Date post: | 07-Apr-2018 |
Category: |
Documents |
Upload: | sivasankar015 |
View: | 216 times |
Download: | 0 times |
of 35
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
1/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
Connection Exchange 5.5 toActive Directory Service
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
2/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
Microsoft Active Directory Connector
Installation
Deploying connection agreements
Administering connection agreements
Matching rules
Attribute mapping
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
3/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
Introduction
Exchange server 5.5 runs in windows NT
platform
It maintain its own directory in its enviroment
We require ADC connector tool to different
exchange versions
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
4/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
ADC Components
Connection Agreements
Define replication characteristics
Servers, credentials, schedule, export/importcontainer, etc.
ADC Policy
Defines how objects get matched
Defines how attributes flowService
Executes configured settings
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
5/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
ActiveActive
DirectoryDirectory
ExchangeExchange
5.55.5ADCADC
ADCADC
ADCADC
PolicyPolicy
ADC Components
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
6/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
ADC Connector
Type of ADC Connectors
Windows Server 2000 Version
Exchange 2000 Version
Exchange 2003 Version
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
7/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
ADC Installation
Consideration before installing ADC Connector
The account should be member of Schema and
Enterprise Admin group
You should run forestprep and domain prep to
install ADC
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
8/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
Merging Duplicate Account
Duplicate account can result in performance
problems with an exchange organisation and
difficult in authentication
The Active Directory Account Cleanup Wizard
solve the above problem (ADClean.exe)
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
9/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
Troubleshootingthe ADC
Checklist to troubleshoot ADC Problem Is the ADC service running?
Is there only one ADC Server, is it online?
Does the user account that you are using onthe target directory have sufficient permission
to create or modify objects?
Is a connection agreement configured betweenthe exchange server computer and the active
directory server?
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
10/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
Diagnostic Logging
Diagnostic Logging is a useful tool fortroubleshooting the ADC
The Logging categories are as follows
Replication
Account management]
Attribute mappingService Controller
LDAP Operations
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
11/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
InstallingThe Active Directory Connector
Permissions required to run Setup
Schema Administrator
Enterprise AdministratorService account permissions
Exchange 2000 Full Administrator (delegated from theorganization level)
Member of the Built-In\Administrators group for thedomain to which the server belongs
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
12/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
Understanding Your Exchange 5.5
Structure
Understand the location and container hierarchy of your:
Mailboxes
Custom recipientsDistribution lists
Exchange 5.5 site structure
How many Exchange 5.5 sites are there?
Determine from which Windows NT domain(s) yourExchange 5.5 mailboxes have associated WindowsNT accounts (for each 5.5 site)
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
13/35
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
14/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
Domain ADomain A
Domain BDomain B
Mailbox 1Mailbox 1Mailbox 2Mailbox 2
User AUser A
U
ser BU
ser BUser CUser C
User DUser D
Associated-NT-AccountMapping
Exchange 5.5Exchange 5.5
Site 1Site 1
Exchange 5.5Exchange 5.5Site 2Site 2
Mailbox 3Mailbox 3Mailbox 4Mailbox 4Mailbox 5Mailbox 5
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
15/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
ResourceMailbox Issue
Definition
Multiple mailboxes with same primary Windows NTaccount
Issue
How to link the correct mailbox to the correspondinguser object when one is a personal mailbox and theother is the resource mailbox
ADC should map personal mailbox to Windows NTaccount
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
16/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
Domain ADomain A
Domain BDomain B
Mailbox 1Mailbox 1Mailbox 2Mailbox 2
User AUser A
User BUser B
User CUser C
U
ser DU
ser D
Associated-NT-AccountMapping
Exchange 5.5Exchange 5.5
Site 1Site 1
Exchange 5.5Exchange 5.5
Site 2Site 2
Mailbox 3Mailbox 3Mailbox 4Mailbox 4
Mailbox 5Mailbox 5
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
17/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
Preparing Your Exchange 5.5 Directory
Set extension-attribute-10 with the valueNTDSNoMatch on ALL resource mailboxes
Run ntdsatrb tool
Formerly known as NTDSNoMatch
Searches Exchange 5.5 directory for ambiguousassociated-nt-accounts
Creates CSV file for import back into Exchange 5.5
Knowledge Base article Q274173
Included in the Exchange 2000 Resource Kit
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
18/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
One-Wayvs. Two-Way Connection
Agreements
One-way connection agreements
All mailbox management must occur from the sourcedirectory
Creation, modification, deletion
Cannot administer mailbox security on Exchange2000 mailboxes from Exchange 5.5
Two-way connection agreements
Mailbox management can occur from any directoryCannot administer mailbox security on Exchange2000 mailboxes from Exchange 5.5
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
19/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
Primary VS Non-Primary Connection Agreements
Active Directory
Primary connection agreements create objects if theydont already exist in the Active Directory
Exchange 5.5
Primary connection agreements create objects if no
legacy DN is specified on the Active Directory object
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
20/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
Single Exchange 5.5 Site Export
Use a single Exchange 5.5 site to export data into theActive Directory
Advantages
Fewer connection agreements to manageDisadvantages
Cannot manage Exchange 5.5 read-only sites
Replication latency for Address Book updates within
Active DirectoryOverhead when changing CA structure
Tombstone issues
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
21/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
Mailbox 1Mailbox 1Mailbox 2Mailbox 2Mailbox 3Mailbox 3Mailbox 4Mailbox 4Mailbox 5Mailbox 5
Exchange 5.5Exchange 5.5
Site 1Site 1
Exchange 5.5Exchange 5.5
Site 2Site 2Mailbox 1Mailbox 1Mailbox 2Mailbox 2Mailbox 3Mailbox 3Mailbox 4Mailbox 4
Mailbox 5Mailbox 5
Domain ADomain A
Domain BDomain B
User AUser A
User BUser B
User CUser C
User DUser D
Single Exchange 5.5 Site Export
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
22/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
Multiple Exchange 5.5 Site Export
Export only read/write replicas from Exchange 5.5 into theActive Directory
Advantages
Manage recipients anywhere
Less replication latency for Address Book updateswithin Active Directory
Disadvantages
Too many connection agreements to create andmanage!
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
23/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
Domain ADomain A
Domain BDomain B
Mailbox 1Mailbox 1Mailbox 2Mailbox 2Mailbox 3Mailbox 3Mailbox 4Mailbox 4Mailbox 5Mailbox 5
User AUser A
User BUser B
User CUser C
User DUser D
Multiple Exchange 5.5 Site Export
Exchange 5.5Exchange 5.5
Site 1Site 1
Exchange 5.5Exchange 5.5
Site 2Site 2Mailbox 1Mailbox 1Mailbox 2Mailbox 2Mailbox 3Mailbox 3Mailbox 4Mailbox 4
Mailbox 5Mailbox 5
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
24/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
Active Directory ConnectorManagement
Node
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
25/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
Active Directory ConnectorManagement
The Active Directory Connector Management nodeallows you to:
Customize attribute mapping rules
Customize object matching rules
assoc-nt-account = object-sid/sid-history (Exchange 5.5 Active Directory)
object-sid = assoc-nt-account (Active Directory Exchange 5.5)
Applies to all connection agreements
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
26/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
AttributeMapping
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
27/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
AttributeMapping
Attribute maps can be stored on both the ADCpolicy and connection agreement
msExchServer1SchemaMap (AD->Ex)msExchServer2SchemaMap (Ex->AD)
Local.map and remote.map files on the ADCinstallation media
Maps from both the policy and CA are merged
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
28/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
AttributeMapping Format
Source and target object-classEntire object-class hierarchy with a dollar delimiter ($)between each object-class
Example: user$organizationalPerson$person$top
Leaving this blank assumes all object-classes
Source and target attribute
LDAP-display-name of attribute
Prefix
Common value appended to source valueSyntax
DN Should always be used when mapping to a targetattribute which is of type DN syntaxed
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
29/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
ObjectMatchingUserInterface
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
30/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
ObjectMatchingRules
The UI allows you to match objects with the followingattributes
Exchange 5.5 (19 attributes)
object-guid, assoc-nt-account, mail-nickname, target-address, extension-attribute-1 15
Active Directory (22 attributes)
object-guid, legacy-exchange-dn, object-sid, sam-account-name, sid-history, smtp mail address, userprincipal name (upn), extension-attribute-1 15
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
31/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
Active Directory Connector ServiceNode
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
32/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
Diagnostics Logging
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
33/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
Active Directory Connector ServiceNode
Properties
The Active Directory Connector service node allows you to:
Enable diagnostic logging
Replication, account management, attribute
mapping, service controller, LDAP operations Registry key
HKLM\SYSTEM\CurrentControlSet\Services\MSADC\Diagnostics (DWORD)
1 = minimum, 3 = medium, 5 = maximum
TIP: To assist in troubleshooting, disable all CAs except the one youare concerned with.(Minimizes log output.)
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
34/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
Debugging ADC ReplicationIssues
Is the ADC started?
Do I have connection agreements ex
porting thenecessary containers?
Are there any errors in the event log?
Force replication of the connection agreement and
check event log for errorsTurn up event logs
8/6/2019 MCSE-06-Implementing of a Exchange Server 2003-08-Theory
35/35
ADVANTAGE PRO Chennais Premier Networking Training Centre
ALL THE BEST