Lesson 1: Connecting Exchange Server 5.5 to Active Directory

Exchange Server 5.5, designed before Active Directory came into existence, has some features similar to those in Active Directory. For example, Exchange Server 5.5 has a directory where it stores mailbox and configuration information. Exchange Server 5.5 was designed to run on Microsoft Windows NT 4, which was not a directory-aware network operating system. As a result, Windows NT account databases were separate from Exchange mailboxes, and there was no integration between the two. Exchange mailboxes were associated with Windows NT user accounts for authentication purposes, but any Windows NT account could be associated with any Exchange mailbox, and a Windows NT account could be associated with multiple Exchange mailboxes.

In contrast, Exchange Server 2003 tightly integrates with Active Directory, and there is a direct link between a user account and a mailbox. They are not two distinct objects as with Windows NT 4 and Exchange Server 5.5. The first task for achieving coexistence is to connect the Exchange Server 5.5 directory to Active Directory. Only then can you deploy Exchange Server 2003 into the existing Exchange Server 5.5 organization.

After this lesson, you will be able to

• Install the Active Directory Connector (ADC)

• Use ADC Tools

• Set up a connection agreement

Estimated lesson time: 75 minutes

Installing the Active Directory Connector

As stated previously, because Exchange Server 5.5 was designed to run in the non-directory Windows NT 4 environment, it has its own directory and no way of communicating with Active Directory. To solve this problem, Microsoft introduced the Active Directory Connector (ADC). Three versions of the ADC exist: the Windows 2000 Server version, the Exchange 2000 Server version, and the Exchange Server 2003 version. (In this chapter, the focus is on the Exchange Server 2003 version of the ADC.) The Windows 2000 Server version was limited in its functionality in that it could only synchronize the Site Naming context. While the ADC could synchronize account information between Exchange Server 5.5 and Active Directory, it could not synchronize the Configuration Naming context. As a result, it could not be used if you installed Exchange 2000 Server into an Exchange Server 5.5 organization.

The Exchange 2000 Server version of the ADC was more full-featured than the Windows 2000 Server version and allowed full connectivity between Active Directory and Exchange Server 5.5, but in the real world, it was cumbersome to work with since everything had to be configured manually. The Exchange Server 2003 version of the ADC improves on the Exchange 2000 Server version and offers a number of configuration wizards that help an administrator to configure ADC properties. Even though the wizards greatly simplify deployment of the ADC, it is still useful to be able to configure connection agreements and other settings manually.

A connection agreement defines one- or two-way communication between data sources. In this chapter, the emphasis in on the connection of the Exchange Server 5.5 directory with Active Directory. In this context, a connection agreement describes how information, such as mailboxes in an Exchange Server 5.5 organization, is replicated into Active Directory user accounts and vice versa.

Planning for an ADC Deployment

The ADC is implemented as a service in your Active Directory domain. Placement of the ADC is an important consideration because it can be a resource-intensive service. Generally, you will want to install the ADC on a member server in the same site as the server running Exchange Server 5.5. You don't want the server running the ADC and the server running Exchange Server 5.5 that is synchronizing with the ADC to be separated by slow bandwidth, if at all possible. Slow bandwidth is typically associated with wide area network (WAN) connections but can be viewed as anything less than 10 mega bits per second (Mbps).

The ADC uses an Active Directory global catalog server in a multidomain environment, so when configuring connection agreements after the installation, you should use an Active Directory domain controller that is a global catalog, preferably, or otherwise is on the same subnet as a global catalog.

There can be only a single instance of the ADC service on a given server, but you can install the ADC service on multiple servers in a domain if necessary (such as for redundancy). If you have multiple domains, you will need to install at least one instance of the ADC service in each domain. However, you can install as many instances of the ADC Management components as necessary to administer the organization.

ADC Installation

The account you use to install the ADC must be a member of the Schema Admins and the Enterprise Admins groups. In smaller Active Directory structures, there usually isn't a concern in using the domain Administrator account, but in large enterprise environments, the Administrator account in a given domain may not also be a member of the Schema Admins or the Enterprise Admins groups. This is because only the Administrator account in the forest root domain is a member of these groups by default. If you have child domains or additional domain trees in the forest, the Administrator account for those domains will not be a member of these groups by default.

You should run ForestPrep and DomainPrep prior to installing the ADC. The ADC Setup Wizard does extend the schema if it detects that ForestPrep has not been previously run, but you will run into problems later when configuring connection agreements if you have not run DomainPrep because the Setup Wizard creates two domain local groups: Exchange Services and Exchange Administrators.

Subsequent installations of the ADC in the same forest do not configure the Active Directory schema or create domain objects, so when performing subsequent installations, only Enterprise Admins membership is required of the installation account.

You will install the ADC as part of the practice at the end of this lesson.

Using the ADC Tools

Once you finish installing the ADC, you can configure it to synchronize between Active Directory and the Exchange Server 5.5 directory. You do this through the Active Directory Connector Services management console, which is accessed through the Start menu, in the Microsoft Exchange program menu. After starting the console, there are two options: Active Directory Connector (servername) and ADC Tools. The first option allows you to configure ADC connection agreements and settings manually. The second option, ADC Tools, provides configuration assistance through a series of wizards. Figure 4-1 shows the ADC Tools page.

Figure 4-1: The ADC Tools Page

Using ADC Tools is a four-step process:

1. Define the settings that will be used throughout. This consists of setting the Exchange Server 5.5 server and Lightweight Directory Access Protocol (LDAP) port to be used, as well as a directory to write log files created by ADC Tools to.

2. In the second step, you enter information about the Exchange Server 5.5 sites for use in later steps and identify user accounts that are associated with multiple mailboxes in the Exchange Server 5.5 organization, as well as Exchange Server 5.5 objects that do not match any objects in Active Directory and vice versa.

3. Run the Resource Mailbox Wizard. The wizard uses the data collected in Step 2 to allow you to manually resolve problems. For example, if you have a user account in Active Directory that is associated with multiple Exchange Server mailboxes, you can choose which mailbox will be the primary mailbox for the account and which mailboxes will be resource mailboxes. In Exchange Server 5.5, it was acceptable and common to have multiple mailboxes associated with a single Windows NT user account because there was no integration between the Windows NT accounts database and the Exchange Server 5.5 directory. With Exchange 2000 Server and Exchange Server 2003, which are tightly integrated with Active Directory, a one-to-one relationship between mailboxes and user accounts is required. As a result, there can be only one mailbox, which is defined as the primary mailbox here, associated with a user account, Mailboxes set as resource mailboxes will have new disabled Active Directory accounts created and associated with them.

4. Run the Connection Agreement Wizard, which is used to define connection agreements between the Exchange Server 5.5 organization and Active Directory. Connection agreements define whether changes made in the Exchange Server 5.5 directory will be replicated (also called synchronization) to Active Directory and vice versa. In addition, you can control how much data is replicated in some cases. For example, you might want to replicate only mailboxes and distribution lists from the Exchange Server 5.5 directory, but not custom recipients. You can choose what you want to replicate through the connection agreement.

After finishing the configuration process with ADC Tools, you can test directory synchronization by creating a new mailbox in Exchange Administrator and choosing the option to Create A New Windows NT Account. After you create the mailbox, you should see the new user account in the Active Directory Users And Computers console.

Setting Up a Connection Agreement Manually

While using ADC Tools is usually sufficient for configuring directory synchronization, there are times when you will want to configure connection agreements manually, especially in complex Exchange environments involving multiple sites. The Active Directory Connector Services console is used for configuring connection agreements manually.

The environment into which you are deploying the ADC will dictate how you set up your connection agreement. For example, if you need mailboxes to be created automatically in Exchange Server 2003 for users created using the Active Directory Users And Computers console, you will have to replicate data from Windows to Exchange. Likewise, if you want the Active Directory user account to be deleted automatically when the associated mailbox is deleted, you must replicate data from Exchange to Active Directory.

When you begin to create a connection agreement manually, you should have a design plan in mind regarding what the connection agreement intends to accomplish and what servers will be involved. In a small organization, you may have only a single Exchange Server 5.5 server and a couple of domain controllers, which simplifies the configuration process. However, in a large organization, you have to plan more carefully. For example, when you create a new connection agreement, you must define a server that will manage the connection agreement. This can be any server in the organization that is running the ADC service. You must also choose whether directory replication will occur in one direction or whether there will be two-way replication back and forth between Active Directory and the Exchange Server directory.

In addition, you must also configure whether the connection agreement is the primary connection agreement for both the Windows domain and the Exchange organization. If this is the only connection agreement, configuration is simple because it will, of course, be the primary connection agreement for both. However, if you have multiple connection agreements that are replicating account and mailbox data, it is important that only one of them is configured as the primary connection agreement. The reason for this is that the primary connection agreement will take precedence when a conflict occurs in replication. If multiple primary connection agreements exist, you could easily end up with duplicate objects being created. The default configuration, on the Advanced tab of the connection agreement's properties, enables the connection as a primary connection agreement for both the Windows domain and the Exchange organization. You must clear the check boxes on the Advanced tab if you do not want the connection agreement enabled as the primary connection agreement.

Connection agreements are not limited only to intra-organization. You have the option to designate a connection agreement as an inter-organization connection agreement, which replicates data between an Exchange Server 5.5 organization and an Active Directory domain that contains a different organization. This is also configured on the Advanced tab of the connection agreement.

Two-way replication would be problematic if it simply began in both directions at once. As a result, the connection agreement defines which direction should begin replication. The default, set on the Advanced tab of the connection agreement's properties, is for replication to begin by synchronizing data from Exchange to Active Directory. This behavior can be changed by selecting From Windows from the drop-down list.

You can also delete connection agreements using the Active Directory Connector Services console. In fact, you must delete existing connection agreements prior to uninstalling the ADC. Deleting a connection agreement is a simple process. Right-click the connection agreement that you want to delete, and then click Delete from the context menu.

Replication occurs regularly according to the schedule configured for the connection agreement. However, there might be times when you want to replicate changes immediately and do not want to wait for the scheduled time or to reconfigure the schedule. You can initiate a manual replication on a connection agreement at any time by right-clicking the connection agreement in the Active Directory Connector Services console, and then clicking Replicate Now.

Practice: Connecting Exchange Server 5.5 to Active Directory

In this practice, you will create a number of Active Directory user accounts and Exchange Server 5.5 mailboxes. Once you install the ADC and use ADC Tools to configure directory synchronization, you will be able to see the effects of your configuration on the accounts and mailboxes by testing the configuration of your connection agreement. This will ensure synchronization is taking place.

This practice will use Server01 as outlined at the beginning of the chapter. Create the following Active Directory user accounts, and then create mailboxes in Exchange Server 5.5 and associate the mailboxes with the user accounts:

• Jenny Lysaker

• Bob Gage

• Nicole Holliday

• Amy Alberts

• Angela Barbariol

• Eli Bowen

• James Peters

• Karen Berge

• Jonathan Haas

• Mark Hassall

• Raymond Sam

• Sean Purcell

In addition, create the following security groups in Active Directory (you do not need to add users to the groups):

• MIS

• Marketing

• Sales

• Executive

Finally, create a mailbox named MIS in Exchange Server 5.5 and associate it with Nicole Holliday's user account. Create a mailbox named Executive and associate it with Mark Hassall's user account. Create mailboxes for Marketing and Sales and associate them with their respective Active Directory security groups. Create a user account for Nicole Carol, but do not create a mailbox for it.

Exercise 1: Install the ADC

1. Run ForestPrep and DomainPrep.

2. The ADC is located on the Exchange Server 2003 installation CD in a folder named ADC. For the purposes of this chapter, install the ADC on the Windows 2000 server running Exchange Server 5.5. From your CD-ROM drive, start \ADC\I386\Setup.exe.

3. The Active Directory Connector Setup Wizard starts. Click Next at the Welcome page.

4. The next page of the setup wizard is the EULA. Read through it, select the I Accept The Terms Of The License Agreement option, and then click Next.

5. On the Component Selection page, shown in Figure 4-2, choose which components to install. The first option is Microsoft Active Directory Connector Service Component, which is the actual service. The second option is Microsoft Active Directory Connector Management Components, which is the administrative tools used to manage the ADC service. Select both options, and then click Next.

   
   Figure 4-2: Selecting ADC components to install

6. The next page of the wizard prompts you to choose an installation location. You can accept the default location of \Program Files\MSADC or you can choose a different location. After selecting an installation location, click Next.

7. Next, you must supply a service account to be used by the ADC service. The Account Name will default to the account you are currently logged in with. If you created a service account for Exchange Server, use it instead. Enter the password as required, and then click Next.

8. Setup copies the required files to your server and configures its service. Click Finish when it is done. If a screen still appears prompting you to click Next when the installation is done, do so, and then click Finish.

Exercise 2: Prepare Exchange Server 5.5 for Directory Synchronization

1. On Server01, from the Start menu, point to Programs, point to Microsoft Exchange, and click Exchange Administrator.

2. Expand the Site container, and then expand the Configuration container. Click the Protocols container, and then double-click LDAP (Directory) Site Defaults.

3. Because Server01 is an Active Directory domain controller, the default LDAP port (389) is already in use and cannot be used by the ADC. You will need to change the LDAP port to something else that is not in use, so change the LDAP port number to 1389, and click OK.

4. From the Start menu, point to Programs, point to Administrative Tools, and click Services. Restart the Microsoft Exchange System Attendant service, and click Yes when prompted to restart all the services that depend on it. Close Services when done.

Exercise 3: Configure Directory Synchronization Using ADC Tools

To configure the ADC using ADC Tools, perform the following steps:

1. Click the ADC Tools link to the left of the Active Directory Connector Services console. Click Set. This will bring up the Tool Settings screen, shown in Figure 4-3.

   
   Figure 4-3: Setting the server options for the ADC

   There are a few things to note about this configuration step. First, the Server field is where you specify your Exchange Server 5.5 server. Second, the Port field refers to the LDAP port for communicating with the Exchange Server 5.5 server. The default LDAP port (389) must be changed if you installed the ADC on a domain controller. This is because Active Directory uses LDAP, and there will be contention for the port. Whatever you changed the port to in the previous lesson using the Exchange Server 5.5 (if you followed my recommendation, the port should be 1389) Administrator utility will need to be matched here. Finally, note the Logging Location for the log files. This path defaults to the My Documents folder of the user that is currently logged in, but you can change it to any folder.

   Tip

   If you change the default LDAP port on the Exchange Server 5.5 server, you must restart the Microsoft Exchange services on the Exchange Server 5.5 server for the changes to take effect.

2. Click Run, which causes the wizard to collect information about your Exchange Server 5.5 site or sites. The Information field in ADC Tools displays information about the data collection—what was found and what steps will need to be performed to resolve any problems. The following is an example of output from this task:

   Pass 1 of 4: Resource Mailbox Scan (objects processed: 14) Warning: The Data Collection tool found objects that must be marked as resource mailboxes before they can be replicated to Active Directory. Running the Resource Mailbox Wizard in Step 3 will resolve these issues. Pass 2 of 4: Active Directory Connector Object Replication Check (objects processed: 19) Warning: The Data Collection tool found objects that are not replicated from the Exchange 5.5 directory to Active Directory. Running the Connection Agreement Wizard in Step 4 will resolve these issues. Pass 3 of 4: Active Directory Object Replication Scan (objects processed: 0) Active Directory Object Replication Scan completed. No unreplicated objects found. Pass 4 of 4: Active Directory Unmarked Resource Mailbox Scan (objects processed: 0) Active Directory Unmarked Resource Mailbox Scan completed. No problems found. The Data Collection tool found objects that must be marked as resource mailboxes before they can be replicated to Active Directory. Running the Resource Mailbox Wizard in Step 3 will resolve these issues. Finished Data Collection.

3. Next to Step 3, click Run. This will start the Resource Mailbox Wizard. This wizard helps to resolve any problems with Active Directory user accounts being mapped to multiple Exchange Server 5.5 mailboxes. As shown in Figure 4-4, you can choose the primary mailbox for each object found by the wizard. To set a resource, click the mailbox for the user, and then click Set As Primary (or Set As Resource if you are setting a resource mailbox). The reason for this is that there is a one-to-one relationship between Active Directory user accounts and Exchange Server mailboxes—a relationship that didn't exist under Windows NT 4 and Exchange Server 5.5. In the latter, it was common to have a resource mailbox, such as a mailbox called Payroll, associated with a user account. That user account might also be associated with a personal mailbox. To resolve this issue, when the wizard finds multiple mailboxes associated with a user account, you are prompted to define the mailbox as the primary mailbox for the user account, or as a resource mailbox. If you set it as a resource mailbox, a new disabled user account is created in Active Directory and is associated with the mailbox. When finished, click Next. Alternatively, you can export the list to a .csv file for further manipulation.

   
   Figure 4-4: The Resource Mailbox Wizard

4. Next, you will set the site credentials. As shown in Figure 4-5, supply an administrative account and password for each Exchange Server 5.5 site. Note that if you have changed your default LDAP port, you will need to choose Specify A Server rather than Automatically Discover A Server. Click Next to continue.

   
   Figure 4-5: Establishing administrative credentials for each site

5. The last page of the Resource Mailbox Wizard is a summary of actions the wizard will take. Click Next, and the wizard completes. Click Finish when it is done to return to the ADC Tools page.

6. Next, verify the results of the Resource Mailbox Wizard. Click Verify to complete this step. You will see the wizard perform a verification step. When finished, you should see text that tells you that verification completed without a problem. If there are problems, the text advises you what you need to fix by re-running the Resource Mailbox Wizard.

7. After verification completes, click Run in Step 4 to start the Connection Agreement Wizard. The wizard uses the information collected in Step 1 to recommend connection agreement settings between the Exchange Server 5.5 organization and Active Directory.

8. After the Welcome page, the first configuration step is to select a Default Windows Destination, as shown in Figure 4-6. This is the container in Active Directory that will be used as the default location for new objects that are replicated with the Exchange Server 5.5 directory. Usually the built-in Users container is a good choice, but depending on your organizational unit (OU) structure, you may choose another container. Select a container, and then click Next.

   
   Figure 4-6: Configuring a default Windows destination

9. The next page of the wizard is the Site Connections page, shown in Figure 4-7. Choose whether to configure a two-way connection agreement between Active Directory and Exchange Server 5.5 or a one-way connection agreement. A two-way connection agreement replicates in both directions, which means that changes made in Active Directory are replicated to the Exchange directory and vice versa. A one-way connection agreement can be established in either direction, if desired. The default is a two-way connection agreement, which you should accept by clicking Next.

   
   Figure 4-7: Configuring connection agreements

10. On the Site Credentials page, you must supply an administrative account and password for each Exchange Server 5.5 site. To do this, click the first Exchange Server 5.5 site and click Set Credentials. You can either type in the name of an administrative account or browse for one. Once you've entered an account, click OK to return to the Site Credentials page. Repeat the process for each Exchange Server 5.5 site, and then click Next to continue.

11. The next page of the wizard is the Domain Credentials page. Whereas site credentials validate your account in the Exchange Server 5.5 directory, domain credentials validate your account information in Active Directory. Click Set Credentials and enter the username and password for an account that has domain administrator permissions. Click OK, and then click Next to continue.

12. The wizard prompts you to choose what connection agreements to create. As shown in Figure 4-8, by default one agreement for users and mailboxes and one agreement for public folders are created. However, you can choose one or the other, if desired. After selecting the connection agreements, click Next.

    
    Figure 4-8: Configuring connection agreements

13. An installation summary similar to the one shown in Figure 4-9 lists the actions the wizard will perform. When you click Next, the connection agreements will be configured. When the process finishes, click Finish to return to the ADC Tools page.

    
    Figure 4-9: Connection agreement installation summary

14. Finally, verify the results of ADC Tools by clicking Verify in Step 4 next to Verify The Results Of ADC Tools. When verification is complete, the Information field will display the following:

    ADC Tools are complete and Active Directory Connector is successfully configured. Return to the Deployment Tools to continue your Exchange deployment. Finished verifying the results of the ADC Tools.

Exercise 4: Verify Directory Synchronization

1. Start Exchange Administrator if it is not open.

2. Navigate to the Recipients container and click it.

3. Click File, and then click New Mailbox.

4. Create a mailbox for Chris Meyer, choosing to create a new Windows NT account.

5. Create the user account as Chris, and click OK when Exchange prompts you that the account will be created with a blank password.

6. Click OK to finish creating the mailbox.

7. Open Active Directory Users And Computers and navigate to the Users container.

8. Observe that there is a user account for Chris Meyer, which verifies that the connector works. Quit the program.

Exercise 5: Create a Connection Agreement Manually

1. Right-click the Active Directory Connector (servername) container in the console and point to New. You'll see that as in the ADC Tools Wizard, you can configure a Recipient Connection Agreement or a Public Folders Connection Agreement. Click Recipient Connection Agreement.

   First, assign a name to the connection agreement. It should be something descriptive since complex organizations might have multiple ADCs with many connection agreements configured. The replication direction dictates how the replication data will flow, and if you have multiple ADCs in your Exchange organization, you can choose which server will manage the connection. Once you have filled in this information, click the Connections tab, shown in Figure 4-10.

   
   Figure 4-10: The Connections tab

2. On the Connections tab, fill in both sections for configuring two-way replication. You can also choose what authentication method to use. Note that on this tab, in the Exchange Server Information section, you can specify which port to use. This is for LDAP communication between the ADC and the Exchange Server 5.5 directory. If you need to change the port from the default 389, such as if the ADC is installed on a domain controller, you must match what you put here in the Exchange Server 5.5 directory.

3. The Schedule tab, shown in Figure 4-11, allows you to configure a schedule for replication. Depending on the size of your network and traffic patterns, you may want to alter the default schedule. Generally, you will not choose Always unless you are running on a small network or in a lab environment or if changes will not be made very regularly.

   
   Figure 4-11: The connection agreement schedule

4. Figure 4-12 shows the From Exchange tab, where you define what information you want to replicate from Exchange Server 5.5 to Windows (Active Directory). When you click Add, you are presented with a page that shows the Recipients container and any other custom containers you might have created. Select what you want to replicate and click OK. If you are setting up a one-way agreement replicating from Active Directory to Exchange, you won't need to configure anything on this page. The From Windows page, shown in Figure 4-13, defines what information is replicated from Active Directory to Exchange.

   
   Figure 4-12: Configuring replication from Exchange to Active Directory

   
   Figure 4-13: Configuring replication from Active Directory to Exchange

   Note

   This is an example of the power of configuring a connection agreement manually rather than using the ADC Tools Wizard. Here, you can specify multiple Active Directory OUs from which to draw data, whereas you can choose only a single OU when using ADC Tools.

5. Figure 4-14 shows the Deletion tab of a Properties dialog box with the default settings. Here you are able to establish how deleted items are handled.

   
   Figure 4-14: Configuring deleted item replication

6. The final configuration tab, the Advanced tab, is shown in Figure 4-15. There are a number of configuration options here. The first set of options is to define the page settings for Windows and Exchange replication. Paging groups together objects that will be replicated, resulting in better performance. Increasing the default setting of 20 will result in more objects being replicated at once, which translates into fewer replication requests. However, increasing the number also increases the amount of memory used. You can also define whether the connection agreement is inter-site or intra-site. By default, a connection agreement replicates between an Active Directory domain and an Exchange Server organization within the domain. However, you can also set the connection agreement to be an inter-organization agreement, which replicates between an Exchange Server 5.5 organization and an Active Directory domain that contains another Exchange Server 5.5 organization.

   
   Figure 4-15: The Advanced tab

   Other configuration options include whether the connection agreement is a primary connection agreement with respect to the Windows domain and the Exchange organization. A primary connection agreement is capable of creating new objects in its respective directory, whereas if you clear this check box, only existing objects are replicated. If you have multiple connection agreements, only one should be set as the primary agreement; otherwise, you could end up with duplicate objects being created. Another configuration option on this tab is what action to take when mailboxes are replicated and there is no corresponding Active Directory user account. The default action is to create a new disabled user account, but you can also choose to create a new enabled user account (created with a blank password) or to create a contact in Active Directory.

Lesson Review

The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson materials and then try the question again. You can find answers to the questions in the "Questions and Answers" section at the end of this chapter.

1. You are the network administrator for Litware, Inc. Your network consists of the litwareinc.com domain, as well as texas.litwareinc.com, dev.texas.litwareinc.com, and nebraska.litwareinc.com. The dev.texas.litwareinc.com domain has its own administrator, who administers only that domain. The administrator calls you and explains that they are trying to connect their Exchange Server 5.5 site to Active Directory in order to migrate it to Exchange Server 2003. However, when he attempts to install the ADC on one of the Windows 2000 Server SP4 domain controllers, Setup fails with an error that he doesn't have enough permissions. He is unsure what to do because he is using the domain administrator account for the procedure. What is the problem and how do you fix it for him?

2. You have a mixed-mode Windows Server 2003 domain with a Windows NT 4 member server running Exchange Server 5.5. You want to migrate to Exchange Server 2003, so you upgrade the server to Windows 2000 Server and attempt to install the ADC. However, Setup fails. You verify that your account has membership in the Schema Admins, Enterprise Admins, and Domain Admins groups. Where else would you look to resolve the problem?

3. You are the administrator of an Exchange Server 5.5 site that is being migrated to Exchange Server 2003. You install the ADC on your Windows 2000 Server domain controller and use ADC Tools to set up the directory synchronization. When you run the Resource Mailbox Wizard portion of the configuration and try to verify the settings, an error is returned that the server cannot be contacted. Up to this point, everything worked fine. What step did you miss in the process?

   1. Setting the LDAP port in the Exchange Server 5.5 site

   2. Manually specifying a server rather that automatically discovering one

   3. Supplying the correct Exchange Server 5.5 site credentials

   4. Running ADC Tools with an Enterprise Admins user account

4. You are performing a migration from Exchange Server 5.5 to Exchange Server 2003 for your organization, which has Active Directory domains contoso.com and fabrikam.com located in the same forest. There is a single Exchange Server 5.5 server in the contoso.com domain that handles e-mail for both domains. You install and configure the ADC on a Windows 2000 Server member server in contoso.com and configure directory synchronization. Later, you test and find that synchronization is working in the contoso.com domain but not in the fabrikam.com domain, even though it is the same Exchange Server 5.5 site. Why is synchronization not working?

Lesson Summary

• The ADC is used to provide directory synchronization between Active Directory and Exchange Server 5.5.

• To install the ADC, both Windows 2000 Server and Exchange Server 5.5 must be running SP3 or later.

• The user account used to install the ADC must be a member of the Enterprise Admins group, as well as the Schema Admins and Domain Admins groups.

• ADC Tools provides a series of wizards to help you configure directory synchronization.

• Advanced connection agreements can be configured manually with the Active Directory Connector Services management console.