Exchange Server and Windows

Previous page
Table of content
Next page

When you install Exchange Server and Forefront Security for Exchange Server on a server operating system, Exchange Server and Forefront Security make extensive modifications to the environment. These modifications include new system services, integrated authentication, and new security groups.

Services for Exchange Server

When you install Exchange Server and Forefront Security for Exchange Server on Windows, multiple services are installed and configured on the server. Table 1-1 provides a summary of key services, how they are used, and with which server components they are associated.

Table 1-1: Summary of Key Services Used by Exchange Server 2007
Open table as spreadsheet

Service Name

Description

Server Role

AntigenIMC

Connects to the Simple Mail Transfer Protocol (SMTP) stack to ensure that messages are scanned by the AntigenInternet process.

Forefront Security

AntigenMonitor

Monitors the information store, SMTP/IMS, and Antigen processes to ensure that Antigen provides continuous protection.

Forefront Security

AntigenService

Coordinates all real-time, manual, IMC, and SMTP scanning activities and is the agent to which the Forefront Security admininstrator connects.

Forefront Security

AntigenStore

Ensures that Antigen initializes properly with the information store. AntigenStore starts and stops with the information store.

Forefront Security

HTTP SSL

Provides the secure Hyptertext Transfer Protocol (HTTPS) using the Secure Socket Layer (SSL).

Client Access

IIS Admin

Enables the server to administer Web services. Required to support HTTP SSL and World Wide Web publishing services.

Client Access

Microsoft Exchange Active Directory Topology

Provides Active Directory topology information to Exchange services. If this service is stopped, most Exchange servers will not be able to start.

Hub Transport, Mail-box, Client Access, Unified Messaging

Microsft Exchange ADAM

Maintains the Active Directory ADAM data store.

Edge Transport

Microsoft Exchange EdgeSync

Provides EdgeSync services between Hub and Edge servers.

Hub Transport, Edge Transport

Microsoft Exchange IMAP4

Provides IMAP4 services to clients.

Client Access

Microsoft Exchange Information Store

Manages the Microsoft Exchange Information Store. This includes mailbox stores and public folder stores.

Mailbox

Microsoft Exchange Mail Submission Service

Submits messages from the Mailbox server to the Hub Transport servers.

Mailbox

Microsoft Exchange Mailbox Assistants

Manages assistants that are responsible for calendar updates and booking resources.

Mailbox

Microsoft Exchange POP3

Provides Post Office Protocol version 3 (POP3) services to clients.

Client Access

Microsoft Exchange Replication Service

Provides replication functionality used for continuous replication.

Mailbox

Microsoft Search (Exchange)

Provides search services for mailboxes, address lists, and so on.

Mailbox

Microsoft Exchange Speech Engine

Provides speech processing services for Microsoft Exchange. If this service is stopped, speech recognition services will not be available to Unified Messaging clients.

Unified Messaging

Microsoft Exchange System Attendant

Provides monitoring, maintenance, and Active Directory lookup services.

Mailbox, Client Access

Microsoft Exchange Unified Messaging

Enables voice and fax messages to be stored in Exchange and gives users telephone access to e-mail, voice mail, calendar, contacts, or an automated attendant.

Unified Messaging

World Wide Web Publishing Services

Provides Web connectivity and administration features for IIS.

Client Access

Exchange Server Authentication and Security

In Exchange Server 2007, e-mail addresses, distribution groups, and other directory resources are stored in the directory database provided by Active Directory. Active Directory is a directory service running on Windows domain controllers. When there are multiple domain controllers, the controllers automatically replicate directory data with each other using a multimaster replication model. This model allows any domain controller to process directory changes and then replicate those changes to other domain controllers.

The first time you install Exchange Server 2007 in a Windows domain, the installation process updates and extends Active Directory to include objects and attributes used by Exchange Server 2007. Unlike previous releases of Exchange, this process does not include updates for the Active Directory Users And Computers Snap-In for Microsoft Management Console (MMC), and you no longer use Active Directory Users And Computers to manage mailboxes, messaging features, messaging options, or e-mail addresses associated with user accounts. You now perform these tasks in the Exchange Management Console only.

Exchange Server 2007 fully supports the Windows Server security model and relies on this security mechanism to control access to directory resources. This means you can control access to mailboxes and membership in distribution groups and you can perform other Exchange security administration tasks through the standard Windows Server permission set. For example, to add a user to a distribution group, you simply make the user a member of the distribution group in Active Directory Users And Computers.

Because Exchange Server uses Windows Server security, you can't create a mailbox without first creating a user account that will use the mailbox. Every Exchange mailbox must be associated with a domain account-even those used by Exchange for general messaging tasks. For example, the SMTP and System Attendant mailboxes that Exchange Server uses are associated by default with the built-in System user. In Exchange Management Console, you can create a new user account as part of the process of creating a new mailbox.

To support coexistence between Exchange 2000 Server or Exchange Server 2003 and Exchange Server 2007, all Exchange Server 2007 servers are automatically added to a single administrative group when you install Exchange Server 2007. This administrative group is recognized in the Exchange System Manager in Exchange Server 2003 as "Exchange Administrative Group." Although Exchange 2000 Server and Exchange Server 2003 use administrative groups to gather Exchange objects for the purposes of delegating permission to manage those objects, Exchange Server 2007 does not use administrative groups. Instead, you manage Exchange servers according to their roles and the type of information you want to manage using Exchange Management Console. You'll learn more about this in Chapter 5, "Microsoft Exchange Server 2007 Essentials."

Exchange Server Security Groups

In Exchange Server 2003, the Delegation Wizard allowed you to create security roles for Exchange Full Administrators, Exchange Administrators, and Exchange View-Only Administrators. Exchange Server 2007 uses predefined universal security groups to separate administration of Exchange permissions from administration of other permissions. When you add an administrator to one of these security groups, the administrator inherits the permissions permitted by that role.

The predefined security groups have permissions to manage the following types of Exchange data in Active Directory:

  • Organization Configuration node This type of data is not associated with a specific server and is used to manage policies, address lists, and other types of organizational configuration details.

  • Server Configuration node This type of data is associated with a specific server and is used to manage the server's messaging configuration.

  • Recipient Configuration node This type of data is associated with mailboxes, mail-enabled contacts, and distribution groups.

The predefined groups are as follows:

  • Exchange Organization Administrators Members of this group have full access to all Exchange properties and objects in the Exchange organization.

  • Exchange Recipient Administrators Members of this group have permissions to modify any Exchange property on an Active Directory user, contact, group, dynamic distribution list, or public folder object. Members of this group can also manage unified messaging mailbox settings and client access mailbox settings.

  • Exchange Server Administrators Members of this group have access to only local server Exchange configuration data, either in Active Directory or on the physical computer on which Exchange 2007 is installed. This allows members to administer a particular server but not to perform operations that have global impact in the Exchange organization.

  • Exchange View-Only Administrators Members of this group have read-only access to the entire Exchange organization tree in the Active Directory configuration container and read-only access to all the Windows domain containers that have Exchange recipients.

  • Exchange2003Interop Members of this group are granted sent-to and receive-from permissions, which are necessary for routing group connections between Exchange Server 2007 and Exchange 2000 Server or Exchange Server 2003. Exchange 2000 Server and Exchange Server 2003 bridgehead servers must be made members of this group to allow proper mail flow in the organization. For more information on interoperability, see Chapter 2.



Previous page
Table of content
Next page
Microsoft Exchange Server 2007 Administrator's Pocket Consultant
Microsoft Exchange Server 2007 Administrators Pocket Consultant Second Edition
ISBN: 0735625867
EAN: 2147483647
Year: 2007
Pages: 119
Authors: William R. Stanek
BUY ON AMAZON
CISSP Exam Cram 2
Strategies for Information Technology Governance
C & Data Structures (Charles River Media Computer Engineering)
Cisco IOS Cookbook (Cookbooks (OReilly))
Special Edition Using Crystal Reports 10
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy