Active Directory Connector Requirements and Implications Throughout an Organization
- Recipient Connection Agreements synchronize items from the site naming context in Exchange Server 5.5 (specifically mailboxes, distribution lists, and custom recipients) with the domain naming context in Active Directory (specifically users, contacts, and groups).
- Public Folder Connection Agreements synchronize public folder directory objects from the site naming context in Exchange Server 5.5 with the domain naming context in Active Directory.
Note By default, public folders are hidden from the Global Address List in Exchange Server 5.5. To see these objects in Exchange Administrator, click Hidden Recipients on the View menu, and then click the appropriate Recipients container.
The public folder directory objects in Active Directory are located in the Microsoft Exchange System Objects container. In Active Directory Users and Computers, click Advanced Features on the View menu to view these objects.
Note Public folder Connection Agreements do not control hierarchy replication (the list of all public folders that are available for each public folder tree type, MAPI, or application) or content replication (the data, such as messages and posts, that is stored in public folders). Both hierarchy replication and content replication are a function of public folder replication that is controlled by the information store, not the ADC. Therefore, hierarchy replication and content replication are not in any way controlled by public folder Connection Agreements. A public folder Connection Agreement replicates the directory objects for public folders to permit mail flow to public folders.
- Configuration Connection Agreements replicate items in the configuration naming context in Exchange Server 5.5 (such as servers, connectors, information stores, and site addressing objects) with the configuration naming context in Active Directory.
Which Version of ADC Do I Have to Install?There are three versions of ADC:
- The first is the Microsoft Windows 2000 version that is included on the Windows 2000 CD. This version of ADC is not compatible with either Microsoft Exchange 2000 Server or with Exchange Server 2003. Do not use this version when you deploy Exchange 2000 Server or Exchange Server 2003.
- The second version of ADC is included with Exchange 2000. You must use this version when you deploy Exchange 2000 in a coexistence or a migration scenario with Exchange Server 5.5.
- The third version of ADC is included with Exchange Server 2003. You must use this version whenever you deploy Exchange 2003 in a coexistence scenario or in a migration scenario with either pure Exchange Server 5.5 (an organization with only Exchange Server 5.5 computers) or mixed-mode Exchange 2000 (an organization with both Exchange Server 5.5 computers and Exchange 2000 computers).
|Scenario||Version of ADC|
|Install Exchange 2003 to join a pure Exchange Server 5.5 organization (only Exchange Server 5.5 computers)||Exchange Server 2003 ADC|
|Install Exchange 2003 to join a mixed Exchange 2000 organization (both Exchange Server 5.5 computers and Exchange 2000 computers)||upgrade existing ADC computers to Exchange Server 2003 ADC|
|Install Exchange 2003 to join a pure Exchange 2000 organization (only Exchange 2000 computers)||not required|
|Install Exchange 2000 to join a pure Exchange Server 5.5 organization (only Exchange Server 5.5 computers)||Exchange 2000 Server ADC|
- When you update the Active Directory Connector to the Exchange 2003 version, the ADC setup program not only upgrades the ADC binaries, it also modifies the versionNumber attribute on any Connection Agreements that are owned by that ADC service.
- To determine which Connection Agreements are owned by an ADC service, use Active Directory Connector Services. Click the ADC server (Active Directory Connector ServerName) in the left pane. The Connection Agreements appear on the right.
The property pages displayed will be read-only. Do you wish to continue?
Eventually, you must upgrade all ADC services before you install the first Exchange 2003 computer. Either perform an in-place upgrade of all ADC services that are older than Exchange 2003 before you install so that all earlier Connection Agreements are phased out. Or, perform fresh installations of the Exchange 2003 version of ADC, move all existing Connection Agreements to run on the newly installed ADC service, and then remove the Exchange 2000 ADC installations.
When Do I Install the Active Directory Connector?You must install the Active Directory Connector service before you introduce an Exchange Server 2003 computer or an Exchange 2000 computer into a pure Exchange Server 5.5 organization (an organization that only has Exchange Server 5.5 computers). If you do not install ADC, you cannot join the existing Exchange Server 5.5 organization as part of the migration process. Instead, the Exchange 2003 computer or the Exchange 2000 computer is installed in a separate organization. If you introduce Exchange 2003 into an existing mixed organization (one that has both Exchange Server 5.5 and Exchange 2000 computers), you must upgrade the existing Exchange 2000 ADC computers to the Exchange Server 2003 version of ADC before you introduce the first Exchange 2003 computer into the environment.
When Do I Configure Connection Agreements?To allow for coexistence with Exchange Server 5.5, you must deploy the Active Directory Connector and you must configure the recipient Connection Agreements before you introduce an Exchange 2003 computer or an Exchange 2000 computer into any site. Specifically, this means that all recipients, all contacts, and all distribution lists from every site must exist in the Active Directory forest where Exchange Server 2003 or Exchange 2000 Server will be installed before you install the first Exchange 2003 computer or the first Exchange 2000 computer. Several reasons for this requirement are included in the following list, but note that it is not a complete list of all the reasons:
- Mail flow Users who have mailboxes on Exchange 2003 and Exchange 2000 see an incomplete Global Address List if recipient Connection Agreements are not configured.
- Access control list (ACL) conversion problems The Exchange 2003 and the Exchange 2000 Information Store services expect to find all mailbox-enabled or mail-enabled objects that are used as security principals somewhere in the Active Directory forest where Exchange 2000 is installed. For example, any Exchange Server 5.5 mailboxes or any distribution lists that are used to control access to resources (such as delegate permissions on mailboxes or public folders) must be represented in Active Directory for the conversion process of Exchange Server 5.5-style ACLs to Exchange 2003-style or Exchange 2000-style ACLs to complete successfully. A failure in ACL conversion causes access problems to the resource.For additional information about these issues, click the following article numbers to view the articles in the Microsoft Knowledge Base:296051 XADM: Public Folders Lose ACEs After Exchange 2000 Is Introduced to an Existing Exchange Server 5.5 Organization297016 XADM: You Must Use a Native-Mode Windows 2000 Domain for Exchange 2000Additionally, ACL conversion problems can adversely affect server performance. For more information about how to troubleshoot public folder performance issues that are related to ACL, click the following article number to view the article in the Microsoft Knowledge Base:328880 How to troubleshoot public folder performance issues that are related to ACL conversions in Exchange 2000 and in Exchange 2003
- Replication failure of a configuration Connection AgreementFor additional information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:306360 XADM: Event ID 8270, 1171, and 8146 Error Messages from Active Directory and Site Replication Service
Connection Agreement RequirementsThe following rule applies when you are deciding what type of Connection Agreements to deploy:
Recipient Connection AgreementsNote A mixed site is any site that contains an Exchange 2003 or an Exchange 2000 computer that is currently running the Site Replication Service (SRS).
- You can export pure Exchange Server 5.5 sites in Active Directory either by using one-way Connection Agreements (from Exchange to Windows) or by using two-way Connection Agreements. Two-way Connection Agreements are preferred. The following are valid reasons for deploying two-way recipient Connection Agreements for pure Exchange Server 5.5 sites:
- Two-way recipient Connection Agreements permit the management of some Exchange Server 5.5 directory objects in Active Directory Users and Computers.
- Two-way recipient Connection Agreements prepare for the introduction of Exchange 2003 or Exchange 2000 in the pure Exchange Server 5.5 site.
- Mixed sites require two-way recipient Connection Agreements. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:303180 Active Directory Connector Connection Agreement Requirements for Mixed Administrator Groups
- You can export pure Exchange 2003 or Exchange 2000 sites in their respective writeable Site Replication Services (one or many that are responsible for the pure administrative groups) by using either one-way Connection Agreements (from Windows to Exchange) or two-way Connection Agreements, with two-way Connection Agreements being preferred. Deploying one-way Connection Agreements (From Windows to Exchange) for the pure Exchange 2003 or Exchange 2000 administrative groups may cause distribution list membership synchronization issues; therefore two-way recipient Connection Agreements are better.
Public Folder Connection AgreementsThe recommended practice is to create one public folder Connection Agreement between each Exchange Server 5.5 site and Active Directory. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
Article ID: 823601 - Last Review: 09/03/2013 10:46:00 - Revision: 5.0
- kbtshoot KB823601