It is advantageous to configure directory synchronization with Novell GroupWise to allow Exchange and GroupWise users to conveniently address e-mail messages to each other. Nevertheless, it is important to keep in mind that Novell GroupWise utilizes a separate directory from NDS, but GroupWise user information is kept in both directories. NDS may be replicated with Active Directory using Microsoft Directory Synchronization Services (MSDSS), as explained in Chapter 10, "MAPI-Based Clients in a Novell NetWare Environment." This synchronization, however, does not present recipient information in a way that allows Exchange or GroupWise users to address e-mail messages to each other. To achieve this, you need directory synchronization based on the Connector for Novell GroupWise. You may end up with duplicate account objects for NetWare users in your Windows 2000 forest. This behavior is expected and by design because MSDSS and the Connector for Novell GroupWise operate independently of each other. You can use the Active Directory Cleanup Wizard to consolidate duplicate information into one mail-enabled account. The Active Directory Cleanup Wizard was introduced in Chapter 6, "Coexistence with Previous Microsoft Exchange Server Versions."
This lesson concentrates on directory synchronization utilizing the Connector for Novell GroupWise. It explains in detail how Connector components interact with each other to synchronize Active Directory and GroupWise. It also describes important configuration tasks and how to update address information manually.
At the end of this lesson, you will be able to:
Estimated time to complete this lesson: 30 minutes
The Connector for Novell GroupWise shares several processes, including DXAMEX, with the Connector for Lotus Notes, as indicated in Lesson 1. The directory synchronization agent (LSDXA.EXE) uses DXAMEX to work with recipient information in Active Directory. LSDXA.EXE is likewise shared between the Connectors for Novell GroupWise and Lotus Notes. Consequently, directory synchronization with Novell GroupWise is similar to the directory synchronization with Lotus Domino/Notes, at least on the side of Exchange 2000 Server. On the Novell GroupWise side, LSDXA.EXE uses the DXAGWISE process to generate administrator messages for directory synchronization, which are then transferred to the API Gateway by means of the Router for Novell GroupWise (see Figure 29.10).
Figure 29.10 Directory synchronization with Novell GroupWise
Directory synchronization with Novell GroupWise relies on two directory structures, which are the \Temp and \Gwrouter subdirectories in the connector store \Program Files\Exchsrvr\Conndata. DXAMEX and DXAGWISE use the \Temp directory to transfer address information between each other in the form of message interchange format (MIF) files. These files are temporary and exist only during directory synchronization cycles. They are called DXAGWISE.TXT for address information to GroupWise and DXAMEX.TXT for address information to Active Directory (see Figure 29.10).
The responsibilities of DXAMEX and DXAGWISE are as follows:
NOTE
To examine the content of GroupWise administrator messages, stop the API Gateway and then perform directory synchronization. Request files are delivered to the API_IN directory. After that, stop the Connector for Novell GroupWise and start the API Gateway. A response file will be returned through API_OUT.
Before configuring directory synchronization, make sure that the Connector configuration is tested and performs reliably. Directory synchronization can fill the Connector's message queues with numerous messages if there are transfer problems.
You need to specify an import container where recipient objects for GroupWise users will be created. This container is an OU that will receive Active Directory recipient objects for GroupWise users. It is a good idea to create a dedicated OU for this purpose in Active Directory Users and Computers before configuring directory synchronization using Exchange System Manager. You can specify the desired OU in the Import Container tab by clicking Modify. Exchange System Manager will prompt you to grant your Exchange 2000 Server account (such as BLUESKY-SRV1) Create and Modify permissions for the selected OU. Click Yes to update the permissions on the import container automatically.
NOTE
If you change the import container at a later time, do not forget to move affected recipient objects to the new OU to make sure they are updated properly.
You also can determine the type of recipient objects to create in Active Directory if replicated mailboxes do not have accounts in the Windows 2000 domain (that is, Create A Disabled Windows User Account, Create A New Windows User Account, and Create A Windows Contact).
Furthermore, you can select which recipients to accept through these options: Import All Directory Entries, Only Import Directory Entries Of These Formats, and Do Not Import Directory Entries Of These Formats. The default Import All Directory Entries option imports all addresses in the specified OU. The remaining two options allow you to restrict the address information. In this case, you can define corresponding import filters using the New ?button. For example, you can specify GWDOMAIN.*.* under Directory Entry Format in the Import Filter dialog box to prevent the import of GroupWise recipient objects that reside in a GroupWise domain called GWDOMAIN.
To export recipient information to GroupWise, specify one or many export containers in the Export Container tab. Similar to the import container, export containers are OUs in Active Directory. The machine account of your Exchange 2000 server requires Read permissions on all OUs specified as export containers. Exchange System Manager can grant the required permissions to the server account for you.
You can synchronize Windows contacts created for recipients in other messaging environments, such as Lotus Notes users synchronized using the Connector for Lotus Notes, when you enable the Export Contacts check box. To synchronize distribution group information, make sure the Export Groups check box is selected. Groups appear as user objects in the target directories. Membership information is not synchronized. For this reason, you need to enable the distribution list expansion feature of the API Gateway, as explained in Lesson 1.
NOTE
Distribution lists and GroupWise resource accounts are synchronized as user objects.
It is a good idea to test directory synchronization after configuration. It is also advisable to run directory synchronization manually whenever you are under the impression that address lists appear incomplete. The required controls for manual synchronization are in the Connector's Dirsync Schedule tab. The most important ones are the Immediate Full Reload buttons under Exchange To GroupWise Directory Synchronization and GroupWise To Exchange Directory Synchronization. Click them to force the immediate synchronization of all available address information. If the Connector is working properly, you will find associated addresses in the import container and GroupWise once the synchronization cycle completes.
NOTE
It is good practice to examine the processing phases of the Directory Synchronization agents in the Exchange Connectivity Administrator right after you click the Immediate Full Reload button.
When you are confident that everything works, configure the Connector for automatic directory synchronization. This is disabled by default, but you can enable it by clicking Customize to open the Schedule dialog box, where you can set your individual synchronization schedule or select a predefined schedule from the drop-down menu. It is usually sufficient to synchronize address information once every day, such as daily at midnight. Shorter intervals may be necessary during migration from Novell GroupWise to Exchange 2000 Server, when recipient information changes more frequently.