Exploring DSAccess, DSProxy, and the Categorizer

Previous page
Table of content
Next page
 <  Day Day Up  >  

The relationship that Exchange Server 2003 has with Active Directory is complex and often misunderstood. Because the directory is no longer local, special services were written for Exchange to access and process information in AD. Understanding how these systems work is critical for understanding how Exchange interacts with AD.

Understanding DSAccess

DSAccess is one of the most critical services for Exchange Server 2003. DSAccess, via the dsacccess.dll file, is used to discover current Active Directory topology and direct Exchange to various AD components . DSAccess dynamically produces a list of published AD domain controllers and Global Catalog servers and directs Exchange resources to the appropriate AD resources.

In addition to simple referrals from Exchange to AD, DSAccess intelligently detects Global Catalog and domain controller failures, and directs Exchange to fail over systems dynamically, reducing the potential for downtime caused by a failed Global Catalog server. DSAccess also caches LDAP queries made from Exchange to AD, speeding up query response time in the process.

DSAccess polls the Active Directory every 15 minutes to identify changes to site structure, DC placement, or other structural changes to Active Directory. By making effective use of LDAP searches and Global Catalog port queries, domain controller and Global Catalog server suitability is determined. Through this mechanism, a single point of contact for the Active Directory is chosen , which is known as the Configuration Domain Controller.

Determining the DSAccess Roles

DSAccess identifies AD servers as belonging to one of four groups:

  • Domain Controllers Up to 10 domain controllers, which have been identified by DSAccess to be fully operational, are sorted into this group .

  • Global Catalog Servers Up to 10 identified Global Catalog domain controllers are placed in this group.

  • Configuration Domain Controller A single AD domain controller is chosen as the configuration domain controller to reduce the problems associated with replication latency among AD domain controllers. In other words, if multiple domain controllers were chosen to act as the configuration DC, changes Exchange makes to the directory could conflict with each other. The configuration domain controller role is transferred to other local DCs in a site every eight hours.

  • All Domain Controllers This group includes all identified domain controllers, Global Catalog servers, and the configuration domain controller. It often contains multiple listings for the same server if that server appears in more than one group.

The roles that have been identified by DSAccess can be viewed in the Directory Access tab of Exchange Server properties in Exchange System Manager, as illustrated in Figure 8.7. In addition, manual overrides can be performed in this dialog box as necessary.

Figure 8.7. Directory access groups.

graphics/08fig07.gif

NOTE

DSAccess went through a complete overhaul in Exchange 2000 Service Pack 2. In addition to integrating new GC promotion safeguards, DSAccess was also optimized to enable Exchange to more easily act as a front-end server in a DMZ environment. Specifically, the reliance on the RPC protocol was eliminated, making it easier to lock down this type of environment.


Understanding DSProxy

DSProxy is a component of Exchange that parses Active Directory and creates an address book for downlevel Outlook (pre “Outlook 2000 SR2) clients. These clients assume that Exchange uses its own directory, as opposed to directly using the Active Directory by itself, as Outlook 2000 SR2-and-greater clients do. The DSProxy service provides these higher-level clients with a referral to an Active Directory Global Catalog server, which they then use without accessing the Exchange servers directly. The newer Outlook clients do not refresh this information unless a server failure has occurred or the client is restarted.

NOTE

DSProxy uses NSPI instead of LDAP for address list lookups, because NSPI is a more efficient interface for that type of lookup. Only Global Catalog servers support NSPI, so they are necessary for all client address list lookups.


Outlining the Role of the Categorizer

The SMTP Categorizer is a component of Exchange that is used to submit mail messages to their proper destination. When a mail message is sent, the Categorizer queries the DSAccess component to locate an Active Directory server list, which is then directly queried for information that can be used to deliver the message.

Although the Categorizer in Exchange gets a list of all Global Catalog servers from DSAccess, it normally opens only a single LDAP connection to a GC server to send mail, unless a large number of messages are queued for delivery.

TIP

Problems with the Categorizer are often the cause of DNS or AD lookup issues. When troubleshooting mail-flow problems, use message tracking in Exchange Server 2003 to follow the course of a message. If the message stops at the Categorizer, it is often wise to start troubleshooting the issue from a directory access perspective.


 <  Day Day Up  >  

Previous page
Table of content
Next page
Microsoft Exchange Server 2003 Unleashed
Microsoft Exchange Server 2003 Unleashed (2nd Edition)
ISBN: 0672328070
EAN: 2147483647
Year: 2003
Pages: 393
Authors: Rand Morimoto
BUY ON AMAZON
Software Configuration Management
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
Oracle Developer Forms Techniques
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
802.11 Wireless Networks: The Definitive Guide, Second Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy