In continuing with their latest server product strategy, Microsoft has integrated Exchange 2000 Server into its Windows 2000 platfor= m. What that means, is that unlike Exchange 5.5 and earlie= r, which were standalone products that ran on Windows NT, Exchange 2000 levera= ges operating system features of Windows 2000 and integrates with Active Direct= ory. We will provide a crash course in Windows 2000 terminology and concepts. You won't find any Active Directory (AD) specific questions on the 70-224 exam, but if you don't understand the following basic concepts of AD, you'll definitely be sunk when you sit the exam.
Basic Structure of Active Directory
Active Directory sounds fancy, but in reality it is simply= a structured, distributed database. AD is very flexible, and the beauty of it lies within its ability to easily be extended to support new features and functionality. When you install Exchange 2000 for example, you first make changes to the Active Directory schema to allow Windows 2000 and AD to supp= ort the new product. Why do you have to do that? Well, the reason is that Excha= nge 2000, unlike 5.5 and earlier versions, does not utilize its own directory a= nd database. Instead, it stores its information within Active Directory. Becau= se of that, AD has to be prepared so it will know how to handle Exchange 2000 specific data. The next chapter on Exchange 2000 installation goes into thi= s in much more detail.
In order to discuss how Exchange utilizes AD, we must first explain the structure of AD. Microsoft has built Active Directory around so= me of the following concepts:
* = Schema
* = Domains
* = Forests
* = Sites
Schema
The schema can be defined most simply as the types of obje= cts allowed within Active Directory and the attributes associated with those objects. While Windows 2000 comes with a fairly extensive schema, it cannot= by nature be sufficient for all environments and anticipate the future. Theref= ore, Microsoft has made the Active Directory schema easily extensible. Additiona= lly, the changes that are made to the schema are dynamic. That is, they take pla= ce immediately, without reboot, and are replicated to other domain controllers= in the Active Directory forest. Exchange 2000 requires that you run both a ForestPrep and a DomainPrep before installing the actual product, which upd= ates the schema. ForestPrep and DomainPrep are discussed in the next chapter.
Domains
Windows 2000 domains form a tree that =
share
the same namespace, a common schema, and a Global Catalog (more on GCs late=
r in
this chapter). Unlike NT 4.0 domain structures that were flat (one deep)
Windows 2000 automatically sets up two-way trust relations= hips between domains within a tree, and the trusts are transitive. That means th= at if studio.inside-corner.com trusts inside-corner.com and lewisville.studio.inside-corner.com trusts studio.inside-corner.com, then lewisville.studio.inside-corner.com automatically trusts inside-corner.com = as well. This is a departure from the NT 4.0 structure, in which all trust relationships had to be explicitly defined.
Forests
The term forest comes from the concept of nature, a collec= tion of trees and wildlife. With Windows 2000 and Active Directory, a forest is a collection of domain trees. Within a tree there are transitive trusts and contiguous namespace, as mentioned previously. However, a forest can contain multiple domain trees that do not share a contiguous namespace. To belong to the same forest though, the domain trees still share a common schema and Gl= obal Catalog. The domain trees are independent from each other as administrative units, but still communicate with each other. This is useful for situations where two companies merge and need internal communication yet still need to maintain their own identities.
Sites
A Windows 2000 site is a collection of well-connected netw=
ork
resources. By well-connected, we generally refer to LAN speeds. Often sites=
are
defined by locations, since many times different locations are connected by=
WAN
connections (Frame Relay, VPN, etc.). Windows 2000 sites are very important=
to
Exchange 2000 since they determine where logon servers are located. Site
Assuming you have an Active Directory infrastructure in pl= ace, let's look at how Exchange 2000 stores data within AD.
How Exchange 2000 Stores Data in Active Directory
As we've previously stated, Exchange 2000 is tightly integ= rated with Windows 2000 and Active Directory. As such, Exchange uses AD as the storage mechanism for its data. This is unlike Exchange 5.5 and earlier, wh= ich maintained its own directory and databases independent of the operating sys= tem. It even maintained its own replication infrastructure.
Active Directory is partitioned into what is known as nami= ng contexts. There are three naming contexts, as follows:
* = Domain
* = Configuration
* = Schema
These naming contexts provide boundaries and structure to = the AD database, and can have their own replication and permissions configuration.=
Domain Naming Context
The domain naming context is where all of the domain objec= ts for Exchange 2000 are stored. These objects include such things as recipient objects (discussed in chapter five) like users, groups, and contacts. Excha= nge 2000 extends the attributes Windows 2000 includes for these types of object= s, meaning that unlike with Exchange 5.5, Exchange 2000 mailboxes and Windows users are not separate objects. With Exchange 2000, you mailbox-enable a us= er account rather than create a mailbox object in Exchange and associate an NT user account with the mailbox.
Likewise, Exchange 2000 does away with distribution lists = as they existed in previous versions, instead relying on Active Directory grou= ps, which can be mail-enabled.
Configuration Naming Context
As would be gathered from the name, the configuration naming context stores information about the physical structur= e of the Exchange organization, such as routing groups and connectors. Ac= tive Directory replicates this data to all domain controllers in the forest (for= ests are the boundaries of an Exchange organization).
Schema Naming Context
The schema naming context contains information about all o= f the object classes and their attributes that can be stored in Active Directory. This data is replicated to all domain controllers in a forest.
Because Exchange integrates with Active Directory, it is m= uch more important to get the operating system design and infrastructure right = than it was with NT4 and Exchange 5.5. Careful planning is required to ensure the optimal design and operation of Exchange 2000 within Windows 2000.
Global Catalog Servers
In Windows 2000, not all domain controllers contain writab= le copies of the Active Directory database. Instead, there are special servers called Global Catalog servers that do contain writable copies, while non-Gl= obal Catalog (GC) servers contain read-only copies of the database.
The writable copy of the database contains complete copies= of the aforementioned naming contexts, as well as selected commonly used attributes. GC servers are accessed by clients in order to locate resources= in Active Directory, so their placement on a Windows 2000 is critical. Exchang= e 2000 uses GC servers to hold the global address list, and Outlook 2000 clients q= uery the GC directly to obtain addressing information when sending email. There should be at least on GC server in each Windows 2000 site, with possibly additional servers depending on the size of the Exchange organization. Ther= e is no hard and fast rules for determining how many GC servers you will need. The hardware of your servers and the activity on your network will determine that for you. Use the Windows 2000 System Monitor to analyze the performance of your GC servers. If users are having to wait very long for a response, it is probably time to add another GC server.
Exchange 2000 uses two services, DSProxy and DSAccess, to = access the Global Catalog.
DSProxy
While Outlook 2000 clients can access a Global Catalog dir= ectly, other clients cannot. Because of this, Exchange 2000 provides a proxy servi= ce to function as an intermediary between the client and the Global Catalog. It does this by forwarding requests from MAPI clients through the Name Service Provider Interface (NSPI). DSProxy does not examine the request, instead it blindly forwards the request from the client to the GC server, a= nd then returns the results.
DSAccess
Exchange 2000 shared GC functionality with other Windows 2= 000 services, so it is important to reduce the impact of Exchange queries if at= all possible. To this end, Microsoft included the DSAccess service with Exchange 2000. DSAccess implements a directory access cache that stores recently loo= ked up information for a configurable period of time. By default, Exchange 2000 will store up to 4MB of cached information for a maximum of 10 minutes. This may or may not be sufficient for your environment. Increasing the cache too much can cause problems with stale data, while too small of a cache and tim= eout can cause performance problems. The goal is to reduce the load on the GC server, so monitor the performance with System Monitor and adjust according= ly.
Exchange 2000 and IIS 5.0
As with previous versions of the NT op= erating system, Windows 2000 comes with Internet Information Server (IIS) integrated into the OS. IIS 5.0 ships with Windows 2000, and provides some of t= he core services that Exchange 2000 relies on. The integration of Exchange 2000 with IIS 5.0 especially comes into play with:
* = SMTP
* = NNTP
* = OWA
* = Instant Messaging
The SMTP Service
Unlike previous versions, Exchange 2000 doesn't provide full-blown Simple Mail Transport Protocol (SMTP) services. Windows 2000 includes a core SMTP service with IIS 5.0, and Exchange 2000 replies on thi= s to provide email services. Exchange simply extends the built-in SMTP service to provide the necessary additional functionality.
The NNTP Service
Exchange 2000 also relies on the Network News Transport Pr= otocol (NNTP) built-in to Windows 2000 and IIS 5.0 to provide user access to newsgroups either internally or on the Internet. Exchange 2000 can be used = to control access to newsgroup folders, but integrates with the operating syst= em functionality rather than reinventing the wheel and duplicating the same functionality.
OWA
Outlook Web Access (OWA) should be familiar to Exchange 5.x administrators. It provides a means for users to access their Exchange mailboxes from the Internet Explorer browser interface. OWA integrates into= IIS, and doesn't even have to be installed on the same server as Exchange 2000. = In fact, that's the beauty of the Exchange 2000 and Windows 2000 integration. Because of the integration, services can be installed almost anywhere within Active Directory, meaning flexibility that leads to a very scalable messagi= ng solution.
Instant Messaging
Instant messaging (IM) is an Exchange 2000 service that al= lows one-off instant communication between users on a network. Even though IM is= an Exchange service, it relies on Active Directory and DNS to locate users (querying GC servers).
We have provided just a glimpse into the features of Windo= ws 2000 Active Directory and how Exchange 2000 relates and integrates. The 70-= 224 and 70-225 exams will require that you know how Exchange 2000 integrates wi= th Windows 2000 and understand what features are Exchange-specific and what features are part of the operating system.
Questions or Comments?
Will can be reached at WWillis@Transcender.com