RE: ADC Question...
- From: Chris Wall <Chris.Wall@xxxxxxxxxxxxxxxxxxx>
- To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
- Date: Tue, 15 Feb 2005 11:10:56 -0500
Thank you much for your help. I will let you know how things go in the lab!
Thanks again,
Chris Wall
Sr. Exchange Administrator
MCSE, MCSA
Chris.Wall@xxxxxxxxxxxxxxxxxxx
T - 919.460.3236
F - 919.468.4889
Global Knowledge Network
LEARNING. To Make a Difference
http://www.globalknowledge.com
-----Original Message-----
From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx]
Sent: Tuesday, February 15, 2005 11:02 AM
To: [ExchangeList]
Subject: [exchangelist] RE: ADC Question...
http://www.MSExchange.org/
Based on this, and the understanding that Migrating accounts from the
remote domains is not an option - I assume that the ADC's will create
'Contacts' in AD for the accounts on the remote Exchange 5.5 servers.
>>> No, not contacts, but disabled user objects by default
With that information, I need to know what to look out for... My
biggest concern is how permissions will be affected with public folders. I
will re-home corporate Public folders to the Exchange 2003 servers. Some of
the remote Exchange 5.5 accounts have permissions to these folders and
vice-versa.
>>> Take a look at the documents at
http://www.microsoft.com/exchange/library for information on how this looks.
In your lab, you want to watch for this.
To make sure that Public folder permissions do not break since I know of
no way to assign 'Contacts' permissions to Public Folders, I will have to
leave an Exchange 5.5 server in the Corporate domain that contains replicas
of the Exchange 2003 Public Folders. This way, permissions will remain in
tact for accounts in remote 5.5 servers... Does this make sense?
>>> No, you won't need a 5.5 server per se, but you will need the SRS and
you will need to move/keep the directory replication and X.400 connectors.
5.5 will still need to talk to a 5.5 server. In your case, it will just be
a 2003 server running SRS and X.400 connectors.
>>> Article of interest: http://support.microsoft.com/kb/328287
-ajm
-----Original Message-----
From: Chris Wall [mailto:Chris.Wall@xxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, February 15, 2005 10:20 AM
To: [ExchangeList]
Subject: [exchangelist] RE: ADC Question...
http://www.MSExchange.org/
Al,
Thanks for the reply, your info does reinforce my knowledge - I
understand the idea of Agreements vs. instances. I also realize the ability
to create redundant agreements and the need to verify one of the duplicate
agreements are marked a primary to prevent synch errors.
Currently, we have discussed the domain design as it regards to AD and
we have decided to have the remote NT4 domains join our Forest in the future
(during the AD upgrade process). However, due to reasons I will not go into
now - we can not upgrade their domains to AD at this time. Our first goal
is to implement Exchange 2003 in our Corporate AD Domain and upgrade the
current Exchange 5.5 servers in the Corporate domain.
Based on this, and the understanding that Migrating accounts from the
remote domains is not an option - I assume that the ADC's will create
'Contacts' in AD for the accounts on the remote Exchange 5.5 servers.
With that information, I need to know what to look out for... My
biggest concern is how permissions will be affected with public folders. I
will re-home corporate Public folders to the Exchange 2003 servers. Some of
the remote Exchange 5.5 accounts have permissions to these folders and
vice-versa.
To make sure that Public folder permissions do not break since I know of
no way to assign 'Contacts' permissions to Public Folders, I will have to
leave an Exchange 5.5 server in the Corporate domain that contains replicas
of the Exchange 2003 Public Folders. This way, permissions will remain in
tact for accounts in remote 5.5 servers... Does this make sense?
Also my last question... When the ADC Agreements are created for the
remote Exchange 5.5 servers (in an NT 4 Domain for the time) can I remove
the Directory Replication and X.400 connectors from the Corporate Exchange
5.5 bridgehead, ore will they have to remain in tact?
There are 3 Exchange 2003/Exchange 5.5 connections that I am trying to
decide upon. They are:
1. Create ADC Agreements to each Exchange 5.5 remote site and use the
Exchange 2003 X.400 connector as discussed in article
http://www.msexchange.org/tutorials/X400-Connector-Exchange-Server-2003.html
2. Create ADC Agreements to each Exchange 5.5 remote site and keep the
x.400 connectors on the Corporate Exchange 5.5 Bridgehead server so that
info is replicated into Exchange 2003 from the Corporate Exchange 5.5
Bridgehead
3. Use Site Connectors to Exchange 5.5 remote servers without the
Exchange 2003 X.400 connector.
I appreciate your opinions so that I can test in a lab environment....
Regards,
Chris Wall
-----Original Message-----
From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx]
Sent: Tuesday, February 15, 2005 9:05 AM
To: [ExchangeList]
Subject: [exchangelist] RE: ADC Question...
http://www.MSExchange.org/
A few things to keep in mind when dealing with the ADC.
1) Keep it simple; this is a simple tool and any attempts to make it do
complex things will make you sad <G>
2) ADC Connection Agreements (CA's) and ADC instances are separate entities;
Numerous CA's can be run from the same instance.
3) Each CA needs an AD target to write to; you'll always use two-way sync
for the CA's when dealing with Exchange
4) Each CA is going to need a writeable copy of the Exchange 5.5 directory;
writeable copies are at the site level in 5.5
5) Each CA is capable of using it's own credentials for the situation you
describe.
6) Keep it simple; this is a simple tool and any attempts to make it do
complex things will make you sad <G>
You will likely need one instance of the ADC depending on bandwidth. You
will need at least one CA for each site in the 5.5 ORG and you will not need
to have the individual NT domains upgraded *depending on your migration
plans*. What I mean by that, is that if you don't want to have the 5.5
accounts migrate to the 2003 HQ domain, then you'll want to upgrade the
existing domains into the forest. In which case, you'll want to upgrade
those to 2003 before installing the ADC just to make it easier. You don't
have to, but it often makes things simpler and less chaotic.
It's recommended to use as few domains as you can when deploying Active
Directory. That's because there's not a lot of particular benefits to
multiple domains vs. sites and OU's. A few, but many don't need those
particular benefits when deploying.
Depending on the overall migration strategy, you would then deploy the ADC
accordingly remembering the rules above.
Does that help?
-ajm
-----Original Message-----
From: Chris Wall [mailto:Chris.Wall@xxxxxxxxxxxxxxxxxxx]
Sent: Monday, February 14, 2005 5:29 PM
To: [ExchangeList]
Subject: [exchangelist] ADC Question...
http://www.MSExchange.org/
Hello all,
Have a quick ADC design question for you all before running in a test
environment...
Environment Info:
I am currently running Exchange 5.5 in one Exchange Organization with 3
different Exchange sites. Each Site is in a different NT 4.0 Domain, which
are connected by trusts to our Corporate Domain...
We have currently upgraded the 'Corporate' domain to Win 2003 AD. This
'Corporate' 2003 AD domain has the internal Exchange 5.5 server that acts as
a bridgehead with x.400 and Directory Replication Connectors to the other
two Exchange 5.5 Sites. Each of those trusted Domains have only 1 Exchange
5.5 server in their Exchange site.
Question:
When configuring the ADC in the Corporate AD domain, I assume that I can
only connect it to the local Exchange 5.5 Site (Since AD is not running in
the other two domains).
1. Should each site have its own ADC connector for Replication? If so, that
means that each NT 4 Domain must be upgraded to 2003 AD first...
2. Or can I setup one ADC connection to the local 5.5 site that contains the
Bridgehead? If so, I assume this ADC connection will update Corporate AD
with 'contacts' for accounts in the remote Exchange 5.5 sites. Will this
cause any issues with Public folder permissions since the 5.5 accounts will
appear as contacts?
If #2 is a viable option, and I hope it is, then what happens when I have
migrated all Exchange 5.5 accounts, public folders, contacts, etc to the new
Exchange 2003 servers... Will I need to keep the Exchange 5.5 Bridgehead
running until I can upgrade the other 2 domains to AD so they can have their
own ADC's and not have to rely on updates from the Exchange 5.5 Bridgehead?
Kind of confusing, but none of Microsoft's books or white papers really
address this scenario. They all seem to assume that all Exchange 5.5 are in
an AD environment prior to introducing the ADC.
Thanks for any information or thoughts...
Regards,
Chris Wall
Sr. Exchange Administrator
MCSE, MCSA
Chris.Wall@xxxxxxxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
al.mulnick@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
Chris.Wall@xxxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
Other related posts:
