24 Hours Of Exchange Server 2007 (Part 1 Of 24)

Harold WongSenior Technology SpecialistMicrosoft Corporation

24 Hours of Exchange Server 2007 24 Hours of Exchange Server 2007 (Part 01 of 24): Integration of Exchange (Part 01 of 24): Integration of Exchange Server 2007 and Active DirectoryServer 2007 and Active Directory

http://www.microsoft.com/exchange/preview/evaluation/default.mspx

What Will We cover?What Will We cover?

• MicrosoftMicrosoft®® Exchange Server 2007 integration Exchange Server 2007 integration with Active Directorywith Active Directory®® directory service directory service

• Message routing using Active Message routing using Active Directory sitesDirectory sites

• New Exchange Server administrator rolesNew Exchange Server administrator roles

Level 200

Helpful ExperienceHelpful Experience

• Experience with Active DirectoryExperience with Active Directory

• Understanding of Active Directory sitesUnderstanding of Active Directory sites

• Experience with Microsoft® Exchange Server Experience with Microsoft® Exchange Server 20032003

AgendaAgenda

• Integrating with Active DirectoryIntegrating with Active Directory

• Planning for Exchange Server 2007Planning for Exchange Server 2007

• Understanding Exchange Server permissionsUnderstanding Exchange Server permissions

Architectural GoalsArchitectural Goals

Active Directory TopologiesActive Directory Topologies

Resource ForestCross ForestSingle Forest

Review: Integrating with Active Review: Integrating with Active Directory (1)Directory (1)

• Which of the following was not one of the Which of the following was not one of the

• basic architectural goals in the development basic architectural goals in the development

• of Exchange Server 2007?of Exchange Server 2007?

• ComplexityComplexity

• FlexibilityFlexibility

• TrustworthinessTrustworthiness

• ScalabilityScalability

Review: Integrating with Active Review: Integrating with Active Directory (2)Directory (2)• Which type of Active Directory topology Which type of Active Directory topology • allows you to separate the administration of allows you to separate the administration of • Exchange Server from that of Active Directory?Exchange Server from that of Active Directory?

• Single forest topologySingle forest topology• Cross-forest topologyCross-forest topology• Resource forest topologyResource forest topology• Multiple forest topologyMultiple forest topology

Review: Integrating with Active Review: Integrating with Active Directory (3)Directory (3)

• In a cross-forest infrastructure, what In a cross-forest infrastructure, what

• Exchange Server 2007 role manages the Exchange Server 2007 role manages the

• communication between organizations?communication between organizations?

• Client Access server roleClient Access server role

• Edge Transport server roleEdge Transport server role

• Hub Transport server roleHub Transport server role

• Mailbox server roleMailbox server role

AgendaAgenda




Active Directory Site Structure Active Directory Site Structure for Routing Mailfor Routing Mail

Overview of IP Site LinksOverview of IP Site Links

IP Site LinkIP Site Link

1010

1010

1515

1010

1515

1010

1010

1010

Access to Active DirectoryAccess to Active Directory

User ConfigurationUser ConfigurationSite ConfigurationSite ConfigurationExchange Server 2007 RolesExchange Server 2007 Roles

Schema Schema PartitionPartition

Configuration Configuration PartitionPartition

Domain Domain PartitionPartition

Edge Transport Server RoleEdge Transport Server Role

Server Roles and Active Server Roles and Active DirectoryDirectory

Schema Schema PartitionPartition

Configuration Configuration PartitionPartition

Domain Domain PartitionPartition

Active Active Directory Directory

APIAPI

Mailbox Server RoleMailbox Server Role

Unified Messaging Server RoleUnified Messaging Server Role

Client Access Server RoleClient Access Server Role

Hub Transport Server RoleHub Transport Server Role

Exploring the Demo EnvironmentExploring the Demo Environment

Explore Domain Users and ComputersExplore Domain Users and Computers Check the Active Directory PartitionsCheck the Active Directory Partitions

demonstrationdemonstration

Review: Planning for Exchange Review: Planning for Exchange Server 2007 (1)Server 2007 (1)

Where does Exchange Server 2007 store Where does Exchange Server 2007 store

attribute, configuration, and recipient attribute, configuration, and recipient

information?information?

1.1. Schema partitionSchema partition

2.2. Configuration partitionConfiguration partition

3.3. Domain partitionDomain partition

4.4. All of the aboveAll of the above


How does Exchange Server 2007 determine the best How does Exchange Server 2007 determine the best route to deliver mail within an Exchange route to deliver mail within an Exchange organization?organization?

1.1. By the cost of an IP site linkBy the cost of an IP site link

2.2. By the fastest WAN connectionBy the fastest WAN connection

3.3. Using routes configured in Exchange ServerUsing routes configured in Exchange Server

4.4. By the replication interval of a site linkBy the replication interval of a site link


Which server role will first attempt direct Which server role will first attempt direct

communication rather than examining site communication rather than examining site

link costs when sending data between sites?link costs when sending data between sites?

1.1. Client Access server roleClient Access server role

2.2. Edge Transport server roleEdge Transport server role

3.3. Hub Transport server roleHub Transport server role

4.4. Mailbox server roleMailbox server role

AgendaAgenda




Administrative ChangesAdministrative Changes

Exchange Server 2003/2000 Administrative Groups• Insufficient flexibility to effectively manage permissions• Rarely used in Exchange Server 2003 organizations

Exchange Server Security and Exchange Server Security and PermissionsPermissions

Exchange Server 2003

• Predefined Security Roles• Lack of specificity• Little difference between roles• No clear separation between Exchange Administrative Roles

and Active Directory Admins

Exchange Server 2007

• New Administrator Roles• Managed from either the Exchange Management Console or the Exchange Management Shell• No need to alter ACL settings

Split Permissions ModelSplit Permissions Model

Administrator Roles in Exchange Administrator Roles in Exchange ServerServer

Owners of the Exchange organizationRead access to all domain user containersWrite access to all Exchange-specific attributesOwner of all local server configuration data

Must run Setup /PrepareDomain for eachdomain for this group to be applicableRead access to all the Domain User containers Write access to all the Exchange-specific attributesOwner of all local server configuration data.Local administrator on the computer on which Exchange Server is installed.Members of Exchange View-Only Administrators

Read-only access to the entire Exchange organization tree

Exchange Organization

Administrators

Exchange Recipient Administrators

Exchange Server Administrators

Exchange View-Only Administrators

GlobalData

RecipientData

ServerData

Accessing Administrative Roles

Explore the Administrative RolesExplore the Administrative Roles

demonstrationdemonstration

Review: Understanding Review: Understanding Exchange Permissions (1)Exchange Permissions (1)

How many predefined administrative groups How many predefined administrative groups

are provided with Exchange Server 2007?are provided with Exchange Server 2007?

1.1. ThreeThree

2.2. FourFour

3.3. FiveFive

4.4. SixSix


Which role provides permissions to modify any Which role provides permissions to modify any

Exchange property on an Active Directory user, Exchange property on an Active Directory user, contact, group, or public folder object?contact, group, or public folder object?

1.1. Exchange Organization AdministratorsExchange Organization Administrators

2.2. Exchange Recipient AdministratorsExchange Recipient Administrators

3.3. Exchange Server AdministratorsExchange Server Administrators

4.4. Exchange View-Only AdministratorsExchange View-Only Administrators


Which role does Which role does notnot provide organization-wide provide organization-wide

permissions to an Exchange administrator?permissions to an Exchange administrator?

1.1. Exchange organization administratorsExchange organization administrators

2.2. Exchange recipient administratorsExchange recipient administrators

3.3. Exchange server administratorsExchange server administrators

4.4. Exchange view-only administratorsExchange view-only administrators

Session SummarySession Summary

• Exchange Server 2007 utilizes Active Exchange Server 2007 utilizes Active Directory sites and site links for routing mailDirectory sites and site links for routing mail

• Each server role manages Exchange data in Each server role manages Exchange data in Active Directory partitionsActive Directory partitions

• Improved Exchange administrative roles Improved Exchange administrative roles simplify permission delegationsimplify permission delegation

Questions and AnswersQuestions and Answers

• Submit text questions using the “Ask” button. Submit text questions using the “Ask” button. • Don’t forget to fill out the survey.Don’t forget to fill out the survey.• For upcoming and previously live webcasts: For upcoming and previously live webcasts:

www.microsoft.com/webcasts

• Got webcast content ideas? Contact us at: Got webcast content ideas? Contact us at: http://go.microsoft.com/fwlink/?LinkId=41781

• Today's webcast was presented using MicrosoftToday's webcast was presented using Microsoft®® Office Live Meeting. Get a free 14-day trial by Office Live Meeting. Get a free 14-day trial by visiting: visiting: www.microsoft.com/presentlive

http://www.microsoft.com/webcasts

http://go.microsoft.com/fwlink/?LinkId=41781

http://www.microsoft.com/presentlive

24 Hours Of Exchange Server 2007 (Part 1 Of 24)

Business

Transcript of 24 Hours Of Exchange Server 2007 (Part 1 Of 24)