Synchronizing Active Directory with Exchange Server Directory Service |
When you begin setting up connection agreements you need to evaluate your Windows 2000 Server domains and Exchange Server sites and determine the minimum number of connection agreements you need for optimal operation. It is recommended that you do not create a connection agreement between each and every Exchange Server site and Windows 2000 Server domain in your enterprise.
For optimal performance, consider the following when determining the number of connection agreements for your organization:
Upon implementation, use the ADC and the Active Directory Connector Management snap-in to set up and configure the connection agreements for your organization.
There are several combinations for which you can set up connection agreements to synchronize Exchange Server directory service with Active Directory. To plan and create your connection agreements, use the following primary steps:
During deployment you will create the connection agreements using the ADC and the Active Directory Connector Management snap-ins.
Note
In each of the following ADC connection models it is assumed that the domains and Exchange sites reside within a single forest. If your domains and Exchange sites are dispersed among multiple forests, you have to build a separate ADC topology for each forest.
A single Windows 2000 Server domain with a single Exchange site is the simplest domain architecture in a Windows 2000 Server topology. Generally, smaller organizations with a single, centralized office and an average of up to 5,000 users would adopt this connection model.
Figure 20.6 represents an example of how you can set up a single, two-way connection agreement between a single Windows 2000 Server domain and a single Exchange Server site.
Figure 20.6 Single Windows 2000 Server Domain with a Single Exchange Server Site
You can set up your connection agreements so that you can administer recipients exclusively from Windows 2000 Server Active Directory, from Exchange Server 5.5, or from both directories.
If ADC Connection Model 1 best matches the environment of your organization, use the flow chart in Figure 20.7 to help you design an ADC Connection Agreement Plan for your organization.
Figure 20.7 Single Windows 2000 Server Domain with a Single Exchange Server Site
Generally, small to medium-size organizations with up to an average of 20,000 users and/or multiple local and remote office locations could find this connection model appropriate for their business purposes.
Figure 20.8 represents an example of how you can set up two-way connection agreements between a single Windows 2000 Server domain and multiple, selected Exchange Server sites.
Figure 20.8 Single Windows 2000 Server Domain with Multiple Exchange Server Sites
If ADC Connection Model 2 best matches the environment of your own organization, use the flow chart in Figure 20.9 to help you design an ADC Connection Agreement Plan for your organization.
Figure 20.9 Single Windows 2000 Server Domain with Multiple Exchange Server Sites
Note
With regard to the ADC Connection Models that have multiple domains and/or sites, it is not necessary to create a connection agreement between every Windows 2000 Server domain and every Exchange Server site. You only need to create a connection agreement between an Exchange Server site and Windows 2000 Server domain if there are Exchange mailboxes with the primary Windows NT Server account located in that domain.
You could use this connection model for an ADC plan for a medium to large size organization or for a single division of a large, decentralized organization.
Figure 20.10 represents an example of how you can set up two-way connection agreements between multiple Windows 2000 Server domains and a single Exchange Server site.
Figure 20.10 Multiple Windows 2000 Server Domains with a Single Exchange Server Site
If ADC Connection Model 3 best matches the environment of your organization, use the flow chart in Figure 20.11 to help you design an ADC Connection Agreement Plan for your organization. This flow chart helps you determine how you will administer recipients in an environment with multiple Windows 2000 Server domains and a single Exchange Server site.
Figure 20.11 Multiple Windows 2000 Server Domains and a Single Exchange Server Site
If you have an environment with multiple domains and multiple Exchange Server sites, your connection agreement design could get complex. You need to be very clear about the purpose of each connection agreement that you plan to create.
Figure 20.12 represents an example of how you can set up two-way connection agreements between multiple Windows 2000 Server domains and multiple Exchange Server sites.
Figure 20.12 Multiple Windows 2000 Server Domains with Multiple Exchange Server Sites
With a set of Windows 2000 Server domains and Exchange Server sites connected by the ADC, the ADC may have multiple connection agreements over which it could synchronize a particular object. To arbitrate between connection agreements, the ADC uses a set of matching rules based on the Primary Windows NT Server Account of a mailbox in Exchange Server and the corresponding account in Active Directory. If the ADC is able to match a mailbox to a Windows 2000 Server account in any domain it connects to, it will proceed to synchronize the two objects.
For example, in Figure 20.12 the mailboxes of Robert Lyon and Kim Abercrombie in Exchange Server Site B synchronize to user objects that reside in two separate Windows 2000 Server domains.
If ADC Connection Model 4 best matches the environment of your own organization, use the flow chart in Figure 20.13 to help you design an ADC Connection Agreement Plan for your organization.
Figure 20.13 Multiple Windows 2000 Server Domains and Multiple Exchange Server Sites
At this point in the process, you should meet with the core directory synchronization advisory team and the deployment team to create a profile that includes:
To do this, gather all the information you need to create your own ADC Connection Agreement Plan. The plan documents completion of the following tasks:
Use your Windows 2000 Server domain and Exchange Server site topology diagrams to help you create your first pass at an ADC Connection Agreement Plan.