UNLEASHED
800 East 96th Street, Indianapolis, Indiana 46240 USA
Rand H. Morimoto, Ph.D., MCSE
Michael Noel, MCSE, MVP
Andrew Abbate, MCSE
Chris Amaris, MCSE, CISSP
Mark Weinhardt, MCSE
Microsoft
®
Exchange
Server
2007
Microsoft
®
Exchange Server 2007 Unleashed
Copyright © 2007 by Pearson Education
All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or
transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise,
without written permission from the publisher. No patent liability is assumed with respect to
the use of the information contained herein. Although every precaution has been taken in the
preparation of this book, the publisher and author assume no responsibility for errors or omis-
sions. Nor is any liability assumed for damages resulting from the use of the information
contained herein.
International Standard Book Number: 0-672-32920-4
Library of Congress Cataloging-in-Publication Data
Microsoft Exchange server 2007 unleashed / Rand H. Morimoto [et al.].
p. cm.
ISBN 0-672-32920-4
1. Microsoft Exchange server. 2. Client/server computing. I. Morimoto, Rand.
QA76.9.C55M5296 2006

005.7’1376—dc22
2006038777
Printed in the United States of America
First Printing: January 2007
06050403 4321
Trademarks
All terms mentioned in this book that are known to be trademarks or service marks have been
appropriately capitalized. Sams Publishing cannot attest to the accuracy of this information.
Use of a term in this book should not be regarded as affecting the validity of any trademark or
service mark.
Warning and Disclaimer
Every effort has been made to make this book as complete and as accurate as possible, but
no warranty or fitness is implied. The information provided is on an “as is” basis. The authors
and the publisher shall have neither liability nor responsibility to any person or entity with
respect to any loss or damages arising from the information contained in this book.
Bulk Sales
Sams Publishing offers excellent discounts on this book when ordered in quantity for bulk
purchases or special sales. For more information, please contact
U.S. Corporate and Government Sales
1-800-382-3419

For sales outside of the U.S., please contact
International Sales

Editor-in-Chief
Karen Gettman
Senior Acquisitions
Editor
Neil Rowe
Development Editor

Mark Renfrow
Managing Editor
Gina Kanouse
Project Editor
Betsy Harris
Copy Editor
Karen Annett
Indexers
Ken Johnson
Lisa Stumpf
Proofreader
Kathy Bidwell
Technical Editor
Brian Barber
Publishing
Coordinator
Cindy Teeters
Cover Designer
Gary Adair
Composition
Bronkella Publishing
LLC
Contributing Writers
Alec Minty, MCSE,
MVP
Jeff Guillet,
MCSE:Messaging,
MCSA:Messaging,
MCP+I
Kim Amaris, PMP

Ross Mistry, MCSE,
MCDBA, MCSA
Scott Chimner,
MCSE, TCSE, A+
Contents at a Glance
Introduction 1
Part I Microsoft Exchange Server 2007 Overview
1 Exchange Server 2007 Technology Primer
7
2 Best Practices at Planning, Prototyping, Migrating, and Deploying
Exchange Server 2007
35
Part II Planning and Designing an Exchange Server 2007 Environment
3 Understanding Core Exchange Server 2007 Design Plans
73
4 Architecting an Enterprise-Level Exchange Environment
93
5 Integrating Exchange Server 2007 in a Non-Windows Environment
107
6 Understanding Network Services and Active Directory Domain
Controller Placement for Exchange Server 2007
131
Part III Implementing Exchange Server 2007 Services
7 Installing Exchange Server 2007
177
8 Implementing Edge Services for an Exchange Server 2007
Environment
217
9 Using the Windows PowerShell in an Exchange Server 2007
Environment

269
Part IV Securing an Exchange Server 2007 Environment
10 Client-Level Secured Messaging
297
11 Server and Transport-Level Security
327
12 Encrypting Email Communications with Exchange Server 2007
373
13 Securing Exchange Server 2007 with ISA Server
395
14 Understanding Enterprise Policy Enforcement Security
427
Part V Migrations and Coexistence with Exchange Server 2007
15 Migrating from Windows 2000 Server to Windows Server 2003
457
16 Migrating to Exchange Server 2007
497
17 Implementing Client Access and Hub Transport Servers
563
18 Administering an Exchange Server 2007 Environment
597
19 Exchange Server 2007 Management and Maintenance Practices
647
20 Using Microsoft Operations Manager to Monitor Exchange
Server 2007
683
21 Using Terminal Services to Manage Exchange Servers
711
22 Documenting an Exchange Server 2007 Environment
733

Part VII Unified Communications in an Exchange Server 2007 Environment
23 Designing and Implementing Mobility in Exchange Server 2007
761
24 Designing and Configuring Unified Messaging in Exchange
Server 2007
793
25 Collaborating Within an Exchange Environment Using Microsoft
Office SharePoint Server 2007
847
26 Extending the Real-Time Communications Functionality of
Exchange Server 2007
871
Part VIII Client Access to Exchange Server 2007
27 Getting the Most Out of the Microsoft Outlook Client
899
28 Leveraging the Capabilities of the Outlook Web Access (OWA) Client
937
29 Using Non-Windows Systems to Access Exchange Server 2007
993
30 Deploying the Client for Microsoft Exchange
1015
Part IX Data Protection and Disaster Recovery of Exchange Server 2007
31 Continuous Backups, Clustering, and Network Load Balancing in
Exchange Server 2007
1045
32 Backing Up the Exchange Server 2007 Environment
1081
33 Recovering from a Disaster in an Exchange Server 2007
Environment
1115

Part X Optimizing Exchange Server 2007 Environments
34 Optimizing an Exchange Server 2007 Environment
1159
35 Designing and Optimizing Storage (SAN/NAS) in an Exchange
Server 2007 Environment
1189
Index 1211
Microsoft Exchange Server 2007 Unleashed
iv
Table of Contents
Introduction 1
Part I Microsoft Exchange Server 2007 Overview
1 Exchange Server 2007 Technology Primer 7
What Is Exchange Server 2007?
7
Understanding the Evolution of Exchange
8
Exchange Server 2007 Versions and Licensing
11
Choosing the Standard Edition of Exchange 2007
11
Expanding into the Exchange Server 2007 Enterprise Edition
12
Exchange Enterprise CAL Versus Standard CAL
12
What’s New in Exchange Server 2007?
13
What’s the Same Between Exchange 2000/2003 and Exchange
Server 2007?
13

What’s Missing in Exchange Server 2007 That Was in Previous
Versions?
14
Exploring the New Exchange Management Console
15
Providing Exchange Server 2007 on an x64-bit Platform Only
16
Improvements in Exchange Server 2007 Relative to Security and
Compliance
17
Exchange Server 2007 as the Focal Point for Remote and Mobile
Communications
19
Introducing Unified Messaging in Exchange Server 2007
21
Making Exchange Server 2007 Extremely Reliable and
Recoverable
22
Improving Configuration, Administration, and Management
Through the Exchange Management Shell
23
Understanding Exchange Server 2007 Server Roles and Mail Flow
25
Identifying Exchange Server 2007 Server Roles
25
How Messages Get to Exchange from the Internet
28
How Messages Route Within an Internal Exchange Environment
29
Understanding the Importance of Active Directory for an Exchange

Server 2007 Environment
29
The Role of the Directory in an Exchange Server 2007
Environment
30
The Role of Domain Name System (DNS) for Internal and
External Message Routing
30
The Role of Sites in Exchange Server 2007
30
Installing and Migrating to Exchange Server 2007
31
Installing Exchange Server 2007 from Scratch
31
Migrating to Exchange Server 2007
31
Managing and Administering Exchange Server 2007
32
Monitoring Exchange Using Microsoft Operations
Manager (MOM)
32
Summary
32
Best Practices
33
2 Best Practices at Planning, Prototyping, Migrating, and Deploying
Exchange Server 2007 35
Initiation, Planning, Testing, and Pilot: The Four Phases
to the Upgrade
36

Documentation Required During the Phases
37
Initiation Phase: Defining the Scope and Goals
38
The Scope of the Project
38
Identifying the Goals
40
Initiation Phase: Creating the Statement of Work
44
Summarizing the Scope of Work
45
Summarizing the Goals
45
Summarizing the Timeline and Milestones
46
Summarizing the Resources Required
47
Summarizing the Risks and Assumptions
48
Summarizing the Initial Budget
48
Getting Approval on the Statement of Work
49
Planning Phase: Discovery
49
Understanding the Existing Environment
49
Understanding the Geographic Distribution of Resources
50

Planning Phase: Creating the Design Document
51
Collaboration Sessions: Making the Design Decisions
52
Disaster Recovery Options
52
Design Document Structure
53
Agreeing On the Design
55
Creating the Migration Document
55
The Project Schedule
55
Create the Migration Document
56
Microsoft Exchange Server 2007 Unleashed
vi
The Prototype Phase 61
What Is Needed for the Lab?
61
Disaster Recovery Testing
62
Documentation from the Prototype
62
Final Validation of the Migration Document
63
The Pilot Phase: Deploying Services to a Limited Number of Users
63
The First Server in the Pilot

64
Choosing the Pilot Group
64
Gauging the Success of the Pilot Phase
65
The Production Migration/Upgrade
65
Decommissioning the Old Exchange Environment
66
Supporting the New Exchange Server 2007 Environment
66
Summary
67
Best Practices
67
Part II Planning and Designing an Exchange Server 2007 Environment
3 Understanding Core Exchange Server 2007 Design Plans 73
Planning for Exchange Server 2007
73
Outlining Significant Changes in Exchange Server 2007
74
Reviewing Exchange and Operating System Requirements
75
Scaling Exchange Server 2007
77
Having Exchange Server 2007 Coexist with an Existing Network
Infrastructure
77
Identifying Third-Party Product Functionality
78

Understanding AD Design Concepts for Exchange Server 2007
78
Understanding the AD Forest
78
Understanding the AD Domain Structure
80
Reviewing AD Infrastructure Components
81
Understanding Multiple Forests Design Concepts Using
Microsoft Identity Integration Server (MIIS) 2003
82
Determining Exchange Server 2007 Placement
82
Understanding Exchange Server 2007 Server Roles
83
Understanding Environment Sizing Considerations
84
Identifying Client Access Points
84
Configuring Exchange Server 2007 for Maximum Performance and
Reliability
85
Designing an Optimal Operating System Configuration
for Exchange
86
Avoiding Virtual Memory Fragmentation Issues
86
Contents
vii
Configuring Disk Options for Performance 86

Working with Multiple Exchange Databases and Storage Groups
87
Understanding Clustering for Exchange Server 2007
88
Monitoring Design Concepts with Microsoft Operations
Manager 2005
89
Securing and Maintaining an Exchange Server 2007 Implementation
89
Patching the Operating System Using Windows Software Update
Services
90
Implementing Maintenance Schedules
90
Summary
90
Best Practices
91
4 Architecting an Enterprise-Level Exchange Environment 93
Designing Active Directory for Exchange Server 2007
93
Understanding Forest and Domain Design
94
Outlining AD Site and Replication Topology Layout
95
Reviewing Domain Controller and Global Catalog Placement
Concepts
95
Configuring DNS
95

Determining Hardware and Software Components
96
Designing Server Number and Placement
96
Providing for Server Redundancy and Optimization
96
Reviewing Server Memory and Processor Recommendations
97
Outlining Server Operating System Considerations
97
Designing Clustering and Advanced Redundancy Options
97
Designing Exchange Server Roles in an Exchange Environment
98
Planning for the Mailbox Server Role
98
Planning for the Client Access Server Role
98
Planning for the Edge Transport Role
99
Planning for the Hub Transport Role
100
Planning for the Unified Messaging Role
100
Understanding a Sample Deployment Scenario
100
Designing Exchange Infrastructure
102
Determining the Exchange Version
102

Determining Exchange Databases and Storage Groups Layout
102
Outlining Exchange Recovery Options
103
Considering Exchange Antivirus and Antispam Design
103
Monitoring Exchange
104
Microsoft Exchange Server 2007 Unleashed
viii
Integrating Client Access into Exchange Server 2007 Design 104
Outlining Client Access Methods
104
Summary
106
Best Practices
106
5 Integrating Exchange Server 2007 in a Non-Windows Environment 107
Synchronizing Directory Information with Microsoft Identity
Integration Server (MIIS) 2003
108
Understanding MIIS 2003
108
Understanding MIIS 2003 Concepts
109
Exploring MIIS 2003 Account Provisioning
110
Outlining the Role of Management Agents (MAs) in MIIS 2003
111
Defining MIIS 2003 and Group Management

112
Installing MIIS 2003 with SQL 2000/2005
112
Synchronizing Exchange Server 2007 with Novell eDirectory
113
Understanding Novell eDirectory
113
Deploying MIIS 2003 for Identity Management
with eDirectory
114
Using Microsoft Directory Synchronization Services to
Integrate Directories
115
Installing the Microsoft Directory Synchronization Service
116
Synchronizing eDirectory/NDS with Active Directory
Using Services for NetWare
116
Implementing MSDSS
118
Identifying Limitations on Directory Synchronization
with MSDSS
118
Backing Up and Restoring MSDSS Information
119
Managing Identity Information Between LDAP Directories and
Exchange Server 2007
120
Understanding LDAP from an Historical Perspective
120

Understanding How LDAP Works
121
Outlining the Differences Between LDAP2 and LDAP3
Implementations
122
Using Services for UNIX to Integrate UNIX Systems with an Active
Directory/Exchange Server 2007 Environment
122
Understanding the Development of Services for UNIX
123
Outlining the Components of Services for UNIX
124
Detailing the Prerequisites for Services for UNIX
124
Installing Services for UNIX R2
125
Synchronizing User Information Between AD and UNIX
128
Contents
ix
Summary 130
Best Practices
130
6 Understanding Network Services and Active Directory Domain Controller
Placement for Exchange Server 2007 131
Domain Name System and Its Role in Exchange Server 2007
131
Domain Name System Defined
132
Using DNS

132
Understanding Who Needs DNS
133
Outlining the Types of DNS Servers
134
Examining UNIX BIND DNS
134
Exploring Third-Party (Checkpoint-Meta IP or Lucent
Vital QIP) DNS
134
Examining DNS Compatibility Between DNS Platforms
134
Examining DNS Components
135
DNS Zones
135
DNS Queries
137
DNS Replication or Zone Transfer
138
DNS Resource Records
138
Using DNS to Route SMTP Mail in Exchange Server 2007
143
Understanding SMTP Mail Routing
143
Examining Client DNS Use for Exchange
144
Understanding DNS Requirements for Exchange Server 2007
144

Using DNS in Exchange Server 2007
144
Configuring Edge Transport Server DNS Settings
145
DNS and SMTP RFC Standards
145
Interoperability with Older Versions of Exchange
146
SMTP Mail Security, Virus Checking, and Proxies
147
The Edge Transport Servers Role in Antivirus and Antispam
Protection
148
SMTP Server Scalability and Load Balancing
149
Configuring DNS to Support Exchange Servers
150
External DNS Servers for the Internet
150
Internal DNS Servers for Outbound Mail Routing
150
Troubleshooting DNS Problems
150
Using Event Viewer to Troubleshoot
151
Troubleshooting Using the ipconfig Utility
151
Monitoring Exchange Using Performance Monitor
152
Using nslookup for DNS Exchange Lookup

152
Microsoft Exchange Server 2007 Unleashed
x
Troubleshooting with DNSLINT 153
Using dnscmd for Advanced DNS Troubleshooting
154
Global Catalog and Domain Controller Placement
154
Understanding Active Directory Structure
154
Exploring AD Trees
155
Exploring AD Forests
155
Examining the Role of Domain Controllers in AD
157
Examining Domain Controller Authentication in
Active Directory
157
Determining Domain Controller Placement with
Exchange Server 2007
158
Defining the Global Catalog
159
Understanding the Relationship Between Exchange Server
2007 and the AD Global Catalog
159
Understanding Global Catalog Structure
160
Using Best Practices for Global Catalog Placement

160
Promoting a Domain Controller to a Global Catalog
161
Verifying Global Catalog Creation
162
Exploring Global Catalog Demotion
163
Deploying Domain Controllers Using the Install from
Media Option
163
Understanding Universal Group Caching for AD Sites
164
Exploring DSAccess, DSProxy, and the Categorizer
166
Understanding DSAccess
166
Determining the DSAccess Roles
166
Understanding DSProxy
168
Outlining the Role of the Categorizer
169
Understanding AD Functionality Modes and Their Relationship to
Exchange Groups
169
Understanding Windows Group Types
169
Defining Security Groups
169
Defining Distribution Groups

170
Outlining Mail-Enabled Security Groups in Exchange
Server 2007
170
Explaining Group Scope
170
Functional Levels in Windows Server 2003 Active Directory
171
Summary
173
Best Practices
173
Contents
xi
Part III Implementing Exchange Server 2007 Services
7 Installing Exchange Server 2007 177
Understanding the Prerequisites for Exchange Server 2007
177
The Importance of .NET Framework 2.0 in Exchange
Server 2007
177
Managing Exchange Server 2007 with the Microsoft
Management Console 3.0
178
Scripting Exchange Server 2007 with the Exchange
Management Shell
178
Running Exchange Server 2007 on Windows Server 2003
Operating System
178

Internet Information Services (IIS) 6.0 as a Critical Component
for Exchange Server 2007
178
Exchange Server 2007 Hardware Requirements
179
Exchange Server 2007 Now Requires 64-bit Architecture
179
Understanding Active Directory Requirements for Exchange
Server 2007
180
The Importance of Global Catalog Servers in Exchange
Server 2007
181
The Importance of Active Directory Sites and Services in
Exchange Server 2007
181
Understanding Domain and Forest Functional Levels Relative to
Exchange Server 2007
181
Permissions Considerations for Exchange Server 2007
183
Planning an Active Directory Infrastructure
184
Impact Forests Have on an Exchange Server 2007 Design
184
The Role of a Domain in Exchange Server 2007
184
Understanding How DNS and AD Namespace Are Used in
Exchange Server 2007
185

Planning a Proper Sites and Services Architecture
186
Establishing a Proper Global Catalog Placement Strategy
188
Upgrading from Previous Versions of Microsoft Windows
188
Upgrading from a Windows NT 4.0 Domain
189
Upgrading from Windows Server 2000 Active Directory
189
Implementing Active Directory from Scratch
190
Installing Windows Server 2003
190
Installing and Configuring Windows Server 2003 Service
Pack 1
192
Installing the Service Pack
193
Microsoft Exchange Server 2007 Unleashed
xii
Updating and Patching the Operating System 194
Installing the First Domain Controller for a New Domain
194
Configuring Active Directory Sites and Services
197
Configuring a Global Catalog Server
200
Preparing to Install Exchange Server 2007
200

Planning Your Exchange Server 2007 Installation
201
Choosing to Install Exchange in Either a Test or Production
Environment
201
Prototyping an Exchange Server 2007 Installation
201
Conducting Preinstallation Checks on Exchange Server 2007
203
Performing an Active Directory Health Check
203
Preparing the Active Directory Domain and Forest
204
Raising the Domain Functional Levels
205
Reviewing All Log Files Before Proceeding
206
Installing the Prerequisites for Exchange Server 2007
206
Installing the .NET Framework 2.0 Component
206
Verifying That Microsoft Management Console 3.0 Is Installed
206
Installing the Exchange Management Shell (EMS)
207
Configuring Internet Information Services (IIS) 6.0
207
Installing the First Exchange Server 2007 Server
208
Completing the Installation of Exchange Server 2007

211
Reviewing Installation Logs
212
Reviewing Event Logs
212
Performing Postinstallation Exchange Server Updates
212
Verify Server Roles Installed
212
Microsoft Exchange Best Practice Analyzer
212
Performing a Scripted Installation of Exchange Server 2007
213
Install Exchange Server 2007 in Unattended Mode via
the Command Prompt
213
Installing Other Exchange Server 2007 Server Roles into the
Infrastructure
214
Installation of the Client Access Server Role
215
Establishing Perimeter Security with the Edge Server Role
215
Configuring Hub Transport Servers in an Exchange Server 2007
Environment
215
Installing a Unified Messaging Server System
215
Installing the Mailbox Server Role
216

Summary
216
Best Practices
216
Contents
xiii
8 Implementing Edge Services for an Exchange Server 2007 Environment 217
Installing and Configuring the Edge Transport Server Components
217
Planning the Implementation of the Edge Transport Servers in
Exchange
218
Planning for the Message Processing Order of Edge Services
218
Installing Edge Transport Services on an Exchange Server
219
Understanding the Edge Transport Components in the
Exchange Management Console
222
Utilizing the Basic Sender and Recipient Connection Filters
224
Configuring an IP Allow List Using the Exchange Management
Console
225
Configuring an IP Block List Using the Exchange Management
Console
228
Configuring an IP Block List Providers Using the Exchange
Management Console
228

Configuring IP Block and Allow Lists Using the Exchange
Management Shell
229
Configuring Sender Filtering
230
Using the Exchange Management Shell to Add Blocked
Senders
231
Configuring Recipient Filtering
231
Using the Exchange Management Shell to Add Blocked
Recipients
233
Utilizing SenderID on an Edge Transport Server
233
Configuring SenderID
234
Creating a Sender Policy Framework Record
236
Configuring the SenderID Agent on the Exchange Edge
Transport Server
238
Using the Exchange Management Shell to Configure
SenderID
239
Using Content Filtering to Isolate Inappropriate Content
239
Configuring the Quarantine Mailbox for Captured Messages
241
Configuring Spam Quarantine

242
Configuring the Allowed Keyword or Phrases List
242
Configuring Keyword or Phrases List to Block Messages
243
Configuring the Exceptions List
244
Setting the Action Tab of the Content Filtering Agent
245
Fine-Tuning Content Filtering
245
Configuring Content Filtering Actions
245
Using the Exchange Management Shell to Configure
Content Filtering
246
Configuring Puzzle Validation for Content Filtering
247
Microsoft Exchange Server 2007 Unleashed
xiv
Using Content Filtering to Allow and Reject Domain-Level Content 248
Configuring the Content Filter Agent to Allow (White List)
Specific Recipients, Senders, and Sending Domains
248
Configuring the Content Filter’s SMTP Rejection Response
249
Filtering Content in a Message Attachment
249
Understanding Attachment Filtering Processing
250

Planning Attachment Filtering Processing
250
Using the Exchange Management Shell to Configure
Attachment Filtering
251
Using Sender/IP Reputation to Filter Content
252
Configuring Sender/IP Reputation
252
Configuring the Sender Reputation Agent Using the Exchange
Management Console
253
Configuring Sender Reputation Using the Exchange
Management Shell
254
Using Address Rewriting to Standardize on Domain Address
Naming for an Organization
254
Configuring Address Rewriting
255
Using EdgeSync to Synchronize Active Directory Information
to the Edge Transport Server
257
Understanding the EdgeSync Process
257
Using EdgeSync to Subscribe the Server to the Exchange
Server 2007 Organization
258
Maintaining the EdgeSync Schedule of Replication
258

Configuring EdgeSync on an Edge Transport Server
259
Creating a New EdgeSync Subscription File
260
Removing an EdgeSync Subscription
261
Starting EdgeSync Synchronization
261
Implementing Safelist Aggregation for Outlook 2003 and
Outlook 2007
261
Configuring Safelist Aggregation for Outlook 2003/2007
261
Managing and Maintaining an Edge Transport Server
263
Exporting and Importing Edge Transport Server Settings
263
Exporting Edge Transport Server Configuration
264
Importing Edge Transport Server Configuration
265
Viewing Antispam Reports Using Included PowerShell Scripts
266
Summary
267
Best Practices
267
Contents
xv
9 Using the Windows PowerShell in an Exchange Server 2007

Environment 269
Understanding the Exchange Management Shell
269
Understanding the Exchange Task Model
271
Understanding EMS Is the Back End to the Exchange
Management Console
272
Understanding Cmdlets as the Core to EMS
273
Common Uses of EMS
274
Understanding Administrative Functions
274
Understanding Reporting Functions of EMS
275
Explaining the Difference Between PowerShell and EMS
275
Common PowerShell Functions in EMS
275
Unique EMS Functions Specific to Exchange
276
Understanding the EMS Syntax
276
Understanding the Verb-Noun Construct
276
Walking Through Cmdlets in EMS
276
Getting Help with EMS
277

Using Pipelining in EMS
277
Using the WhatIf and Confirm Parameters
278
Creating Your Own Cmdlet
279
Demonstrating Cmdlet Examples
279
Combining Functions to Create a Cmdlet Library
280
Modifying and Applying Server Cmdlets to Other Systems
281
Managing Cmdlets
281
Developing a Common Naming Scheme
282
Distributing Cmdlets
282
Enabling Logging in EMS
282
Using EMS to Do Administrative Mailbox Tasks
282
Creating Mailboxes with EMS
282
Modifying Mailboxes with EMS
283
Moving Mailboxes Using EMS
283
Disabling Mailboxes with EMS
284

Using EMS to Do Administrative Server Tasks
284
Provisioning Storage Groups with EMS
285
Managing Mailbox Stores with EMS
285
Managing Connectors with EMS
286
Using EMS to Do Reporting
287
Generating Largest Mail User Reports
287
Generating User Distribution Reports
288
Microsoft Exchange Server 2007 Unleashed
xvi
Using This Data to Rebalance Mailbox Distribution 289
Working with Event Logs
292
Finding Other Resources
292
Resources on the Web
292
Utilities and Tools
293
Summary
293
Best Practices
293
Part IV Securing an Exchange Server 2007 Environment

10 Client-Level Secured Messaging 297
Microsoft’s Trustworthy Computing Initiative
297
Securing Your Windows Environment
298
Windows Server 2003 Security Improvements
299
Windows Vista Security Improvements
300
Utilizing Security Templates
301
Keeping Up with Security Patches and Updates
304
Client-Based Virus Protection
307
Windows Lockdown Guidelines and Standards
307
Exchange Server 2007 Client-Level Security Enhancements
308
Securing Outlook 2007
309
Outlook Anywhere
309
Encrypting Communications Between Outlook and Exchange
313
Authenticating Users
313
User Identification
314
Blocking Attachments

314
Protecting Against Spam
315
Exchange Server 2007 Antispam Features
315
Protecting Against Web Beaconing
316
Filtering Junk Mail
318
Filtering with Safe and Block Senders
319
Outlook Email Postmark
320
Blocking Read Receipts
320
Information Rights Management
321
Securing Outlook Web Access
321
Supported Authentication Methods
322
Disabling Web Beacons for Outlook Web Access
323
Using Safe and Block Lists
324
Summary
324
Best Practices
325
Contents

xvii
11 Server and Transport-Level Security 327
Considering the Importance of Security in an Exchange Server 2007
Environment
327
Microsoft’s Trustworthy Computing Initiative
328
Assessing Your Risks
329
Exchange Server 2007 Administrative Roles
330
Components of a Secure Messaging Environment
332
Hardening Windows Server 2003
332
Establishing a Corporate Email Policy
341
Securing Exchange Server 2007 Through Administrative
Policies
342
Securing Groups
343
Using Email Disclaimers
344
Standardizing Server Builds
346
Exchange Server-Level Security Features
346
Exchange Server 2007 Antispam Measures
347

Additional Antispam Measures
349
Protecting Exchange Server 2007 from Viruses
350
Transport-Level Security Defined
352
Encrypting Email Communications
352
Utilizing Public Key Infrastructure (PKI)
353
Utilizing S/MIME
354
Utilizing TLS and SSL
354
Exchange Server 2007 SMTP Connectors
354
Connector Topology
355
Understanding Receive Connectors
356
Understanding Send Connectors
356
How Connectors Are Created
357
Hub Transport Server Connectors
358
Edge Transport Server Connectors
361
Configuring Receive Connectors on the Edge Transport
Server

362
Configuring Send Connectors on the Edge Transport
Server
362
Automatic Creation of Send Connectors
362
Manual Completion of Send Connectors
363
Setting Message Delivery Limits
364
Configuring Authoritative Domains
365
Securing Windows for the Edge Transport Server Role
366
Implementing Network Security
367
Using the SCW Template
367
Microsoft Exchange Server 2007 Unleashed
xviii
Creating a New Edge Transport Server Security Policy 368
Administrator Permissions on an Edge Transport Server
370
Summary
371
Best Practices
371
12 Encrypting Email Communications with Exchange Server 2007 373
Understanding Public Key Infrastructure
374

Certificate Services in Windows Server 2003
374
PKI Planning Considerations
375
Fundamentals of Private and Public Keys
376
Understanding Certificates
377
Certificate Templates
377
Basic Encrypted Communications Using Outlook
378
Installing a Windows Certificate of Authority Server
380
Adding Certificate Services to a Server
380
Implementing Secured Email Communications with Exchange
Server 2007
382
Configuring Exchange User Certificates Using Autoenrollment
382
Adding the Template to the Certificate Server
384
Creating a Group Policy to Distribute User Certificates
384
Validating That Certificates Are Working Properly
385
Using Outlook to Send and Receive Digitally Signed and
Encrypted Emails
387

Fundamentals of Digital Signatures and Encryption
388
Making Sure Outlook Acknowledges the Certificate
389
Sending a Digitally Signed Email
389
Sending Encrypted Email Messages
392
Summary
393
Best Practices
393
13 Securing Exchange Server 2007 with ISA Server 395
Understanding the Internet Security and Acceleration (ISA)
Server 2006
396
Outlining the Need for ISA Server 2006 in Exchange
Environments
396
Outlining the High Cost of Security Breaches
397
Outlining the Critical Role of Firewall Technology in a
Modern Connected Infrastructure
397
Understanding the Growing Need for Application-Layer
Filtering
398
Contents
xix
Outlining the Inherent Threat in Exchange HTTP Traffic 399

Understanding Web (HTTP) Exploits
399
Securing Encrypted (Secure Sockets Layer) Web Traffic
400
Outlining ISA Server 2006 Messaging Security Mechanisms
401
Securing Exchange Outlook Web Access with ISA Server 2006
401
Exporting and Importing the OWA Certificate to the
ISA Server
402
Creating an Outlook Web Access Publishing Rule
405
Securing Exchange MAPI Access
411
Configuring MAPI RPC Filtering Rules
412
Deploying MAPI Filtering Across Network Segments
413
Securing POP and IMAP Exchange Traffic
413
Creating and Configuring a POP Mail Publishing Rule
413
Creating and Configuring an IMAP Mail Publishing Rule
414
Managing and Controlling Simple Mail Transfer Protocol
(SMTP) Traffic
415
Publishing the SMTP Server for Inbound Mail Access
416

Creating an SMTP Access Rule in ISA Server 2006
416
Customizing the SMTP Filter
417
Logging ISA Traffic
418
Examining ISA Logs
418
Customizing Logging Filters
420
Monitoring ISA from the ISA Console
421
Customizing the ISA Dashboard
421
Monitoring and Customizing Alerts
422
Monitoring Session and Services Activity
424
Creating Connectivity Verifiers
424
Summary
426
Best Practices
426
14 Understanding Enterprise Policy Enforcement Security 427
What Is Enterprise Policy Management in Exchange Server 2007?
428
Understanding Relevant Governmental Regulations for Policy
Enforcement
429

Understanding the ISO/IEC 17799 Security Standard
429
Understanding the Health Insurance Portability and
Accountability Act of 1996 (HIPAA)
431
Understanding the Gramm-Leach-Bliley Act
436
Understanding Sarbanes-Oxley
438
Microsoft Exchange Server 2007 Unleashed
xx
Using Transport Agents in Exchange Server 2007 439
Understanding the Role of Transport Agents in Policy
Management
439
Prioritizing Transport Agents
439
Using Pipeline Tracing to Troubleshoot Transport Agents
439
Outlining the Built-in Transport Agents in Exchange
Server 2007
440
Understanding the Hub Role Transport Agents in Exchange
Server 2007
440
Working with Transport Rule Agents
441
Configuring Rights Management Services Prelicensing Agent
442
Working with Journaling and Mail Retention Policies in

Exchange Server 2007
442
Setting Up Email Disclaimers
445
Implementing Transport Agent Policies on the Edge
446
Understanding the Role of EdgeSync in Exchange Policy
Management
446
Implementing Edge Rule Agents
447
Setting Up Address Rewriting Policies
447
Configuring Content Filtering Policies
447
Working with Sender Filtering Policies
447
Understanding and Configuring SenderID
447
Creating Messaging Records Management Policies
448
Understanding the Scope of MRM
448
Creating Custom Managed Folders
448
Creating Managed Content Settings
449
Creating Managed Folder Mailbox Policies
450
Applying Managed Folder Mailbox Policies to Mailboxes

450
Scheduling the Managed Folder Assistant
452
Summary
452
Best Practices
453
Part V Migrations and Coexistence with Exchange Server 2007
15 Migrating from Windows 2000 Server to Windows Server 2003 457
Understanding What Needs to Be Migrated to Windows
Server 2003
457
Exchange Server 2007 on a Windows Server 2003
Operating System
458
Exchange Server 2007 in a Windows 2000 Server Native
Functional Level Domain
458
Contents
xxi
Importance of Windows Server 2003 Relative to Flexible
Single Master Operation Roles
458
Forest Functional Level Requirements for Server
Exchange 2007
459
Beginning the Migration Process
459
Establishing Migration Project Phases
460

Comparing the In-Place Upgrade Versus New Hardware
Migration Methods
461
Identifying Migration Strategies: “Big Bang” Versus Slow
Transition
461
Exploring Migration Options
462
Upgrading a Single Member Server
462
Verifying Hardware Compatibility
462
Verifying Application Readiness
463
Backing Up and Creating a Recovery Process
463
Upgrading a Standalone Server
464
Upgrading a Windows 2000 Server Active Directory Forest
465
Migrating Domain Controllers
466
Upgrading the AD Schema Using adprep
467
Upgrading Existing Domain Controllers
469
Replacing Existing Domain Controllers
469
Moving Operation Master Roles
470

Retiring Existing Windows 2000 Domain Controllers
472
Retiring “Ghost” Windows 2000 Domain Controllers
472
Upgrading Domain and Forest Functional Levels
472
Moving AD-Integrated DNS Zones to Application Partitions
475
Upgrading Separate AD Forests to a Single Forest Using Mixed-Mode
Domain Redirect
476
Prerequisites and Limitations of the Mixed-Mode Domain
Redirect Procedure
476
Mixed-Mode Domain Redirect Procedure
476
Consolidating and Migrating Domains Using the Active Directory
Migration Tool
481
Understanding ADMT Functionality
481
Consolidating a Windows 2000 Domain to a Windows Server
2003 Domain Using ADMT
482
Using ADMT in a Lab Environment
482
ADMT Installation Procedure
482
Migrating Groups
486

Migrating User Accounts
489
Microsoft Exchange Server 2007 Unleashed
xxii
Migrating Computer Accounts 493
Migrating Other Domain Functionality
494
Summary
495
Best Practices
495
16 Migrating to Exchange Server 2007 497
Understanding How to Migrate to Exchange Server 2007
498
Simple Migration from Exchange 2000 Server and Exchange
Server 2003 to Exchange Server 2007
498
Restructuring Exchange as Part of the Migration to Exchange
Server 2007 498
Migrating to a Brand-New Exchange Server 2007 Organization
499
Migrating from Exchange Server 5.5
500
Migrating from Lotus Notes, Novell GroupWise, and Sendmail
500
Migrations Involving a Limited Number of Servers
500
Migrations Involving a Distributed Server Strategy
501
Understanding What’s New and What’s Different with Exchange

Server 2007
501
Exchange Server 2007 on x64-bit
501
Back to Just the EDB Database (STM Is Gone)
502
No Routing Groups in Exchange Server 2007
502
No Administrative Groups in Exchange Server 2007
503
No Link State Updates Required in Exchange Server 2007
503
Elimination of the Recipient Update Service (RUS) in
Exchange Server 2007
504
Managing a Coexisting Environment
504
No Support for Certain Exchange 2000 Server Components
505
No Support for Certain Exchange Server 2003 Components
506
Moving to Native Mode in Exchange
507
Converting to Native Mode
507
Deleting All Directory Replication Connectors
508
Performing Postmigration Cleanup
510
Deploying a Prototype Lab for the Exchange Server 2007

Migration Process
510
Creating Temporary Prototype Domain Controllers to
Simulate Migration
511
Seizing Operations Master (OM) Roles in the Lab
Environment
511
Contents
xxiii
Restoring the Exchange Environment for Prototype Purposes 513
Validating and Documenting Design Decisions and
Migration Procedures
513
Migrating to a Brand-New Exchange Server 2007 Environment
513
Migrating from Exchange 2000 Server or Exchange Server 2003
to Exchange Server 2007
514
Planning Your Migration
514
Testing the Migration Process
517
Backing Up Your Production Environment
518
Preparing the Exchange Server 2007 Server with Windows
518
Preparing Exchange 2000 Server or Exchange Server 2003
Permissions
518

Extending the Active Directory Schema
519
Installing Exchange Server 2007 Prerequisites
519
Installing Exchange Server 2007 on a Server System
521
Moving Mailboxes
525
Adding Unified Messaging and Edge Transport Servers and
Enterprise Policies
529
Replicating Public Folders from Exchange 2000 Server or
Exchange Server 2003 to Exchange Server 2007
529
Cleaning Up the Exchange 2000 Server and Exchange
Server 2003 Environments
531
Migrating from Exchange Server 5.5 to Exchange Server 2003
534
How Exchange Server 2003 Differed from Exchange
Server 5.5
534
Reviewing the Prerequisites for Migrating from Exchange
Server 5.5 to Exchange Server 2003
535
Checking the Exchange 5.5 Environment with the
Exchange Server 2003 Deployment Tools
535
Preparing the Exchange Server 5.5 Organization for the
Migration

536
Structuring the Migration for Best Results
538
Performing Single-Site Exchange Server 5.5 Migrations
539
Performing Multisite Exchange Server 5.5 Migrations
539
Performing Multiorganization Exchange Server 5.5
Migrations
539
Preparing the Active Directory Forest and Domain for
Exchange Server 2003
540
Extending the Active Directory Schema
540
Preparing the Windows Server 2003 Domains to Support
Exchange Server 2003
541
Verifying the Organization Settings with OrgPrepCheck
541
Microsoft Exchange Server 2007 Unleashed
xxiv