Connection Exchange 5.

5 to Active Directory Service

ADVANTAGE PRO Chennais Premier Networking Training Centre

Microsoft Active Directory Connector Installation Deploying connection agreements Administering connection agreements Matching rules Attribute mapping

ADVANTAGE PRO Chennais Premier Networking Training Centre

Introduction
Exchange server 5.5 runs in windows NT platform It maintain its own directory in its enviroment We require ADC connector tool to different exchange versions
ADVANTAGE PRO Chennais Premier Networking Training Centre

ADC Components

Connection Agreements Define replication characteristics Servers, credentials, schedule, export/import container, etc. ADC Policy Defines how objects get matched Defines how attributes flow Service Executes configured settings
ADVANTAGE PRO Chennais Premier Networking Training Centre

ADC Components
Exchange 5.5 ADC

ADC Policy ADC

Active Directory
ADVANTAGE PRO Chennais Premier Networking Training Centre

ADC Connector
Type of ADC Connectors Windows Server 2000 Version Exchange 2000 Version Exchange 2003 Version

ADVANTAGE PRO Chennais Premier Networking Training Centre

ADC Installation
Consideration before installing ADC Connector The account should be member of Schema and Enterprise Admin group You should run forestprep and domain prep to install ADC

ADVANTAGE PRO Chennais Premier Networking Training Centre

Merging Duplicate Account

Duplicate account can result in performance problems with an exchange organisation and difficult in authentication The Active Directory Account Cleanup Wizard solve the above problem (ADClean.exe)

ADVANTAGE PRO Chennais Premier Networking Training Centre

Troubleshooting the ADC

Checklist to troubleshoot ADC Problem  Is the ADC service running?  Is there only one ADC Server, is it online?  Does the user account that you are using on the target directory have sufficient permission to create or modify objects?  Is a connection agreement configured between the exchange server computer and the active directory server?
ADVANTAGE PRO Chennais Premier Networking Training Centre

Diagnostic Logging
Diagnostic Logging is a useful tool for troubleshooting the ADC The Logging categories are as follows Replication Account management] Attribute mapping Service Controller LDAP Operations
ADVANTAGE PRO Chennais Premier Networking Training Centre

Installing The Active Directory Connector

Permissions required to run Setup Schema Administrator Enterprise Administrator Service account permissions Exchange 2000 Full Administrator (delegated from the organization level) Member of the Built-In\Administrators group for the domain to which the server belongs

ADVANTAGE PRO Chennais Premier Networking Training Centre

Understanding Your Exchange 5.5 Structure

Understand the location and container hierarchy of your: Mailboxes Custom recipients Distribution lists Exchange 5.5 site structure How many Exchange 5.5 sites are there? Determine from which Windows NT domain(s) your Exchange 5.5 mailboxes have associated Windows NT accounts (for each 5.5 site)

ADVANTAGE PRO Chennais Premier Networking Training Centre

Understanding Active Directory Structure

Location of existing user objects associated to mailboxes The OU where ADC will create non-existing recipient objects replicated from Exchange 5.5 Domain Administrator account for each domain

ADVANTAGE PRO Chennais Premier Networking Training Centre

Associated-NT-Account Mapping

Exchange 5.5 Site 1

Mailbox 1 Mailbox 2

Domain A User A User B User C

Exchange 5.5 Site 2 Domain B

Mailbox 3 Mailbox 4 Mailbox 5

User D
ADVANTAGE PRO Chennais Premier Networking Training Centre

Resource Mailbox Issue

Definition Multiple mailboxes with same primary Windows NT account Issue How to link the correct mailbox to the corresponding user object when one is a personal mailbox and the other is the resource mailbox ADC should map personal mailbox to Windows NT account

ADVANTAGE PRO Chennais Premier Networking Training Centre

Associated-NT-Account Mapping

Exchange 5.5 Site 1

Mailbox 1 Mailbox 2

Domain A User A User B User C

Exchange 5.5 Site 2 Domain B

Mailbox 3 Mailbox 4 Mailbox 5

User D
ADVANTAGE PRO Chennais Premier Networking Training Centre

Preparing Your Exchange 5.5 Directory

Set extension-attribute-10 with the value NTDSNoMatch on ALL resource mailboxes Run ntdsatrb tool Formerly known as NTDSNoMatch Searches Exchange 5.5 directory for ambiguous associated-nt-accounts Creates CSV file for import back into Exchange 5.5 Knowledge Base article Q274173 Included in the Exchange 2000 Resource Kit

ADVANTAGE PRO Chennais Premier Networking Training Centre

One-Way vs. Two-Way Connection Agreements

One-way connection agreements All mailbox management must occur from the source directory
Creation, modification, deletion

Cannot administer mailbox security on Exchange 2000 mailboxes from Exchange 5.5 Two-way connection agreements Mailbox management can occur from any directory Cannot administer mailbox security on Exchange 2000 mailboxes from Exchange 5.5
ADVANTAGE PRO Chennais Premier Networking Training Centre

Primary VS Non-Primary Connection Agreements

Active Directory Primary connection agreements create objects if they dont already exist in the Active Directory Exchange 5.5 Primary connection agreements create objects if no legacy DN is specified on the Active Directory object

ADVANTAGE PRO Chennais Premier Networking Training Centre

Single Exchange 5.5 Site Export

Use a single Exchange 5.5 site to export data into the Active Directory Advantages Fewer connection agreements to manage Disadvantages Cannot manage Exchange 5.5 read-only sites Replication latency for Address Book updates within Active Directory Overhead when changing CA structure Tombstone issues
ADVANTAGE PRO Chennais Premier Networking Training Centre

Single Exchange 5.5 Site Export

Exchange 5.5 Site 1

Mailbox Mailbox Mailbox Mailbox Mailbox 1 2 3 4 5

Domain A User A User B User C

Exchange 5.5 Site 2

Mailbox Mailbox Mailbox Mailbox Mailbox 1 2 3 4 5

Domain B User D
ADVANTAGE PRO Chennais Premier Networking Training Centre

Multiple Exchange 5.5 Site Export

Export only read/write replicas from Exchange 5.5 into the Active Directory Advantages Manage recipients anywhere Less replication latency for Address Book updates within Active Directory Disadvantages Too many connection agreements to create and manage!

ADVANTAGE PRO Chennais Premier Networking Training Centre

Multiple Exchange 5.5 Site Export

Exchange 5.5 Site 1

Mailbox Mailbox Mailbox Mailbox Mailbox 1 2 3 4 5

Domain A User A User B User C

Exchange 5.5 Site 2

Mailbox Mailbox Mailbox Mailbox Mailbox 1 2 3 4 5

Domain B User D
ADVANTAGE PRO Chennais Premier Networking Training Centre

Active Directory Connector Management Node

ADVANTAGE PRO Chennais Premier Networking Training Centre

Active Directory Connector Management

The Active Directory Connector Management node allows you to: Customize attribute mapping rules Customize object matching rules assoc-nt-account = object-sid/sid-history
(Exchange 5.5 Active Directory)

object-sid = assoc-nt-account
(Active Directory Exchange 5.5)

Applies to all connection agreements

ADVANTAGE PRO Chennais Premier Networking Training Centre

Attribute Mapping

ADVANTAGE PRO Chennais Premier Networking Training Centre

Attribute Mapping

Attribute maps can be stored on both the ADC policy and connection agreement msExchServer1SchemaMap (AD->Ex) msExchServer2SchemaMap (Ex->AD) Local.map and remote.map files on the ADC installation media Maps from both the policy and CA are merged

ADVANTAGE PRO Chennais Premier Networking Training Centre

Attribute Mapping Format

Source and target object-class Entire object-class hierarchy with a dollar delimiter ($) between each object-class
Example: user$organizationalPerson$person$top

Leaving this blank assumes all object-classes Source and target attribute LDAP-display-name of attribute Prefix Common value appended to source value Syntax DN Should always be used when mapping to a target attribute which is of type DN syntaxed
ADVANTAGE PRO Chennais Premier Networking Training Centre

Object Matching User Interface

ADVANTAGE PRO Chennais Premier Networking Training Centre

Object Matching Rules

The UI allows you to match objects with the following attributes Exchange 5.5 (19 attributes) object-guid, assoc-nt-account, mail-nickname, targetaddress, extension-attribute-1 15 Active Directory (22 attributes) object-guid, legacy-exchange-dn, object-sid, samaccount-name, sid-history, smtp mail address, user principal name (upn), extension-attribute-1 15

ADVANTAGE PRO Chennais Premier Networking Training Centre

Active Directory Connector Service Node

ADVANTAGE PRO Chennais Premier Networking Training Centre

Diagnostics Logging

ADVANTAGE PRO Chennais Premier Networking Training Centre

Active Directory Connector Service Node Properties

The Active Directory Connector service node allows you to:

Enable diagnostic logging Replication, account management, attribute mapping, service controller, LDAP operations Registry key
HKLM\SYSTEM\CurrentControlSet\Services\MSADC\Diagn ostics (DWORD) 1 = minimum, 3 = medium, 5 = maximum TIP: To assist in troubleshooting, disable all CAs except the one you are concerned with. (Minimizes log output.)

ADVANTAGE PRO Chennais Premier Networking Training Centre

Debugging ADC Replication Issues

Is the ADC started? Do I have connection agreements exporting the necessary containers? Are there any errors in the event log? Force replication of the connection agreement and check event log for errors Turn up event logs

ADVANTAGE PRO Chennais Premier Networking Training Centre

ALL THE BEST

ADVANTAGE PRO Chennais Premier Networking Training Centre