The Active Directory Connector (ADC) uses the ADC Global Names mechanism to keep track of which objects in Microsoft Exchange Server 5.5 are matched to which objects in Active Directory, and the converse. The ADC marks objects with ADC Global Names so that when the ADC wants to replicate changes from a source object to its target object, the ADC can quickly determine which object in the target directory to replicate to, without having to use the object matching rules to find the object.
The ADC Global Names
attribute has multiple values and contains a unique name for the object in each directory. For the Exchange Server 5.5 directory, this unique name is the distinguished name of the object combined with the object's objectclass
attribute. For Active Directory, the objectGUID
attribute of the object is used. The ADC Global Names
attribute also contains a value that uniquely identifies the Exchange organization or Active Directory Forest that the object came from.
The Lightweight Directory Access Protocol (LDAP) attribute that is used in the Exchange Server 5.5 directory and Active Directory is the msExchADCGlobalNames
attribute. If you use the Exchange Administrator program in Raw mode (Admin.exe /r
) to view the Exchange Server 5.5 directory, the attribute is displayed as ADC-Global-Names
The Format of the "msExchADCGlobalNames" Attribute
The format of a single Global Name entry is:
Exchange Server 5.5 Global Name Value
The following table contains an Exchange Server 5.5 global name value.
: Each objectclass
attribute is separated with a dollar sign ($) and is sorted alphabetically.
Exchange Server 5.5 Forest Value
The following table contains an Exchange Server 5.5 forest value.
|forest ||The distinguished name of the Exchange organization|
: The case of the DirectoryType for the Exchange forest is lowercase.
Active Directory Global Name Value
The following table contains an Active Directory global name value.
|NT5||The objectGUID attribute|
: The objectGUID
attribute is in hexadecimal form, not string form. A string-form globally unique identifier (GUID) is in the form "67452301-ab89-efcd-0123-456789abcdef12" and a hexadecimal GUID is in the form "0123456789abcdef0123456789ab".
Active Directory Forest Value
The following table contains an Active Directory forest value.
|FOREST||The objectGUID attribute of the Configuration container of the Active Directory forest in hexadecimal form|
: The case of DirectoryType for the Active Directory forest is all uppercase.
The following is the only flag that is defined.
0x0001: Even though this object is not deleted, the object that is documented in the global name was deleted.
The time stamp is written when the global name value is created, but the time stamp is not currently used for anything. If you create your own global name, Microsoft recommends that you set the time stamp to all zeros (0). This makes it easy to identify whether a global name was stamped by the ADC or was created manually.
When the "ADC Global Names" Value Is Set on an Object
attribute is set on the target object after the ADC matches to that object. The value that is set is the global name of the source object and also the source forest
value. The source object is the object that the ADC is replicating to the target object. If the Connection Agreement is two-way, when the object back-replicates to the original directory, the following things occur:
- The msExchADCGlobalNames values that were on the original target object are copied.-and-
- The global name and forest value of the original target is added because it is now the source of replication.
Consider the following scenario:
- An Exchange Server 5.5 mailbox exists with a distinguished name of:
- The primary Microsoft Windows NT account (Assoc-NT-Account) of the mailbox is DOMAIN\User1.
- A Microsoft Windows 2000 user account that is named User1 exists in the Users container.
- The objectGUID attribute of User1 is 0123456789abcdef0123456789ab.
- The objectGUID attribute of the Configuration container of the forest is aaaaaaaabbbbccccdddddddddddd.
- The time stamp value is set to 9999999999999999 for clarity.
- A two-way Connection Agreement is set up to export the Recipients container from Exchange Server 5.5 and the Users container from Active Directory.
In this scenario, during initial replication:
- The ADC finds the MB1 mailbox as a source object that needs to be replicated.
- The ADC determines whether or not the mailbox already has an msExchADCGlobalNames value. Because this is initial replication, the mailbox does not.
- The ADC uses the object matching rules, and then queries Active Directory for a user account with an objectSID attribute that matches the security identifier (SID) in the Assoc-NT-Account attribute.
- The DOMAIN\User1 account is identified as the target object of the object matching.
- The ADC replicates all of the attributes from the Exchange Server mailbox to the Active Directory user, based on the ADC schema maps.
- The ADC sets Forest and EX5 values in the msExchADCGlobalNames value of the Active Directory user. The msExchADCGlobalNames value on the Active Directory user is now similar to:
At this point, the Exchange Server 5.5 mailbox does not yet have a msExchADCGlobalNames
When the ADC completes replication from Exchange to Active Directory, the ADC starts to replicate from Active Directory to Exchange:
- The ADC finds the User1 object as a source object that needs to be replicated.
- The ADC checks determines whether or not the Active Directory user object already has an msExchADCGlobalNames value.
- Because the Active Directory User object now has an msExchADCGlobalNames value with EX5 and forest values, the ADC does not have to use the object matching rules. This is because the ADC can uniquely identify the target object.
- The ADC locates the Exchange Server 5.5 mailbox, and then replicates any changes from the Active Directory user back to the Exchange Server 5.5 mailbox, based on the ADC schema maps.
- The ADC copies the existing EX5 and forest values to the msExchADCGlobalNames value. The ADC also adds NT5 and FOREST values. The msExchADCGlobalNames value on the Exchange Server 5.5 mailbox is now similar to:
The Active Directory user still has only the EX5
values, until the Exchange Server 5.5 mailbox is replicated from Exchange to Active Directory again. After the mailbox replicates to Active Directory again, the NT5
values are copied from the Exchange Server 5.5 mailbox to the Active Directory user. Both objects then have all four values: EX5
, and FOREST
Using ADC Global Names to Find the Replication Partner of an Object
After an object is stamped with the global name of its replication partner from the source directory, you can easily use the EX5
value of that object to find the matching object.
For the EX5
value, use the distinguished name value that is listed. For example, if the global name is
search the Exchange Server 5.5 directory for the following distinguished name:
values, use the objectGUID
attribute in an LDAP search filter to find the object in Active Directory. Because the objectGUID
attribute is a hexadecimal value, you must add slashes after each byte to search. For example, if the global name is
search Active Director and use the following LDAP filter:
You can also convert the hexadecimal GUID to a string GUID, and then use the following special LDAP base distinguished name syntax:
For example, you can search Active Directory with the following base distinguished name: