1 / 53

Exchange Server 2003

Exchange Server 2003. Agenda. Exchange & Active Directory basics & overview cosa e dove Come (e quando) Exchange usa Active Directory i componenti di exchange in azione Amministrare Exchange con Exchange System Manager (ESM) architettura how it works

becky
Download Presentation

Exchange Server 2003

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Exchange Server 2003

  2. Agenda • Exchange & Active Directory • basics & overview • cosa e dove • Come (e quando) Exchange usa Active Directory • i componenti di exchange in azione • Amministrare Exchange con Exchange System Manager (ESM) • architettura • how it works • ESM in Exchange 2003 & SP enhancements • queue viewer • move mailbox • mailbox recovery

  3. Exchange Core Componentsreview  Active Directory Manages All Directory Information • Information Store Service Manages Access to Stores  System Attendant Provides Monitoring Service • SMTP Provides Routing Functions

  4. Active Directory Exchange Basics

  5. Active DirectoryThe storage • Active Directory is a database • Easy to locate, access, and read information • Common set of objects • Hierarchy and Permission Model for accessing and managing objects • Integrated with Microsoft Windows security

  6. Active DirectoryNaming contexts Contains: Available on: Schema Objects Definitions All AD Controllers (DCs/GCs) Schema NC Replication Topology, Domains, Servers All DCs in forest Configuration NC All DCs in the same domain Users, Groups, Contacts Domain NC Specific DCs in forest Application Data Application NC

  7. Config Config DC DC Config Config Config Config DC DC DC DC GC GC Active DirectoryMakeup of a forest dom1.contoso.com dom2.contoso.com

  8. Active DirectoryWindows sites • Group of servers with good connectivity • One site can span multiple domains • One domain can have multiple sites Site Connector

  9. Exchange Data in AD Dove? Come? Quando?

  10. Storing Exchange Server Data in the Active Directory • Exchange Server extends Active Directory schema to store information • Extends existing classes • Users, InetOrg-Person,... • Creates new classes • Connectors, Admin Groups,... • Extension done during: • Forest prep, Exchange Setup, and ADC setup

  11. Where Exchange Server Data Is Stored in Active Directory • Domain Naming Context (NC) for recipients • Mailboxes, distribution lists, and Contacts • Most Exchange Server information placed in this container is replicated to Global Catalogs (GCs) • Configuration NC for everything else • Exchange System Objects (Stores, Connectors, etc.) • Active Directory Connector (ADC) settings • Configuration container is replicated to every Domain Controller (DC)

  12. Split Active Directory and Exchange ServerAdmin resource forest Resource ForestOption • Account forest for managing user accounts • Active Directory administrators in charge of managing user accounts • No schema extension • Exchange Server resource forest for managing Exchange Server • Exchange Server recipient information • Exchange Server configuration data • Setting up mailbox • Use Exchange Server task ‘Associate External Account’ to set up mailbox AccountForest User A trust ExchangeResourceForest Disabled placeholderaccount for User A

  13. demo • Exchange Administration Tools overview • AD Users & Computer • ESM • Where is Exchange Data in AD?

  14. How Is Exchange Server Data Populated? • From existing systems • Active Directory Connector (5.5) • Imports information from Exchange Server 5.5 into Active Directory • Provides ongoing two-way mapping between Exchange Server 5.5 and Active Directory objects • ADC Inter-Org mode to create contacts from external Exchange Server systems • Foreign connectors (foreign systems) • Foreign connectors (Notes, cc:Mail, GroupWise) for other systems • MIIS • GALSynch tool to enable cross-forest scenarios

  15. How Is Exchange Server Data Populated? (2) • By Exchange Server setup • Initial configuration • By Administrators • When creating objects in Active Directory • Recipient provisioning (Mailboxes, DLs, Contacts) • Use Active Directory users and computers • Exchange configuration • Use Exchange Server Manager • Using scripts • CDOEXM recipient and configuration data

  16. Exchange AD Permission Requirements

  17. Permissions Required • To complete setup • Forest prep • First time in the forest (updates the schema) – Member of Enterprise Admin group and Schema Admin group • Run ForestPrep thereafter – Exchange Full Administrator at the organization level • Domain prep – Domain Administrator • Server setup • Install the first server in a domain – Exchange Full Administrator at the organization level • Install additional servers in the domain – Exchange Full Administrator at the administrative group level

  18. Permissions Required By servers • To access and manage recipients: • Permissions to read and write to the Exchange Server attributes to route mail and update account information • To access configuration: • Permissions to read and write to objects in the Config Naming Context for lookup and reporting

  19. Permissions Required Granting server permissions • Uses two groups together to provide forest-wide access • Exchange Domain Servers (EDS) • Global Group in each domain • Contains the Exchange servers in that domain • Permissions to the Exchange Server container • Exchange Enterprise Servers (EES) • Local Group in each domain • Contains the “Exchange Domain Servers” from all domains • Has permissions to recipient objects for that domain

  20. Exchange Permissions Mailbox and user management • Permissions for joint user and mailbox management • Permissions to create a user object (account operator) • Exchange view only administrator on the administrative group • Separating user and mailbox management • Necessity by some companies • Permissions guide details methods of obtaining “Split Permissions Model”

  21. Permissions Required • To manage recipients • Permissions to read and write the Exchange Server attributes - Account Operator • To manage configuration • Permissions to read and write to objects in the Exchange Server container for management - Exchange Administrator

  22. Permissions RequiredGranting administrators permissions • The Exchange Administration Delegation Wizard in ESM • Tool to set appropriate permissions within the Exchange Server configuration container • Delegate on organization or Administrative Group Level • Delegates permissions via roles (3 levels) • Exchange Full Administrator • Exchange Administrator • View Only Administrator • Active Directory users and computers • Tool to grant administrators permissions to manage accounts

  23. Exchange Permissions Delegation Wizard (cont’d)

  24. ESM Delegation Wizard

  25. Accesso ad AD da parte di Exchange

  26. System Attendant Initialization and Tasks • Binds to domain controller upon startup • Uses ADSI to do a server-less binding to find a DC • Temporarily binds to GC for tasks like proxy generation • Loads various Exchange components upon startup • DSAccess, DS Proxy, DS2MB, etc… • Has various background tasks • Example: verifies machine account is present in the Exchange Domain Servers

  27. System AttendantMonitoring & Administration Daemon System Attendant Service Mad.exe Mailbox Manager Part of MAD Recipient Update Service Abv_dg.dll DSAccess Dsaccess.dll Monitoring Part of MAD Free/Busy Madfb.dll DS2MB Ds2mb.dll DS Proxy Dsproxy.dll Mailbox Store Offline AddressList Oabgen.dll Metabase Active Directory Routing Table Public Store

  28. System Attendant DS2MB • Directory service to metabase update service • Main task is to replicate protocol settings from the active directory to metabase Active Directory Exchange System Manager CN=ServerName CN=Protocols CN=HTTP CN=100 Newly createdHTTP Exchange Virtual Server ESM ADSI DS2MB ADSI IIS Metabase key  / LM / W3SVC / 100 / root

  29. System Attendant Recipient Update Service (RUS): polls the directory for changes • RUS per domain where there are Recipients and/or servers • Monitor and update address lists • Stamps showInAddressBook attribute on users/distribution lists • Monitor and update recipient information • Enforce recipient policies • Proxy address generation • Bases proxyAddresses attribute for users on recipient policies • Ensure that core attributes exist (home MTA, home MDB, etc.) • Monitor server membership • Manage and maintain membership of Exchange Server special groups

  30. System Attendant Offline address lists and free/busy • Offline address lists • Set of address lists in files that are created and stored on an offline address list server • Offline users can connect to server and download offline address lists remotely • Free/Busy • Mad Free/Busy (MADFB) is used by OWA to publish free/busy • Store extracts free/busy from client’s calendar and sends messages to System Attendant mailbox • MADFB picks up messages and publishes to free/busy public folder

  31. Recipients • Address List • RUS

  32. Reading Information From the Active Directory Information needed in Active Directory • Exchange Server needs to deliver messages and access configuration • Domain Controllers (DC): System/Server configuration • Global Catalogs (GC): Mailbox/Recipient information • Messaging clients need an address book • Microsoft Office Outlook (MAPI) clients interface directly to global catalogs address book information • Other clients use LDAP access to search Active Directory

  33. System AttendantDSProxy and DSAccess • DSProxy • Refers newer MAPI clients (Outlook 2000) to global catalog server • Relays (proxies) communication for older MAPI clients • DSAccess • Caches directory information used by Exchange components like the Store and Categorizer • Reduces number of AD queries • Caches list of DC, GC, and Config DC

  34. Reading Information from the Active Directory Building topologies – DSAccess roles • Working DCs list • List of domain controllers that can accept Domain Naming Context queries for the local domain • Selection criteria • Domain Prepped Domain, Local Active Directory site over remote site • Configuration DC • Domain controller used for reading and writing configuration • Re-evaluation every 8 hours • Working GCs list • List of global catalog servers for forest-wide look-ups • Detected servers used by DSAccess, DSProxy and Categorizer • Re-evaluation every 15 minutes

  35. If Exchange server is in Site A and DOM2 Configuration DC: A, B, C, or D Working DCs: C, D, A, and B Working GCs: D, and A E2k Reading Information From the Active Directory Roles example DOM 1 DOM 2 Site A D GC/DC A GC/DC B DC C DC Site B E DC F GC/DC

  36. E2k GC GC GC GC GC GC GC GC GC Reading Information From the Active Directory Failing out-of-site IP Link Cost = 15 IP Link Cost = 5 X X IP Link Cost = 5 SMTP Link Cost = 5 • Use all GCs from out-of-site group and load-balance • Re-evaluate topology every 5 minutes to see if fail-back can occur

  37. demo • DS Access • AD role location

  38. Exchange System Manager

  39. Exchange System ManagerSupported configuration • Network dependencies • Client must be a member of a domain in the same forest containing Exchange • ESM still uses NETBIOS for name resolution • New in Exchange Server 2003 • Admin only install on Microsoft Windows XP SP1 or later

  40. Exchange System ManagerArchitecture: “How it works” • Domain controller discovery • ESM discovers DC (GC as needed) • Configuration data • ADSI to read/write to directory • Some settings stored in registry • Render dynamic data • MAPI used to display mailbox table • HTTP-DAV to display public folders • WMI to display simple monitoring data

  41. Domain Controller Read/Write Configuration Data ADSI Rendering Dynamic Data DAV MAPI WMI Store Winmgmt WMI Providers Web site exadmin How It Works Client ESM ESM Binds to DC Directory Exchange

  42. demo • Address List • Mailbox Logon Data (columns)

  43. Exadmin Virtual Directory Exchange Virtual Directories • Exchweb • Stores graphics & additional files required for OWA Access • Exchange • Used by OWA for Mailbox Access • Public • Used by OWA for Public Folder Access • Exadmin • Used by ESM to administer Public Folders

  44. Exadmin Virtual Directory HTTP-DAV • ESM uses HTTP-DAV to manage Public Folders • Pre-E2k SP2, ESM used an additional interface in conjunction with HTTP-DAV • Interface was removed in SP2 because of various drawbacks • Major drawback was loss of error information (80004005) • HTTP-DAV extends HTTP providing additional methods and capabilities • Defines methods used to move, copy, delete, and make collections of items • Encoding format is XML

  45. Domain Controller Directory (1) Read MsExchServerBindingsMsExchSecureBindings (2) HTTP-DAV request to :80:servername (3) HTTP-DAV response w/ Public Folders list Exadmin Virtual Directory Expanding public folder tree Client ESM Expanding Public Folder Tree Retrieve exadmin binding from directory Use binding to connect to exadmin Public Folders transferred back Exchange Exadmin

  46. Exadmin Virtual Directory Common problems • If SSL is required on web site or exadmin, ensure FQDN is used for common name of SSL certificate • Previous to E2K SP2 SSL was not supported • Web site containing exadmin must use port 80 and W3svc service is running • ESM uses default bindings on exadmin The SSL certificate server name is incorrect. ID no: c103b404 Exchange System Manager The connection was refused. Ensure that your HTTP Virtual servers are all started and check that the WWW service is running. ID no: c103b401 Exchange System Manager

  47. Exadmin Virtual Directory Common problems (cont’d) • Blank host header must be defined on Web site or server name must be used • Identification includes IP Address: <all assigned>, TCP Port: 80, Host Header Name: <blank> • Older version of IIS Lockdown tool has been run • Make sure to run IIS Lockdown Ver 2 w/ Exchange template Ensure that the settings on your default Web site are correct and refresh the Public Folder tree ID no: c103b404 Exchange System Manager The object is no longer available. Press F5 to refresh the display, and then try again. ID no: 80040e19 Exchange System Manager

  48. Exadmin Virtual Directory New Exchange Server 2003 public folder Mgmt • Content is displayed • Exadmin still used for tree structure • Public utilized to display content • Status, find, and replication also available for public folders • Find implemented on TLH • Can search tree to find a Public Folder

  49. demo • Exchange 2003 Public Folder Management • Public Folder Tree • PF Content in ESM

  50. Exchange ManagementOverview Exchange Management Service Exmgmt.exe - Exchange WMI Service Windows Management Service winmgmt.exe - WMI Service DSAccess WMI Provider DSAccessDC Message Tracking WMI Provider MessageTrackingEntry CIM Object Repository Message Tracking Center client DSAccess Dsaccess.dll DSAccess on Server Properties client File Share w/ Message Tracking logs Active Directory

More Related