Lesson 2: Directory Synchronization with Novell GroupWise | MCSE Training Kit Exam 70-224(c) Microsoft Exchange 2000 Server Implementation and Administration

It is advantageous to configure directory synchronization with Novell GroupWise to allow Exchange and GroupWise users to conveniently address e-mail messages to each other. Nevertheless, it is important to keep in mind that Novell GroupWise utilizes a separate directory from NDS, but GroupWise user information is kept in both directories. NDS may be replicated with Active Directory using Microsoft Directory Synchronization Services (MSDSS), as explained in Chapter 10, "MAPI-Based Clients in a Novell NetWare Environment." This synchronization, however, does not present recipient information in a way that allows Exchange or GroupWise users to address e-mail messages to each other. To achieve this, you need directory synchronization based on the Connector for Novell GroupWise. You may end up with duplicate account objects for NetWare users in your Windows 2000 forest. This behavior is expected and by design because MSDSS and the Connector for Novell GroupWise operate independently of each other. You can use the Active Directory Cleanup Wizard to consolidate duplicate information into one mail-enabled account. The Active Directory Cleanup Wizard was introduced in Chapter 6, "Coexistence with Previous Microsoft Exchange Server Versions."

This lesson concentrates on directory synchronization utilizing the Connector for Novell GroupWise. It explains in detail how Connector components interact with each other to synchronize Active Directory and GroupWise. It also describes important configuration tasks and how to update address information manually.

At the end of this lesson, you will be able to:

Describe the process of directory synchronization with Novell GroupWise.
Configure and test directory synchronization.

Estimated time to complete this lesson: 30 minutes

Directory Synchronization Overview

The Connector for Novell GroupWise shares several processes, including DXAMEX, with the Connector for Lotus Notes, as indicated in Lesson 1. The directory synchronization agent (LSDXA.EXE) uses DXAMEX to work with recipient information in Active Directory. LSDXA.EXE is likewise shared between the Connectors for Novell GroupWise and Lotus Notes. Consequently, directory synchronization with Novell GroupWise is similar to the directory synchronization with Lotus Domino/Notes, at least on the side of Exchange 2000 Server. On the Novell GroupWise side, LSDXA.EXE uses the DXAGWISE process to generate administrator messages for directory synchronization, which are then transferred to the API Gateway by means of the Router for Novell GroupWise (see Figure 29.10).

click to view at full size

Figure 29.10 Directory synchronization with Novell GroupWise

Directory Synchronization Process and Interprocess Communication

Directory synchronization with Novell GroupWise relies on two directory structures, which are the \Temp and \Gwrouter subdirectories in the connector store \Program Files\Exchsrvr\Conndata. DXAMEX and DXAGWISE use the \Temp directory to transfer address information between each other in the form of message interchange format (MIF) files. These files are temporary and exist only during directory synchronization cycles. They are called DXAGWISE.TXT for address information to GroupWise and DXAMEX.TXT for address information to Active Directory (see Figure 29.10).

The responsibilities of DXAMEX and DXAGWISE are as follows:

For directory synchronization from Active Directory to GroupWise, DXAMEX extracts recipient information from export containers in Active Directory and saves the data in DXAGWISE.TXT. In the opposite direction, DXAMEX applies the content of DXAMEX.TXT to an import container in Active Directory.
For directory synchronization from Active Directory to GroupWise, DXAGWISE generates administrator messages to add, modify, or delete users, which are placed in the \Gwrouter\Togwise directory for the router service to transfer them to the API Gateway's API_IN directory. In the opposite direction, DXAGWISE places a request (this time for a list of GroupWise users) in the form of an administrator message in the \Gwrouter\Togwise directory as well. The router service transfers this message into API_IN on the NetWare server. API Gateway, GroupWise MTA, and POA handle the request. The results are returned in as an .api file through the API_OUT directory. The router service picks this file up and places it into \Gwrouter\Dirsync. DXAGWISE receives the recipient information from there and writes updates or the complete list (Full Load) to DXAMEX.TXT.

NOTE
To examine the content of GroupWise administrator messages, stop the API Gateway and then perform directory synchronization. Request files are delivered to the API_IN directory. After that, stop the Connector for Novell GroupWise and start the API Gateway. A response file will be returned through API_OUT.

Configuring Directory Synchronization

Before configuring directory synchronization, make sure that the Connector configuration is tested and performs reliably. Directory synchronization can fill the Connector's message queues with numerous messages if there are transfer problems.

Importing Address Information

You need to specify an import container where recipient objects for GroupWise users will be created. This container is an OU that will receive Active Directory recipient objects for GroupWise users. It is a good idea to create a dedicated OU for this purpose in Active Directory Users and Computers before configuring directory synchronization using Exchange System Manager. You can specify the desired OU in the Import Container tab by clicking Modify. Exchange System Manager will prompt you to grant your Exchange 2000 Server account (such as BLUESKY-SRV1) Create and Modify permissions for the selected OU. Click Yes to update the permissions on the import container automatically.

NOTE
If you change the import container at a later time, do not forget to move affected recipient objects to the new OU to make sure they are updated properly.

You also can determine the type of recipient objects to create in Active Directory if replicated mailboxes do not have accounts in the Windows 2000 domain (that is, Create A Disabled Windows User Account, Create A New Windows User Account, and Create A Windows Contact).

Furthermore, you can select which recipients to accept through these options: Import All Directory Entries, Only Import Directory Entries Of These Formats, and Do Not Import Directory Entries Of These Formats. The default Import All Directory Entries option imports all addresses in the specified OU. The remaining two options allow you to restrict the address information. In this case, you can define corresponding import filters using the New ?button. For example, you can specify GWDOMAIN.*.* under Directory Entry Format in the Import Filter dialog box to prevent the import of GroupWise recipient objects that reside in a GroupWise domain called GWDOMAIN.

Specifying Exported Addresses

To export recipient information to GroupWise, specify one or many export containers in the Export Container tab. Similar to the import container, export containers are OUs in Active Directory. The machine account of your Exchange 2000 server requires Read permissions on all OUs specified as export containers. Exchange System Manager can grant the required permissions to the server account for you.

You can synchronize Windows contacts created for recipients in other messaging environments, such as Lotus Notes users synchronized using the Connector for Lotus Notes, when you enable the Export Contacts check box. To synchronize distribution group information, make sure the Export Groups check box is selected. Groups appear as user objects in the target directories. Membership information is not synchronized. For this reason, you need to enable the distribution list expansion feature of the API Gateway, as explained in Lesson 1.

NOTE
Distribution lists and GroupWise resource accounts are synchronized as user objects.

Testing Directory Synchronization

It is a good idea to test directory synchronization after configuration. It is also advisable to run directory synchronization manually whenever you are under the impression that address lists appear incomplete. The required controls for manual synchronization are in the Connector's Dirsync Schedule tab. The most important ones are the Immediate Full Reload buttons under Exchange To GroupWise Directory Synchronization and GroupWise To Exchange Directory Synchronization. Click them to force the immediate synchronization of all available address information. If the Connector is working properly, you will find associated addresses in the import container and GroupWise once the synchronization cycle completes.

NOTE
It is good practice to examine the processing phases of the Directory Synchronization agents in the Exchange Connectivity Administrator right after you click the Immediate Full Reload button.

Scheduling Directory Synchronization

When you are confident that everything works, configure the Connector for automatic directory synchronization. This is disabled by default, but you can enable it by clicking Customize to open the Schedule dialog box, where you can set your individual synchronization schedule or select a predefined schedule from the drop-down menu. It is usually sufficient to synchronize address information once every day, such as daily at midnight. Shorter intervals may be necessary during migration from Novell GroupWise to Exchange 2000 Server, when recipient information changes more frequently.