known relayers.
What should you configure?
A. Sender filtering
B. Recipient filtering
C. Content filtering
D. Connection filtering
81461.book Page 229 Wednesday, December 12, 2007 4:49 PM
230
Chapter 5

Defining Policies and Security Procedures
11. You are an Exchange administrator, and you have a single Exchange Server 2007 server that
houses 300 mailboxes. You have recently deployed an Exchange Server 2007 Edge Transport
server, and you need to configure a way to reject as much mail as possible from domain spoofers.
What should you configure?
A. Sender filtering

B. Recipient filtering
C. Sender ID filtering
D. Connection filtering
12. You are an Exchange administrator responsible for an Exchange 2007 organization that con-
tains two Exchange 2007 Mailbox servers, one Client Access server, and one Hub Transport
server. You would like to grant your network administrator the permission to give existing
users a mailbox on your Exchange servers. What role should you delegate to your network
administrator?
A. Exchange Organization Administrator
B. Exchange Recipient Administrator
C. Exchange View-Only Administrator
D. Exchange Server Administrator
13. You are an Exchange administrator responsible for an Exchange 2007 organization that con-
tains two Exchange 2007 Mailbox servers, one Client Access server, and one Hub Transport
server. You recently hired a new Exchange administrator and added her to the Domain Admins
group, but you need to grant her all permissions to the entire Exchange organization. What
role should you delegate to your new colleague?
A. Exchange Organization Administrator
B. Exchange Recipient Administrator
C. Exchange View-Only Administrator
D. Exchange Server Administrator
14. You are an Exchange administrator responsible for an Exchange 2007 organization that con-
tains two Exchange 2007 Mailbox servers, one Client Access server, and one Hub Transport
server. All your users use Microsoft Office Outlook 2007. Your management has decided that
it has to be possible for users to mark every email they send to a customer as A/C Confidential.
What should you do? Select two; each option is part of the solution.
A. Deploy a local file (Classifications.xml) on the client computers.
B. Create and deploy a registry key on the client computers that enables the use of message
classifications.
C. Deploy a local file (Classifications.xml) on the Exchange Mailbox servers.

D. Create and deploy a registry key on the Exchange Mailbox servers that enables the use of
message classifications.
81461.book Page 230 Wednesday, December 12, 2007 4:49 PM
Review Questions
231
15. You are an Exchange administrator, and you have a single Exchange Server 2007 server that
houses 300 mailboxes. A single user in your organization asks you if there is a way to restrict
permissions on an email message he’s sending to a customer. He wants to prevent the customer
from forwarding or copying the contents of the email message. The user in question uses
Microsoft Office Outlook 2007. What can you offer him?
A. Digital signatures
B. Message encryption
C. Information Rights Management
D. A secure SMTP connection to that customer’s mail organization
16. You are an Exchange administrator responsible for an Exchange 2007 organization that con-
tains two Exchange 2007 Mailbox servers, one Client Access server, and one Hub Transport
server. Your users use either Microsoft Office Outlook 2000 or Microsoft Office Outlook XP
to open their mailboxes. All your clients are running Windows XP Professional SP2. Your
management wants you to deploy and configure a Rights Management server. What should
you do first so that your clients can use the abilities offered by IRM? Select two; each answer
is a complete solution.
A. Upgrade to Windows Vista
B. Upgrade Microsoft Office Outlook to Microsoft Office 2003
C. Upgrade Microsoft Office Outlook to Microsoft Office 2007
D. Deploy Windows Rights Management server
17. You are an Exchange administrator, and you have a single Exchange Server 2007 server that
houses 300 mailboxes. Your management wants customers to be sure that messages they
receive from your organization are sent by your organization. In addition, your management
wants to make sure that in case someone outside your organization altered the message, the
recipient knows about this. What should you implement?

A. Sender filtering
B. Recipient filtering
C. Content filtering
D. Message encryption
E. Digital signatures
18. You are an Exchange administrator responsible for an Exchange 2007 organization that contains
two Exchange 2007 Mailbox servers, one Client Access server, and one Hub Transport server. You
recently hired a new Exchange administrator who will be responsible for your Hub Transport
server and your Client Access server. What role should you delegate to your new colleague?
A. Exchange Organization Administrator
B. Exchange Recipient Administrator
C. Exchange View-Only Administrator
D. Exchange Server Administrator
81461.book Page 231 Wednesday, December 12, 2007 4:49 PM
232
Chapter 5

Defining Policies and Security Procedures
19. You are an Exchange administrator, and you have a single Exchange Server 2007 server that
houses 300 mailboxes. You recently deployed an Edge Transport server role. You would like
to configure your Edge Transport server to block all messages that contain attachments with
an extension .XYZ. What should you do?
A. Enable and configure attachment filtering on your Exchange Server 2007 server.
B. Enable and configure attachment filtering on your Edge Transport server.
C. Enable and configure content filtering on your Hub Transport server.
D. Enable and configure content filtering on your Edge Transport server.
20. You are an Exchange administrator responsible for an Exchange 2007 organization that con-
tains two Exchange 2007 Mailbox servers, one Client Access server, and one Hub Transport
server. You would like to enable attachment filtering, and you choose to deploy an Edge Trans-
port server. You would like to have blocked attachments sent to a quarantine mailbox; what

should you do?
A. Enable and configure attachment filtering.
B. Enable and configure content filtering.
C. Enable and configure recipient filtering.
D. Enable and configure Microsoft Forefront Security for Exchange Server.
81461.book Page 232 Wednesday, December 12, 2007 4:49 PM
Answers to Review Questions
233
Answers to Review Questions
1. D. Encrypting messages will make sure that only the intended recipient can view the contents.
Sender filtering, recipient filtering, and content filtering are used to prevent spam from entering
the exchange organization. Digital signatures will allow the recipient of the message to be sure
the sender actually sent the message but the message itself will not be encrypted when sent.
2. D. You don’t want to invest in new hardware and software, so you cannot go for the Edge
Transport server role. You want to stop spam before it reaches your messaging environment,
thereby eliminating the possibility of deploying the antispam agents on the Hub Transport
server. It is not possible to deploy antispam agents on the Mailbox server. You can only choose
to use Exchange Hosted Services.
3. B. You don’t want to invest in new hardware and software, so you cannot go for the Edge
Transport server role. Since you want to reduce the amount of spam that reaches your users’
mailboxes, you should enable the antispam transport agents on your Hub Transport server.
You don’t want to stop spam from entering your organization, you just want to stop spam
from reaching the user’s mailboxes, thereby there is no requirement to go for Exchange
Hosted Services.
4. A and B. Because you are using the Standard Edition version of Exchange Server 2007, you are
not able to create an additional store since you already have the maximum number of stores
in use. The Standard Edition version of Exchange only supports the creation of five stores. You
can, however, create a new universal distribution group and use a new feature available in
Exchange Server 2007: per-distribution-group journaling.
5. A. It is best practice to enable authentication to provide additional security for email sent from

associated organizations. Creating a dedicated SMTP Send Connector does not provide secure
mail flow if you don’t require authentication. Installing and configuring MIIS would enable
directory synchronization which is not asked for in this scenario. The Exchange organization’s
connector does not exist.
6. A. Sender ID filtering can provide you with a valid result only if the sender’s domain has a
Sender Policy Framework (SPF) record registered in DNS.
7. B. You can use the Exchange Management Console or Exchange Management Shell to con-
figure disclaimers on computers that have the Hub Transport server role installed. Creating
and registering a transport event sink is not recommended. Educating your users will require
more effort than creating a transport rule. You shouldn’t apply a transport rule to messages
that are sent inside your organization, because you only want messages that go outside the
organization to receive a disclaimer.
8. A. You can configure a transport rule to prepend a subject with a string, and you can specify
the value of the SCL as a condition. A journaling rule is used to journal messages, and therefore
not valid for changing a message subject. Creating a transport event sink would require admin-
istrative effort to create and deploy it. Group policies cannot be used to change the subject of
a mail.
81461.book Page 233 Wednesday, December 12, 2007 4:49 PM
234
Chapter 5

Defining Policies and Security Procedures
9. B, C, and E. Deleted item retention time is the amount of time that messages that are deleted
from the mailbox are available for recovery. We are covering the messages that are still in
the mailbox, in the Deleted Items folder, so deleted item retention time doesn’t matter here.
Instead, it is feasible to create two new Deleted Items managed folders and specify for each one
different managed content settings, and use managed folder policy to hand them out to the
users that need those settings.
10. D. You can configure connection filtering to check with real-time Block lists if the connecting
SMTP server is a known relaying server.

11. C. Sender ID filtering will check if the sender (or most probable sender) is sending the mail
using the SMTP services of a server that is authorized to send mail from that sender’s
domain. If there is an SPF record configured for the SMTP mail domain, you can check
if domain spoofing is done. Sender filtering only provides the ability to block mail from
specific domains, without checking if it’s spoofed or not. Recipient filtering is used to filter
mail sent to specified recipients, and Connection filtering is used to check if the connection
was initiated from a valid IP address.
12. B. A user needs to have the Exchange Recipient Administrator role in order to be able to give
users a mailbox.
13. A. To be able to fully manage an Exchange organization, a user needs to be delegated the
Exchange Organization Administrator role.
14. A and B. If you want to enable the use of message classifications in Outlook, you need to
deploy on the client computer a local file (Classifications.xml) that contains the defini-
tions of the message classifications. And you also need to create and deploy a registry key that
will enable the use of message classification by referencing the Classifications.xml file on
the client computer. You don’t need to add a registry key on the Exchange Mailbox servers,
and you don’t need to deploy a local file on the Exchange Mailbox servers.
15. C. Information Rights Management can be used in Microsoft Office Outlook 2003 and
Microsoft Office Outlook 2007 to prevent email forwarding, copying, editing, or printing.
Implementing signing and sealing will not prevent a user from forwarding or copying the con-
tents of an email message. A secure SMTP connection only secures the SMTP mail flow, but
does not imply that the email message is not able to be forwarded or copied.
16. B and C. You need at least Microsoft Office Outlook 2003 to be able to use the services pro-
vided by IRM. You can use the abilities offered by IRM by running Office Outlook 2003 (or
later) on XP Professional. You don’t need to have Windows Rights Management server, since
you can use the limited-trial version offered by Microsoft.
17. E. Digital signatures provide authentication, nonrepudiation, and data integrity. By digitally
signing your email messages, you enable recipients to verify if the email message has been sent
by the person or organization that claims to have sent the message, and you enable recipients
to verify if the message has been altered.

18. D. You need to delegate the role of Exchange Server Administrator since you want your new
colleague to have full control over the specified servers’ configuration data.
81461.book Page 234 Wednesday, December 12, 2007 4:49 PM
Answers to Review Questions
235
19. B. Attachment filtering allows you to block attachments from entering your Exchange orga-
nization, by attachment content type, or by attachment file name. You can enable and config-
ure attachment filtering only on the edge Transport server. Content filtering is set as an SCL
value for messages so you can configure your Edge or Hub Transport server to block them,
quarantine them, or deliver them to a user’s junk mail folder.
20. D. Forefront Security for Exchange Server enables you to quarantine blocked attachments.
Attachment filtering, content filtering, and recipient filtering do not allow you as an adminis-
trator to have blocked attachments sent to a quarantine mailbox.
81461.book Page 235 Wednesday, December 12, 2007 4:49 PM
81461.book Page 236 Wednesday, December 12, 2007 4:49 PM

PART

II

70-238: Pro:
Deploying
Messaging
Solutions with
Microsoft
Exchange
Server 2007

81461.book Page 237 Wednesday, December 12, 2007 4:49 PM


81461.book Page 238 Wednesday, December 12, 2007 4:49 PM

Chapter

6

Planning an
Upgrade to Exchange
Server 2007

MICROSOFT EXAM OBJECTIVES COVERED
IN THIS CHAPTER:


Plan the Exchange Server 2007 migration implementation


Plan the Exchange Server 2007 upgrade implementation

81461.book Page 239 Wednesday, December 12, 2007 4:49 PM

Before we start talking about upgrading to Exchange Server
2007, it is important to make the distinction between two types
of upgrades: transitioning and migrating. When you decide to
upgrade your existing Exchange 2000 Server or Exchange Server 2003 to Exchange Server
2007, you will be

transitioning

your Exchange organization to 2007. However, when you

decide to upgrade your existing Exchange 2000 Server or Exchange Server 2003 to a new
Exchange Server 2007 organization you will be

migrating

to Exchange Server 2007. Upgrad-
ing from Exchange 5.5 or any other third-party messaging system to Exchange Server 2007 is
also referred to as migrating to Exchange 2007. In this chapter we will cover everything that
has to be considered when planning a transition to Exchange 2007. In Chapter 7, “Plan a
Migration to Exchange Server 2007,” you will get detailed information about all possible
migration scenarios that exist for Exchange Server 2007.
It is true that the transition process itself is the same for an Exchange Server 2003 or
an Exchange 2000 Server organization. But there are features from Exchange 2000 Server
and Exchange Server 2003 that are not supported anymore in Exchange Server 2007. If
you decide to transition to Exchange Server 2007, you will need to plan a solution for all
features that do not exist anymore in Exchange Server 2007. In this chapter we will dig
into all those features, and we will have a look at the best way to transition your Exchange
2000 Server or Exchange Server 2003 organization to Exchange Server 2007.
The main subjects in this chapter are as follows:


Exchange 2000 Server features not supported in Exchange Server 2007


Exchange Server 2003 features not supported in Exchange Server 2007


Features that are gone in Exchange Server 2007



De-emphasized features in Exchange Server 2007


Planning the upgrade process from Exchange 2000 Server and Exchange Server 2003

Planning for Migration of Legacy
Exchange Features

In this part of the chapter we will have a look at all features that were available in Exchange
2000 Server and Exchange Server 2003, but are not supported anymore in Exchange Server
2007. We will also highlight the features that are de-emphasized in Exchange Server 2007.

81461.book Page 240 Wednesday, December 12, 2007 4:49 PM

Planning for Migration of Legacy Exchange Features

241

Exchange 2000 Server Features Not Supported
in Exchange Server 2007

In this part of the chapter, we will have a look at all discontinued features that were available
in Exchange 2000 Server:


cc:Mail connector


MS Mail connector



Exchange 2000 Conferencing Server


Exchange Chat Service


Exchange Instant Messaging


Key Management Service


Microsoft Mobile Information Server

cc:Mail Connector

The Lotus cc:Mail connector is one of the four connectors included with Exchange 2000
Server. The Lotus cc:Mail connector provides the possibility to connect your Exchange
2000 Server organization to any DB8-type cc:Mail post office. Users that are using cc:Mail
are created in Active Directory as mail-enabled contacts or as mail-enabled users. Mail
flow and directory synchronization are controlled by configuring this connector.

Cc:Mail was discontinued in 2001. The latest version of cc:Mail was released
in 2000, version 8.5. Originally developed by Microsoft in the ‘80s, Lotus

Development took over the technology in 1992.

If you want to continue to use a cc:Mail connector, plan to keep at least one Exchange 2000
Server in your organization.


MS Mail Connector

The MS Mail connector can be used to connect an MS Mail server to your Exchange 2000
Server organization.

The last version of MS Mail that was released is version 3.5. There was no new
version planned due to the release of a new mail system, called Microsoft
Exchange Server. To position this new product as the successor of MS Mail,
Microsoft decided to release the first version of Microsoft Exchange Server as

version 4.0.

If you want to continue to use an MS Mail connector, plan to keep at least one
Exchange 2000 Server in your organization.

81461.book Page 241 Wednesday, December 12, 2007 4:49 PM

242

Chapter 6


Planning an Upgrade to Exchange Server 2007

Exchange 2000 Conferencing Server

Exchange 2000 Conferencing Server was a separate component that you could install once
you had an Exchange 2000 Server organization deployed. Exchange 2000 Conferencing
Server allowed you to do the following:



Share applications


Share desktops


Share whiteboards


Transfer files


Host text-based chat sessions


Exchange audio and video signals
Everything was based on four core components/technologies:


Conference Management Service


IP multicast


T.120



H.323
If you want to continue to use Exchange 2000 Conferencing Server, plan to keep at least
one instance of Exchange 2000 Server in your organization.

Exchange Chat Service

You could deploy the Exchange Chat Service in addition to an Exchange 2000 Server or on
any Windows 2000 box in an Active Directory environment where Exchange 2000 Server was
deployed. Following protocol standards set for Internet Relay Chat (IRC (RFC 1459), and the
Internet Relay Chat Extension (IRCX). Implementing Exchange Chat Service allowed you to
do the following:


Use IRC clients such as Microsoft Chat Service


Create channels for one-to-many and many-to-many text conversation


Enable administrators to moderate the use of and access to chat communities with bans
and classes


Allow users to host or moderate a chat channel’s content
If you want to continue to use Exchange Chat Service, plan to keep at least one instance of
Exchange 2000 Server in your organization.

Instant Messaging

Exchange Instant Messaging provided real-time collaboration services in Exchange 2000

Server. All Instant Messaging communication used the protocol RVP. Installing Instant Mes-
saging enabled users to do the following:


Exchange small messages without the overhead of composing and sending email


Exchange small messages when email transfer is interrupted

81461.book Page 242 Wednesday, December 12, 2007 4:49 PM

Planning for Migration of Legacy Exchange Features

243


Propagate and view presence information of other users


Control who can and who cannot contact you
Instant Messaging could be installed as part of an Exchange 2000 Server deployment, or
you could deploy Instant Messaging on a non-Exchange server in an Exchange 2000 Server
environment.
If you need to be able to support Exchange Instant Messaging, plan to keep at least one
instance of Exchange 2000 Server in your organization.

Microsoft has developed a new product to provide both instant messaging
and collaboration functionality to the enterprise. Originally launched in 2003
as Live Communications Server 2003, a new version, Live Communications
Server 2005, was released in 2005. In August 2007 the latest version, named


Office Communications Server 2007, was presented by Microsoft.

Key Management Service

The Key Management Service was one of the least implemented features in an Exchange 2000
Server organization. Installing the Key Management Service enabled you as an Exchange
administrator to provide users with the option to sign and/or seal their messages.

Exchange 2003 and Exchange 2007 leverage the Windows Server 2003 public
key infrastructure (PKI) architecture to provide Exchange users the possibility

to sign and seal their messages.

If you need to be able to provide the Exchange Key Management Service, plan to keep at
least one instance of Exchange 2000 Server in your organization. It is, however, best practice
to migrate the Exchange Key Management Service to the Windows Server 2003 PKI architec-
ture. Figure 6.1 shows an overview of the process of this migration.

Microsoft Mobile Information Server

Microsoft Mobile Information Server provided users with the ability to gain access to their
Exchange 2000 mailboxes by using a mobile device. Using Outlook Mobile Access enabled
users to browse through their mail and calendars using a cell phone. In addition, users were
able to reply to mail and perform real-time searches. Using Microsoft Server ActiveSync made
it possible for users to sync their mailboxes with their PDAs.

Exchange Server 2003 provided Outlook Mobile Access and Microsoft Server
ActiveSync out of the box, without requiring Microsoft Mobile Information
Server. Outlook Mobile Access which isn’t supported anymore in Exchange


Server 2007, as we will cover later in this chapter.

If you need to be able to provide the Microsoft Mobile Information Server services to some
users, plan to keep at least one instance of Exchange 2000 Server in your organization.

81461.book Page 243 Wednesday, December 12, 2007 4:49 PM

244

Chapter 6


Planning an Upgrade to Exchange Server 2007

FIGURE 6.1

Migrating Exchange Key Management Service to the Windows Server 2003

PKI architecture

Exchange 2003 Server Features Not Supported
in Exchange Server 2007

In this part of the chapter, we will look at all discontinued features that were available in
Exchange 2003 Server:


Connector for Lotus Notes



Connector for Novell GroupWise


NNTP


Outlook Mobile Access


X.400 connector


Administrative groups


Routing groups
Export the
Exchange 2000
Server KMS
Database
Enable Windows
2003 CA to
archive private
keys
Allow Windows
2003 CA to import
foreign keys
Import the
exported KMS

Database to
Windows 2003 CA
Recover the
certificates

81461.book Page 244 Wednesday, December 12, 2007 4:49 PM

Planning for Migration of Legacy Exchange Features

245


Active/Active clustering


Coexistence with Exchange Server 5.5


Public-folder access using Outlook Web Access (OWA)

Connector for Lotus Notes

Out of the box, Exchange Server 2003 provided tools to enable coexistence with a Lotus Notes
messaging environment. When you ran the installation of Exchange Server 2003 you would
have the choice to install the following components:


Microsoft Exchange Lotus Notes connector



Microsoft Exchange Calendar connector
The Microsoft Exchange Lotus Notes connector enabled both directory synchronization and
mail flow between a Lotus Notes environment and an Exchange organization. The Microsoft
Exchange Calendar connector allowed users to gain access to free/busy information from users
housed on Lotus Notes.

In March 2007 Microsoft released an updated version of the Microsoft Exchange
Lotus Notes connector, which replaces the built-in connector that ships with
Exchange Server 2003 (including SP2). This new Lotus Notes connector includes
support for iNotes and Domino Web Access clients, improved Unicode support,

and enhanced message routing between Exchange and Domino.

The Microsoft Exchange Lotus Notes connector has been cut from Exchange Server 2007.
In its place, Microsoft has chosen to include a brand-new Microsoft Transporter Suite for Lotus
Domino. This new suite is an easy-to-use shared management console, and a command-line envi-
ronment, that offers you planning resources, coexistence tools, and migration tools to move
from Lotus Domino to Exchange Server 2007. (For more information about this suite, consult
Chapter 7.) It is possible to enable SMTP mail connectivity from Exchange Server 2007 to a for-
eign Lotus Notes environment. You could also deploy Microsoft Identity Integration Server 2003
to perform directory synchronization between Exchange and Lotus Notes.

Be careful about versions! If you want to use the Microsoft Transporter Suite
for Lotus Domino you need to have at least version 6 to enable coexistence
(Lotus Domino 5 is not supported for SMTP mail routing because it does not
support native MIME or iCal; therefore, to enable mail flow, you will need
to implement the Lotus Notes connector for Exchange Server 2003 on an
Exchange Server 2003 server!). If you just want to move mailboxes from
Lotus Domino, you can use the Microsoft Transporter Suite to migrate


from Lotus Domino versions 5.x, 6.x, and 7.x.

81461.book Page 245 Wednesday, December 12, 2007 4:49 PM

246

Chapter 6


Planning an Upgrade to Exchange Server 2007

Connector for Novell GroupWise

Installing and configuring the connector for Novell GroupWise allowed an Exchange organi-
zation to establish connectivity with a Novell GroupWise mail environment. If you were to
install just the connector for Novell GroupWise you would be able to establish mail connec-
tivity and directory synchronization between your Exchange organization and your Novell
GroupWise environment. By adding the Calendar connector you would also enable users to
gain access to free/busy information of users housed in your Novell GroupWise environment.
Exchange Server 2007 does not support the connector for Novell GroupWise anymore. If
you need to provide connectivity to a Novell GroupWise environment, plan to keep at least
one Exchange Server 2003 in your organization.

If your Exchange organization requires mail connectivity only to a foreign
Novell GroupWise environment, you could use SMTP send connectors to set
up mail flow. If you want your Exchange users to see Novell GroupWise users
as mail-enabled contacts, you could implement Microsoft Identity Integration
Server (MIIS) 2003. But remember: you will not be able to exchange free/busy
information using MIIS 2003. If you need this ability, you will have to install
and configure the connector for Novell GroupWise and the Calendar connec-

tor on an Exchange 2000 Server or Exchange Server 2003 server in your

Exchange organization.

NNTP

When you wanted to install Exchange 2000 Server or Exchange Server 2003, you had to have
the Network News Transfer Protocol (NNTP) installed. This protocol was necessary for
exchange to be able to create its public folders. But after installation you were able to disable
this Internet protocol, or you could configure NNTP services for your Exchange organization.
You were able to set up news groups, and you were able to configure news feeds. Users could
use an NNTP client like Outlook Express to gain access to those news groups and news feeds.
Exchange Server 2007 does not require you to use NNTP! Exchange Server 2007 does not
support NNTP anymore as an Internet protocol, either. If your Exchange organization needs
to be able to provide NNTP services, plan to keep at least one Exchange Server 2003 server
in your organization.

Outlook Mobile Access

Exchange Server 2003 offered two built-in mobile services: Microsoft Exchange ActiveSync,
and Outlook Mobile Access. Outlook Mobile Access enabled users to access their Exchange
Server mailboxes by using a browser-enabled mobile device, using Extensible Hypertext
Markup Language (XHTML), compact HTML (cHTML), or standard HTML browsers.
If you have users that require Outlook Mobile Access, plan to keep at least one Exchange
Server 2003 server in your organization.

81461.book Page 246 Wednesday, December 12, 2007 4:49 PM

Planning for Migration of Legacy Exchange Features


247
X.400 Connector
Ever since the release of Exchange 2000 Server, Exchange has used SMTP as its default routing
protocol. But you were always able to create and configure an X.400 connector to connect your
Exchange organization to a foreign X.400 mail environment, to connect to another Exchange
organization, or to connect two routing groups in the same Exchange organization. If you
created a mailbox-enabled user in an Exchange 2000 or Exchange 2003 organization, that user
would receive by default an SMTP address and an X.400 address. In Exchange Server 2007,
the X.400 connector is not supported anymore. When you create a mailbox-enabled user in
Exchange Server 2007, the user will not get an X.400 address, as can be seen in Figure 6.2.
FIGURE 6.2 Mailbox-enabled users in Exchange Server 2007 do not receive an
X.400 address.
When you are transitioning an Exchange 2000 or 2003 organization to Exchange
2007, all users will still receive an X.400 address in addition to a SMTP address,
even if the users are already housed on an Exchange Server 2007 server. After
the transition is complete, you can change the recipient policies to remove the
X.400 address.
If your Exchange organization needs to provide connectivity to a foreign X.400 mail envi-
ronment, plan to keep at least one Exchange 2000 Server or Exchange Server 2003 server in
your organization.
81461.book Page 247 Wednesday, December 12, 2007 4:49 PM
248
Chapter 6

Planning an Upgrade to Exchange Server 2007
Administrative Groups
Administrative groups were introduced with the release of Exchange 2000 Server. Every
Exchange 2000 Server or Exchange Server 2003 server that you would install would be made
a member of an administrative group. An Exchange organization could consist of one or more
administrative groups. The main purpose of administrative groups was to delegate control on

an organization level or on an administrative group level. As an Exchange administrator, you
were able to delegate three such levels of control:

Exchange Full Administrator

Exchange Administrator

Exchange View Only Administrator
In Exchange Server 2007, Microsoft has removed administrative groups. For compatibility
reasons, every Exchange Server 2007 server that is installed in an existing Exchange 2000 or
Exchange 2003 organization will be made a member of a fixed single administrative group,
called Exchange Administrative Group (FYDIBOHF23SPDLT). To delegate permissions in an
Exchange 2007 organization, Microsoft introduced four new roles, as can be seen in Figure 6.3:

Exchange Organization Administrator

Exchange Recipient Administrator

Exchange View-Only Administrator

Exchange Server Administrator
FIGURE 6.3 Exchange 2007 administrator roles
81461.book Page 248 Wednesday, December 12, 2007 4:49 PM
Planning for Migration of Legacy Exchange Features
249
These new roles allow for more granularity when delegating permissions in your Exchange
organization.
It is not supported to move an Exchange Server 2007 to an administrative group
other than the default Exchange Administrative Group (FYDIBOHF23SPDLT).
Furthermore, it is prohibited to move an Exchange 2000 Server or an Exchange

Server 2003 server to this special Exchange 2007 administrative group!
Routing Groups
Routing groups were introduced with the release of Exchange 2000 Server. Every Exchange 2000
Server or Exchange Server 2003 that you would install would be made a member of a routing
group. Exchange servers that belonged to the same routing group in an Exchange 2000 or
Exchange 2003 environment were expected to have a reliable connection to one another. You
couldn’t control mail flow between servers in the same routing group, but you could configure mail
flow between routing groups by specifying limits, schedules, or permissions. To connect routing
groups in Exchange 2000 or Exchange 2003 organizations, you could use X.400 connectors,
SMTP connectors, or routing group connectors.
In Exchange 2007, the routing of messages between servers is based on Active
Directory sites. To maintain backward compatibility with Exchange 2000 and
Exchange 2003, all Exchange 2007 servers will be made members of a pre-
defined routing group, called Exchange Routing Group (DWBGZMFD01QNBJR).
It is not supported to move an Exchange Server 2007 server to a routing group
other than the default Exchange Routing Group (DWBGZMFD01QNBJR). Addi-
tionally, it is prohibited to move an Exchange 2000 Server or an Exchange Server
2003 server to this special Exchange 2007 routing group!
Active/Active Clustering
You could deploy Exchange 2000 Server and Exchange Server 2003 as an Active/Active cluster.
Doing so meant that both nodes in the two-node cluster would be active at the same time, and
were accessible for clients. Even though it was supported in previous versions of Exchange, it
was not recommended to deploy an Active/Active cluster, since you had to bear the four-storage-
group limit in mind and you had to be sure that both your nodes would be able to support the
extra workload of the other active node in case of a failover. It is not supported to deploy an
Exchange Server 2007 as an Active/Active cluster.
Coexistence with Exchange Server 5.5
Exchange Server 2007 does not support coexistence with Exchange Server 5.5. If your Exchange
organization still uses Exchange Server 5.5, you will need to transition first to Exchange 2000
Server or Exchange Server 2003, followed by transitioning to Exchange Server 2007.

81461.book Page 249 Wednesday, December 12, 2007 4:49 PM
250
Chapter 6

Planning an Upgrade to Exchange Server 2007
Exchange Server 5.5 can still exist next to an Exchange 2007 environment, but
direct interoperability is not possible.
Public-Folder Access Using OWA
As you will see in the following section, Microsoft has decided to include public folders in
Exchange Server 2007, but as a de-emphasized feature. In Exchange Server 2007 it is not
possible to gain access to public folders using Outlook Web Access.
Microsoft has announced that public-folder access using Outlook Web Access
will be possible with the release of Service Pack 1, scheduled to be released
in late 2007, as seen in Figure 6.4.
FIGURE 6.4 Public-folder access using OWA Exchange 2007 SP1 Beta
De-Emphasized Features in Exchange Server 2007
In this part of the chapter we will look at some features that are still available in Exchange
Server 2007 but that are de-emphasized. In short, it means that the following features might
not be supported in a next version of Exchange:

Public folders

CDOEx (CDO 3.0), WebDAV, and ExOLEDB
81461.book Page 250 Wednesday, December 12, 2007 4:49 PM