Lesson 2: Directory Synchronization with Foreign Messaging Systems | MCSE Training Kit (Exam 70-225): Microsoft Exchange 2000 Server Design and Deployment (Pro-Certification)

A simple messaging connection does not seamlessly integrate your system. The Internet, for instance, is not an integrated environment, although it connects a vast number of messaging systems with each other. Internet users cannot access a global address book to conveniently address messages to every possible recipient. The messaging systems remain parts of separate environments. Among other things, this circumstance forces Internet users to maintain their address information themselves. To make a long story short, seamless system integration requires establishing a GAL across all involved systems so that they appear to the user as part of the same messaging environment.

This lesson focuses on issues concerning the directory synchronization of Exchange 2000 Server with foreign messaging systems. You can read about the various techniques to build a GAL across dissimilar systems and find guidelines for documenting and assessing existing directory synchronization infrastructures for integration with Exchange 2000 Server.

After this lesson, you will be able to

Identify essential components in your messaging environment that influence the options for directory synchronization with Exchange 2000 Server
Document specific and detailed information about all messaging systems that participate in directory synchronization in your messaging infrastructure
Determine whether an environment is ready for directory synchronization with Exchange 2000 Server

Estimated time to complete this lesson: 60 minutes

The Purpose of Directory Synchronization

Abstractly speaking, directory synchronization is the process of copying recipient information from one directory into another and vice versa. In this way, both directories can contain complete address information. From the user’s perspective, the entire environment then appears as a single homogenous messaging infrastructure. It doesn’t matter in which system the recipients actually reside; your users can always select the desired addressees conveniently from their address books (Figure 4.7). Because users do not need to specify address information explicitly, chances of human error, such as typos, are reduced. A properly functioning directory synchronization process can guarantee that messages are addressed correctly and are therefore deliverable.

Figure 4.7 - A global address list with recipients from foreign messaging systems

Note

Do not mistake directory synchronization for directory replication. Both are separate processes. Directory replication describes the process of synchronizing instances of the same directory object in a common directory namespace, such as the domain naming context (NC) in a Microsoft Windows 2000 domain. Directory synchronization, on the other hand, is a copying process between separate directories that do not share a common directory namespace.

Advantages of Directory Synchronization During Migration

Directory synchronization is a valuable feature when integrating Exchange 2000 Server into an existing environment. Directory synchronization helps both administrators and users. As soon as you migrate a user from one messaging system to Exchange 2000, the user’s recipient information disappears from the address book in the legacy system and reappears in the Exchange 2000 address lists. Without directory synchronization, users would find it difficult to communicate with each other because no address book would ever contain a complete address list. Suddenly, your users would have to maintain client-based address books, such as a folder for internal contacts in Microsoft Outlook 2000. Directory synchronization solves this problem. In addition, with a synchronized GAL, it is possible to create global distribution groups that contain recipients from all messaging systems.

Directory synchronization is also of great help to the administrator. When users are migrated to Exchange 2000 Server, their address information usually changes. The user is now <User>@<New System>, and directory synchronization propagates these changes to all participating messaging systems. You can read more about the importance of directory synchronization for a smooth migration to Exchange 2000 Server in Chapter 7, "Designing a Migration Plan to Microsoft Exchange 2000 Server."

Automated Directory Synchronization

As mentioned briefly in Lesson 1, all Exchange 2000 gateway connectors provide directory synchronization capabilities to exchange address information with the foreign messaging system automatically. For instance, you can use the MS Mail Connector to integrate Exchange 2000 Server into an existing Microsoft directory synchronization environment. The Connector to Lotus cc:Mail, on the other hand, allows you to synchronize addresses with cc:Mail, and the Lotus Notes and Novell GroupWise connectors provide similar functionality. Among other things, you can use Exchange 2000 to connect multiple directory synchronization environments. Figure 4.8 shows a possible configuration at Woodgrove Bank, where two Exchange 2000 servers are used to build a central switch for message transfer and automated directory synchronization.

Figure 4.8 - A unified messaging and addressing solution for Woodgrove’s environment

When talking about directory synchronization, keep in mind that Exchange 2000 Server does not maintain a proprietary directory. Directory synchronization is actually performed against Active Directory. This implies that you can use further directory synchronization products to keep directory information consistent. For instance, you can synchronize Active Directory with Novell Directory Services. To synchronize address information with earlier versions of Exchange Server, on the other hand, install the Active Directory Connector (ADC), as shown in Table 4.3.

Table 4.3 Directory Synchronization with Exchange 2000 Server and Active Directory

Foreign System	Synchronization Component	Comments
Exchange Server 5.5	Active Directory Connector (ADC)	Install the ADC and configure user connection agreements. The ADC of Exchange 2000 Server requires Exchange Server 5.5 Service Pack 3 (or higher).
MS Mail	MS Mail Connector	Exchange 2000 Server can act as a directory synchronization server or requestor.
Lotus cc:Mail	Connector to Lotus cc:Mail	Exchange 2000 Server can exchange directory information only with the connector post office. This post office must propagate the information across the cc:Mail environment via Automatic Directory Exchange (ADE).
Lotus Domino/Notes	Connector to Lotus Notes	Exchange 2000 Server exchanges address book information directly with the connector’s Domino server. The Domino administrator must ensure that the address information is replicated further to all other Domino servers and domains.
Novell GroupWise	Connector to Novell GroupWise	Novell GroupWise utilizes a separate directory from Novell Directory Services, but GroupWise user information is kept in both directories. If you replicate Novell Directory Services with Active Directory using Microsoft Directory Synchronization Services (MSDSS) and GroupWise address information using the Connector to Novell GroupWise, you may end up with duplicate directory entries. Use the Active Directory Cleanup Wizard to consolidate duplicate information into one mail-enabled account.
Other messaging systems	Possibly third-party gateways	Exchange 2000 Server does not provide directory synchronization with other messaging systems. Check with your vendor to determine whether a third- party gateway is available to synchronize recipient information. An alternative could be directory integration via Light-weight Directory Access Protocol (LDAP), supported by some UNIX-based systems.

Semiautomated Directory Synchronization

If you cannot choose any of the options mentioned in Table 4.3, for instance if you need to use an X.400 or SMTP connector or a third-party gateway that doesn’t support directory synchronization, you need to develop a strategy for a manual synchronization of address information. In fact, many organizations synchronize their directories this way. Once a week or on a monthly basis, a text file containing full GAL information is generated on a central message switch. This text file is then distributed to all locations where the administrators import the addresses into their messaging systems. Exchange 2000 Server can participate in this semiautomated directory synchronization.

Windows 2000 Server provides you with two very powerful console applications (LDIFDE.EXE and CSVDE.EXE) that support bulk export and import operations in Active Directory. LDIFDE.EXE works with information from LDAP Data Interchange Format (LDIF) files. LDIF is a file-format standard for batch operations against LDAP-conforming directories. CSVDE.EXE, on the other hand, uses comma-separated values (CSV) based export/import files. If you are an Exchange Server 5.5 administrator, you are probably familiar with .csv files and their purpose because the Exchange Administrator program was able to export and import recipient information in this format as well, although the directory attributes had different names in earlier versions of Exchange Server.

To give an example, the following comma-separated entries represent an import file for CSVDE.EXE:

 DN, objectClass, name, cn, displayName, mail, givenName,  proxyAddresses, mailNickname, targetAddress OU=Non-Exchange,DC=adventure-works,DC=com, organizationalUnit, Non-Exchange, , , , , , , CN=Leonard Zuvela,OU=Non-Exchange,DC=adventure-works,DC=com, contact,  Leonard Zuvela, Leonard Zuvela, Leonard Zuvela,  Leonard.Zuvela@adventure-works.com, Leonard, SMTP:Leonard.Zuvela@adventure-works.com;X400:c=us\;a= \;p=Adventure Works\;o=Exchange\;s=Zuvela\;g=Leonard\;, LeonardZuvela,  SMTP:Leonard.Zuvela@adventure-works.com

If you copy these entries into a file called EXPORT_IMPORT.CSV (or use any other name that suits you), and run the command CSVDE -F EXPORT_IMPORT.CSV -S <DOMAIN CONTROLLER NAME> -I under an account with administrative rights in Active Directory, you create an organizational unit (OU) and within it a mail-enabled contact object that points to a recipient in the messaging environment of adventure-works.com. Similarly, you can export recipient information from any OU using the following command: CSVDE -F EXPORT_IMPORT.CSV -S <DOMAIN CONTROLLER NAME> -D "OU=<OU NAME>,DC= ADVENTURE-WORKS,DC=COM. To display a list of all available commands, use CSVDE /?. The same command-line options apply to LDIFDE, only the file format differs.

The reason CSVDE is more useful to the Exchange administrator than LDIFDE is that .csv files are easier to process in Microsoft Excel. Usually, directory attributes differ between dissimilar messaging systems, and so do the import/ export files. Consequently, you need to map the information from the original text files to the appropriate directory attributes in Active Directory. You don’t want to do this yourself if you have to deal with 200,000 recipient objects! The first line in the import/export file, known as the header line, identifies the directory attributes, and the subsequent lines contain the values for each directory object (that is, mail-enabled contact). You would have to sort the information for each recipient. A simple Excel macro can do the job much better. For an example of how to process .csv import/export files using an Excel macro, open the EXPORT_IMPORT.XLS workspace from the \Chapter04\Examples directory on the Supplemental Course Materials CD. On the EXPORT_IMPORT.XLS worksheet, click the Run Excel Macro button. The macro takes the information from the Template worksheet and formats a .csv file for a directory import using CSVDE.EXE. You can read more about LDIFDE and CSVDE in the Windows 2000 Server Distributed Systems Guide of the Windows 2000 Server Resource Kit.

Documenting the Existing Directory Synchronization Infrastructure

The directory synchronization infrastructure is a logical arrangement of server resources that is not very obvious in the messaging infrastructure. For this reason, it is vital to document the directory synchronization topology to give the project team a clear understanding of available synchronization options. Precise documentation can save substantial time and effort during the later coexistence and migration phases because it facilitates the configuration and troubleshooting of appropriate messaging connectors.

When documenting the existing directory synchronization topology, include answers to the following questions:

Which systems participate in the directory synchronization?
How many addresses are included in the GAL?
How frequently do you need to perform the directory synchronization?
Are there dedicated directory synchronization servers, and which are they?
Who is responsible for the directory synchronization configuration and maintenance in each location?
Does your company enforce specific conventions for the GAL structure or custom attributes for directory objects?
Do policies and procedures exist to deal with incomplete address lists?

Tip

You can use the Directory Synchronization worksheet in the MESSAGING_ENVIRONMENT.XLS workspace as a guide to gather information about your directory synchronization topology.

Assessing Options for Directory Synchronization with Exchange 2000 Server

You should review the documentation about the existing messaging and directory synchronization infrastructure to determine an appropriate messaging connector for Exchange 2000 Server. You usually need to connect Exchange 2000 Server directly to the system that you want to exchange address information with. The principle is always the same: Exchange 2000 transfers its recipient information to a single post office or server in the foreign system, which then must distribute the address information to the remaining systems in its own environment. This implies that the propagation of address book information must function correctly in the existing messaging network. If Exchange 2000 Server’s directory synchronization partner does not have a consistent GAL, Exchange 2000 cannot provide its users with a complete GAL either. It is vital to fix any existing problems before the rollout of Exchange 2000 Server.

You may argue that this could require substantial optimizations in an environment that you are about to replace with Exchange 2000 Server anyway. However, if you cannot ensure a properly functioning propagation of address book information across the entire environment, consider semiautomated directory information in each messaging environment. You can read more about the advantages of directory synchronization with foreign messaging systems in Chapter 7, "Designing a Migration Plan to Microsoft Exchange 2000 Server."

Keep the following questions in mind when reviewing your documentation about the current directory synchronization topology:

Do you need to change the configuration of any existing systems to synchronize their addresses?
Is it possible to implement an appropriate messaging connector that supports the directory synchronization?
If automatic directory synchronization is not supported, will it be possible to develop a semiautomated directory synchronization process based on LDIFDE or CSVDE?
If neither automated nor semiautomated directory synchronization processes are supported, who will be responsible for manual updates?

Analyzing the Directory Synchronization Requirements for Adventure Works

Adventure Works use Exchange Server 5.5 as their enterprise messaging system with the server VAC-02-EX as the central replication hub. The sites in South Africa and Australia replicate their directory information to this server, which results in a hierarchical replication topology, as shown in Figure 4.9. The Exchange Server organization is not integrated with Active Directory yet.

Figure 4.9 - The directory replication topology of Adventure Works

Adventure Works assessed their existing directory replication and synchronization environment as follows:

Is it possible to connect Exchange 2000 Server to Exchange Server 5.5 using a connector that supports directory synchronization?
Yes. The ADC supports the synchronization of Exchange Server 5.5 with Active Directory and Exchange 2000 Server.
Is it necessary to change the existing directory synchronization topology to integrate Exchange 2000 Server?
Yes. The ADC is a requirement and must be installed to synchronize the existing Exchange organization with Active Directory before Exchange 2000 Server can be integrated.

Activity: Evaluating Options for Directory Synchronization

In this activity, you need to assess the two environments of Coho Vineyard & Winery and Woodgrove Bank for directory synchronization with Exchange 2000 Server. It is your task to determine possible synchronization methods and required topology changes to support directory synchronization.

Tip

You can use Figure B.11 in Appendix B as a guideline to accomplish this activity.

Scenario: Coho Vineyard & Winery

With the decision to migrate the existing messaging environment to Exchange 2000 Server in multiple stages, directory synchronization becomes an essential requirement for Coho Vineyard & Winery. Currently, no directory synchronization is performed because the current infrastructure relies on a single messaging host running Alt-N Technologies MDaemon PRO for Windows. MDaemon is capable of exporting recipient information to an LDAP server or into a comma-separated text file (Figure 4.10).

Figure 4.10 - The directory export capabilities of Alt-N Technologies MDaemon PRO for Windows

It is your task to identify possible options for directory synchronization.

Is it possible to connect Exchange 2000 Server to Alt-N Technologies MDaemon using a connector that supports directory synchronization?
Which directory synchronization option would you recommend and why?

Scenario: Woodgrove Bank

Woodgrove Bank has established an MS Mail directory synchronization topology in their site in Switzerland, which is used to automatically synchronize MS Mail and X.400 gateway addresses between all postoffices. The X.400 addresses refer to the recipients at all other locations of Woodgrove Bank. The MS Mail environment recognizes users in other locations as X.400 recipients, because the MS Mail network is connected to the bank’s messaging backbone via an MS Mail gateway to X.400. The MS Mail administrator, Luis Bonifaz, manually imports the X.400 address information weekly into the directory synchronization server. ZUR-01-EX is the directory synchronization server and the remaining postoffices are configured as directory synchronization requestors (Figure 4.11).

It is your task to identify possible options for directory synchronization.

Is it possible to connect Exchange 2000 Server to Woodgrove Bank’s MS Mail environment using a connector that supports directory synchronization?
Is it necessary to change the existing directory synchronization topology to integrate Exchange 2000 Server?

Lesson Summary

Seamless system integration requires establishing a GAL across the messaging environment. Directory synchronization is the means to accomplish this in environments with dissimilar systems. Basically, recipient information is copied from one directory into all other directories. In this way, all recipients appear in the GAL and to the user as members of the same messaging environment.

All gateway connectors of Exchange 2000 Server (that is, MS Mail Connector and the Connectors to Lotus cc:Mail, Lotus Notes, and Novell GroupWise) support directory synchronization. Because the directory synchronization is performed against Active Directory, you can use additional directory synchronization products to keep directory information consistent. For instance, you can integrate earlier versions of Exchange Server with Active Directory when you use the ADC.

Windows 2000 Server also provides you with two very powerful applications called LDIFDE.EXE and CSVDE.EXE, which you can use to synchronize directories in a semiautomated process. Simply export the address lists from the foreign messaging system, process the exported information in Excel, save the results in an .ldf or .csv file, and then import the recipients into Active Directory. Semiautomated directory synchronization is an option in environments where an appropriate gateway connector is not available or where automated directory synchronization is not configured.

Figure 4.11 - The current MS Mail directory synchronization infrastructure of Woodgrove Bank in Switzerland