| ||||||
Search Microsoft.com for: |
Chapter 3 - Deploying the Active Directory ConnectorUpdated: June 14, 2001 Deployment Guide Abstract This chapter describes how to configure the Active Directory Connector to achieve coexistence between Microsoft® Windows® 2000 Active Directory™ service and your existing Microsoft Exchange Server 5.5 environment. Topics include how to use the ADC in single organization scenarios, as well as the step-by-step process for configuring the ADC in this situations. If you are not upgrading or migrating from Exchange 5.5 then you can skip this chapter. On This Page
IntroductionThe full integration of Microsoft® Exchange 2000 with Microsoft Windows® 2000 Active Directory™ service can pose a number of challenges when you want to link to an existing Microsoft Exchange Server 5.5 environment. Depending on your Exchange 5.5 architecture, you might have a large number of sites and organizations, a small number of sites and organizations, or some combination in the middle. To provide coexistence for Exchange 2000 with your existing environment, you will need to install and configure the Active Directory Connector (ADC), which replicates mailbox, distribution lists, and routing information between Active Directory and the Exchange 5.5 directory. Note: The ADC is designed to provide temporary coexistence for an eventual migration to Exchange 2000. The coexistence options discussed in this chapter are Intra-organization, for example the Exchange 5.5 and Exchange 2000 systems are configured in the same organization. Inter-organizational scenarios, where one or more Exchange 5.5 organizations are using a different organization name than the Exchange 2000 system, are not covered. Exchange Coexistence Design ConsiderationsCoexistence of Exchange 2000 can be broken into three categories:
This section will discuss the solutions and design considerations concerning the first coexistence category. The other categories are covered separately in the migration white papers available on the Internet at: You should have already have planned the design considerations for implementing the Active Directory Connector in Planning Chapters 3 and 4. ADC Configuration and Operational RequirementsThis section discusses the ADC configuration requirements. You should have covered planning the Active Directory Connector and the Connection Agreements (CAs) that you will require in Planning Chapter 4, Connecting Active Directory to Exchange 5.5. For information on how to install the Active Directory Connector, refer to Deployment Chapter 2, Configuring Windows 2000 Active Directory for Exchange 2000 Server. Before deploying the Active Directory Connector (ADC) and creating Configuration Agreements (CAs), it is crucial that all pertinent business requirements are taken into account in order to avoid problems later on. You should have recorded this information on Installation and Configuration Time FactorsAlthough it should take less than an hour to install the ADC in most environments, it can take anywhere from a few hours to a few days for you to create the CAs. The time required depends upon the number of CAs involved and the complexity of your recipient container mapping to Active Directory. For a 5,000 user system, plan for at least two hours to install a one-way CA and have it replicate all the changes to Active Directory or Exchange 5.5. For two-way agreements, allocate at least five hours for the changes to be replicated to both directories. The length of time for your particular implementation depends upon the number and type of objects in the directory that you are replicating. Essentially, plan for the initial replication cycle to be a time consuming process, but any subsequent incremental updates should be relatively quick. Keep the time it takes to do the first full replication in mind in case you decide to force a full replication, as you can use that to estimate how long a full update will take. Operational RequirementsAs a general rule, ADC operation requires no more time or effort than any other service included with the Microsoft Windows® 2000 operating system. All errors and warnings are written to the Windows 2000 Event Log, so monitoring this allows you to determine the health of the ADC and alerts your support staff to any issues. Any unplanned operations, like a forced full update, will require you to keep a closer eye on the CA processes running under the ADC. This process should normally be done during the maintenance window dictated by your organization's Service Level Agreement (SLA), so that CA traffic has the least impact on Active Directory replication and user access. Disaster PreventionYou can configure the ADC to make fundamental changes to directories (including deleting objects). Therefore, incorrect deployment can result in destabilization of your existing Exchange infrastructure. Any operation that you perform on using the ADC should be planned carefully and all possible implications covered. If you are going to make large changes using the ADC, you should perform a backup of Active Directory before proceeding. If you then delete something that you shouldn't have done, you can perform an authoritative restore using NTDSUTIL to recreate the accidentally deleted objects. Creating an Intraorganizational Connection AgreementThe intra-organizational replication is the simplest to configure and is the most common arrangement for directory synchronization. What You Will NeedTo create an intra-organizational connection agreement you will require:
What You Should KnowIn addition, you will need to know the following:
You should also check the following items, to ensure that they have not been changed from their default settings:
Since the intra-org CA is designed to be a migration tool to move from an Exchange 5.5 environment to an Exchange 2000 environment, it is important for you to have already determined which objects from the Exchange 5.5 sites will be represented in Active Directory. Step-By-Step ProcedureTo configure the ADC for intra-organizational replication, perform the following steps:
Fallback PlanRemoving a CA and removing its effects are very delicate processes. If you are not careful, you might delete objects in Active Directory or Exchange 5.5, which would require a complete system restore to recover. If you decide to remove a CA you just configured, the first thing you should do is configure that CA to save deletes to a file instead of writing them to the directory service. This way, if something goes wrong, all you will end up with is a file of deletes, not actual deletes. For more information on this topic, refer to the TechNet articles 254821 and 249831. After you have properly removed the CA, you can clean up the accounts it created. This is best accomplished by using the Active Directory Users and Computers MMC, or by using an ADSI script. Depending on your requirements, you may not need to delete the objects the ADC created, and in this case you are finished rolling-back. Related TopicsFor information about installing the ADC, refer to Deployment Chapter 2, Configuring Windows 2000 Active Directory for Exchange 2000 Server. SummaryThis chapter covered the synchronization of Exchange 5.5 and the Active Directory. You should now have accounts in Active Directory that have a one-to-one mapping with the mailboxes in Exchange 5.5. More InformationFor more information about the ADC, refer to the following links: Give Us Your FeedbackWe would like you to give us feedback on this material. In particular, we would be grateful for any guidance on the following topics:
Send your feedback to the following e-mail address: We look forward to hearing from you. |