As you may know, Exchange 5.5 comes with its own directory, and Exchange 2000 relies on Active Directory (AD). What do you do when you want to make Exchange 5.5 talk to Exchange 2000 and/or Windows 2000? Unless you’re making a big jump to both AD and Exchange 2000 at the same time, you’ll need to figure out a way for your AD to talk to Exchange 5.5. Fortunately, Microsoft created a way to do this using the Active Directory Connector (ADC). In this Daily Feature, we’ll show you what the ADC is and how you can use it.
What is the Active Directory Connector?
As you know, Windows NT gets all of its user/security information from the domain controllers. Exchange 5.5 uses a centralized database that stores information about mailboxes and users who can access Exchange. When you upgrade to Windows 2000, AD changes the playing field altogether.
Exchange 5.5 doesn’t know anything about the new AD objects or even what AD is in the first place. Think you’re stuck? Luckily Microsoft planned for that; they know that not everyone is jumping over to AD and Exchange 2000 all at once, so they created the ADC.
This marvelous little piece of software will allow your Exchange 5.5 server to talk to AD and find the info it needs to operate properly. If you create a new user in your domain, Exchange 5.5 will know about it. If you use the various fields in Exchange 5.5’s user account interface (address, phone number, etc.) the data will carry over into the AD. In the end, it will allow you to use Exchange 5.5 while you get used to AD and plan to deploy Exchange 2000.
Preparing to use ADC
With any new technology you deploy, a certain amount of planning and consideration should be taken into account upfront. There are some considerations to keep in mind before deploying the ADC.
First, make sure the server on which you will be hosting the ADC has plenty of processing power. Maintaining the connection between AD and Exchange will take quite a bit of power, so you shouldn’t put this much pressure on a server that may already be taxed.
Second, when you upgrade your Windows NT domain to AD, make your primary domain controller the one on which you do the upgrade. This will help Exchange map the accounts to the security information in AD.
Finally, if possible, set the Win2K server that will be taking care of the ADC on the same subnet as your Exchange server. This will help keep up the speed during directory replication.
Installing the ADC
The ADC is located on your Windows 2000 Server CD. To install it, go to X:\VALUEADD\MSFT\MGMT\ADC\SETUP.EXE, where X is the letter of your CD-ROM drive. When Setup runs, it’s going to do three things:
- Extend the AD schema with the Exchange 5.5 schema extensions.
- Create new objects in the configuration container for the AD.
- Create two new security groups in the domain—Exchange Services and Exchange Administrators.
For the setup to accomplish these tasks, you need to be logged in with a user that has permissions to extend the Active Directory schema. If the user doesn’t directly have permissions set to extend the directory, then it must be a member of the Schema Administrators group. Additionally, the user must be a member of the Domain Administrators group.
The Active Directory Setup wizard is pretty straightforward. As you progress through the screens, you can basically select the defaults, and you’ll be in good shape. You may, however, get hung up at two points.
First, on the Component Selection screen, you’ll have two selections to make: the Microsoft Active Directory Connector Service component and the Microsoft Active Directory Connector Management component. You can get away with selecting only the Connector Service if you want, but if you want to manage the connector, you’ll need to select the Management component as well.
Second, when you reach the Service Account screen, you must select or create a user who can log on to your Windows 2000 server to run the Connector service. You can use your default logon account or Administrator account if you want, but you may want to create a special account. If so, just launch the Active Directory Users And Computers utility and create one.
Managing the ADC
Once the ADC is installed (but prior to configuring it), you need to decide how you’re going to manage it. Whatever your choice, it will change the type of connection agreement that needs to be established between AD and the Exchange server(s). When choosing the connection type, remember to keep it simple! This AD link is only temporary because eventually you will need to move from Exchange 5.5 to Exchange 2000. The connector is only meant to keep you running until you finally make the leap to Exchange 2000.
With that in mind, take a look at your three options:
- Managing from AD and Exchange—At a minimum, a bidirectional connection agreement is needed between all Exchange sites and domains that will be synchronized. How this is laid out can greatly vary depending on the size of your domain and number of Exchange sites. Keep in mind that because the two will have to synchronize, changes might not occur as quickly as you may like them to.
- Managing from AD—This requires a one-way connection agreement between each Exchange site and AD.
- Managing from Exchange—To do this, you need to create a unidirectional agreement, which will use the data from the Exchange server to populate AD. If you select all of the sites as source containers, the connector will then allow you to pull data from all Exchange sites. This can be useful as it minimizes the amount of administration needed to manage all of the data.
Configuring the ADC snap-in
Since Windows 2000 administration is done through the Microsoft Management Console (MMC), it’s only appropriate that the ADC installation would also create an MMC snap-in with which to administer it. In this snap-in you’ll create the agreements and set the parameters for which data will be replicated and when it will be replicated. Actually configuring the ADC MMC is beyond the scope of this Daily Feature, but I’ll cover configuration in an upcoming Daily Feature.
Making the leap to Exchange 2000
Eventually you’ll make the migration to Exchange 2000, and because of the work you will have done with the ADC, the migration should be fairly simple. Provided that your server is operating on hardware that can support Exchange 2000, you can simply run the upgrade in place. The Exchange 2000 install will extend the AD schema with the additional schema modifications that come with it. Some organizations will be faced with the possibility that their hardware might not be sufficient, or perhaps they are still running Exchange 4.0 and will be upgrading to 2000 from there. These organizations can still make the transition by first creating a brand-new server with a fresh install of Exchange 2000 and then moving all the mailboxes over to the new system. Once all the mailboxes have been moved, operations can continue as normal with very little noticeable effect on the end users.
In your transition to Exchange 2000, you’ll no doubt move one server at a time so as to not make too radical of a change to the network. Exchange 2000 will utilize the connection agreements you’ve previously made, making the switch even easier. While going through this transition, you’ll need to manage Exchange 2000 from Exchange 2000, manage users from the Active Directory MMC console, and manage Exchange 5.5 from Exchange 5.5.
While running with both versions of Exchange, you will be in what is called mixed mode. Once all the servers have made the transition to Exchange 2000, I recommend that you switch to native mode. This will put you in full AD mode and open options that were not available to you in mixed mode. The switch to native mode is a one-way path, so it’s advised that you first make sure all Exchange 2000 servers are running as they should be.
In this article, I’ve outlined quite a bit of the process to get Exchange 5.5 talking to AD. If you want to plan a really successful migration to Exchange 2000, the ADC is one tool you don’t want to be without. I hope the steps I’ve outlined in this article (combined with the information from Microsoft and some well-thought-out plans) will lead you down the path to a happy, healthy Exchange 2000 mail system.
The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.