Lesson 3: Troubleshooting Connectivity Between Active Directory and Exchange Server 5.5

Previous page
Table of content
Next page

Ideally, following the planning and installation instructions will lead to a seamless Exchange Server 2003 deployment. Realistically, there might be times when you have problems, as an Exchange organization can be very complex when it includes multiple sites with multiple servers. Effectively troubleshooting connectivity between Exchange Server 2003 and Exchange Server 5.5 is essential to administering a mixed-mode organization.

start example

After this lesson, you will be able to

  • Merge duplicate accounts

  • Troubleshoot the ADC

  • Troubleshoot the Site Replication Service

Estimated lesson time: 20 minutes

end example

Merging Duplicate Accounts

When you merge multiple directories, the possibility exists that you will encounter duplicate accounts. To handle this situation, Exchange Server 2003 comes with the Active Directory Account Cleanup Wizard (ADclean.exe). Duplicate accounts can result in performance problems with an Exchange organization and difficulty in authenticating users. However, handling duplicate accounts is not always as simple as deleting one account or the other that isn't needed. Sometimes both accounts contain information about the user that needs to be preserved. The Active Directory Account Cleanup Wizard solves this problem by allowing you to merge duplicate accounts, combining the settings from both.

The wizard attempts to identify duplicate accounts in Active Directory. You can have the wizard search Active Directory automatically and identify accounts, or you can manually specify accounts to be merged. You can also use a mixture of the two methods, by having the wizard do the bulk of the work by using its search capability, but manually specifying accounts that it does not recognize. Once the identification phase is complete, you have the ability to review and modify the merge operations that will take place. Once you are satisfied with the settings, you can either perform the actual merge operations or export the list of accounts to a .csv file to complete the merge process at a later time. This is useful if you are running the Active Directory Account Cleanup Wizard initially for informational purposes but do not want to have to redo the entire process later to perform the merge. At that time, you can import the .csv file into the wizard and complete the merge process.

There are a couple of scenarios in which you would most commonly run the Active Directory Account Cleanup Wizard. One scenario is after a migration from a Windows NT 4 domain, where you have some new disabled Active Directory user accounts that are duplicates of enabled Active Directory user accounts. You would run the wizard to merge the disabled and enabled accounts into a single account. Another scenario is to merge an Active Directory user account with a contact. You can do this provided that only one of the two being merged is mail-enabled, meaning it has an e-mail address associated with it.

You will use the Active Directory Account Cleanup Wizard to merge duplicate accounts in the practice at the end of this lesson.

Troubleshooting the ADC

Troubleshooting the ADC is usually related to replication issues. That is, objects configured in Exchange Server 5.5 are not being replicated to Active Directory and vice versa. There are a number of considerations when troubleshooting the ADC, both in a general sense and how it relates to Exchange Server 5.5 and Active Directory replication.

Basic ADC Troubleshooting

The following is a checklist to assist you in troubleshooting basic ADC problems.

  • Is the ADC service running?

  • Is a connection agreement configured between the Exchange Server computer and the Active Directory server?

  • Is the container that you are replicating displayed in the Export Containers list or under any of the containers that are displayed in the Export Containers list?

  • Is the Exchange Server 5.5 computer turned on and running? Is the Exchange Server 5.5 directory service running on the server?

  • If there is only one Active Directory server, is it online?

  • If you set up a connection agreement manually, did you select the object class that you are trying to replicate on both the From Windows and From Exchange tabs in the connection agreement properties?

  • In the connection agreement properties, on the General tab, did you select the directions that you want to replicate information to and from? Is the connection agreement configured to replicate in the direction you need?

  • Does the user account that you are using on the target directory have sufficient permissions to create or modify objects?

  • Are any error messages logged in the server Application log (for example, messages that indicate incorrect credentials, that a server is down, or other errors)?

If your settings are configured properly, and there are no errors being generated in the Application log, check the following situations to determine why replication is not taking place in the direction you need.

Replication from Exchange Server 5.5 to Active Directory

The following list contains situations when an object does not replicate from Exchange Server 5.5 to Active Directory:

  • Exchange object A matches Active Directory object B, but Active Directory object B was deleted.

  • Exchange object A matches Active Directory object B, but Active Directory object B is not in a domain to which the ADC can write (for example, a different tree or domain in the same forest).

  • The connection agreement is not an inter-organization connection agreement, and the ADC is matching a mailbox to a mail-enabled user. The ADC should match only to mailbox-enabled users.

  • The connection agreement is not an inter-organization connection agreement, and the ADC is matching a custom recipient or a distribution list to a mailbox-enabled user.

  • The server is not a bridgehead server for Active Directory, and the object could not be matched. In this case, the connection agreement does not create the object. To change this, open the properties of the connection agreement and, on the Advanced tab, select the This Is The Primary Connection Agreement For The Connected Windows Domain option.

Replication from Active Directory to Exchange Server 5.5

The following list contains scenarios in which an object does not replicate from Active Directory to Exchange Server 5.5.

  • Active Directory object A matches Exchange Server 5.5 object B, but Exchange Server 5.5 object B was deleted.

  • Active Directory object A matches Exchange Server 5.5 object B, but Exchange Server 5.5 object B is not in the same site as the Exchange Server 5.5 computer that is specified in the connection agreement.

  • The connection agreement is not the primary connection agreement for the Exchange organization. In this case, the connection agreement does not create the object. To change this, open the connection agreement properties and, on the Advanced tab, select the This Is The Primary Connection Agreement For The Connected Exchange Organization option.

  • The object in Active Directory does not contain e-mail information. An object must contain at least one of the following attributes to replicate to Exchange: mail, legacyExchangeDN, textEncodedORAddress, proxyAddresses, or msExchHomeServerName. A group object may contain the mailNickname attribute, and users or contact objects may contain the targetAddress attribute.

Diagnostic Logging

Diagnostic logging is a useful tool for troubleshooting the ADC. You can log several categories of errors generated by the ADC. Figure 4-22 shows the Diagnostic Logging tab in the Active Directory Connector Services console. Right-click the ADC, then click Properties, and then click the Diagnostic Logging tab.

click to expand
Figure 4-22: Active Directory Connector Diagnostics Logging

In general, you do not want to leave logging on, or at least not on very high levels. This is because logging will quickly fill up your Application log and make it difficult to find useful information in the Event Viewer. However, if you are troubleshooting, you can turn the logging up to maximum and then look at the Event Viewer to see the results. The logging categories are as follows:

  • Replication Messages about events that occurred during replication

  • Account Management Errors that occurred when writing or deleting objects during replication

  • Attribute Mapping Errors that occurred when mapping attributes between Exchange Server 5.5 and Active Directory

  • Service Controller Messages specifically related to services starting and stopping

  • LDAP Operations Errors that occurred while making LDAP calls to access Active Directory

    Exam Tip

    For the exam, focus more on the actual configuration of connection agreements than on diagnostic logging.

Troubleshooting the Site Replication Service

The Site Replication Service is generally self-managing and does not require much administrative effort. The primary things to check when an ADC connection agreement is configured and working properly but information is not being replicated between the Site Replication Service and Active Directory are as follows:

  • Ensure the Site Replication Service is running on an Exchange Server 2003 server.

  • Ensure the Config_CA connection agreement used by the Site Replication Service is configured properly with its settings pointing to the correct Exchange server and to an Active Directory domain controller. Use the Browse button to ensure that you select the exact names rather than trying to type them in.

  • Ensure that the LDAP port number is correct and that traffic can reach that port on the server running the Site Replication Service.

  • Recreate the connection agreement and possibly create a new Site Replication Service, and then remove the existing one.

Practice: Troubleshooting Connectivity between Active Directory and Exchange Server 5.5

In this practice, you will run the Active Directory Account Cleanup Wizard and merge duplicate accounts. Before you begin, you must have completed the exercises in Lesson 1.

Exercise 1: Merge Duplicate Accounts

  1. Start the Active Directory Account Cleanup Wizard on Server02. From the Start menu, point to All Programs, then point to Microsoft Exchange, then point to Deployment, and then click Active Directory Account Cleanup Wizard. When the wizard starts, click Next to bypass the Welcome page. The first step in cleaning up duplicate accounts is to identify them. Figure 4-23 shows the Identify Merging Accounts page of the wizard, which prompts you to select what containers to search and the search behavior. You can either have the wizard search or import a .csv file of merging accounts, or both. On the Identify Merging Accounts page, choose to have the wizard search for existing accounts in the Users container in Active Directory.

    click to expand
    Figure 4-23: Identifying duplicate accounts

  2. After identifying any duplicate accounts that exist, the wizard displays the Review Merging Accounts page, shown in Figure 4-24. If the wizard does not identify the accounts, click Add. Click Browse and find the user account for Nicole Carol as the Source Account and Nicole Holliday as the Target Account, as shown in Figure 4-24. Click OK, and then click Next.

    click to expand
    Figure 4-24: Reviewing accounts to be merged

  3. Depending on your organization, you might have many user accounts that were found as duplicates. The wizard allows you to begin the actual merge process or to export the merge information to a .csv file for later review. This is shown in Figure 4-25. Select the option to Export The List Of Merge Accounts To A File, and type c:\admerge.csv for the file name. Click Next to continue.

    click to expand
    Figure 4-25: Choosing to begin the merge or to export to a .csv file

  4. Click Next at the Summary page, and then click Finish.

  5. Open the file C:\Admerge.csv in Microsoft Notepad to review the account information. After you review the file, you are able to start the Active Directory Account Cleanup Wizard again and choose the option to import a merge file.

  6. Quit Notepad, and then start the Active Directory Account Cleanup Wizard again.

  7. On the Identify Merging Accounts page, clear the Search Entire Directory or selected containers check box, and select the check box for Import A List Of Merging Accounts. Browse and select C:\Admerge.csv, then click OK, and then click Next.

  8. Select Begin The Merge Process Now, and click Yes when prompted to confirm. Click Next to complete the merge process, and then click Finish.

  9. Start Active Directory Users And Computers, and verify that the user account for Nicole Carol is gone, having been merged into Nicole Holliday's account.

  10. If you chose the Begin The Merge Process Now option, the wizard warns you that you will not be able to unmerge the accounts later. Click Yes to confirm, and then click Next.

  11. When finished, the wizard shows an Accounts Merge Results page. Review the statistics to determine whether any failures were reported. The page also has a configurable log file location where it will store the results. Click Next, and then click Finish.

Lesson Review

The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson materials and then try the question again. You can find answers to the questions in the "Questions and Answers" section at the end of this chapter.

  1. You recently completed installing an Exchange Server 2003 server into your existing Exchange Server 5.5 organization. After using this environment for a week, you notice that objects you create in Active Directory are being replicated to the Exchange Server 5.5 directory, but not the other way around. Where would you look to troubleshoot this problem?

    1. The Site Replication Service

    2. The Config_CA connection agreement in the ADC

    3. The Users:domain connection agreement

    4. Check that the ADC service is running

  2. You are the Exchange Server administrator for a multidomain environment that has multiple Exchange Server 5.5 sites in the same organization. The company has approximately 20,000 employees located across North America. You installed ADCs as appropriate, and you installed an Exchange Server 2003 server in one of the sites. You run the Active Directory Account Cleanup Wizard, which identifies 225 duplicate accounts. What would be the best way to review these accounts prior to merging them?

  3. You are the senior Exchange Server administrator for Contoso, Ltd., which has two Exchange Server 5.5 sites in the same organization. One site is named NAmerica, and the other site is named Europe. Both are in the same contoso.com domain. The Exchange Server 2003 ADC has been deployed on a server in the NAmerica site. You notice that replication is working between Active Directory and both sites, but a particular account is not replicating between Active Directory and the Europe site. What is causing replication to fail?

    1. The user account matches an Exchange mailbox, but the mailbox is in the NAmerica site rather than in the Europe site.

    2. A connection agreement must be configured between Active Directory and the Europe site.

    3. An ADC must be installed on a server in the Europe site.

    4. An instance of the Site Replication Service must be installed in the Europe site.

Lesson Summary

  • Use the Active Directory Account Cleanup Wizard to merge duplicate accounts identified during the process of merging multiple directories.

  • Duplicate accounts can be searched for or entered manually when using the Active Directory Account Cleanup Wizard.

  • Troubleshooting the ADC and Site Replication Service usually involves resolving replication problems and connection agreements.



Previous page
Table of content
Next page
MCSA/MCSE Self-Paced Training Kit (Exam 70-284(c) Implementing and Managing Microsoft Exchange Server 2003)
MCSA/MCSE Self-Paced Training Kit (Exam 70-284): Implementing and Managing MicrosoftВ® Exchange Server 2003 (Pro-Certification)
ISBN: 0735618992
EAN: 2147483647
Year: 2003
Pages: 221
Authors: Will Willis, Ian McLean
BUY ON AMAZON
Certified Ethical Hacker Exam Prep
Strategies for Information Technology Governance
VBScript Programmers Reference
Systematic Software Testing (Artech House Computer Library)
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy