Part 4: Exchange Server 2007 post-deployment configuration tasks

Step-by-Step Guide: Test driving Exchange Server 2007 -- part 4 of 9.

In Part 3, we walked through the Exchange Server 2007 installation process. But before Exchange 2007 is ready to use, we must complete some post-deployment configuration tasks. As I walk you through these configuration tasks, keep in mind that you may have to perform a different set of tasks than the ones that I am writing about -- it all depends on the roles that you selected for your Exchange 2007 server.

Having to do some configuration tasks after the initial installation is nothing new for Microsoft products. What is new is that the Exchange Management Console (formerly known as the Exchange System Manager) actually walks you through the configuration process. If you select the console's Microsoft Exchange node, you'll see a screen similar to the one that's shown in Figure 7.

Figure 7: Exchange Management Console steps through the configuration process.
Figure 7

Verifying Exchange 2007 deployment

The easiest way to tell if Exchange Server 2007 was deployed correctly is to select the Server Configuration container in the Exchange Management Console. When you expand this container, you'll see a list of the various roles that are installed on the server appear just below the container, as shown in Figure 8.

Figure 8: Assigned roles appear below the Server Configuration container.
Figure 8

If you are uncertain as to whether or not a particular role has been successfully installed, then I recommend checking your server's log files for possible error messages.

Configuring domains for which you will accept email

Assuming that your Exchange 2007 server contains the Hub Transport role, you will need to define at least one accepted domain for the Exchange Server organization. An accepted domain is any domain namespace for which the Exchange server can send and receive SMTP email. In most cases, the Exchange server is considered to be authoritative for accepted domains, but accepted domains can include both authoritative domains and relay domains.

By default, the fully qualified domain name (FQDN) of your forest's root domain is defined as an accepted domain for the Exchange Server organization. Having this default-accepted domain entry will make it possible to send email back and forth locally. But in the real world, you probably want to define other authoritative domains for your organization, such as external SMTP domains.

  1. To define the Exchange Server 2007 organization's accepted domains, navigate through the console tree to Microsoft Exchange -> Organization Configuration -> Hub Transport.

  2. When you select the Hub Transport container, the console's details pane will display the hub transport's properties sheet. Select the Accepted Domains tab. As you can see in Figure 9, the local domain name should already be listed.

    Figure 9: The Hub Transport properties sheet contains an Accepted Domain tab.
    Figure 9

  3. Now click the New Accepted Domain link found in the Actions tab to launch the New Accepted Domain Wizard, shown in Figure 10.

    Figure 10: Specify a domain with the New Accepted Domain wizard.
    Figure 10

  4. Enter a description of the domain into the Name field, and then enter the domain name into the Accepted Domain field. Finally, use the radio buttons at the bottom of the screen to choose whether the domain is authoritative, an internal relay domain, or an external relay domain.

  5. When you click New, the wizard will add the accepted domain to the Exchange Server organization. But first make sure you check your domain's spelling before clicking the New button -- the wizard does not give you an "are you sure" message.

  6. After the domain has been added, click the Finish button to close the wizard.

Subscribing the Edge Transport Server

Subscribing to an edge transport server is an optional part of the configuration process. I'm not going to go through the entire process of connecting to an edge transport server because it is complex, and I intend to write another tutorial dedicated specifically to this topic soon.

For now, what I will tell you about edge transport servers is that they exist for the purposes of providing enhanced security and message hygiene. The edge transport server role gets installed on a separate physical server, which can not host any other Exchange Server roles. The edge transport server cannot be a member of a domain. Instead, it uses the Active Directory Application Mode (ADAM) to store configuration data.

The edge transport server sits at the network perimeter. Messages are initially sent to the edge transport server, where viruses and spam are removed. Only then are the messages passed to the hub server, where they can be routed to the appropriate mailbox server.

Configuring ActiveSync

If you have mobile users in your Exchange 2007 organization, and you've installed the Client Access role, the next step is to configure ActiveSync.

Step 1: Configuring the Microsoft-Server-ActiveSync virtual directory

The first step in the ActiveSync configuration process is to install an SSL certificate on each client access server that hosts the Microsoft-Server-ActiveSync virtual directory. For the purposes of this tutorial, I'm assuming that you've already acquired an SSL certificate for use with your Exchange 2007 server. You must now configure the Microsoft-Server-ActiveSync virtual directory to require SSL encryption.

  1. Begin by selecting the Internet Information Services (IIS) Manager command from the Windows Administrative Tools menu.

  2. When the IIS Manager console opens, navigate to the Web Sites -> Default Web Site -> Microsoft-Server-ActiveSync container.

  3. Right click on the Microsoft-Server-ActiveSync container and select Properties.

  4. Go to the Directory Security tab and click the Edit button found in the Secure Communications section.

  5. Select the Require secure channel (SSL) checkbox and click OK to complete the process.

Step 2: Adjusting firewall settings for ActiveSync

The next step in configuring ActiveSync is to adjust the firewall settings to allow ActiveSync to use Direct Push. The actual procedure for doing so will vary depending on your firewall. What I can tell you is that if you have the Client Access Server role and the Mailbox Server role installed on two separate Exchange servers, you will need to open TCP port 135 on any firewall that might exist between the two servers. This will allow the RPC Locator service to communicate between the two servers.

Since you're requiring SSL encryption for the Microsoft-Server-ActiveSync virtual directory, you must open TCP port 443 on any firewall standing between the Internet and that the Exchange server on which the Client Access server role is installed.

In addition to opening these ports, Microsoft recommends that you set your firewall's timeout period to 30 minutes. Shorter timeout periods will cause mobile devices to initiate new HTTPS requests on a more frequent basis. These requests not only consume bandwidth, but they also shortened battery life on mobile devices.

Step 3: Creating an Exchange ActiveSync mailbox policy

The third step is to create an Exchange ActiveSync mailbox policy.

  1. Open the Exchange Management Console and select the Client Access container to view the details pane, where any existing ActiveSync mailbox policies will be listed (there shouldn't be any, since this is a new server).

  2. Click the New Exchange ActiveSync Mailbox Policy link found in the Actions pane to activate the New Exchange ActiveSync Mailbox Policy wizard.

    Figure 11: Use this wizard to create a new Exchange ActiveSync mailbox policy.
    Figure 11

  3. Enter a name for the policy that you're creating.

  4. Now use the checkboxes to control the device's password policy, and whether or not you want attachments to be downloaded to the device. There is also checkbox you can use to let Exchange 2007 know that you have non-provisionable devices.

  5. Click the New button and the new ActiveSync mailbox policy will be created.

  6. Click Finish to close the completion summary screen.

Step 4: Creating users and mailboxes to complete the ActiveSync configuration

The final step is to assign the ActiveSync mailbox policy to the users. The problem is that, because this is a brand new Exchange Server deployment, there really aren't any users yet. So let's jump ahead and learn how to create some users and mailboxes so that we can finish the ActiveSync configuration.

  1. Begin the process by creating a few user accounts through the Active Directory Users and Computers (ADUC) console in the same way that you normally would.

  2. After you've created a few user accounts, go back to the Exchange Management Console and select the Recipient Configuration container.

  3. Now click the New Mailbox link found in the Actions pane to launch the New Mailbox wizard shown in Figure 12.

    Figure 12: Use this wizard to create a new Exchange mailbox.
    Figure 12

  4. The first thing that the wizard asks you is what type of mailbox you want to create. Choose the User Mailbox option and click Next.

  5. At this point, the wizard will ask you if you want to create a new user, or if you would like to create a mailbox for an existing user. Select the Existing User option, and then click the Browse button to reveal a list of user accounts.

  6. Choose the user account that you want to create a mailbox for and click OK.

  7. Click Next, and you'll see a screen similar to the one that as shown in Figure 13.

    Figure 13: You can link an ActiveSync mailbox policy to the user's mailbox.
    Figure 13

  8. At first glance, the screen looks a lot like a screen from the Mailbox Setup Wizard found in Exchange Server 2003. Like its predecessor, the screen asks you to choose a user alias name, server, storage group, and mailbox database. If you look at the very bottom of the screen though, you'll see that there is a checkbox labeled Exchange ActiveSync mailbox policy. Select this checkbox and click the Browse button. You will then be able to link the ActiveSync policy that you created earlier to this account.

  9. Click Next and you'll see a screen containing a summary of the options that you have chosen for the new mailbox.

  10. Click the New button and the mailbox will be created.

  11. Click the Finish button to complete the process.


 Home: Introduction
 Part 1: Exchange Server 2007 installation requirements
 Part 2: The test environment used for this Exchange Server 2007 tutorial
 Part 3: The Exchange Server 2007 installation process
 Part 4: Exchange Server 2007 post-deployment configuration tasks
 Part 5: The Exchange Management Console for Exchange Server 2007
 Part 6: The Exchange Management Shell for Exchange Server 2007
 Part 7: The Outlook 2007 configuration process
 Part 8: Favorite new Outlook 2007 features
 Part 9: Related links on Exchange Server 2007

Brien M. Posey, MCSE
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Exchange Server, and has previously received Microsoft's MVP award for Windows Server and Internet Information Server (IIS). Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at

Dig Deeper on Exchange Server setup and troubleshooting

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.