Active Directory Connector Requirements and Implications Throughout an Organization (823601)


The information in this article applies to:

  • Microsoft Exchange Server 2003 Enterprise Edition
  • Microsoft Exchange Server 2003 Standard Edition
  • Microsoft Windows Small Business Server 2003, Premium Edition
  • Microsoft Windows Small Business Server 2003, Standard Edition

SUMMARY

This article describes the Active Directory Connector requirements and implications throughout an organization. You must consider this information when migrating (and coexisting during the migration process) from Microsoft Exchange Server 5.5 to Exchange 2003.

MORE INFORMATION

The Active Directory Connector (ADC) component synchronizes the Microsoft Active Directory directory service with the Exchange Server 5.5 directory for migration (and coexistence during the migration process) from Microsoft Exchange Server 5.5 to Microsoft Exchange Server 2003. ADC is made up of several components: Connection Agreements that define what data replicates, a service that runs the defined Connection Agreements, and a Microsoft Management Console (MMC) that you can use to manage and to configure the Connection Agreements. Specifically, there are three types of Connection Agreements: recipient Connection Agreements, public folder Connection Agreements, and configuration Connection Agreements. Each type has a specific purpose.
  • Recipient Connection Agreements synchronize items from the site naming context in Exchange Server 5.5 (specifically mailboxes, distribution lists, and custom recipients) with the domain naming context in Active Directory (specifically users, contacts, and groups).
  • Public Folder Connection Agreements synchronize public folder directory objects from the site naming context in Exchange Server 5.5 with the domain naming context in Active Directory.

    Note By default, public folders are hidden from the Global Address List in Exchange Server 5.5. To see these objects in Exchange Administrator, click Hidden Recipients on the View menu, and then click the appropriate Recipients container.

    The public folder directory objects in Active Directory are located in the Microsoft Exchange System Objects container. In Active Directory Users and Computers, click Advanced Features on the View menu to view these objects.

    Note Public folder Connection Agreements do not control hierarchy replication (the list of all public folders that are available for each public folder tree type, MAPI, or application) or content replication (the data, such as messages and posts, that is stored in public folders). Both hierarchy replication and content replication are a function of public folder replication that is controlled by the information store, not the ADC. Therefore, hierarchy replication and content replication are not in any way controlled by public folder Connection Agreements. A public folder Connection Agreement replicates the directory objects for public folders to permit mail flow to public folders.
  • Configuration Connection Agreements replicate items in the configuration naming context in Exchange Server 5.5 (such as servers, connectors, information stores, and site addressing objects) with the configuration naming context in Active Directory.
When you install the Active Directory Connector (run Setup.exe in the \ADC\I386 folder on the Exchange Server 2003 CD), the installer has the option to install the ADC service, the ADC management tools, or both. When you install ADC, no Connection Agreements are created. Rather, you manually create and configure Connection Agreements by using ADC or by running ADC Deployment Tools. The exception to this is a configuration Connection Agreement. Configuration Connection Agreements are created automatically when a Site Replication Service (SRS) is created.

Which Version of ADC Do I Have to Install?

There are three versions of ADC:
  • The first is the Microsoft Windows 2000 version that is included on the Windows 2000 CD. This version of ADC is not compatible with either Microsoft Exchange 2000 Server or with Exchange Server 2003. Do not use this version when you deploy Exchange 2000 Server or Exchange Server 2003.
  • The second version of ADC is included with Exchange 2000. You must use this version when you deploy Exchange 2000 in a coexistence or a migration scenario with Exchange Server 5.5.
  • The third version of ADC is included with Exchange Server 2003. You must use this version whenever you deploy Exchange 2003 in a coexistence scenario or in a migration scenario with either pure Exchange Server 5.5 (an organization with only Exchange Server 5.5 computers) or mixed-mode Exchange 2000 (an organization with both Exchange Server 5.5 computers and Exchange 2000 computers).
The following chart illustrates when to use a specific version of ADC:
ScenarioVersion of ADC
Install Exchange 2003 to join a pure Exchange Server 5.5 organization (only Exchange Server 5.5 computers)Exchange Server 2003 ADC
Install Exchange 2003 to join a mixed Exchange 2000 organization (both Exchange Server 5.5 computers and Exchange 2000 computers)upgrade existing ADC computers to Exchange Server 2003 ADC
Install Exchange 2003 to join a pure Exchange 2000 organization (only Exchange 2000 computers)not required
Install Exchange 2000 to join a pure Exchange Server 5.5 organization (only Exchange Server 5.5 computers)Exchange 2000 Server ADC
Notes
  • When you update the Active Directory Connector to the Exchange 2003 version, the ADC setup program not only upgrades the ADC binaries, it also modifies the versionNumber attribute on any Connection Agreements that are owned by that ADC service.
  • To determine which Connection Agreements are owned by an ADC service, use Active Directory Connector Services. Click the ADC server (Active Directory Connector ServerName) in the left pane. The Connection Agreements appear on the right.
If an Exchange 2000 or a Windows 2000 ADC manager snap-in is used to administer an upgraded or a new Exchange 2003 Connection Agreement, you may receive the following warning message:
The ADC Connection Agreement specified is not supported by this administrative tool.

The property pages displayed will be read-only. Do you wish to continue?
The same warning also appears when an Exchange 2003 ADC Services snap-in is used to open the properties of an Exchange 2000 or a Windows 2000 Connection Agreement.
Therefore, manage Connection Agreements that are running on the Exchange 2003 version of ADC with the Exchange 2003 version of the ADC MMC. Manage connection agreements that are running on the Exchange 2000 version of ADC with the Exchange 2000 version of the ADC MMC.

Eventually, you must upgrade all ADC services before you install the first Exchange 2003 computer. Either perform an in-place upgrade of all ADC services that are older than Exchange 2003 before you install so that all earlier Connection Agreements are phased out. Or, perform fresh installations of the Exchange 2003 version of ADC, move all existing Connection Agreements to run on the newly installed ADC service, and then remove the Exchange 2000 ADC installations.

When Do I Install the Active Directory Connector?

You must install the Active Directory Connector service before you introduce an Exchange Server 2003 computer or an Exchange 2000 computer into a pure Exchange Server 5.5 organization (an organization that only has Exchange Server 5.5 computers). If you do not install ADC, you cannot join the existing Exchange Server 5.5 organization as part of the migration process. Instead, the Exchange 2003 computer or the Exchange 2000 computer is installed in a separate organization. If you introduce Exchange 2003 into an existing mixed organization (one that has both Exchange Server 5.5 and Exchange 2000 computers), you must upgrade the existing Exchange 2000 ADC computers to the Exchange Server 2003 version of ADC before you introduce the first Exchange 2003 computer into the environment.

When Do I Configure Connection Agreements?

To allow for coexistence with Exchange Server 5.5, you must deploy the Active Directory Connector and you must configure the recipient Connection Agreements before you introduce an Exchange 2003 computer or an Exchange 2000 computer into any site. Specifically, this means that all recipients, all contacts, and all distribution lists from every site must exist in the Active Directory forest where Exchange Server 2003 or Exchange 2000 Server will be installed before you install the first Exchange 2003 computer or the first Exchange 2000 computer. Several reasons for this requirement are included in the following list, but note that it is not a complete list of all the reasons:
  • Mail flow Users who have mailboxes on Exchange 2003 and Exchange 2000 see an incomplete Global Address List if recipient Connection Agreements are not configured.
  • Access control list (ACL) conversion problems The Exchange 2003 and the Exchange 2000 Information Store services expect to find all mailbox-enabled or mail-enabled objects that are used as security principals somewhere in the Active Directory forest where Exchange 2000 is installed. For example, any Exchange Server 5.5 mailboxes or any distribution lists that are used to control access to resources (such as delegate permissions on mailboxes or public folders) must be represented in Active Directory for the conversion process of Exchange Server 5.5-style ACLs to Exchange 2003-style or Exchange 2000-style ACLs to complete successfully. A failure in ACL conversion causes access problems to the resource. For additional information about these issues, click the following article numbers to view the articles in the Microsoft Knowledge Base:

    296051 XADM: Public Folders Lose ACEs After Exchange 2000 Is Introduced to an Existing Exchange Server 5.5 Organization

    297016 XADM: You Must Use a Native-Mode Windows 2000 Domain for Exchange 2000

    Additionally, ACL conversion problems can adversely affect server performance. For more information about how to troubleshoot public folder performance issues that are related to ACL, click the following article number to view the article in the Microsoft Knowledge Base:

    328880 How to troubleshoot public folder performance issues that are related to ACL conversions in Exchange 2000 and in Exchange 2003

  • Replication failure of a configuration Connection Agreement For additional information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

    306360 XADM: Event ID 8270, 1171, and 8146 Error Messages from Active Directory and Site Replication Service

Connection Agreement Requirements

The following rule applies when you are deciding what type of Connection Agreements to deploy:

In a coexistence scenario or in a migration scenario, you must keep the Exchange Server 5.5 directory, and the Exchange 2003 and Exchange 2000 information in Active Directory the same through the process of synchronization through the Active Directory Connector.

Specifically, this means that all users, all contacts, and all distribution lists from all sites in Exchange Server 5.5 are represented in Active Directory and that all mail-enabled and mailbox-enabled objects in Active Directory are represented in the Exchange Server 5.5 directory.

Recipient Connection Agreements

Note A mixed site is any site that contains an Exchange 2003 or an Exchange 2000 computer that is currently running the Site Replication Service (SRS).
  • You can export pure Exchange Server 5.5 sites in Active Directory either by using one-way Connection Agreements (from Exchange to Windows) or by using two-way Connection Agreements. Two-way Connection Agreements are preferred. The following are valid reasons for deploying two-way recipient Connection Agreements for pure Exchange Server 5.5 sites:
    • Two-way recipient Connection Agreements permit the management of some Exchange Server 5.5 directory objects in Active Directory Users and Computers.
    • Two-way recipient Connection Agreements prepare for the introduction of Exchange 2003 or Exchange 2000 in the pure Exchange Server 5.5 site.
    Note Microsoft does not support mixed-mode environments that use one-way recipient Connection Agreements. However, if you deploy a one-way recipient Connection Agreement (from Exchange to Windows) for a pure Exchange Server 5.5 site, you must reconfigure that Connection Agreement to allow for two-way replication before you introduce the first Exchange 2003 or Exchange 2000 computer to the site.
  • Mixed sites require two-way recipient Connection Agreements. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

    303180 Active Directory Connector Connection Agreement Requirements for Mixed Administrator Groups

  • You can export pure Exchange 2003 or Exchange 2000 sites in their respective writeable Site Replication Services (one or many that are responsible for the pure administrative groups) by using either one-way Connection Agreements (from Windows to Exchange) or two-way Connection Agreements, with two-way Connection Agreements being preferred. Deploying one-way Connection Agreements (From Windows to Exchange) for the pure Exchange 2003 or Exchange 2000 administrative groups may cause distribution list membership synchronization issues; therefore two-way recipient Connection Agreements are better.

Public Folder Connection Agreements

The recommended practice is to create one public folder Connection Agreement between each Exchange Server 5.5 site and Active Directory. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

264889 XADM: Public Folder Connection Agreements

Modification Type:MinorLast Reviewed:11/8/2005
Keywords:kbtshoot KB823601 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.