Study On Active Directory And Exchange Server Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Active Directory is a large repository for information about objects as users, domains, computers, domain controllers, groups, contacts, and shared resources (such as files and printers). All objects in Active Directory are protected by a security system based on Kerberos, an industry-standard secret-key encryption network authentication protocol. Almost the entire Exchange 2007 configuration is stored in the Active Directory; this information is stored in a partition of the Active Directory called the Configuration partition. The Configuration partition is replicated to all domain controllers in the entire forest, not just the domain in which the Exchange server is installed.

Exchange Server 2007, like Exchange 2000/2003, depends entirely on a healthy and functioning Active Directory and the availability of Domain Name Service (DNS) services. In order for Exchange servers to properly locate domain controllers and global catalogs, DNS must accurately resolve domain controller and global catalog service location records and host information as well as information about Active Directory sites. Exchange must retrieve configuration and recipient information from Active Directory as well; if either DNS or Active Directory does not respond to an Exchange 2007 server's queries, clients will not be able to authenticate, address lookups will not occur, and e-mail will not flow.

When an Exchange server starts running services such as the Microsoft Exchange System Attendant, the Microsoft Exchange Active Directory Topology service determines in which Active Directory site the Exchange server is located and then locates all domain controllers and global catalog servers in that site. Exchange Server then reads its configuration from Active Directory; this would include determining which roles that server supports, the mailbox databases to mount, etc. When Exchange 2007 Hub Transport server is routing messages to Exchange recipients, it must query a global catalog server in order to determine properties of the recipient such as proxy addresses, home mailbox server, and mailbox restrictions.

1.2 Active Directory Site Membership

Exchange Server 2007 is an Active-Directory-site-aware application. Exchange 2007 uses Active Directory site information for a couple of purposes.

Exchange 2007 servers automatically learn the Active Directory topology and determine in which Active Directory site each Exchange 2007 server is located. Exchange Server uses the IP subnets to locate the sites; if the subnet information is incomplete or incorrect, Exchange Server will not be able to correctly determine site membership and mail may not be delivered properly.

Different Exchange Server 2007 server roles use the Active Directory site information in different ways:

All Exchange 2007 server roles use the site architecture to locate domain controllers and global catalog servers closest to them from the network's perspective.

Hub Transport servers determine the remote Hub Transport servers names in other Active Directory sites to which they need to transmit messages intended for remote Mailbox servers.

Mailbox servers determine which Hub Transport servers are in their own site so they can notify those servers that they have messages that must be transferred.

Unified Messaging servers submit voicemail messages and faxes to Hub Transport servers in their own site for routing to Mailbox servers. Unified Messaging servers do not transfer voicemail and fax messages directly to a Mailbox server.

Client Access servers look for site information in order to determine if they are located in the same Active Directory site mailboxes that they are being asked to provide access to. If not, the Client Access server refers the client to a Client Access server that is in the same site as the required Mailbox server.

Exchange Server refers Outlook 2000, 2002, and 2003 clients to global catalog servers that are in the same site as the Exchange server for global address list lookups.

If there are weaknesses in Active Directory site design, Exchange 2007 will expose them. For Active Directory forests with more than one Active Directory site, the subnets must be properly defined and associated with the appropriate site.

1.3 Domain Controllers and Global Catalog Servers

In an Exchange 2007 environment, the Global catalog servers need to be at least Windows 2003 Server Service Pack 1 or later, each domain should be at Windows 2003 domain functional level, and the forest should be at Windows 2003 functional level. Though practically it may not be the scenario, the following are the minimum requirements for Windows 2003 domain controllers and Active Directory in an Exchange setup:

Each Active Directory site that has Exchange 2007 servers must have at least one Windows 2003 Service Pack 1 or later global catalog server. For redundancy, an additional global catalog server should be available.

Each domain that will host Exchange 2007 servers or mail-enabled recipients must be at a minimum Windows 2000 native functional level.

For Exchange 2007 Outlook Web Access global address list, Windows 2003 Service Pack 1 or later global catalog servers is required.

The schema master flexible single master of operations role must be hosted on a domain controller running Windows 2003 Service Pack 1 or later.

For Exchange organizations in multiple forests that require forest-to-forest trusts, all forests involved in forest-to-forests trusts must be at Windows 2003 forest functional mode.

1.4 Exchange server 2007 installation

The installation requirements for Exchange server 2007 can be split into two types:

System-wide requirements

Server-specific requirements

1.4.1 System-wide requirements

Exchange 2007 requires the domain functional level to be at Windows 2000 native mode or higher as illustrated in figure 1.4.1

Figure 1.4.1: <Domain functional level>

The Active directory preparation need not be done beforehand for Exchange server 2007 as was the case with previous versions of Exchange servers. The Active directory preparation ('Adprep' utility) is run automatically during Exchange server 2007 setup.

Previous versions of Exchange server required a service account to be used during exchange server setup & post installation procedures & maintenance. The following is a list of required permissions required to install an Exchange 2007 server into a new or existing organization.

Local Administrator on the server

Enterprise Administrator

Domain Administrator

Schema Administrator (only required for first install to extend the Schema)

Server-specific requirements

Server-specific requirements for Exchange 2007 include both hardware and software. In order to install Exchange 2007 the server must be running Windows Server 2003 x64 and have SP1 installed. .NET 2.0 Framework and MMC 3.0 must be installed prior to installing Exchange server 2007 but these two components can also be installed during setup. 

Exchange 2007's hardware requirements are as follows:

Intel Xeon or Pentium 4 64-bit processor

AMD Opteron or Athlon 64-bit processor

1GB of RAM plus 7MB per mailbox

1.2 GB of available disk space on the drive on which Exchange is installed

200 MB of available disk space on the system drive


SVGA or higher-resolution monitor

NTFS File System

Exchange 2007 no longer requires the IIS SMTP and NNTP services installed as it has its own built in SMTP server and, for messages being transported between Exchange 2007 servers with the organization, uses MAPI. Depending on the role or roles installed on the server, different components are required. Table 1.4.2 shows which additional services each role requires.

Table 1.4.2: <Roles and corresponding Additional Components>



Edge Transport


Hub Transport


Mailbox Server

Network COM+, IIS, World Wide Web

Client Access Server

World Wide Web

Unified Messaging Server

Speechify (installed by E2007 Setup)

1.5 Exchange Installation Process

The Exchange server 2007 setup when clicked brings the graphical screen as shown in figure 1.5.1

Figure 1.5.1: <Exchange server 2007 Installation screen>

Clicking on install brings the EULA followed by a selection between typical installation and a custom installation as shown in figure 1.5.2

A list of check boxes appear next to select which roles need to be installed, as show in figure 1.5.3

The Exchange setup being graphical allows the administrator to track the status of the installation. It also displays any errors that occur during the installation. After completion of the setup the installer will launch the EMC (Exchange management console) as shown in figure 1.5.4

Figure 1.5.2: <Exchange server 2007 setup options>

If the graphical mode of setup is used to install Exchange, then the option to automatically start EMC is given when the installation completes. Otherwise, click Start  All Programs  Microsoft Exchange  Exchange Management Console to launch the EMC.

It contains a list of tasks that are needed to accomplish in order to finalize the deployment. This list may be longer or shorter depending on which roles are selected in the organization. Each task is a hyperlink that will leads to specific instructions on how to accomplish it.

Figure 1.5.3: <Customizing the installation>

Figure 1.5.4: <Exchange management console>

Mailbox server roles

Server roles allow an administrator to split the functions of an Exchange server and place each role, or a combination of roles, on different servers in the organization. This can be done for performance reasons, management reasons, or any other reason deemed necessary by the organization's policies

Exchange 2007 introduces five roles to the Exchange organization.

Edge Transport

Hub Transport

Client Access


Unified Messaging

Edge Transport role

The Edge Transport role is installed on the edge of the network and therefore is installed on a standalone server that is not a member of the Active Directory domain. Because the server is not a member of the Active Directory domain, Active Directory Application Mode (ADAM) is used to sync AD with the Edge Transport server. ADAM and a component called EdgeSync are used to perform scheduled one-way synchronization of the configuration and recipient information from Active Directory. This allows the Edge Transport to perform recipient lookups and Spam filtering.

The Edge Transport role performs a number of functions including Anti-spam and Anti-virus protection. The Edge Transport uses connection filtering, content filtering, recipient filtering, SenderID, sender and IP reputation to reduce the amount of Spam delivered to the end users inbox. Mail tagged as Spam will sit in a Spam quarantine from which administrators can delete or allow messages tagged as Spam. One of the top features is the ability for Outlook 2003 and 2007 clients to merge their Spam settings (like white and black lists) to the Edge Transport server to increase the efficiency and accuracy of the filters. The built in VSAPI has been improved and the introduction of transport agents allows third party AV applications to provide stronger AV filtering.

Edge Transport Rules are used to protect the Exchange organization by applying rules and, based on whether the message passes or fails, appropriate action is taken. Unlike the Anti-virus and Anti-Spam processing, Edge Transport rules are based on SMTP and MIME addresses, words in the subject or message body, and SCL rating. The Edge Transport role also handles address rewriting; in Exchange 2007 an administrator can modify the SMTP address on in or outbound mail.

The Edge Transport server is also responsible for all mail entering or leaving the Exchange organization. Mail travels inbound through the Edge Transport and once the Edge Transport Rules have been applied the message is passed on to the Hub Transport server. Because the Edge Transport is responsible for all in and outbound mail, multiple Edge Transport servers can be configured for redundancy and load balancing.

1.6.2 Hub Transport role

The Hub Transport role is responsible for all internal mail flow. This role is similar to the bridgehead server in an Exchange 2000/2003 organization. In fact it originally was called the Bridgehead Role until it was changed.

The Hub Transport server, as well as the rest of the server roles, is installed on member server(s) in an Active Directory domain. There is no need for ADAM on this, or any other role aside from the Edge Transport. Because it is a member of an AD domain, all its configuration information is stored in AD and any other Hub Transport servers that are installed will get their configuration from AD.

Inbound mail is accepted from the Edge Transport and passed on to the user's mailbox and all outbound mail is relayed from the Hub Transport to the Edge Transport and out to the Internet. The Hub Transport and Edge Transport servers are very similar and in fact, one can forgo the Edge Transport server and configure the Hub Transport to accept mail from, and send mail to, the Internet.

The Anti-Spam and Anti-virus features of the Edge Transport can be configured on the Hub Transport in order to reduce the number of servers required. It is quite feasible that only one server in the Exchange organization can be configured with all the roles. In this case an Edge Transport role and all its features will be passed on to the Hub Transport role.

1.6.3 Mailbox role

The simplest of the roles is the Mailbox Role. The Mailbox role holds the Exchange databases within which the user mailboxes are contained. It is also home to the Public Folder databases if Public Folders is enabled (They are not enabled by default in Exchange 2007).

1.6.4 Client Access role

The Client Access Role is similar to the role of a Front-End server as in an Exchange 2000/2003 organization. The Client Access server is the server that users connect to with their mail client, mobile device, or web browser. The Client Access server handles all connections whether they come from an application such as Outlook 2003 or 2007, Outlook Express, or any other MAPI, POP3 or IMAP4 client. The Client Access server also handles connections made from mobile devices such as a Windows Mobile 5 Smartphone, or any other device using Exchange ActiveSync. Exchange ActiveSync in Exchange 2007 supports all devices with PocketPC 2002/2003 and Windows Mobile 5

This role also provides Outlook Web Access (OWA). OWA allows a user to access his or her mailbox from a web browser and have full access to all the information in the mailbox including task lists, calendar information, mail items and public folders. One of the hot new functions of OWA is Sharepoint and UNC access. Now users can access UNC shares (\\servername\share) and Sharepoint document libraries reducing the need for complex VPN configurations.

1.6.5 Unified Messaging role

The Unified Messaging role is responsible for merging VOIP infrastructure with the Exchange organization. This allows,

combined voice, fax, and mail in one inbox

access to voice, fax and mail via multiple interfaces

To check voicemail connect to the Exchange server with OWA and the voicemail can be seen as an attachment in email messages. Unified messaging changes the way user's access voice, fax and email.