Copyright
©1996, Que Corporation. All rights reserved. No part of this book
may be used or reproduced in any form or by any means, or stored in a database
or retrieval system without prior written permission of the publisher except
in the case of brief quotations embodied in critical articles and reviews.
Making copies of any part of this book for any purpose other than your
own personal use is a violation of United States copyright laws. For information,
address Que Corporation, 201 West 103rd Street, Indianapolis,
IN 46290 or at support@mcp .com.
Notice: This material is excerpted from Special Edition Using Microsoft Exchange Server, ISBN: 0-7897-0687-3. The electronic version of this material has not been through the final proof reading stage that the book goes through before being published in printed form. Some errors may exist here that are corrected before the book is published. This material is provided "as is" without any warranty of any kind.
In chapter 2,"Understanding Exchange's Organization and Sites," you learned general concepts about how directory replication and synchronization work in an Exchange organization. This section teaches you how to set up and configure directory replication and synchronization in Microsoft Exchange Server.
This chapter assumes the following:
In this chapter, you learn the following:
Understanding Exchange Replication
Just for a quick review, directory replication is the process by which Exchange server shared updated user directory data. This process occurs between servers in an Exchange site as well as between servers in different sites throughout your organization. The following sections describe the steps you will use to set up replication between your Exchange servers.
Directory Replication Within a Site
Directory replication within a Microsoft Exchange Server site is automatic. The replication function is handled by the directory service and is always in operation while that service is running. This process requires no maintenance other than making certain that the servers in a site can exchange standard messaging information.
Mean time between replication requests is approximately five minutes, which means that a directory change effected on one server ripples through to each server in a site within five minutes. Network load and available bandwidth affect this process.
Following is an example of how a directory change propagates through an Exchange site:
Directory replication within a site is automatic. If you do not want a specific recipient to be copied during replication, you must make it hidden.
Replication Between Sites
The replication of directory information between two Microsoft Exchange sites is the second logical step in maintaining a cohesive directory structure within your organization. This section covers replication between the following:
The principal tool used to set up directory replication is the directory replication connector. It handles the exchange of all directory information. As the administrator, you need only provide the site names and the names of the appropriate bridgehead servers to establish a replication connector.
Setting up replication between two Microsoft Exchange sites involves three steps:
1. Create a directory replication connector for both sties.
2. Identify the bridgehead server at each site that is responsible for transferring directory updates.
3. Establish a replication schedule to determine how often directory updates will traverse a site link.
The following sections provide details on configuration for specific situations. The general steps for setting up directory replication, however, are the same for all types of networks.
This section describes the procedure for using directory replication between two Exchange sites physically connected on the same local area network. Typically, this means high bandwith links between groups of servers in close geographical proximity. In the real world, this can be two distinct corporate divisions in the same building for example. Whatever the case, your Exchange servers will be able to communicate with each other over your standard network connections and will not require the use of any additional transport mechanism
The following is a list of requirements before setting up replication between sites on the same network:
To set up directory replication between sites on the same network, follow these steps:
1. Open a New Directory Replication Connector from the Administrator program's File menu under New Other. The New Directory Replication Connector dialog box appears (see fig. 17.1).
Use this dialog box to set New Directory Replication Connector options.
2. From the Remote Site Name drop-down list, select the site to which you want to connect.
3. In the Server in Remote Site box, type the name of the remote server.
4. Click the radio button labeled Yes, the Remote Site Is Available on This Network.
You almost always choose this option when both sites are on the same LAN, because the option saves you time and reduces configuration errors. Only external situations, such as administrative security restriction within a company, might require separate configuration of such directory replication connectors. For example, an Admin on one site may not be given sufficient administrative privileges of the remote site to establish a connection alone.
5. Click the Configure Both Sites check box. This option automatically creates and configures a corresponding directory connector at the remote site.
6. Click OK to proceed to the Directory Replication Connector property pages.
Because both servers are on the same LAN, Exchange can locate the site and communicate with the remote server via remote procedure calls. You need to specify only the remote site's name in the New Site Connector dialog box.
To facilitate the interchange of directory data between sites, you must designate replication bridgehead servers. These servers process directory update requests from other bridgehead servers and also generate their own requests for updates. A one-to-one relationship must exist between bridgehead servers for sites that exchange directory information.
Following are a few example situations:
Fig. 17.2
Directory replication across multiple bridgehead servers.
Fig. 17.3
Setting up multiple directory replication connectors.
In the preceding examples, directory information between the MELBOURNE and BOSTON sites is synchronized automatically by the sites' common link, LOSANGELES.
You set up bridgehead servers in the Exchange Administrator program. To designate bridgehead servers, follow these steps:
1. Click the General tab of the Directory Replication Connector Properties dialog box (see fig. 17.4).
General tab of the Directory Replication Connector Properties dialog box.
2. From the Local Bridgehead Server drop-down list, select the local server that will handle incoming and outgoing directory update requests. The default selection is the name of the Exchange server on which you are currently logged in.
3. From the Remote Bridgehead Server drop-down list, select the server at the remote site that will receive and request updated directory information.
After you establish a directory replication connector, you can change the local bridgehead server for that connector, but make sure that you update the remote connector to reflect the change. Usually is best not to make such changes and to plan in advance for a situation that might require you to change this information. If you must change the local bridgehead server, this change will prompt Exhange to reinitiate is replication cycle.
Sites located on different logical LANs can share directory information almost as easily as sites on the same lan. Because you cannot use a site connector to link bridgehead servers, however, you must configure a custom connector to that site.
The following conditions must exist before you setup directory replication between sites on different lans:
To set up directory replication between sites on different networks, follow these steps:
1. Open a New Directory Replication Connector from the Admnistrator program's File menu under New Other. The New Directory Replication Connector dialog box appears.
2. Click the radio button labeled No, the Remote Site Is Not Available on This Network. This will highlight the two input boxes below it.
3. In the Remote Site Name box, type the name of the remote site with which you are establishing replication.
4. In the Server in Remote Site, type the name of the remote bridgehead server.
5. Click OK to proceed to the Directory Replication Connector property pages.
When you configure replication between two sites that are not on the same network, you must supply the e-mail address of the bridgehead's server directory. Follow these steps:
1. Click the Addressing tab of the Directory Replication Connector dialog box. The Addressing dialog box appears.
2. In a new connector, you see a blank address space for the remote bridgehead's server directory.
3. Click the Modify button. The New Entry dialog box appears.
4. Select the address type that you want to create. This type should be identical to the type of connector used to transmit normal messaging data between sites. LOSANGELES and MELBOURNE, for example, are linked via a private X.400 link, so the address selection in the New Entry box should be X.400.
5. The next dialog box will be different depending on what address type you selected in the preceding step.
Directory updates transmitted between bridgehead servers are executed according to an administrator-defined schedule. You need to evaluate the following elements before you decide on an appropriate replication schedule:
The first three items are related. If replication traffic is heavy between the two sites (if directory objects are frequently added, deleted, or modified, for example), this will affect available bandwidth. Sometimes, you have to have a frequent replication schedule to maintain an accurate global address list.
Scheduling constraints that arise due to the type of site link used. This is especially the casewhen using part-time connections.
The site link between LOSANGELES and SANFRAN, for example, is established by a Dynamic RAS Connection. Three times a day, a modem connection to the SANFRAN site is established; the connection is maintained for 30 minutes and then closed. You must configure the directory replication connector to transmit data when the network connection is up; otherwise, the connector may attempt to transfer directory updates through a nonexistent link.
To configure the replication schedule, follow these steps:
1. Click the Schedule tab of the Directory Replication Connector dialog box (see fig. 17.5).
Schedule tab of the Directory Replication Connector dialog box.
2. Click one of the three radio buttons in the top-left corner of the dialog box:
3. If you chose Selected Times in step 2, click one the Detail View radio buttons (1 Hour or 15 Minute) to view the time grid in different increments.
4. Select the block(s) of time during which you want replication to occur by clicking on the schedule grid.
5. If you are done configuring all other tabs for this connector, click OK. Otherwise, click another tab to continue making adjustments.
Following are two general recommendations on scheduling replication time:
Viewing a Site's Directory Data
After you configure both directory replication connectors and establish directory replication between two sites, you can view all sites with which you are exchanging directory data. This is the case since, not only will the local site receive directory updates from the immediately connected remote site, but also every other remote site with which that site is replicating data.
To view inbound and outbound sites, click the Sites tab of the Directory Replication Connector dialog box. Inbound sites are those from which the local site receives directory updates. Outbound sites are those to which directory updates are sent.
In an example earlier in this chapter, you created a directory replication connector to MELBOURNE to LOSANGELES. After the first successful replication request, you see the site names displayed in the Sites tab, as shown in figure 17.6.
The Directory Replication Connector Sites Property Page shows which sites are sharing directory information.
LOSANGELES is displayed in the Inbound Sites list; BOSTON also appears in the list because it is involved in the process as a whole. The Outbound Sites list displays only MELBOURNE because it is the one site to that sends directory updates directly.
You also can use the Sites tab to request directory updates from selected inbound sites. You might need to request a directory update in the following situations:
To request a directory update, follow these steps:
1. Click the Sites tab of the Directory Replication Connector dialog box.
2. Select the site from which you want to request directory updates. (You can select multiple sites by Shift+clicking them.)
3. Click Request Now.
Directory Synchronization
The third logical step to maintaining an up-to-date address list is directory synchronization (dirsync). Directory synchronization is the process by which a Microsoft Exchange server shares address information with other messaging systems. Dirsync in Exchange is based on the Microsoft Mail directory-synchronization protocol, which is widely supported by many messaging systems.
This section covers the setup and configuration of dirsync between Exchange and MS Mail, as well as between Exchange and foreign systems that support the MS Mail dirsync protocol.
Before you begin, you must verify the following information about your Exchange setup:
Following is a brief review of how directory synchronization works and of the tools that you use to set up dirsync in Microsoft Exchange.
The MS Mail dirsync protocol has two principal elements:
Microsoft Exchange Server includes one principal component—the Directory Synchronization Agent (DXA)—that operates directory synchronization. The Exchange DXA can act as either a dirsync sever or requestor. In standard MS Mail dirsync, the dirsync server maintains a server address list. Exchange uses the Global Address List to replace the server address list.???Author--Last sentence: What function?--KS -rp
When Exchange receives external addresses that are imported during synchronization, the addresses are stored in the directory as custom recipients.
A single Microsoft Exchange server can act as a requestor for multiple MS Mail dirsync servers. To avoid errors, make sure that you do not set up multiple dirsync requestors to connect to the same dirsync server.
Do not set up more than one dirsync requestor to the same dirsync server in your organization. Doing so can result in corruption of directory information, including duplicate entries when the two sites attempt to exchange updates.
Follow these steps to create an Exchange requestor:
1. In the Administrator window, select a site in your organization.
2. Click the Connections icon. Your list of current connection objects appears.
3. Choose File, New Other, Directory Exchange Requestor. The New Requestor dialog box appears (see fig. 17.7).
This is the new Directory Exchange Requestor dialog box
4. From the list of post offices defined in the MS Mail connector, choose the dirsync server that you will use. If you are setting up a requestor for a non-MS Mail system, select <Non MS Mail Dirsync Server> (this procedure will be detailed in the following Setting up directory synchronization with foreign systems section)
5. Click OK. The property pages for your new requestor appear.
Now you must set up properties in each of the available tabs, as described in the following sections.
The General tab allows you to name and configure the basic dirsync requestor roperties. Follow these steps to configure from where to request directory updates and select the address types supported by this requestor.
1. Type the name of the requestor. You have 255 characters to give this requestor with a name that should also identify the Exchange server site (see fig. 17.8). Check the Append to imported Users' Display Name box to add the requestor name to each custom recipient that is created in the DXA process.
The Dirsync Requestor General Properties Page lets you set the nuts and bolts options for a dirsync requestor.
2. Click the Dirsync Address button to bring up the Exchange address list. From that list select the custom recipient that pertains to your dirsync server.
You must first create a Custom Recipient for the dirsync server with which this requestor will be exchanging dirsync messages. That custom recipient can be any MS Mail or compatible directory synchronization server in your organization. See chapter 15 for information creating custom recipients.
3. In the Address Types section, check all the types that you want this requestor to obtain from the dirsync server. By default, MS Mail addresses are sent and received. If you choose an address type that the server cannot provide, the MS Mail default format (proxy) address are extracted instead.
4. The Requestor Language pull-down menu allows you to select the default address language template. Use the pull-down menu to choose a language template.
5. In the Administrative Note box, type any comments (up to 1,024 characters) that you feel are pertinent to this situation. The note is visible only in this tab.
6. The Server pull-down menu allows you to change the server at the local site that will handle this directory synchronization requestor. The default selection is the current server. Choose an Exchange server from the pull-down menu. A single Exchange server can be either a dirsync server or requestor, but not both. Also only one requestor can be set up per Exchange server.
7. Click Apply to set these properties and continue setting other properties.
8. When you finish making settings, click OK to return to the Administrator program.
An Import Container is the recipient container that receives imported information from a dirsync server. This tab allows you to assign trust levels to the imported directory objects.
Because trust levels are exclusive to Microsoft Exchange Server, any imported recipients will not have trust levels assigned. The import container settings gives that object a trust level that Exchange uses to determine replication security. As in any other case of trust-level use, only objects that have a trust level equal to or lower to the trust level of the next site are replicated.
See chapter 12 for a discussion on how trust levels in affect directory information sharing in an organization.
If you are using multiple requestors to multiple dirsync servers but do not want directory information to be shared between those dirsync servers, you must create a separate container for each group that is imported.
Suppose that you are using Exchange servers MELBOURNE07 and MELBOURNE08 as requestors to two Microsoft Mail network dirsync servers and that you do not want the MS Mail networks to share recipient information. You set each requestor to import to a diffferent recipient container in the MELBOURNE site, each with different trust levels. When synchronization occurs, each list of recipients is imported into its own container (with its own trust level). The information is not mixed and is not synchronized to the other MS Mail server because of the trust level settings.
The following steps describe how to configure the Import Container tab.
1. Click the Import Container tab of dirsync requestor property pages(see fig. 17.9).
The Import Container tab.
2. The Import Container box shows the current selected recipient. (The box is blank for a new setup.)
3. Click the Container button to display all container recipients. The Import Container dialog box appears (see fig. 17.10).
Specify where you want incoming recipients to be stored.
4. Select the recipient container in which you want all the custom recipients to be imported.
5. Click OK to return to the Import Container tab.
6. Enter a number in the Trust Level box. The default is 20.
7. Click Apply to set these properties and continue setting other properties.
8. When you finish making settings, click OK to return to the Administrator program.
After you choose a directory import container, you are stuck with it. The only way to alter where directory information is stored is to delete the requestor and set up a new one.
An export container holds the directory data that an Exchange requestor sends out during synchronization. By default, a requestor does not send out any containers. If you need to export directory information via a requestor, follow this procedure:
1. Click the Export Containers tab of the dirsync requestor's property pages(see fig. 17.11).
The Export Containers tab.
2. To start exporting from a container, select it in the Recipient Containers list and then click Add.
3. To remove an exported container, select it in the Export These Recipients list and then click Remove.
4. Use the Site pull-down menu to view recipient containers from other sites and select those for export(optional).
5. In the Trust Level box, set a general trust level for this export function. Individual objects within the selected container(s) are exported only if their trust-level settings are is equal to or less than the setting in this box.
6. If you do not want to include custom Exchange recipients in the export procedure, click the Export Custom Recipients check box to clear it.
7. Click Apply to set these properties and continue settingother properties.
8. When you finish making settings, click OK to return to the Administrator program.
The Settings tab allows you to set advanced properties for a directory synchronization connector.
To configure the Settings tab, follow these steps:
1. Click the Settings tab of the Directory Exchange Requestor property pages(see fig. 17.12).
The Settings tab.
2. The Dirsync Password box allows you to give this requestor a password to use when it sends directory updates to a dirsync server. Enter a password if one is needed to access the desired dirsync server. The password is selected when you set up the dirsync server on the remote system. If a password is not needed to access the dirsync server, then leave this space blank.
3. The Participation checkboxes let you define how this requestor is
involved in synchronization. Click the appropriate checkbox for how you
want this requestor to function:
Send Updates -The requestor will export directory information to a
dirsync server
Receive Updates -The requestor will import directory information from
a dirsync server. By default both boxes are checked. If neither is checked,
then the requestor will not operate.
4. (Optional) Choose one of the following Template Information options:
5. Choose one of the following Dirsync Information options, which force the connector to import or export (or both) all appropriate information to the dirsync sever:
6. Click Apply to set these properties and continue setting other properties.
7. When you finish making settings, click OK to return to the Administrator program.
The Schedule tab allows you to set the time when update messages are transmitted to the directory synchronization sever.
The verification messages or updates from the dirsync server are handled automatically.
To set the requestor's schedule, follow these steps:
1. Click the Schedule tab of the dirsync requestor's property pages(see fig. 17.13).
The Schedule tab.
2. In the grid, click the boxes to select the time when you want directoryupdate messages to be exchanges with the dirsync server. Update messages are sent at the beginning of the selected time. By default (if you don't select a specific time), dirsync messages are automatically scheduled for transmission at midnight.
3. Click Apply to set these properties and continue setting other properties.
4. When you finish making settings, click OK to return to the Administrator program.
This chapter has covered all the available options for configuring a Directory Exchange Requestor. You must now configure the MS Mail dirsync server to accept your new Exchange requestor. There are two primary settings to configure:
Password
You must configure the MS Mail Directory Exchange server to recognize your new Microsoft Exchange requestor. If you selected a password in the Settings tab, remember to include it in your configuration. Your MS Mail for PC documentation will guide you through this process.
E-mail address
When you configure your MS Mail dirsync server to recognize your new Exchange requestor, you need the MS Mail network and post-office e-mail address of the local site. The local site's Site Addressing property pages contain this information.
Another way to integrate Microsoft Exchange into directory synchronization with MS Mail-compatible networks is to set up a directory synchronization server (also called a dirsync server) on Exchange. Then you can use standard MS Mail requestors on remote machines to participate in directory synchronization.
Following are the general steps for setting up Exchange as a dirsync server:
Although you can have multiple Exchange dirsync servers in your organization, you can have only one for each Microsoft Exchange site.
When you create a new directory exchange server, it automatically gets an e-mail address based on the MS Mail address type for the local site. Because you can have only one directory exchange server per site, no addressing conflicts can exist.
To create a new directory exchange server in the Administrator program, choose File, New Other, Dirsync Server. If you have already set up another directory synchronization server in this site, the new Dirsync Server option is not available.
To configure an existing server from the Administrator program, follow these steps:
1. Click the Connections icon under the desired Exchange site.
2. From the list of connections icons, click the icon of your current dirsync server. By default, the name for this object is "DXA server".
3. Choose File, Properties to open the dirsync server property pages.
The following sections cover configuration of the dirsync server's property pages.
To set general properties, follow this procedure:
1. Click the General tab of the dirsync server's property pages(see fig. 17.14).
The General tab of the DXA Properties dialog box.
2. In the Name box, type a unique name for this dirsync server. (You are allowed to use 64 characters.)
3. (Optional) select a dirsync administrator that will receive dirsync status and error messages, click the Dirsync Administrator button. The Exchange address List dialog box appears. Type or select a name (a user, public folder, or distribution list), and click OK. You return to the General tab.
4. To send a copy of each outgoing update to the administrator, click the Copy Administrator on Outgoing Messages check box.
5. To view each incoming update message from each requestor, click the Forward Incoming Dirsync Messages to Administrator check box.
By default, neither Copy Administrator on Outgoing Messages nor Forward Incoming Dirsync Messages to Administrator is selected. Typically, you would choose these options only for troubleshooting purposes.
6. If you want, enter comments (up to 1,024 characters) in the Administrative Note box. The comments will be visible only in this tab.
7. Use the Server pull-down menu to select the Microsoft Exchange server computer that will host the directory synchronization process. By default, the current Exchange server is selected.
8. Click Apply to set these properties and continue setting other properties.
9. When you finish making settings, click OK to return to the Administrator program.
The Schedule tab defines when the directory synchronization server sends updates to its requestors. Server updates are independent of the schedule under which the requestors send their updates to the server. Directory updates are sent to requestors at the beginning of the scheduled hour.
To set the schedule, follow these steps:
1. Click the Schedule tab in the dirsync serverproperty pages.
2. In the time grid, select the times when you want this dirsync server to send update messages to its requestors.
3. Click Apply to set these properties and continue setting other properties.
4. When you finish making settings, click OK to return to the Administrator program.
Defining Remote Directory Synchronization Requestors
Just as you do with a standard MS Mail directory synchronization server, you must identify and define each remote requestor that will be communicating updates to the local Exchange dirsync server. Setting up each remote requestor involves two steps:
These two steps make your Exchange directory synchronization server aware of its requestors. Review the following section of to verify that a remote requestor is properly configured and able to communicate with the local Exchange dirsync server.
To create a new remote dirsync requestor, follow these steps:
1. In the Administrator program, choose File, New Other, Remote Dirsync Requestor. The property pages for a new remote sirsync requestor appear.
The New Remote Dirsync Requestor command is unavailable until you set up a Microsoft Exchange directory synchronization server.
The following sections describe the tabs that you configure for a remote dirsyncrequestor.
To set general properties, follow these steps:
2. Click the General tab of the Remote Dirsync Requestor property pages.
3. Type a display name (up to 255 character) for this remote dirsync requestor. This name is displayed as the directory exchange server object name in the Administrator program.
4. Check the Append to Created Users' Display Name check box to this requestor's display name to each recipient created when synchronizing address with this requestor. This is useful for keeping track of a recipient's origin.
5. Click the Dirsync Click the Dirsync Address button to bring up the Exchange address list. From that list select the custom recipient that pertains to the remote dirsync requestor.
You must first create a custom recipient for each remote dirsync requestor to provide address information about the requestor.
6. Enter a password in the password box is your Exchange dirsync server requests one during sychronization. By default, this box is blank. If you do use a password for security, remember to set the same password on the remote MS Mail requestor to avoid authentication errors.
7. The Request Address Type box specifies the format in which address updates are set. MS (the default) is used by MS Mail (PC) and other compatible directory exchange requestors. Select MSA if you are synchronizing directories with a Microsoft Mail for AppleTalk network.
8. Use the Requestor Language pull-down menu to change the default language template use follow addressing exchange.
9. Click the Export On Next Cycle check box to send all address information to the remote requestor during the next synchronization session. By default, this option is not selected. Keep in mind that all directory information is exported automatically when you first configure a remote requestor.
10. If you want, enter comments (up to 1,024 characters) in the Administrative Note box. These comments will be visible only in this tab.
11. Click Apply to set these properties and continue setting other properties.
12. When you finish making settings, click OK to return to the Administrator program.
Much as you do in setting up directory exchange requestors, you use import containers to assign trust levels to objects that are being imported.
Because trust levels are exclusive to Microsoft Exchange Server, any imported recipients will not have trust levels assigned. The import container gives that object a trust level that you set in the Import Container tab. As in any other case of trust-level use, only objects that have a trust level equal to or lower to the the next site's trust level are replicated. The following step cover Import Container tab configuration.
1. Click the Import Container tab of the Remote Dirsync Requestor property pages (see fig. 17.15).
Choose the container in which imported recipients will be stored.
2. The Import Container box shows the name of the recipient container that stores the imported addresses. By default, this box is blank. Click the Container button to select a recipient container. All you current recipient container appear in a dialog box. Select one container to hold directory imports and click OK to return to the Import Container tab.
3. In the Trust Level box, assign a trust level to the import container. (The default setting is 20.) Remember that only objects that have a trust level equal to or lower than the setting in this box will be updated during synchronization.
4. Click Apply to set these properties and continue setting other properties.
5. When you finish making settings, click OK to return to the Administrator program.
You cannot modify import containers after you create them. If you must change where information is placed, you must delete the existing container and create a new one.
The Export Containers tab specifies what information is sent out to the remote requestor during directory synchronization. By default, no information from the local site is exported. To configure data export, follow these steps:
1. Click the Export Containers tab in the Remote Dirsync Requestor property pages(see fig. 17.16).
The Export Containers tab.
2. In the Export These Recipients list, select the container that you want to export; then click Add.
3. To stop exporting a container, select it in the Export These Recipients list; then click Remove.
4. Use the Site pull-down menu to to view other sites' containers, to which you can export recipients.
5. In the Trust Level box, set a trust level to limit replication of certain objects in the containers that you selected to export.
6. Click the Export Custom Recipients check box to include those recipients in synchronization. By default, this option is selected.
7. Click Apply to set these properties and continue setting other properties.
8. When you finish making settings, click OK to return to the Administrator program.
Configuring Remote Requestors
The final step in establishing directory synchronization between a Microsoft Exchange directory synchronization server and remote requestors is configuring the remote requestors on the MS Mail or compatible sytems.
The following sections provide general recommendations on configuring directory synchronization requestors on the following types of remote systems:
Microsoft Mail for PC Networks 3.X Directory Synchronization Requestor
The requestor that you are most likely to set up is one for a MS Mail for PC network. Standard MS Mail requestor programs connect to Exchange directory synchronization servers through the MS Mail connector as though the requestor were of the standard MS Mail type.. You need to configure the requestor from within your MS Mail administrator program. Consult your Microsoft documentation for the procedure.
Before you configure the requestor, make sure that you have met all of the following conditions:
You can test the operation of a MS Mail connection by entering the address of your recipient manually in the "to" line of the Exchange client.
Directory Synchronization Between Exchange and Microsoft Mail for AppleTalk Networks
This section is dedicated to a discussion on address list sharing between Exchange and a Microsoft Mail for AppleTalk network. These solutions, though functional, are a poor substitute for the use of a Macintosh Exchange client directly. Primarily these solutions will be used as a stop gap in preparation for an eventual complete migration to Exchange. Existing MS Mail AppleTalk servers can act as requestors to standard MS Mail (PC) dirsync servers. By pointing the Macintosh dirsync requestor to an Exchange dirsync server, your Mac servers can begin sharing address lists with your Exchange organization.
The first part of this section will cover the set up of a Directory Exchange Requestor in an MS Mail for AppleTalk networks.
The directory synchronization requestor for MS Mail AppleTalk is installed with the Microsoft Exchange connection gateway.
Before you configure the MS Mail AppleTalk requestor, confirm the following situations:
If you do not set the requestor to receive messages in MSA format, duplicate entries are created in the MS Mail AppleTalk address list.
If you have met all the preceding conditions, you are ready to continue setting up the directory synchronization requestor. If you have been looking at a Windows screen layout all day, the following steps could be a nice change of pace.
When you set up directory synchronization, you need to configure three principal requestor options. You must log in as the network manager on your MS Mail AppleTalk server to make all configuration and administrative functions available. The next sections describe how to set the following:
1. Open the Microsoft Exchange Connection folder on the Macintosh MS Mail server.
2. Click the Microsoft Exchange Connection Directory Exchange Requestor icon.
3. The first time you open a new requestor, the dialog box shown in figure appears. Type your network manager password, and click OK.
4. The first time you set up a requestor a configure dialog box appears. Subsequently, you must select Application from the Configure menu.
5. The Send Directory at box allows you to enter the time when directory updates are sent to the Microsoft Exchange dirsync server. Use the 24 hour format hh:mm. By default this time is set to 4 a.m.
6. The Receive Updates at box allows you to enter the time when the requestor scans the Network Manager's inbox for directory updates.
7. In the Exchange Network box, enter the network name of the MS Mail connector.
8. In the Exchange PO box, enter the post office name of the MS Mail connector. This information is available on the Exchange MS Mail connector's Local Postoffice property page.
9. Use the Exchange Password box if you have also set a password in the corresponding Microsoft Exchange server remote dirsync requestor object. By default, this box is blank.
10. DXA Mailbox specifies the Exchange server mailbox to which the requestor will send update messages. By default this is $SYSTEM. Normally you do not want to change this setting.
11. The Network Manager box defines the MS Mail AppleTalk account to receive address list updates from the Exchange dirsync server. By default, this mailbox is Network Manager. The Password field is the for the account specified in the Network Manager box.
12. Requestor Name refers to the corresponding remote directory exchange requestor as set in the Exchange server directory.
13. The Fault Tolerance check box enables tracking of address updates. Synchronization numbers are created and used to recover address when an error occurs. This will avoid having to do manual directory import and export. By default this is checked.
14. Include Server In Friendly Name sets all MS Mail AppleTalk addresses to display as user@servername. By default this is checked.
15. The Export World List check box when not checked will cease all updates being sent to the Exchange dirsync server. By default this is checked.
16. Click OK to save new settings and close the Configure dialog box. Click revert to keep previous settings.
If you are configuring this requestor for the first time, the Gateway dialog box appears
If this not your first time configuring this requestor, then from the Configure menu choose Select Gateway.
In this dialog box, you must select a Gateway. This is the passage through which messaging data will reach the Exchange server. By default this is the connection gateway. Choose your preferred gateway and then click the Select button.
Address filters allow you to specify the address types that you want to receive from the Exchange server.
To configure address filtering, follow these steps:
1. Open the Address filtering dialog box. If you just proceeded from gateway box, this is already open.
2. Check each address type you want to request from the Exchange dirsync server.
3. Click OK to save your settings and move on, or click Revert to return to the previous settings.
4. Open the Microsoft Exchange Connection folder in Macintosh Finder.
5. Double click the MS Mail Appletalk directory exchange requestor icon to start it. The requestor starts, and a status dialog appears.
6. The status display refreshes when the system receives directory update messages.
If the requestor is not given the network manager name and password, or if you are not currently logged is a Network Manager, then the request will run as a foreground application, locking the desktop and preventing you from running other applications. However, if you have given the password, or are logged in as the Network Manager, then the application runs in the background.
To stop the requestor, choose File, Quit.
It is convenient to make the Macintosh dirsync requestor a startup item so you do not need to manually launch the application every time you restart the system. To make the requestor a startup item, follow these steps:
1. Make an alias of the directory exchange requestor. Do this by highlighting the requestor icon, then choose File, Make Alias.
2. Move the alias to the Startup Items folder inside the Macintosh System Folder.
As network manager, you may want to execute a few maintenance tasks as part of administrating Exchange directory synchronization from the MS Mail AppleTalk end. Those tasks are importing a complete list of addresses, exporting a complete local address list, and resynchronizing that information.
To import a complete list of known addresses, follow these steps:
1. Start the Exchange Connection Directory Exchange Requestor by double clicking its icon in the Macintosh Finder.
2. Choose File, Import Directory. The Import Directory dialog box appears.
3. Choose Changes Since Last Update Only to immediately request the addresses that have changed since the last directory synchronization cycle.
4. Alternatively, click the Complete Directory radio button and then click OK to import all available addresses of the selected type.
5. Click OK to finalize your settings.
To verify that imports have proceeded correctly, you need to start MS Mail AppleTalk manually and choose Mail, Gateway Recipient. A dialog box appear that lists the new recipients. All requested information should be available in this list after you receive an import confirmation message from the dirsync server.
Exporting Directory Information to Microsoft Exchange Server
The previous section described how to get MS Mail AppleTalk to receive addresses from Exchange. The following section describes how to update the Exchange address list with changes made on the MS Mail AppleTalk server. You will do this by telling the Exchange Connection software to export its contents to the Exchange dirsync server. The following steps describe the steps necessary to accomplish this:
1. Start the Exchange Connection Directory Exchange requestor by double clicking its icon in the Macintosh Finder.
2. Choose File, Export Directory.
3. Choose Changes Since Last Update Only to immediately request the addresses that have changed since the last directory synchronization cycle.
4. Alternatively, click the Complete Directory radio button to import all available addresses of the selected type.
5. Click OK to commence directory export.
After the Exchange server processes these update requests, it sends a confirmation message and a status report to the network manager's mailbox.
Another option is to export the local MS Mail AppleTalk addresses into a text-file format that the MS Mail (PC) import utility can read. Use this alternative when other methods are not operational.
To export the addresses (also called the word list) manually, follow these steps:
1. Start the Exchange Connection Directory Exchange Requestor by double clicking its icon in the Macintosh Finder.
2. Choose Save to File from the File menu. A dialog box appears asking you for a location to save your exported information.
3. Select the folder in which you want to save your file.
4. In the Dump Work List Into box, type a file name. A unique identifiable name is recommended (perhaps including the date of the export for future reference).
5. Click OK to complete the export.
You can open the exported file with any text editor. All your addresses should be in that file, displayed in the following format:
(MS Mail is the address type of this entry.)
Removing MS Mail AppleTalk or Exchange Server Addresses
Sometimes, you need to remove all MS Mail for AppleTalk recipients from the Exchange address list, and vice versa. This situation occurs when MS Mail AppleTalk users become full-fledged Microsoft Exchange clients.
To remove MS Mail AppleTalk recipients from the Exchange server address list, follow this procedure:
1. Start the Exchange Connection Directory Exchange Requestor by double clicking its icon in the Macinstosh Finder.
2. Choose Remove Mac Names from Exchange from the File menu. A confirmation dialog box appears to verify that you actually want to do this.
3. Click OK. Every MS Mail AppleTalk and gateway recipient is removed from the Exchange global address list.
If you suddenly realize that you really needed the addresses, you have to import them to restore the entries. Subsequent directory synchronization cycles do not replace deleted entries.
Removing Exchange Recipients from the MS Mail AppleTalk Local Address List
Follow this procedure to delete Exchange recipients from MS Mail AppleTalk:
1. Start the Exchange Connection Directory Exchange Requestor by double clicking its Icon in the Macintosh Finder.
2. Choose Remove Exchange Names from Mac from the File menu. A confirmation dialog box appears to verify that you actually want to do this.
3. Click OK. Every Microsoft Exchange recipient in the local directory is deleted from the MS Mail AppleTalk word list.
Resynchronizing Address Information
As directory synchronization occurs, updates are exchanged, and the network manager receives periodic messages confirming that the process is operational and that changes have been incorporated.
Sometimes, this process does not operate smoothly. In such cases, the requestor gives you the option of forcing resynchronization of the entire system manually.
If you believe that your system is out of sync, follow these steps:
1. Log on as network manager.
2. Start the Exchange connection directory exchange requestor by double clicking its icon in the Macintosh Finder.
3. Choose Resync Cycle from the File menu. The Directory Exchange Requestor proceeds to restart its synchronization cycle.
The requestor receives the global address list from the Exchange server and resets the send/receive cycle.
If you get a message stating that the directory synchronization cycle is out of phase, you should initiate a complete directory refresh (import and export) between both systems. As described in the preceding sections, you should import the Exchange global address list and export the local address list to the Exchange dirsync server.
The MS Mail AppleTalk directory exchange requestor keeps a log of all its activities. This log is a text file stored inside the Preferences folder (in the System Folder). Any standard text editor displays this file.
This file logs all directory exchange requestor activities, so the file could be very large if it is heavily used. Make sure that you delete or clear the file on a periodic basis. Confirming that synchronization is functional before you delete any log entries is a good idea.
Configuring Foreign Directory Exchange Requestors
Any foreign system that conforms with Microsoft Mail 3.X directory synchronization protocol can connect to an Exchange dirsync server. You probably need to consult your appropriate documentation for the process, but following are some general recommendations to follow before you configure synchronization with foreign systems:
Configuring Microsoft Directory Exchange Agent (DXA) Settings
The DXA is the Exchange component that actually runs the dirsync server and requestor. By default, the DXA is configured to allow both sever and requestor processes to run. You can modify general settings for the DXA, as described in the following sections. The DXA is configured through an object named Directory Synchronization on each Exchange server in your site.
See chapter 12 for more information on configuring all directory services on Exchange.
The the Directory Syncrhonization General tab allows you to choose the server that carries out the DXA functions. Any server at the site is eligible, but always take into consideration other functions that a server is performing. To choose a server, follow these steps:
1. In the Administrator program, select a site in your organization.
2. Click the Servers icon to list the Exchange servers in this site.
3. Select the Microsoft Exchange server that you want to configure.
4. Select the Directory Synchronization object.
5. Click the General tab in the Microsoft Directory Synchronization object.
6. Use the Administrator Note box, type any additional comments you may want to add.
7. Click Apply to set these properties and continue setting other properties.
8. When you finish making settings, click OK to return to the Administrator program.
The e-mail addresses are used to send and receive synchronization update messages. You willThe e-mail addresses property page to create, modify, or delete these addresses. By default, Microsoft Exchange server automatically generates MS Mail (PC), X.400, and SMTP addresses for each DXA. Several services, such as dirsync requestors and servers, use these addresses for communication with the DXA.
To create or modify Microsoft DXA addresses, follow this procedure:
1. Click the E-Mail Addresses tab.
2. To change an existing address, select it and then click Edit. The dialog box for its particular address type appears.
3. To create a new address for this DXA, click New. Select what type of e-mail address you want to add, then type in all necessary addressing informaation. Click OK to return to the E-Mail Addresses tab.
4. To delete an existing address, select it, click Remove, and click OK to confirm the deletion.
5. Click Apply to set these properties and continue setting other properties.
6. When you finish making settings, click OK to return to the Administrator program.
Many other Exchange services use these addresses. If you plan to change or delete them without appropriate consideration of such services, directory synchronization will fail.
This tab is useful because it prevents messages that are unrelated to directory synchronization from being sent to the DXA. You also can set up delivery restrictions to allow messages to be sent only by specified senders. In the Delivery Restriction tab, you select specific addresses from which the DXA will reject or allow messages. By default, the DXA accepts messages from all senders. Such an open "door" could cause errors and delays in proper directory synchronization.
To set delivery restrictions, follow these steps:
1. Click the Delivery Restrictions tab of the Microsoft DXA.
2. The left side of the tab lists the specific senders who have permission to send messages to the DXA. The right side lists senders who are not allowed to send messages to this DXA.
Entering specific accepted senders is the most fault-tolerant approach to this setup. Be aware, however, that if you set up a new requestor without modifying the tab, all of that requestor's messages will be rejected.
3. To accept messages only from specific senders or to reject messages from specific senders (the settings are mutually exclusive), select List and click Modify. The Microsoft Exchange Address Book appears.
4. Select the specific container from which you want to view recipient in the Show Names From The: menu. The corresponding recipients are shown in the Type Name Or Select From List box.
5. Type select or a name from the list. If you can't see or remember the name you are looking for, you can use the Find button. The Properties button will display standard recipient properties for your selection.
6. Once you have selected a name or multiple names on the left, click Add
6. Click OK to return to the Delivery Restrictions property page.
7. Click Apply to set these properties and continue settings other properties. If you are done with all settings, click OK to return to the administrator program.
Incoming Templates are Address templates that take incoming address information and map it specified Exchange server directory recipient attributes.
An address imported though synchronization with an MS Mail network, for example, could have the occupation and telephone attributes. For consistency, you would want to map the occupation tag to the Exchange Title attribute.
To map templates to Exchange server attributes, follow these steps:
1. Click the Incoming Templates tab of the Microsoft DXA window (see fig. 17.17).
Define Incoming Templates for Synchronized Addresses.
2. To modify an existing mapping, select it from the list and then click Edit. The Incoming Template Mapping dialog box appears.
3. In the Map the String box, edit the template identifier string that MS Mail uses. In the To the Attribute box, edit the recipient attribute in which you want to store the incoming information. When you finish, click OK to return to the Incoming Templates tab.
All mapping strings must match the incoming strings.
4. To create a new mapping, click the New button. The Incoming Template Mapping dialog box appears. Type a string found in the incoming address information. Use the To The Attribute pull-down menu to select which Exchange attribute you want to associate with that string. Click OK to return to the Incoming Templates tab.
5. To delete an existing mapping, select it and then click Remove.
6. Click Apply to set these properties and continue setting other properties.
7. When you finish making settings, click OK to return to the Administrator program.
Outgoing template mappings are the inverse of the preceding function. You can map Microsoft Exchange server directory recipient attributes to outgoing MS Mail-compatible template information.
To map Exchange server attributes to an MS Mail template, follow these steps:
1. Click the Outgoing Templates tab of the Microsoft DXA window (see fig. 17.18).
Outgoing Template Mappings translate Exchange attributes to a user defined string.
2. To modify an existing mapping, select it in the list and then click Edit. The Outgoing Template Mapping dialog box appears. In the Map the Attribute box, edit the recipient attribute that you want to map to the MS Mail template. In the To the String box, edit the MS Mail template identifier string in which you want to place outgoing-attribute information. When you finish, click OK to return to the Outgoing Templates tab.
3. To create a new mapping, click the New button. The Outgoing Template Mapping dialog box appears. Use the Map The Attribute pull-down menu to select which Exchange attribute you want to map to a string on the remote system. Type that string in the To The String box. Click OK to return to the Outgoing Templates tab.
4. To delete an existing mapping, select it and then click Remove.
5. Click Apply to set these properties and continue settingother properties.
6. When you finish making settings, click OK to return to the Administrator program.
As soon as you activate the directory exchange requestor for the first time, it exports a complete local address list to its Microsoft Exchange directory synchronization server. Also, the requestor sends out a request for entries in the Exchange address list. The Microsoft Exchange dirsync server returns a confirmation message, saying that it received the requestor's transmission; then that server sends all the data in the export container to the dirsync requestor.
Subsequent transmissions between dirsync requestor and server consist only of updates to the address lists. You can force the import or export of directory information manually, as well from the appropriate connector tabs.
Be aware that directory synchronization updates sent by the Exchange dirsync server are in the form of messages sent to the network manager's mailbox. From that mailbox, the messages are picked up by the Microsoft Exchange connection and synchronized into the local address list. These messages should not be modified or deleted; altering those messages interrupts the synchronization process and could produce data loss.
Large imports from the directory exchange server (several thousand entries) are known to take up to several hours. Be aware of such time requirements. Also be aware that during that time, no other messages will pass the Exchange connection gateway.
Starting Directory Synchronization
After you meet the preceding requirements, you can start the directory synchronization service. Follow these steps:
1. Open the Windows NT services control panel (see fig. 17.19) for the server on which you want to begin synchronization.
Exchange services running under Windows NT.
2. Select the service name Microsoft Exchange Directory Synchronization.
3. Click Start. The service starts, and synchronization begins.
4. Close the services window.
If you set a specific time for directory synchronization that occurred while the service was service was stopped, a delay may occur until the first sync cycle actually begins. You can force immediate execution of a replication cycle in the property pages of the appropriate connector supporting synchronization.
Stopping Replication Services
Open the services control panel and click the Stop button to cease all replication procedures.
Notifying fellow administrators and users that synchronization will be shut down is a good idea.
From Here...
This chapter guided you through the process of establishing directory-sharing relationships between Exchange sites and between Exchange and other messaging systems. With this information, you can begin to structure you own directory-sharing architecture. Remember that the goal in directory replication and synchronization is to have the most complete and useful address lists possible without overloading server processing or network bandwidth in the process.
For more information, read the following chapters:
For technical support for our books and software contact support@mcp.com
Copyright ©1996, Que Corporation
