Lesson 2: Configuring Directory Synchronization | MCSE Training Kit Exam 70-224(c) Microsoft Exchange 2000 Server Implementation and Administration

So far, you have configured a connection to an MS Mail network. However, manually addressing MS Mail messages is a rather inconvenient task. Without directory synchronization, you must explicitly enter each MS Mail recipient's Network/Postoffice/Mailbox address (such as MSMAILNET/MSMAILPO/ADMIN). You cannot simply select a user-friendly address book entry such as Administrator. MS Mail users have the same problem if they want to send messages to Exchange users. To send a test message to the Exchange administrator, for instance, you would need to specify an address similar to BLUESKYAIR/EXCHANGE/ADMINISTRA. It is very useful to maintain server-based and postoffice-based address lists that let your users address e-mail messages conveniently.

This lesson introduces a way to maintain address information automatically between Exchange 2000 Server and MS Mail. It briefly addresses MS Mail Dirsync and then explains the roles that an Exchange 2000 server can assume in this process. The mapping of Exchange mailbox attributes to MS Mail template information is also covered.

At the end of this lesson, you will be able to:

Identify the components of Exchange 2000 Server that support the MS Mail Dirsync protocol.
Configure Exchange 2000 Server as a Dirsync server.
Configure Exchange 2000 Server as a Dirsync requestor.
Map the template information of MS Mail recipients to attributes of recipient objects in Active Directory.

Estimated time to complete this lesson: 60 minutes

MS Mail Directory Synchronization Events

The MS Mail Dirsync protocol, which updates MS Mail address lists, was introduced with Microsoft Mail for PC Networks version 3.0. It has not changed since then. Depending on the Dirsync schedule (once a day at most), an active process called Dispatch launches several programs to synchronize the address information of all postoffices in an MS Mail network based on e-mail messages.

Dirsync Server Versus Dirsync Requestors

Dirsync relies on a master postoffice known as the Dirsync server, which maintains global address information, in a file called MSTTRANS.GLB, centrally in the network. Traditionally, only one Dirsync server is supported in a native MS Mail environment. All other postoffices, configured as Dirsync requestors, must send their address changes to the Dirsync server. Once global address information has been updated on the Dirsync server, it is sent back to all Dirsync requestors to update all of their address lists (see Figure 26.4).

The Dirsync Cycle

A complete Dirsync cycle consists of three stages called T1, T2, and T3. During T1, the Dispatch program launches the processes to send address list updates to the Dirsync server. In other words, T1 is the beginning of a Dirsync cycle. Each configured requestor postoffice sends its address changes and a status report. Between T1 and T2, MS Mail MTA processes deliver the system messages to the Dirsync server (see Figure 26.4). During T2, the Dirsync server updates the Global Address List (GAL) and generates an update message for all those requestor postoffices that have transmitted at least a status report. In other words, a requestor that does not send any system messages to the Dirsync server during T1 does not receive any updates after T2. Between T2 and T3, update messages are sent back to the requestor postoffices via MS Mail MTA processes. During T3, requestors commit the address updates to the postoffice address lists.

click to view at full size

Figure 26.4 A classic Microsoft Mail Dirsync configuration

The following are the Dirsync phases and their descriptions:

T1. The Dispatch program launches a process called NSDA -RT, which starts the Reqmain -T process to run a T1 cycle according to the Dirsync schedule. Every Dirsync requestor maintains address list changes in a file called REQTRANS.GLB in the \Glb subdirectory of the postoffice. During T1, address changes are placed in an e-mail message that is addressed to the Dirsync server. A second message containing the current status information of the Requestor postoffice is also generated.
T2. Based on the Dirsync schedule of the Dirsync server, Dispatch launches the NSDA -S process, which starts Srvmain -R and Srvmain -T to perform the necessary processing. Srvmain -R causes the Dirsync server to obtain all changes from its system message queue. It places them in the GAL named MSTTRANS.GLB in the Dirsync server's \Glb subdirectory. It contains all address transactions of all Requestor postoffices. Srvmain -T then generates an update message for each Dirsync requestor containing the global address changes.
T3. Dispatch launches a process known as NSDA -RT, which starts three independent processes: Reqmain -R, Import, and the optional Rebuild process. Reqmain -R merges received messages in a file called SRVMAIN.GLB, which is in the \Glb subdirectory. After that, the MS Mail Import utility is launched with -Q parameter to commit the Dirsync updates to the postoffice address lists. Depending on the configuration, the start of the Rebuild program might complete the T3 cycle. Rebuild creates the GAL of the postoffice.

Directory Synchronization with Exchange 2000 Server

Exchange 2000 Server can participate in an MS Mail Dirsync as a Dirsync server or Dirsync requestor. A special Exchange 2000 Server component, the DXA, performs the Dirsync processing. It is implemented in a Windows 2000 service called Microsoft Exchange Directory Synchronization, which sends and receives address changes through the MTA and an MS Mail Connector (see Figure 26.5). Via Active Directory Services Interface (ADSI) and LDAP, the address information is committed to Active Directory in the form of recipient objects. When replicating an MS Mail mailbox of a user that does not own a Windows 2000 account, you can create an enabled or disabled account or a mail-enabled contact object. You can find more information about the maintenance of recipient objects in Active Directory in Chapter 13, "Creating and Managing Recipients."

click to view at full size

Figure 26.5 The architecture of the Directory Synchronization Agent

Dirsync Database

The DXA maintains a Dirsync database (XDIR.EDB), which resides in the \Program Files\Exchsrvr\Dxadata directory. Based on the information from XDIR.EDB, only new address changes are requested from Active Directory. Sending only updates in a Dirsync cycle helps to reduce the size of Dirsync messages. The DXA places the updates in an e-mail message and sends them to a Dirsync server or to Dirsync requestors depending on the DXA configuration. The DXA also receives updates through MS Mail Connector and MTA and commits them to Active Directory. The XDIR.EDB is continuously updated to keep track of transactions.

NOTE
Deleting the XDIR.EDB resets the MS Mail DirSync. Complete address list information is then exchanged in the next Dirsync cycle.

DXA as a Dirsync Server

An Exchange 2000 server can act as a Dirsync server in an MS Mail network. This has advantages and disadvantages. As a prerequisite, you must have a functioning MS Mail Connector, which transfers the Dirsync messages between the Exchange 2000 server and the requestor postoffices.

DXA Server Advantages

The DXA server can improve the flexibility of the MS Mail directory synchronization. For instance, the DXA service runs continuously and commits requestor updates to Active Directory as soon as they arrive. There is no delay in the form of a scheduled event. The scheduled T2 time affects only the generation of update messages that are sent back to the requestor postoffices. Using a DXA server, the Dirsync cycle can run more than once a day. In fact, it can theoretically run every 15 minutes if a requestor message was received in the meantime. As mentioned earlier, only requestors that have sent a T1 message since the last cycle will receive an update message. Furthermore, if you have deployed the MS Mail Connector on multiple servers in your organization, you can configure more than one DXA server to bind independent MS Mail networks together. This mechanism relies on Active Directory replication, which distributes address list updates across the entire organization. For instance, a second Exchange 2000 server in another administrative group can act as a DXA server for a different MS Mail network. Both MS Mail networks can perform directory synchronization as usual, and Active Directory will synchronize the DXA servers (in other words, the GALs of both MS Mail networks) in the background.

DXA Server Disadvantages

It is not an easy task to integrate a DXA server into an existing MS Mail Dirsync environment. The problem is not the DXA server itself, but what happens as a result of system reconfiguration. For example, if you have integrated Exchange 2000 Server into an MS Mail network of 10 postoffices containing 5000 mailboxes in all, you may want to refrain from configuring a DXA server. The DXA server would replace the current Dirsync server, which forces you to reset the MS Mail Dirsync configuration on every requestor postoffice. You would have to carry out a time-consuming and complex task using MS Mail low-level utilities, such as DSSCHED.EXE, LISTDS.EXE, and LISTQ.EXE, and all the work would generate a large amount of Dirsync messages, because 5000 mailboxes would have to be synchronized again. Also, postoffices would display incomplete address lists until you had reset every requestor and completed the Dirsync process. For detailed information about resetting the MS Mail Dirsync, see Application Note WA0725 from Microsoft Product Support Services (go to www.microsoft.com and search for WA0725).

DXA as a Dirsync Requestor

The DXA can act as either a DXA server or a DXA requestor, but it cannot do both at the same time. If you decide not to configure a DXA server but still want to take advantage of the MS Mail Dirsync, you must configure a Dirsync requestor (see Figure 26.6). A DXA operating as a requestor allows you to integrate an Exchange 2000 Server organization seamlessly into an MS Mail Dirsync environment. You need only configure a new requestor entry on the existing Dirsync server, and the DXA can synchronize address updates with the MS Mail network. Major configuration changes are not required.

click to view at full size

Figure 26.6 Exchange 2000 Server as a Dirsync requestor

DXA Requestor Limitations

The Dirsync server of a DXA requestor must be a regular MS Mail postoffice that processes the address updates of all requestors during T2. That is, you cannot configure the DXA as a requestor that sends address changes to another DXA configured as a DXA server. Hence, you cannot synchronize addresses of two independent Exchange 2000 Server organizations using the MS Mail Dirsync protocol. You cannot even carry out Dirsync between multiple organizations using an MS Mail postoffice acting as a relay DXA server between them.

NOTE
Because the DXA requestor must send address list changes to an MS Mail Dirsync server, you cannot run the Dirsync cycle more than once a day. As always in MS Mail, the Dirsync server performs the T2 processing of address list changes according to the schedule of the Dispatch program.

Configuring a DXA Server

Before configuring a DXA server, make sure you have configured and successfully tested your MS Mail Connector. To create a DXA server in Exchange System Manager, right-click the connectors object that you can find under <Organization Name>/Administrative Groups/<Administrative Group Name>/Routing Groups/<Routing Group Name> (such as Blue Sky Airlines (Exchange)/Administrative Groups/First Administrative Group/Routing Groups/First Routing Group). From the shortcut menu, point to New, and then select Dirsync Server. This displays the General tab of a new DXA server object. To distinguish the new DXA server object from all other configuration objects, you must specify an appropriate DXA server name in the Name box in the General tab. It is good practice to use a name that identifies the MS Mail network.

Tracking Directory Synchronization Messages

The DXA server incorporates address list changes of remote DirSync requestors automatically in Active Directory. MS Mail users are handled as recipient objects. In other words, if recipient objects appear for users of your MS Mail network, you know that Dirsync works. However, in cases of communication problems, you might wait a very long time without success. In this situation, it is useful to trace MS Mail Dirsync messages. You can copy them to an administrative mailbox that you need to specify under DirSync Administrator's Mailbox. Click on the Modify button to select the desired account. After that, you can select the Forward Incoming DirSync Messages To Administrator check box to receive a copy of requestor messages. You can also select the Copy Administrator On Outgoing Messages check box if you want to examine your DXA server's responses.

T2 Schedule

Using its activation schedule, the DXA server generates update messages for each requestor that has sent a T1 message since the last T2 cycle. In the Schedule tab, you can set when and how often the DXA is active. The shortest possible interval is 15 minutes. This does not, however, mean that the DXA server sends a particular MS Mail requestor an update message every 15 minutes (or 96 messages per day). Dirsync messages are processed once when they arrive.

Configuring Remote Dirsync Requestors

To complete the configuration, you must designate existing MS Mail requestor postoffices as remote Dirsync requestors. For this purpose, right-click the newly created DXA server object under Connectors, point to New, and then select the Remote Dirsync Requestor command. This will display the New Requestor dialog box, where you can select a desired MS Mail postoffice and click OK. The DXA server will refuse Dirsync messages from unregistered sources. The MS Mail Dirsync is based on a secured protocol. You can define a requestor password in the General tab of each remote Dirsync requestor object to increase security.

NOTE
A DXA requestor is an Exchange 2000 Server computer. A remote Dirsync requestor is an MS Mail postoffice.

General Remote Dirsync Requestor Properties

For every remote Dirsync requestor, you need to specify a name that refers to the new requestor configuration object. The name that you type in the General tab in the Name box should clearly identify the MS Mail postoffice. Optionally, you may append this name to the display name of imported users. The Export On Next Cycle check box allows you to send complete address information—not only the updates—to the requestor postoffice during the next Dirsync cycle, which is useful if the postoffice address lists appear incomplete.

Importing and Exporting Addresses

In the Import Container tab, you can specify a container that will maintain imported recipient objects for the selected requestor postoffice. You should create a dedicated organizational unit (OU) in Active Directory Users and Computers for this purpose. To select the desired OU for the remote Dirsync requestor, in the Import Container tab, click the Modify button. Exchange System Manager will prompt you to grant the machine account of your Exchange 2000 server (such as BLUESKY-SRV1) required permissions to create and modify recipients in the selected OU. Click Yes to update the permissions on the import container. You also can determine the type of recipient objects to create in Active Directory if replicated mailboxes do not have accounts in the Windows 2000 domain (that is, Create A Disabled Windows User Account, Create A New Windows User Account, and Create A Windows Contact).

In the Export Containers tab, in contrast, you can specify one or more OUs that will be exported to the remote requestor postoffice. The machine account of your Exchange 2000 server requires Read permissions on all OUs that you specify as export containers. Exchange System Manager can grant the required permissions to your server account. Furthermore, if you have decided to create Windows contacts for MS Mail mailboxes, make sure you select the Export Contacts check box if you want to synchronize address information between MS Mail post- offices. You can also include distribution groups in the Dirsync via the Export Groups check box.

NOTE
If you change the import container for an existing remote Dirsync requestor object later, do not forget to move all affected mailbox accounts from the former import container to the new OU. Recipient objects in the old OU will not be updated any longer.

Configuring a DXA Requestor

Configuring a DXA requestor is less complex than configuring a DXA server. This is not surprising because the DXA requestor is responsible only for itself. You can set several configuration parameters just as you do for a remote Dirsync requestor. For instance, you take the same steps to specify import and export OUs using the Import Container and Export Container tabs.

DXA Requestor Parameters

To create a DXA requestor, right-click the connectors object under <Organization Name>/Administrative Groups/<Administrative Group Name>/Routing Groups/<Routing Group Name>. Point to New, and then select the Dirsync Requestor command. A New Requestor dialog box will appear, asking you for the MS Mail Dirsync server postoffice. Select the correct postoffice, and click OK to launch the Properties dialog box, which asks for further information. In the General tab of the new DXA requestor object, you can set basic configuration parameters such as the name of the DXA requestor object and the requestor language. Several of the settings have the same effect that they do for a remote Dirsync requestor (the Append To Imported User's Display Name option, for example). Other parameters pertain only to a DXA requestor object, so you can specify which address types to accept from the Dirsync server.

NOTE
You must first configure an MS Mail Connector to connect the Exchange 2000 server to the MS Mail postoffice that represents the Dirsync server; otherwise, you cannot select the correct postoffice reference in the New Requestor window during DXA requestor creation.

T1 Schedule

Two Dirsync times are important for every requestor: T1 and T3. However, you have to schedule only the T1 time because updates are committed to Active Directory as soon as they reach the DXA. In the Schedule tab of the DXA requestor object, you can adjust the T1 time. By default, the DXA requestor sends its changes at midnight.

NOTE
It is sufficient to send one address update message to the MS Mail Dirsync server each day. The Mail Dirsync server incorporates the changes only once at T2 as scheduled for the Dispatch process.

Dirsync Parameters

Several settings of a DXA requestor refer directly to the MS Mail Dirsync protocol. As mentioned earlier for DXA servers, you can secure the communication between the Dirsync server and a requestor by using a password. Once you specify a password at the Dirsync server postoffice, the requestor must provide the password to synchronize addresses. You can enter this password in the Settings tab of the DXA requestor object.

You can also send all of the address information to the Dirsync server during the next Dirsync cycle by selecting the Export On Next Cycle check box. Activating the Import On Next Cycle check box, on the other hand, requests complete address information from the Dirsync server. As a result, all addresses are sent to the requestor during the next cycle. Both options are useful if you discover address inconsistencies between MS Mail and Exchange 2000 Server address information.

If you want to include detailed address information in the MS Mail Dirsync, select the Send Local Template Information and Receive Local Template Information check boxes.

Directory Synchronization Templates

MS Mail users can display detailed address information for recipients from their postoffice address lists. Exchange users can examine the properties and attributes of mailbox- and mail-enabled recipient objects using their address books as well. Therefore, you should map Exchange attributes to MS Mail address information (and vice versa) if MS Mail Dirsync has been configured. This way, Exchange users can examine detailed MS Mail address information, and MS Mail users can display additional information about recipients that seem to reside on the Connector PO address list (which is the MS Mail view of your organization).

MS Mail Address Templates

By default, the MS Mail system provides the alias name, display name, address type, postoffice name, network name, and the name of the mailbox. Using address templates, you can define additional information that is displayed if users examine the details of an address entry. For example, one such template, EXAMPLE.TPL, is in the \Tpl subdirectory of every postoffice installation. It has the following content:

 Employee Number:~17~6~NP~000001~ Name Title:~17~3~ULP~Mr~ Initials:~17~2~U~MD~ Surname:~17~15~ULP~Davis~ Division:~17~25~A~Electronic Mail~ Department:~17~15~A~Development~ Phone:~17~15~NP~(303) 555-4345~ FAX:~17~15~NP~(303) 555-1378~ Company:~17~25~LUNP~Microsoft Corp.~ Address 1:~17~50~A~1402 Washington Street~ Address 1:~17~50~A~Hollywood, FL~ Postal Code:~17~7~A~33021~ Phone:~17~15~NP~(303) 555-4345~ Group:~17~15~A~Mail Group~

These entries are only suggestions that you can adjust as needed; however, you must rename the EXAMPLE.TPL file as ADMIN.TPL for it to accept additional properties such as Phone, Company, or Address. You will find documentation in the MS Mail Administrator manual.

Mapping of Incoming and Outgoing Template Information

Exchange 2000 Server does not use template information. Detailed information is maintained in the form of recipient object attributes from Active Directory. To synchronize address details, you must map Active Directory attributes for recipient objects to postoffice template labels such as Phone, Company, or Address (see the preceding template listing). You can control the mapping using Exchange System Manager. The directory synchronization object, which can be found under <Organization Name>/Administrative Groups/<Administrative Group Name>/Servers/<Server Name> (such as Blue Sky Airlines (Exchange)/Administrative Groups/First Administrative Group/Servers/BLUESKY-SRV1), provides the required tabs. The most important Incoming Templates and Outgoing Templates. The directory synchronization object lets you configure the template transfer in one or both directions.

You can administer the incoming and outgoing template mappings in a similar way. Click the New button repeatedly to define the desired mappings. For instance, in the Incoming Template Mapping dialog box that appears when you click the New button in the Incoming Templates tab, you must enter the template string (such as Phone) manually. You can select the corresponding mailbox attribute from the Map The Attribute box. When you define mappings, you can rename template labels by assigning them different attributes. You can also suppress labels by leaving them unmapped. However, keep in mind that you must include the template information in the directory synchronization (via the Settings tab of the corresponding DXA requestor object).