Wednesday, May 9, 2007

Exchange 2007 Server Roles in a Summary

Exchange 2007 has introduces server roles based model, which provides better, strong Exchange infrastructure. With exchange 2003, when Enterprise needed some certain roles such as Exchange Bridge head server, just routes SMTP mail in and out to the Mail box server, we had to go back to Exchange Public folder databases and delete them all since server was not going to be used as mailbox server.

Most of the time e implemented in DMZ a hardware solution, as Mail gateways and Smart host with capabilities spam and virus scanning cap[abilities when mail get accepted from internet.

Now Exchange 2007 is providing this entire same requirement with plus enhancements, along with ROLE base more granular control over SMTP domain infrastructure and needs

Hub Transport Server Role (HTS)

Responsible for all message within the SMTP E-mail Domain, Every Mail is touched by Hub Transfer Role, When message send from user A to user B, Hub Transfer is responsible moving this message, even these user messages are sitting on the same Mail server.

Journaling E-mails

Client Access Server Role (CAS)

This is as Close as Exchange FE( front End) Role in exchange 2003, so The key role of CAS is

All Client compliance connectivity pieces, Client connectivity protocol are handled here, including OUTLOOK Anywhere

POP3, IMAP4, Exchange active sink, Exchange web access.

Outlook Anywhere( new name for OWA)


Unified Messaging Server Role (UMS)

UM server is responsible handling inbounded calls , it is tight into voice mail , exchange 2007 client gets their voice mail right into their outlook.

Mailbox Server Role (MS)

MAPI connections will be handled on Mailbox Server Role.

User mailboxes will be sitting in the MS.

Edge Transport Server Role (ETS)

Sits in DMS, it is NOT a member of your domain ( it can be)

This is Smart Relay host, handling outbound and inbound SMTP traffic, and also

When E-mail hits the Edge transport role, Edge server talks to your Hub transport server back into your network and passes SMTP traffic on port 25.

Edge uses ADAM and sync the following information into the ADAM which is sitting on the local server

  • Accepted domains
  • Remote domains
  • Message classifications
  • Recipients (Hashed)
  • Safe Senders Lists (Hashed)
  • Send Connectors
  • Hub Transport server list (for dynamic connector generation)
  • TLS Send and Receive Domain Secure lists
  • Internal SMTP Servers list

Designed to minimize the attack surface, the Edge Transport server handles all Internet-facing mail flow and provides Simple Mail Transfer Protocol (SMTP) relay and smart host services for the Exchange organization. Additional layers of message protection and security are provided by a series of agents that run on the Edge Transport server and act on messages as they are processed by the message transport components. These agents support the features that provide protection against viruses and spam and apply transport rules to control message flow

Edge sits on DMZ, your organization's perimeter network. Edge transport server role is sit by its own and Sits in DMZ. Edge won't handle any of the Client communications it is dedicated for SMTP communication only; it is Smart host or SMTP mail gateway for SMTP domain.

Main communication model will be Edge transport Server Role. Edge transport server role is optional but it is recommended. Edge transport server, who sits in DMZ, triggers the EdgeSync service over secure LDAP (TCP 50636) EdgeSync synchronization process provides one-way replication of data from Active Directory to ADAM, Changed data in ADAM never synchronizes to Active Directory.

Download the ADAM form a link I have provided. Here is recap for ADAM. An application can use Active Directory Application Mode to store "private" directory data, which is relevant only to the application, in a local directory service. The idea is simple and necessary, especially in new Exchanged 2007 role bases administration model.

Where does exchange 2007 store, attribute, configuration and recipient information

NTDS.DIT database is portioned database, and Exchange utilize following partitions.

  • Domain
  • Configuration
  • Schema

How Exchange 2007 does determines the best route delivery mail within SMTP Domain

By the Cost of an IP site link, Exchange is Site Aware and will look at the Proper SITE in AD.

Exchange 2007 has delegation of administration summarized as below.

Exchange Organization Administrator ROLE 

Read access to all Domain users Contains, access all exchange specific attributes and configuration data

Exchange Recipient Administrator ROLE

Must run Setup/PrepareDomain for each domain for this group to be applicable, Write access to all exchange-Specific attribute

Exchange View-Only Administrator ROLE

Read only type access 

Exchange Server Administrator ROLE

Local administrator on the local Server.


Oz Ozugurlu


Steven & Mar said...

Hi there,

What about if I want to transfer the UM role to a brand new server? What process would I have to take?


Oz Ozugurlu said...

I think bringing up a new UM server and configuring the Gateway will do the trick.
1. Re-assing all dailplan to this server
2. Change your gateway to point to new UM server (SIP target IP

Check this out
Thanks for reading my blog and hope thinks I have provided will remedy to your question
Best regards

Anonymous said...
This comment has been removed by a blog administrator.
Brendon Smith said...

Excellent write up! In my limited experience, however, I’ve found out that to Convert edb to pst - EdbMails is the best option as it can handle most exchange recovery tasks gracefully. It supports export of mailboxes to PSTs and also has an extensive range of filtering options. It is a forensic recovery that can extract most data from even corrupt or inaccessible exchange databases.It supports public, private folder recovery along with migration to Live exchange and Office 365. Archive mailbox migration is also supported by edbmails