I currently host exchange 2003 and we are in the process of building up an exchange 2007 solution. Anybody have any links or whitepapers on the setup? I am stumbling on some permission issues - particluarly with the address lists - with the new exchange server roles.

athelu,

Are you using the Microsoft Provisioning System?

I currently host exchange 2003 and we are in the process of building up an exchange 2007 solution. Anybody have any links or whitepapers on the setup? I am stumbling on some permission issues - particluarly with the address lists - with the new exchange server roles.

we are going through this right now. You need to make the ex07 box a DC with all the roles.

we are going through this right now. You need to make the ex07 box a DC with all the roles.
This is crazy, exchange and DC with all the roles?

This is crazy, exchange and DC with all the roles?

yes - especially GC.

we are going through this right now. You need to make the ex07 box a DC with all the roles.

I dont believe you can have the Edge Transport Role installed on the same server as it must exist on a standalone (i.e. non-member) server.

I currently host exchange 2003 and we are in the process of building up an exchange 2007 solution. Anybody have any links or whitepapers on the setup? I am stumbling on some permission issues - particluarly with the address lists - with the new exchange server roles.

Can you maybe explain your architecture and then we can work through the permission issues a little easier?

I originally tested a few configuration scenarios while E2K7 was in beta and the setup ended up being quite complex and required a number of servers to do it right. I believe they made some modifications that in later releases that would simplify this.

Anyways, this URL will help:

microsoft.com/technet/serviceproviders/hmc4/CMSU_HE_Plan_Server_Architecture.mspx?mfr=true

You can have a single server Exchange 2007 Setup, its not an ideal situation, but it is possible. You are however correct, you can't install the edge transport server on the same server, but you can have Exchange without the edge transport server, the hub transport server can perform most of the rolse.
Obviously its better if you have one, but you can do it without.

I highly recommend you use make use of the edge transport server in your design.

I would recommend that you try to do everything possible to stick to Microsoft's Solution for Hosted Messaging and Collaboration version 4.0 at http://www.microsoft.com/serviceproviders/solutions/hostedmessaging.mspx
- Microsoft spent a lot of money to put together the best guidelines possible to
run your Exchange farm efficiently. Besides, who would know better than Microsoft how Exchange should be setup?

I'll second the HMC 4 method - follow the step by step setup in the HMC 4.0 docs and you won't go far wrong.

I recently setup 1 x MPS (provisioning box), 2 x Domain Controllers, 2 x Edge, 2 x CAS/UM/HUB, 2 x Mailbox (CCR) and didn't have too many issues at all.

You can split them up a bit more too, like having seperate hub servers, but the hardware wsn't there to permit on that setup I did.

I dont believe you can have the Edge Transport Role installed on the same server as it must exist on a standalone (i.e. non-member) server.

We have the Edge transport role on each exchange(07) server in our organization.

I would recommend that you try to do everything possible to stick to Microsoft's Solution for Hosted Messaging and Collaboration version 4.0 at http://www.microsoft.com/serviceproviders/solutions/hostedmessaging.mspx
- Microsoft spent a lot of money to put together the best guidelines possible to
run your Exchange farm efficiently. Besides, who would know better than Microsoft how Exchange should be setup?

Those recommendations are, quite bluntly, a joke. My team came to the conclusions many years ago that the reason MS "recommends" so many servers in basic deployments is to gain from the licensing costs. We have deployed several more elegant and efficient architectures for hosted exchange and Sharepoint that cost 1/10th of MS's recommendation and show an average of 310% increase in throughput performance on Exchange 03 with our cluster design over their HMC whitepapers. If you have little system design experience and need to spend your time on the basics of deployment, the cookie-cutter material provided by MS is good but keep in mind it is lacking many efficiencies.



Regards,

We have the Edge transport role on each exchange(07) server in our organization.

The whole point of the edge transport server is to minimize risk by reducing the attack surface and exposure to the internet. It should also NOT have access to active directory, to elimnate that security risk.
If you install the edge transport server on the exchange server, you loose all those benifits, so it is essentially pointless, as the hub transport role can handle all the delivery and antispam functions of the edge transport server, which is basiccally all you are left with if you remove the security functions of the edge server, which is what you have done here.

The whole point of the edge transport server is to minimize risk by reducing the attack surface and exposure to the internet. It should also NOT have access to active directory, to elimnate that security risk.
If you install the edge transport server on the exchange server, you loose all those benifits, so it is essentially pointless, as the hub transport role can handle all the delivery and antispam functions of the edge transport server, which is basiccally all you are left with if you remove the security functions of the edge server, which is what you have done here.

Edit: I'm assuming you have seen http://technet.microsoft.com/en-us/library/cfff9f59-afac-447c-8297-afcebe49a52d.aspx

Ms does suggest using the Edge role to do exactly what you said.



We use the edge services to compartmentalize some of the filtering on each domain. Again, access to the services on each of our nodes is heavily controlled through VLANs and some other techniques that we employ. (We used the role almost like a traffic-shaper.) Again, MS has architecture recommendations; there are several ways to implement the functionality. We feel our architecture provides superior performance, scalability and management to the MS HMC whitepapers.



Kind Regards,