Exchange 2000 Server is enormously flexible and offers numerous mutually exclusive deployment options. You have to decide what is best for your organization. Would you prefer centralized or decentralized system administration? Centralized management is usually preferable, but not always appropriate. Therefore, it is important to define a suitable deployment plan designed around your infrastructure needs. This will give you a clear direction for your Exchange 2000 environment. It also benefits your users because it ensures that Exchange 2000 Server will meet their requirements. Finally, a deployment plan benefits your organization's management because it outlines business goals, time frames, and necessary investments.
This lesson discusses aspects that you should take into consideration when planning your Exchange 2000 infrastructure. Even if your environment concentrates all its resources in one location and is easy to manage, give some thought to administrative dependencies and infrastructure.
At the end of this lesson, you will be able to:
Estimated time to complete this lesson: 75 minutes
The dynamics of distributed PC-based networks are challenging to the people in charge of their maintenance: You simply can't be in more than one place at the same time. Because of this, distributed configurations have a higher total cost of ownership than their centralized counterparts. Directory services offer the ability to centralize administration and provide a simplified, faster, and more coordinated organization (see Figure 4.1). That is why Microsoft, Novell, and Banyan have each developed their own directory services.
Figure 4.1 Benefits of centralized administration
In a standard Windows 2000 domain environment, only the administrator of the top-level domain has the required permissions to install Exchange 2000 Server. In other words, no sublevel domain administrator can just set up Exchange 2000 Server in your domain environment without prior coordination. This restriction applies no matter how complicated your domain forest. If you are the administrator of the top-level domain, you are in total control. You may assign other administrators the required permissions or perform the installation tasks yourself.
To first install Exchange 2000 Server, you need to use an account that is a member of one of the following Windows 2000 security groups:
Schema Admins membership is only required for the installation of the first Exchange 2000 server in a forest.
NOTE
To install Exchange 2000 Server successfully, you need to run the Setup program in an Active Directory environment on Windows 2000 Server, Windows 2000 Advanced Server, or Windows 2000 Datacenter Server. The installation must be updated with Windows 2000 Service Pack 1.
In addition to Windows 2000 requirements, you need explicit administrative permissions in Exchange 2000 if you want to add another server to an existing organization. You will set the required permissions in Lesson 2of this chapter to prepare a subsequent Exchange 2000 Server installation.
If you are working in a single domain environment as the only administrator for both Windows 2000 Server and Exchange 2000 Server, you don't need to delegate authority to any additional accounts. Just install Exchange 2000 Server using the default Administrator account. If you are working in a more complex environment, however, consider the following aspects of Windows 2000 before installing Exchange 2000 Server:
In this exercise you will verify that only the administrator of the top-level domain BlueSky-inc-10.com is allowed to manage and add Exchange 2000 resources to your test environment. In other words, you will check whether the administrator from the subdomain CA.BlueSky-inc-10.com has the ability to install Exchange 2000 Server.
To view a multimedia demonstration that displays how to perform this procedure, run the EX1CH4.AVI files from the \Exercise_Information\Chapter4 folder on the Supplemental Course Materials CD.
To verify required permissions for setting up Exchange 2000 Server
At this point, you will be informed that you don't have the required permission to set up Exchange 2000 Server (see Figure 4.2). Although you are using an administrator account fully capable of managing the sublevel domain (decentralized), you are unable to install Exchange 2000 Server because this enterprisewide messaging and collaboration system favors a centralized management by default.
Exchange 2000 Server administration is bound to Windows 2000 administration because both use Active Directory to store configuration and security-related information. Someone who plans to set up Exchange 2000 Server on any given network must have access to update Active Directory.
Figure 4.2 An unsuccessful Exchange 2000 installation attempt
Although desirable, it is not always practical to enforce a centralized administrative model, for instance, if you are in charge of a large computer network with server resources in different geographic locations. User account administration, however, should not be affected by physical system arrangements.
NOTE
Exchange 2000 Server allows you to design the system administration independently of physical network links and server arrangements and can be adapted to both centralized and decentralized infrastructures.
There are three separate boundaries you need to take into consideration when planning your Exchange 2000 infrastructure. These are namespace, administrative groups, and routing groups (see Figure 4.3). The namespace is your Active Directory forest, which contains all of the directory information for your Exchange 2000 environment. To subdivide the management of resources within a particular namespace, use administrative groups. It's often applicable to define your administrative topology according to departments or divisions. The physical network topology should dictate the configuration of routing groups because they define how messages are actually transferred across the network. They also help you to optimize access to public folder resources. Servers are set in routing groups, and routing groups are typically collected into administrative groups, although you can split a routing group across multiple administrative groups (see Figure 4.3).
Figure 4.3 Administrative groups and routing groups
NOTE
The relationship between routing groups and administrative groups is not necessarily hierarchical.
The namespace represents the core of the Exchange 2000 hierarchy. It exists in Active Directory in the form of a domain forest and contains directory information about all of the Exchange 2000 resources, for instance, to map user accounts to their corresponding mailboxes. Hence, within the namespace, user accounts can be resolved to their corresponding mailboxes.
NOTE
All Exchange 2000 resources must exist in the same namespace (such as the Active Directory forest). Consequently, Exchange 2000 organizations cannot span multiple namespaces (such as multiple forests).
Use administrative groups to define the management topology of your organization. Administrative groups help to simplify system management, for instance, to define groups of administrators separately responsible for servers in different departments. In another scenario, you may group dedicated servers, such as public folder servers, together in an administrative group and assign them a group of administrators specifically responsible for public folder maintenance. You can read more about public folder management in Chapter 17, "Public Folder Management."
Similar to Windows 2000 sites, you should define routing groups primarily to describe regions of high-speed connections within your network. For instance, if your enterprise is located in one physical location relying on one high-speed local area network (LAN), you don't need to configure routing groups at all. Placing all servers in the first routing group that is automatically created by Exchange 2000 Server guarantees simple and fast delivery of messages. Messages sent between servers in the same routing group are transferred directly and immediately using the Simple Mail Transfer Protocol (SMTP) transport service.
Manual administration becomes necessary only when you need to connect two or more routing groups or when you need to install connectors to foreign messaging systems. You can use a Routing Group Connector, X.400 connector, or an SMTP Connector to provide a message path between Exchange 2000 routing groups.
When installing the very first server, you are automatically creating an administrative group and a routing group (see Exercise 2). You are not prompted for their creation. However, when you install subsequent Exchange 2000 servers, you need to specify an administrative and a routing group in which to add the server. Every server in your organization must belong to an administrative and a routing group. After installation, you can move servers between groups, which might be advisable if management or physical conditions in your network have changed.
In this exercise you will examine the hierarchal structure of your test environment. Specifically, you will look for administrative and routing groups, which are hidden by default. You can easily make them visible with the Exchange System Manager utility.
To view a multimedia demonstration that displays how to perform this procedure, run the EX2CH4.AVI files from the \Exercise_Information\Chapter4 folder on the Supplemental Course Materials CD.
To configure System Manager to display routing and administrative groups
Figure 4.4 Identifying the Master Server
If your situation permits a centralized administration, use a single administrative group containing all server resources, which may then be split across a number of routing groups. This allows you complete control over Exchange 2000 Server with minimal coordination overhead for administration tasks. The centralized model is most suitable for small- and medium-sized organizations.
If your environment has several departments independently maintaining their own server resources and user accounts, configure multiple administrative groups with the Exchange System Manager—one or more for each department or division—and assign permissions to establish a decentralized administrative model. Each of the departments and divisions is then able to define its own routing group topology. This model is suitable for large companies in which a central information technology bureau may be responsible for managing standards and guidelines but not for daily system administration. You can read more about the management of administrative groups in Chapter 14, "Managing Server Configuration."
If you have administered previous versions of Exchange Server, you will find many of the structural elements in Exchange 2000 Server familiar, especially if you operate in mixed mode for backward compatibility. For example, you will be limited to a 1:1 relationship between administrative and routing groups in regard to Exchange Server sites.
If you are not using an earlier version of Exchange Server and are not planning to connect your Exchange 2000 environment to a server running Exchange Server 5.5 in the future, don't worry about mixed mode and native mode. Go to Exercise 3 and switch the environment into native mode to gain the full flexibility of Exchange 2000 Server.
In mixed mode, administrative groups map directly to sites in an Exchange Server 5.5 organization. This means that Exchange Server sites replicated to Active Directory appear as administrative groups and administrative groups replicated to the Exchange Server directory appear as sites. For backward compatibility reasons, the mixed mode limits Exchange 2000 Server to constraints imposed by earlier software releases.
The following limitations apply in mixed mode:
Figure 4.5 Exchange 2000 Server routing in mixed mode
However, it is possible to move servers between routing groups in the same administrative group.
NOTE
By default, Exchange 2000 Server operates in mixed mode to ensure maximal interoperability with previous Exchange Server versions.
You can switch Exchange 2000 Server to native mode if you don't plan to use previous versions of Exchange Server or as soon as you have upgraded all of your servers. In native mode, earlier release restrictions, which limit the flexibility of routing groups, don't apply. Hence, routing groups can contain servers from multiple administrative groups, and you gain the ability to create administrative groups independently of the routing infrastructure for your organization. It is also possible to move servers between administrative groups should the underlying infrastructure require this kind of change.
NOTE
Keep in mind that switching to native mode is an irreversible process; you cannot go back to mixed mode. It is likewise impossible to install earlier versions of Exchange Server into a native mode organization.
In this exercise you will check whether your organization operates in mixed mode. If it does, you will switch it to native mode. You will use the Active Directory Services Interface (ADSI) Edit tool to check where the Exchange System Manager keeps track of the mode of your organization.
To view a multimedia demonstration that displays how to perform this procedure, run the EX3CH4.AVI files from the \Exercise_Information\Chapter4 folder on the Supplemental Course Materials CD.
NOTE
You should use the ADSI Edit utility to view the settings, but generally use the Exchange System Manager to configure your system. Using ADSI Edit incorrectly can seriously damage your Active Directory information and may require you to reinstall your entire test environment.
To change from mixed mode to native mode
At this point, you should switch back to the ADSI Edit utility and repeat Steps 2 through 4. Note that the msExchMixedMode attribute is now set to False, indicating that the organization is operating in native mode (see Figure 4.6).
Figure 4.6 Switching to native mode
The msExchMixedMode attribute in Active Directory defines the mode of your Exchange 2000 Server organization as mixed mode or native mode. Using the ADSI Edit utility, you can verify that your organization is operating in native mode. However, you should not set the msExchMixedMode attribute back to True manually to attempt to switch your organization back into mixed mode. This only switches back the display in the Exchange System Manager. Do not manipulate the msExchMixedMode attribute in ADSI Edit to avoid configuration inconsistencies.