Exchange Server 2007 Webcast Series (Part 2 of 24) Q&A Log

Part 2 of 24 in the Exchange Server 2007 webcast series is now complete.  We had a very nice sunny day in Phoenix this time around and no power interruptions occured!!  I would like to thank my team mate, Viral Tarpara as well as Scott Schnoll from the Exchange team for helping out with questions during the webcast!!

There were quite a few attendees online and just like part 1, we had a lot of questions.  I have done my best to edit the Q&A log so that it is readable (I did not check spelling or grammar of questions).  I know there are duplicate questions (from different attendees) despite the fact that I did my best to eliminate them.  I am posting the edited Q&A log below.  If I missed something, please let me know.  Thanks.

Harold Wong

Exchange Server 2007 Series (Part 2 of 24) Questions and Answers Log (1-24-07)

Question: Where do I find links on how to move and Exchange 2003 server to a Exchange 2007 server. We currently get our email thru ISP via MX records. I assume the 2007 will be a Hub transport.

Answer: Your best bet for this information is here: If you are looking to upgrade your Exchange Organization (I'm NOT referring to an in-place upgrade), then look for the Planning and Deploying information. Also, you will need to implement the Mailbox Server Role, Hub Transport Role and Client Access Server Role in order to have a fully functional Exchange 2007 environment. – Harold

Also, see and for details on moving from Exchange 2003 to Exchange 2007

Question: I was told that when I receive my EX07 DVD that it will have a 180day trial of Forefront, is that true?

Answer: Yes, Forefront Security for Exchange Server is on the DVD.

Question: If you use CCR how do you get redundancy for public folders?

Answer: See for details on CCR and Public Folders.

Question: Is there an electrical storm in Arizona today?

Answer: No storm today – the sun is out and it is a gorgeous day today!!!

Question: forefront is the final version or its beta yet?

Answer: The final version.

Question: Since my current EX03 is receiving email from our ISP via MX records, I assume I will set up the EX07 as a HUB transport?

Answer: It depends on what you are trying to do.  If you plan to “upgrade” your Exchange Organization from Exchange 2003 to Exchange 2007, you would need to implement the following roles (as a minimum): Mailbox, Hub Transport and Client Access Server.  These three roles can reside on the same physical server or on different servers.  In addition to these three roles, you can also introduce an Edge Transport Server in the DMZ to receive (and send) your Internet email.  If you would like, you could implement the Edge Transport Server in the DMZ first (before you implement Exchange Server 2007 Mailbox, HT and CAS into the internal side).

Question: runs exchange 2007 on a SBS 2003?

Answer: No. The version of SBS that contains Exchange 2007 has not yet been released.  If you would like, you can install Exchange Server 2007 onto another server that is a member of your SBS 2003 Domain.

Question: Is 400 the top level?

Answer: Yes, when referring to the level of content we deliver.  100 is the basic and 400 is the most technical.

Question: Is both Outlook 2007 and user mailbox on Exchange 2007 a prerequisite to use Safe List aggregation feature?

Answer: You can use Outlook 2003 or Outlook 2007, but you do need Exchange 2007.

Question: Can the Edge server be installed on 32 Bit hardware?

Answer: Not in production, as all Exchange servers used in production must be 64-bit.

Question: Where can we find a 32-bit version for the purposes of testing, etc?

Answer: On the Microsoft Download Center. See also,

Question: Did he just say "brain fart"?

Answer: Yes, I did.  “Brain Fart” is a very technical term along with “Thingy Majig”.  J - Harold

Question: are there any classes that just cover certain aspects of Exchange - like routing and smtp, etc

Answer: Yes, there are some Exchange 2007 courses coming. See,, and See also, for Virtual Labs.

Question: Where should spam filter appliance be installed in the exchange 2007 architecture?

Answer: You should check with the manufacturer of the device because they can operate differently from product to product.

Question: Which role should my server run to receive internet mail? Is the edge transport role necessary to receive internet mail?

Answer: Either Edge Transport or Hub Transport can be used, but Edge Transport would be a better choice, as it provides greater security and a perimeter-network approach to message hygiene.

Question: Do you know when SBS will be release with Exchange 2007?

Answer: The next major release of SBS (codenamed Cougar) will be 64 bit only following the release of Windows Longhorn Server:

Question: Does Exchange 2007 have the same administrative groups? or include some group or news policies?

Answer: It does have new groups and policies to handle role-based tasks and servers.

Question: how many servers can hold the hub transport role in a site? May I have 2 for redundancy?

Answer: We recommend you use redundant server roles for availability. You can have several in one Site, but for availability, at least two would be required.

Question: Is an exchange server required to exist in each AD Site?

Answer: No, that is not a requirement.

Question: We currently have Outlook 03 and will move to Outlook 07. After we do that and move the EX from 03 to 07 will the Outlook 07 automatically find the server? or will we have to reconfigure Outlook 07?

Answer: Depending on your network topology and the way you deploy, there may be a change that you would have to reconfigure, but it should be automatic.

Question: If we have FE, BridgeHead and Backend server's in Exchange 2003 native mode environment, which sequence we need to add exchange 2007?

Answer: We recommend you introduce an Exchange 2007 Client Access Server first. But before you do that, scan your existing Organization with the Exchange Server Best Practices Analyzer (v2.7 or later), and on the Exchange 2007 Readiness Check page, it will list what type of Exchange organization you have, and provide you with a direct link to the docs for migrating your organization to Exchange 2007.

Question: Can the hub transport role be clustered

Answer: No, only the Mailbox server role can be installed in a Windows failover cluster. For Hub Transport server high availability, simply deploy multiple Hub Transport servers in the same Active Directory Site. Resiliency is built-in. 🙂

Question: what are the server specs for a hub transport server?

Answer: See and

Question: Can we migrate all settings from Exchange03 to Exchange07? And get the same settings with new features?

Answer: No, mainly because of the many changes between Exchange 2003 and Exchange 2007. There is no in-place upgrade, so basically you will be introducing new servers, with new features, and you'll want to configure those accordingly.

Question: what is the current goal for Longhorn to be released?

Answer: We do not have a hard release date for Windows Longhorn Server yet.

Question: In e2k7 do we need to create send/receive connectors (like routing group connectors in e2k3) in order to route mail between sites?

Answer: No. Please see

Question: Will there be Mixed mode or Native mode Exchange 2007? if so, what is lost in the 2003/2007 mixed mode?

Answer: There is no Exchange 2007 Native Mode, it is just Exchange Native (which is required to install Exchange 2007 into an existing Exchange 2000 / 2003 Organization).  If you continue to co-exist with Exchange 2000 / 2003, some capabilities won’t be available.  One feature that is lost is the new "out of office" enhancement if you mailbox still resides on the non-Exchange 2007 Server.

Question: What are the minimun hardware requisites for Exchange 07? Can work together with DC running on Server03?

Answer: The system requirements are at  It is technically possible to install Exchange 2007 on the same server as the DC / GC.  You will want to evaluate your environment and decide whether this makes sense or not.  It is always recommended that you have a separate server for these services.

Question: Does E2K7 use CDO?

Answer: Much of Exchange's CDO technologies have been deprecated or de-emphasized. Please see

Question: But Ultimately AD also uses Link state Routing correct?

Answer: Yes, it uses its own link state routing.

Question: can we upgrade our exchange 2003 Client Access license to the exchange 2007 enterprise client access license? Or we have to buy all new licenses?

Answer: We no longer offer upgrades for these types of scenarios.  If you did not purchase Software Assurance (SA) with your Exchange 2003 CALs, then you would need to purchase a brand new CAL.  The same applies to the Server license. -  Harold Wong

Question: Is Outlook2007 included with the Exchange 2007 DVD?

Answer: No, it is not. Unlike Exchange 2003, an Outlook CAL is not included with Exchange 2007.

Question: What kind of new logging features in Ex2007 (monitoring) since not everyone needs MOM?

Answer: Content on monitoring without MOM is still under development, but should be published to soon.

Question: will there be some level 400 webcasts on clustering (covering SCC) and hw sizing?

Answer: Thanks for the suggestion. It is under consideration. In the meantime, you can find content on SCC at You can find hardware sizing info at and

Question: Currently using Outlook 2002. Do I need new CALs for Exchange 2007?

Answer: If you deploy Exchange Server 2007, you will need to have the Exchange 2007 CAL for clients to access your Exchange 2007 servers.  There is no direct link between the version of Outlook you use (or any messaging client for that perspective) and the CAL for Exchange.  The thing to remember is that Exchange Server 2007 requires Exchange 2007 CALs.  If you purchased Software Assurance (SA) on your Exchange CALs then you will automatically get the 2007 CALs (provided your SA was current at the time Exchange hit the price lists).

Question: Is an Exchange license required for each of the physical servers that an exchange server role is installed?

Answer: Yes, but you can put multiple roles on a single server to reduce cost.

Question: I currently run a 4 node Exchange cluster. The Hub Transport Role creates a need for additional hardware that I did not require in 2003. That’s not simplistic.

Answer: On the surface that is indeed true.  However, depending on the reason you deployed a 4 node single copy cluster on Exchange 2003, you may not need to do that in Exchange 2007.  It may be that you only need one CCR Cluster in Exchange 2007 and 2 additional servers for the Hub Transport and Client Access Server Roles.  I’m not saying this is indeed your situation, but please evaluate your needs before assuming you will have to add additional servers when moving to Exchange 2007.  Since the Mailbox server is the only 2007 role that can be clustered, you do need separate hardware for other server roles, such as the Hub Transport and Client Access servers.  -  Harold Wong

Question: does the edge have to be a physical server sitting on the dmz?

Answer: Yes.

Question: What roles are required if you only run one Exchange 2007?

Answer: You need at least the Mailbox, Hub Transport, and Client Access server roles.

Question: Nothing in the E2K7 architecture prevents antivirus deployment on hub transport and client access roles, correct?

Answer: Look approved Exchange Server ISVs to find an appropriate Anti-virus solution. Each solution is different and interfaces at different layers.

Question: is the edge transport server compatible with non-Exchange e-mail systems?

Answer: Absolutely! It's intended as the Internet-facing SMTP gateway for organizations, so it will accept messages from SMTP servers of all types.

Question: In a small environment - single server - how would I deploy anti-virus, anti-spam? Do I need a edge transport server deploy Microsoft's ant-virus antii-spam?

Answer: No, Edge is not required. As Harold just mentioned, you can use a Hub Transport server as your Internet-facing SMTP server. After you install the Hub Transport server, you run an Exchange Management Shell script to install the anti-spam agents. And you can also install Exchange-aware anti-virus software on the Hub Transport server, too.

Question: Do you recommend installing Exchange on Virtual Servers?

Answer: In a lab, demo, or test environment, yes. In production, it’s not supported.

Question: will there be a document on permissions with E2k7 like there was for E2k3 called "Working with AD permissions" - scenario: Recipient admin must be more granular than domain level

Answer: See

Question: Is it suggested to put the edge server in a true DMZ or is Microsoft recommending it be published via ISA?

Answer: Edge Transport server is only supported in a perimeter network. You can use ISA as the firewall server, but do not use ISA's built-in SMTP screening/filtering capabilities.

Question: What is the advantage of having an edge server over using just a hub server?

Answer: This server role is for perimeter network deployment. It supports Simple Mail Transfer Protocol (SMTP) routing, provides anti-spam filtering technologies and support for antivirus extensibility. The Edge Transport server should be isolated from the Active Directory directory services, but can still leverage Active Directory for recipient filtering by using Active Directory Application Mode (ADAM). EdgeSync in Exchange Server 2007 publishes pertinent organization information, encrypted, to the Edge Transport server for use in robust recipient filtering and respects Microsoft Outlook safe sender lists on the Edge. Communications between the Edge Transport server and the internal network in an Exchange Server 2007 organization are encrypted by default. Edge Transport includes anti-spam technologies that protect at many layers.

Question: Can IIS SMTP/NNTP be installed after installing the Exchange Transport Service?

Answer: No. We do not support IIS SMTP or NNTP on any Exchange 2007 servers.

Question: Does can a Hub Transport Server Role run like secondary service a Edge Transport server role?

Answer: I’m not fully understanding this question, but if you are asking if the server hosting the Hub Transport Server Role can also host the Edge Transport Server Role, the answer is No.

Question: do the MS anti-spam, anti-virus tools come with exchange or are they a separate license?

Answer: The Edge Transport and Hub Transport server roles do include anti-spam features. Depending on what licenses you buy for Exchange, you may also be entitled to Forefront Security for Exchange Server. See for more information.

Question: how is OWA handle where does it get installed

Answer: Outlook Web Access is a feature of the Client Access Server role. See for more information.

Question: How do we put a disclaimer on outgoing e-mail at the Hub

Answer: you can define a hub transport rule to add a disclaimer to any emails.

Question: I have a two node back end cluster. May I install the mailbox, hub transport and the client access role to these servers? You mentioned before that only the mailbox role is clustered, but may I install and the rest roles to these servers for reduntancy?

Answer: No, only the Mailbox server role can be installed in a Windows failover cluster (using Windows Cluster service). Client Access and Hub Transport must be installed on non-clustered servers. For high availability for Client Access and Hub Transport, see

Question: What does the edge server do that the hub server doesn't do?


Question: Can you mix and match standard and enterprise version of Exchange for each of the physical servers that the Exchange server roles are installed?

Answer: Yes.  You can also mix and match the enterprise and standard editions of Windows Server 2003 with the different editions of Exchange 2007.

Question: Is there a timeline yet for when partners will be teaching the new Exchange 2007 courses?

Answer: I don’t know the exact timeline, but the courseware is being developed as we “speak” along with the certification exam.

Question: if the edge server is not installed on the domain, then it cannot be used as a relay server, correct? if we have 3 different mailbox servers the edge server will need to deliver all mail to one of the exchange server, which then delivers to the other 2

Answer: Edge is designed to live outside of your corporate Active Directory. It routes all incoming mail to a Hub Transport server in the Site to which the Edge server is subscribed. Hub Transport is then responsible for delivering the messages to the Mailbox servers.

Question: can you point an edge server to multiple hub servers?

Answer: Yes, you can have one Edge Transport communicating with multiple Hub Transports.

Question: Can I connect the UM component of Exchange to an IP phone systems that is not connected to a PBX

Answer: Check "Supported Technologies" section of UM at this link for more information. Ensure that your system is supported first.

Question: Will SMTP virtual server management be the same in Ex2007 as it is in Ex2003, specifically, the Connections and Relay allow lists?

Answer: No, the management paradigm has changed for Exchange 2007. You can now manage these and other features using the Exchange Management Console (GUI) or the Exchange Management Shell (command-line). See for details on managing anti-spam and antivirus features, and see for details on managing transport servers.

Question: Can you clarify that a hub server is needed at every AD site that also has a mail server?

Answer: Yes, both a Client Access server and a Hub Transport server are required in every Active Directory Site that contains a Mailbox server.

Question: Are all the message hygiene features done on the Edge transport role available in the Hub transport role?

Answer: No, not all the features are available, but the majority of the key hygiene features are.  For more information, see

Question: where do we get that EX07 logo for our desktop like Harold?


Question: Would you install a Hub Transport on Standard or Enterprise?

Answer: You can use either the Standard or Enterprise Edition of Exchange Server 2007 for the Hub Transport Server Role.

Question: Is there good documentation I can read regarding exchange 2007? also how it differs and compairs to 2003?

Answer: There is a lot of great documentation out there. You might want to start with What's New at

Question: Are Client Access and Hub Transport servers supported on a virtual server?

Answer: No, currently there is no support for Exchange 2007 running under virtualization software in production. See

Question: Even though an Edge server is located in a DMZ network, are you able to manage it from the same Exchange management console? If so, are there specific ports that need to be opened on the firewall?

Answer: It has its own Exchange Management Console and Exchange Management Shell. If you don't have physical access to the system, we recommend using Remote Desktop Protocol, which uses, by default, TCP port 3389.

Question: where can we get that logo?


Question: Does Exchange 2007 have a SSL email port for encryption of user / password when travelers are on a FREE wireless link (Like an airport or motel)?

Answer: Outlook Web Access uses SSL by default now unlike 2003.  So, yes.

Question: Are the Exchange 2003 administrative tools compatible with Windows Vista?

Answer: No, they are not.

Question: Is this the same as the new PowerShell?

Answer: Yes. The Exchange Management Shell is a snap-in to the Windows PowerShell.

Question: Are there any plans to enable Exchange 2003 tools to be compatible with Windows Vista?

Answer: As far as I know, this is in the works.

Question: As long as you do not cluster you can run CAS, Hub Trans, and Mailbox on the same server?

Answer: The Edge Transport server role cannot coexist on the same computer with any other server role. All other can.

Question: Do you have information on exchange hosting for multiple recipient domains?

Answer: Yes. Please see

Question: Hub transport is disappointing because even if you centralize and cluster you still need to install additional servers for Hub Transport.

Answer: It is true that you may need to deploy additional servers for redundancy of the Hub Transport.  Depending on your situation, you may be able to consolidate in other areas.

Question: We have Windows 2003 R2 32-bit install AD servers running on 64-bit hardware, will Exchange 2007 work ok with this? Do we have to upgrade our AD servers to 64-bit version of Windows?

Answer: No, you can continue to run 32 bit Windows Server for your Domain Controllers.

Question: what ports need to open for the edge transport role

Answer: Please see

Question: I though ad could run in 32 bit but Microsoft recommends 64bit on AD servers

Answer: You do not have to 64 bit Domain Controllers.  We have found that 64 bit Domain Controllers will handle larger loads.

Question: You need 64 bit domain controllers?

Answer: No. To run Exchange 2007, you need 64bit windows OS, 64-bit hardware.

Question: It'd be nice if the edge transport also published OWA so we only need 1 box in the DMZ instead of also having to upgrade isa

Answer: You can have only one Exchange server in the perimeter network, because only the Edge Transport server is supported in a perimeter network. The Client Access Server, which provides Outlook Web Access, is only supported on an internal network. You cannot deploy a CAS in a perimeter network.  Remember that the Edge Transport is meant to handle SMTP traffic, not client based traffic such as POP3, OWA, IMAP4, etc.

Question: Does the Hub Transport service support in-line anti-virus scanning. E.g., does it now scan the message at the MTA level versus Mailbox level in 5.5/E2K/E2K3?

Answer: Yes, it does, but it does not include built-in antivirus software. You'll need to use Forefront or a third-party Exchange-aware antivirus application.

Question: What's about GC/DC at virtual server

Answer: See for our support policy.

Question: Is ISA required for Direct Push (ActiveSync) and/or OWA, or can I use existing 3rd party firewall such as Checkpoint w/ Smart Defense?

Answer: You can use a third-party firewall. ISA is not required for any Exchange features.  We do recommend using ISA 2006 for extra security / filtering of traffic.

Question: You just said you need 64 Bit DC's

Answer: If I said 64 bit DCs were required, I apologize.  That is not the case.  A 64 bit DC will handle larger loads than an equally configured 32 bit DC.

Question: If I upgrade Exchange 2003 to 2007, do I need to uninstall smpt from the current IIS?

Answer: You cannot do an in-place upgrade, so the question is moot. 🙂

Question: can iis for owa be installed on a seperate server

Answer: IIS must be installed on the server that will host the Mailbox Server Role or the Client Access Server Role.

Question: Under what condition, Ex 2007 needs IIS 6.0?

Answer: See for System Requirements.  Also see previous question and answer.

Question: Is there any anti-virus program for Exch 2007 released yet?

Answer: Yes, Forefront Security for Exchange Server has RTM'd.  If you have an existing Anti-Virus vendor in house, please contact them directly to get an ETA on their product.

Question: When will E2k7 RTM hit the stores?

Answer: Exchange 2007 is available now.

Question: Can you use the web access without installing exchange on the perimeter?

Answer: Yes. Unlike previous versions of Exchange, you cannot place a Client Access server (which provides Outlook Web Access) in a perimeter network.  I would still highly recommend publishing it with a product like ISA Server 2006.

Question: with moblie 5 and exchange 2007 moblie push can the form base be used

Answer: Yes, Forms based authentication can be used with Direct Push.

Question: can I have SharePoint Service, WSUS 3.0 and EX07 on the same box?

Answer: You can, but I wouldn’t recommend doing that.  Exchange is mission critical for most businesses; you don't want to load it up too much.

Question: Why would you need 64-bit hardware and OS for AD (Domain Controller) when installing Exchange 2007?

Answer: A 64-bit operating system is required for Exchange 2007. But 64-bit directory servers are not required. However, large enterprise environments will find 64-bit directory servers beneficial. We'll have a blog out soon at that will cover Exchange 2007 and directory servers.

Question: Does MOM know about the SMTP Transport Service?

Answer: Yes, the MOM pack for Exchange Server 2007 "knows" about the Microsoft Exchange Transport Service.

Question: Can you provide link to Harold's blog?

Answer: do a search for "Harold Wong" he's the first hit 😉  Otherwise, my blog is

Question: Does the AD "Bridge All Site Links" setting affect the routing topology for email delivery?

Answer: No, it does not.

Question: Is it true that message delivery within a site is done via RPC and not SMTP?

Answer: No.  See for details on the transport architecture in Exchange 2007.

Question: In Exchange 2007, I could isolate a connector such that only servers in the Routing Group could send mail through it. Is there a similar way to restrict the servers that can use a given Send Connector?

Answer: See for details on this.

Question: Do you have to have 2003 Domain controller for exchange 2007

Answer: Yes.  See

Question: Is TLS encryption turned on by default when new automatic SMTP connectors are created?

Answer: For the initial connectors that are created upon install of Exchange Server 2007, TLS is selected by default.  For all others that the administrator creates, it is up to the administrator.  See for details on managing connectors.

Question: Do I need a separate LUN for each storage group's DB/Log if I do CCR?

Answer: We strongly recommend that. See

Question: Can E2K7 RTM at least be deployed on 32-bit VM's for testing purposes?

Answer: Yes! See

Question: do we still have to worry about x500 address issues when migrating users from 2k3 to 2007?

Answer: In Exchange 2007, all non-SMTP e-mail addresses are considered custom addresses. Exchange 2007 does not provide unique dialog boxes or property pages for X.400, Novell GroupWise, or Lotus Notes e-mail address types. X.500 is one of the natively supported non-SMTP email addresses.

Question: how can new york route directly to seattle if there is no physical communications link between the two sites?

Answer: I was referring to the Hub Transport in New York will deliver directly to the Hub Transport in Seattle. They will not pass off to the Hub Transport in Chicago.

Question: Why didn't you guys make the Exchange Management Shell "pretty" like the PowerShell 1.0 console?

Answer: You can always change the color scheme to anything you want.  I personally like the black background.

Question: How can I print out the Q&A?

Answer: If you wait until I post it to my blog, you will be able to copy and paste into Word or something easier - or even print straight from my blog. - Harold

Question: What is the address of your blog?


Question: Is it still necessary to turn down the MIME encoding to 7 bit for working with 7bit MIME systems like Exchange 5.5 or does it convert automatically?

Answer: If you are still communicating quite regularly with customers who still have Exchange 5.5, then yes, you should.

Question: will this presentation be a podcast in the future?

Answer: I was told these would be turned into podcasts in the future. As soon as I get final confirmation on that, I will post to my blog.

Question: Is Exchanger Server 2007 supported on Windows Server Longhorn ?

Answer: No. Longhorn Server is not even a released product yet.

Question: Will Exchange Server 2007 be supported on Windows Server Longhorn when released?

Answer: It will be, but not immediately after Longhorn releases. We will need to provide a Service Pack for Exchange Server 2007 in order for it to be supported.

Question: how can i view part 1 of the series

Answer: I believe this link will still allow you to register for the on-demand version If not, let me know.


Comments (2)

  1. Anonymous says:

    How to: Install Exchange 2007 Management Tools for Windows Vista Look out BlackBerry, Palm is back Moving

Skip to main content