Plan for Exchange Server 2007 SP1 Unified Messaging in Office Communications Server

Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2 will reach end of support on January 9, 2018. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

Exchange 2007 Unified Messaging (UM) combines voice messaging, and e-mail messaging into a single messaging infrastructure. Office Communications Server 2007 Enterprise Voice leverages the UM infrastructure to provide call answering, subscriber access, call notification, and auto attendant services. Implementing these services requires integrating Exchange UM and Communications Server in a shared Active Directory topology.


If you are implementing the PBX integration deployment option, in which all users are provisioned both for Enterprise Voice and a legacy PBX, it is recommended that you continue to use the existing PBX or Exchange UM installation for voice mail and related services. At such time as you may move all or part of an organization to a stand-alone Enterprise Voice deployment, you will need to deploy Exchange UM for those users who are no longer homed on the PBX.

To integrate Exchange UM with Communications Server you must perform the five following tasks:

  • Deploy the following Exchange Server 2007 SP1 server roles: Unified Messaging, Hub Transport, Client Access, and Mailbox in either the same or a different forest as Communications Server 2007 (see Supported Topologies immediately following this topic for details). For information about deploying Exchange 2007 see the Exchange Server 2007 product documentation at

  • On the Exchange UM Server:

    • Create a SIP dial plan based on your specific deployment requirements (see your Exchange documentation for details). An Enterprise Voice location profile should be created that matches the dial plan FQDN.

    • Associate users with the appropriate SIP dial plan.

  • Also on the Exchange UM server, open the Exchange Management Shell and run the exchucutil.ps1 script, which:

    • Creates a UM IP gateway object in Active Directory for each Communications Server pool or Standard Edition Server that hosts users who are enabled for Enterprise Voice.

    • Creates an Exchange UM hunt group for each gateway. The hunt group pilot identifier will be the name of the dial plan associated with the corresponding gateway.

    • Grants Communications Server permission to read Exchange UM Active Directory objects, specifically, the SIP dial plans created in the previous task.

  • On the Office Communications Server, run Exchange UM Integration Utility, which:

    • Creates contact objects for subscriber access and auto-attendant.

    • Validates that there is a location profile name whose name matches the Exchange UM dialplan.FQDN.

Supported Topologies

Office Communications Server 2007 supports the following topologies for Exchange 2007 Unified Messaging integration:

Single Forest

This is the simplest topology to deploy and manage and the one most commonly used by companies that deploy Active Directory.

Single Domain

Small and medium-sized companies tend to favor a single forest consisting of a single domain. In this configuration, Communications Server, Exchange, and users all reside in the same domain. Authentication and trust relationships are simplified compared to more complicated topologies, making both deployment and management easier as well.

Figure 19. Single domain topology


Multiple Domain

A more complex Active Directory structure is the single forest with multiple domains. This configuration consists of a root domain and one or more child domains. You can deploy Communications Server and Exchange servers in different domains from the domain where you create users. An Enterprise pool must be deployed within a single domain, but each domain can host its own pool. A UM server does not have to reside in the same domain as the pool it supports.

Multiple Forest

Larger organizations that have multiple business units may prefer to deploy a separate Active Directory forest for each unit. Office Communications Server 2007 must be deployed in a single forest, but users can be distributed across multiple forests. Exchange Server 2007 can be deployed in multiple forests.

Communications Server 2007 supports a single multiple-forest topology: resource forest. Exchange UM should be deployed in the same forest as Office Communications Server.

Resource Forest

The resource forest topology features a single forest — the resource forest — that hosts server applications and one or more other forests that host users. For the purposes of this discussion, assume that the resource forest hosts both Exchange UM and Office Communications Server. In this topology, users from other forests are represented in the resource forest as disabled user accounts, which are enabled for both Communications Server and an Exchange mailbox.

The resource forest topology offers two principal benefits:

  • Centralized server administration.

  • The Active Directory schema needs extending only in the resource forest itself.

Figure 20. Resource forest topology


Security Levels

An Exchange UM dial-plan supports three different security levels: Unsecured, SIPSecured, and Secured. You can configure security levels by means of the UM dial-plan's VoipSecurity parameter. The following table shows appropriate dial plan security levels depending on whether Mutual TLS and/or SRTP are enabled or disabled.

Table 10. VoipSecurity values for various combinations of Mutual TLS and SRTP

Security Level Mutual TLS SRTP





Enabled (required)



Enabled (required)

Enabled (required)

When integrating Exchange UM with Office Communications Server 2007, you need to select the most appropriate dial plan security level for each voice profile. In making this selection, you should consider the following:

  • Mutual TLS is required between Exchange UM and Office Communications Server. Therefore, the dial-plan security level must not be set to Unsecured.

  • Office Communicator 2005 does not support SRTP. Instead, it uses DES media encryption, which is not supported by Exchange UM. If you require Exchange UM to take calls from Office Communicator 2005 clients, you need to set the UM dial-plan to SIPSecured. In addition, the Office Communicator 2005 client encryption level must be set to either rejected or optional.

  • When setting dial plan security to SIPSecured, SRTP is disabled. In this case, Office Communicator 2007 client encryption level must be set to either rejected or optional.

  • When setting dial plan security to Secured, SRTP (Secure Real-Time Transport Protocol) is enabled and is required by Exchange UM. In this case, the Office Communicator 2007 client encryption level must be set to either optional or required.

Planning Tasks

Before you begin, make sure you complete the following tasks:

  • Work with Exchange administrators, if necessary, to verify the tasks that each of you will perform to assure a smooth, successful integration.

  • Deploy the Exchange Mailbox, HubTransport, ClientAccess, and UnifiedMessaging roles in each forest where Exchange UM is deployed. For information about installing Exchange server roles, see your Exchange 2007 documentation.

  • Obtain a certificate for each Exchange UM server from a trusted root CA (certificate authority). The certificates are required for mutual TLS between the servers running Exchange UM and Communications Server.


    When Exchange 2007 SP1 UM is installed, it is configured to use a self-signed certificate (to view the certificate, type Get-ExchangeCertificate | fl run  from the Management Console on the Exchange 2007 SP1 UM server).
    Do not delete the self-signed certificate. Without it, Exchange 2007 UM cannot communicate with other Exchange 2007 server roles including the Hub Transport Server, which sends voice mail notifications.
    The self-signed certificate, however, does not enable Office Communications Server and Exchange 2007 UM to trust each other, which is why it is necessary to request a separate certificate from a CA that both trust.

  • If Communications Server and Exchange UM are installed in different forests, configure each Exchange forest to trust the Office Communications Server forest.

  • If necessary, install the Exchange Management Console on each UM server.

  • Deploy an Office Communications Server 2007 Standard Edition server (minimum requirement) or Enterprise Edition pool. For information about installing Office Communications Server 2007 Standard Edition, see Microsoft Office Communications Server 2007 Standard Edition and Microsoft Office Communicator 2007 Deployment Quick Start.

  • Obtain valid phone numbers for Outlook Voice Access, and auto-attendant.

  • Coordinate names for Exchange UM dial plans and Enterprise Voice location profiles.

  • For each Exchange UM dial plan, select the SIP gateway.

After completing the preparations listed previously in this section, you are ready to begin the procedures for integrating Exchange 2007 UM with Office Communications Server 2007 Enterprise Voice. For step-by-step instructions, see Step 1. Configure Exchange UM to Work with Communications Server.