Exchange 2000

1
Exchange 2000

• Bill Boswell, MCSE
• Windows Consulting Group
• www.winconsultants.com

2
Architectural Changes

• Windows 2000 Integration
• Active Directory holds mailbox information
• Improved Storage
• Multiple databases and independent storage groups
• Simplified storage management
• Separate message and streaming information stores
• Improved Message Routing
• SMTP now default transport
• MTA only required for downlevel routing
• Improved client support
• Outlook uses Active Directory directly

3
Feature Set Changes

• Administration separated from sites
• Front/Back end servers distribute workload
• Integrated full-text searching
• Policy-based administration
• Active/Active clustering
• Native web access for clients
• On-line backup and restore
• System monitoring using Windows Management
  Interface (WMI)

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
4
Messaging Components
User
Kernel
ftp, etc.
TCP/IP
WinSock
NT Cache Manager
SMB
Win32
NTIO subsystem
5
Management Components
Interfaces
Databases
AccessPoints
6
Administrative Groups

• Collects these items into single admin unit
• Servers
• Routing Groups
• Public Folders
• System Policies
• Key Management Services (PKI enrollment)
• Chat Services
• Servers contain
• Protocols
• Storage Groups
• Synchronization objects

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
7
AG and Delegation
Enterprise admin group Full ControlSales admin
group View OnlyPhoenix admin group View Only
Sales admin group Full Control
Phx admin group Full Control
8
Transport Protocols
Exchange
IIS
Shared Memory Queues
smtpsvc
exsmtp
nntpsvc
exnntp
imap4svc
eximap4
pop3svc
expop3
davex
exoledb
ExIPC
INETINFO
9
Client Access

• MAPI
• Outlook (all flavors) and legacy Exchange client
• MAPI calls from internal and third party
  applications
• WebDAV (Web-based Distributed Authoring and
  Versioning)
• HTTP access to files and folders
• Defines an open-standard API (eg, supported by
  Apache)

• Outlook Web Access (OWA)
• Any HTML 3.2-compatible browser
• IE 5.x or higher to get all features
• POP3/IMAP4
• Outlook (Internet mode), Outlook Express
• Third party e-mail clients
• Programmatically via third-party APIs
• Win32
• Explorer, WinSock

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
10
Outlook Web Access (OWA)
11
WebDAV Clients

• Standard file system web shares
• Create shares using Explorer -gt Web Sharing
• Creates virtual folder in default web site using
  Web Sharing option
• Connect via Web Folders
• Only supported by Office 2000 and Office XP
• Public Folders
• Automatically shared as Web Folders
• Custom public folder trees can only be accessed
  via WebDAV

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
12
Win32 Clients

• Exchange Installable File System (EXIFS)
• Exposes web store as M drive
• Allows access to store over SMB
• SMB clients map to share for access
• Turns Web Store into file store
• Accepts office documents, text files, scripts,
  etc
• Converted to MIME and placed in .STM file
• Public Store
• m\domain_name\Public Folders
• Private Store
• m\ domain_name \MBX\mailbox_name

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
13
Active Directory Integration
14
Exchange 5.5 and Windows NT 4.0
15
Exchange Objects in AD

• Domain NC stores recipients
• Users, Contacts, Groups (Distribution Lists)
• Mailbox-enabled public folder accounts
• System mailbox accounts
• GC stores partial replica of all Domain NCs
• Group Expansion
• Address Lists

• Configuration NC stores Organization settings
• Administrative groups
• Protocol interfaces
• Storage groups
• Routing connectors
• Public Folder trees
• Schema NC stores Exchange schema objects

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
16
AD Domains and Exchange

• Domains store Exchange recipient info
• User objects can have mailboxes
• Contact objects can have e-mail addresses
• Group objects can be used for distribution lists
  and can protect public folders
• Domains do not affect mailbox location
• Users can be in a different domain than E2K
  server
• Public folder access works transitively across
  domains
• Users can be migrated between domains
• SID History retains original access permissions
• Mailbox access retained in new domain

17
Exchange Accounts

• No Exchange service accounts
• All services run in LocalSystem account
• Improves security no back door to system
• Exchange service has mailbox
• Proxy object in AD
• Active Directory Connector requires service
  account
• Used to communicate with E5.5 servers
• Has Administrator privilege in AD domain
• Has Exchange Full Administrator role in E2K
  organization

18
Schema Modification

• Adprep
• Prepares W2K AD for E2K objects
• ForestPrep
• Installs Exchange Organization objects into
  Configuration NC
• DomainPrep
• Installs Exchange domain objects such as PF
  proxies and system mailboxes into Domain NC

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
19
Site Replication Service
Site A
Native-Mode W2K Domain
E2K (SRS Disabled)
CA
E2K (SRS)
E5.5
DC/GC
CA
MS(ADC)
E5.5
E5.0
Site B
20
Server Use of Global Catalog

• Global Catalog servers essential to proper E2K
  operation
• Searches for group membership
• Searches for user mailboxes
• Searches for contact information
• Supports downlevel clients with DSProxy
• Name Service Provider Interface (NSPI) proxies
  MAPI requests to a GC
• Referral service (RFR) sends smart clients to a
  GC

21
Client Use of Global Catalog

• Clients running Outlook 98 SR2 and higher query
  GC directly via MAPI
• Older MAPI clients query indirectly via DSProxy
• Large numbers of clients put significant load on
  GC
• Important to have local GC
• Important to recover quickly from GC failure

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
22
Groups and Group Scope

• Domain Local
• Contains users groups from any domain
• Use on ACLs in local domain
• Members listed in Domain NC
• Global
• Contains users from local domain
• Use on ACLs in any domain in a forest
• Members listed in Domain NC
• Universal
• Contains users global groups from any domain
• Use on ACLs in any domain in a forest
• Members listed in GC

23
Groups and Exchange

• E2K uses groups for Distribution Lists and
  Security
• Clients expand DL by querying GC servers
• Servers route messages based on GC queries
• Security groups used for administration
• Control access to Organization objects in AD
• Delegate admin permissions
• Control access to public folders
• Use Universal groups to assure proper expansion

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
24
Message Routing
25
SMTP Transport

• Exchange 2000 uses SMTP, not RPCs
• SMTP part of IIS
• Virtual Server exposed in System Manager
• Routing handled by Advanced Queuing Engine, not
  Exchange
• Inter-site link state notification uses SMTP
• Potential security threat via DDOS
• Exposes names of bridgehead servers
• Unsuitable for routing sensitive information
  across the Internet
• Requires IPSec and SSL to achieve proper security

26
SMTP Flowpaths
ActiveDirectory
RoutingEngine
Advanced Queuing
Routing/ Queuing
SMTP Engine
RemoteQueue
Categorizer
LocalTraffic
RemoteTraffic
SMTP
WebStore
MAPI
27
Routing Groups

• Replace legacy Exchange sites
• Define areas of point-to-point communication
• Control message flow
• Prevent swamping low-speed connections
• Control costs over expensive links

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
28
Routing Groups

• All messages use SMTP
• Point-to-Point routing within RG
• Each E2K server finds recipient by searching GC

29
Routing Group Connectors

• Defines links between routing groups
• Manages message transfer schedule and frequency
• Uses SMTP (simplified implementation)
• MTA only used for non-SMTP transfers
• RG connector permits multiple bridgeheads
• Improves reliability no single point of failure
• No message loops thanks to link state routing
• Can also connect RGs with
• SMTP connectors (more security options)
• X.400 connectors

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
30
Routing Group Configuration
Routing Group Connector links bridgeheads
Routing Group
Routing Group
31
Link State Routing

• Link State table shows connections between
  routing groups
• Replaces legacy static GWART
• Uses same algorithm as OSPF
• Eliminates message loops
• Fast convergence following connector loss
• View link state database via Tools Monitoring
  and Status Status

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
32
Recipients
33
Recipient Types

• Users
• Recipients with domain accounts
• Corresponds to legacy Exchange recipient
• Contacts
• Recipients without domain accounts
• Corresponds to custom recipient
• Groups
• Corresponds to Distribution lists

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
34
Mailbox vs. Mail-enabled

• Mailbox-enabled
• Only users can be mailbox-enabled
• Mail-enabled
• Users (logon), contacts (no logon), or groups
• Supports users with outside mail services
• Compatibility with Legacy Exchange
• Replicated to E5.5 SP3 via Site Replication
  Service
• Legacy recipients with no owner disabled user

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
35
Account Restrictions

• Delivery Restrictions
• Message size limits
• Allowable message source
• Delivery Options
• Send On Behalf
• Forwarding Address
• Maximum recipients (anti-spam)
• Storage Limits
• Mailbox size limit
• Deleted item retention

36
Relinking Mailboxes

• Deleted Mailbox retention holds deleted
  mailboxes for 30 days
• When user deleted, associated mailbox left in
  Web store
• Orphaned mailbox can be linked to another user

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
37
Sharing Mailbox Access

• Permit access in AD UC under ExGen -gt Mailbox
  Rights
• Changes ACL for mailbox
• Administrators blocked by default
• Permit Send-on-Behalf in AD UC under ExGen -gt
  Delivery Options
• Requires MAPI client
• Expose FROM field in Outlook using Options

38
Address Lists
39
Proxy Addressing

• Support for foreign messaging systems
• Internet SMTP, Microsoft Mail, X.400, ccMail
• Generated by Recipient Update Service (RUS)
• Replaces Site Addressing in Exchange 5.5
• Recipient Policies act as templates
• Can apply individual proxy addresses
• Can be confusing as to which address used in
  routing

40
Dynamic Address Lists

• Calculated dynamically using LDAP searches
• Standard GAL consists of query for all objects
  with e-mail attribute
• Can created customized address lists
• Off-line address list is static snap-shot of
  periodic LDAP query

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
41
Recipient Update Service

• RUS functionality
• Populates address lists
• Applies recipient policies
• RUS location
• Only one RUS service active in any AD domain
• W2K domains running E5.5 also need RUS server
• RUS schedule
• Controlled by System Manager
• Default is Never Run
• Set interval governed by frequency of changes

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
42
Custom Address Lists

• Create an address list by defining an LDAP query
• Administer address lists
• Set permissions to use address list
• Hide a recipient from an address list
• Organize lists
• Build a hierarchy to aid user navigation
• Use empty address lists as top nodes

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
43
Offline Address Lists

• Off-Line Address Lists stored in public folder
• Flat files built from address lists
• Not replicated
• OALs downloaded by clients
• Dial-up clients avoid downloading large GAL
• Remote clients use when not connected
• OALs maintained by RUS
• Rebuilt based on assigned schedule
• Results stored in default Public Folder store

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
44
Public Folders
45
Public Folder Stores

• Public folders can now be created in System
  Manager
• Storage groups can hold multiple public folder
  stores
• PF hierarchy rooted in Public Folder Tree
• Each PF store hosts one PF tree
• Two public folder types
• Default Public Folders tree accessible to MAPI
  clients
• General purpose trees accessible through
  applications
• PF trees can be replicated between servers

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
46
PFs As Mail Recipients

• Public folders can receive e-mail
• Cannot send e-mail
• Cannot be used as security principal
• Messages are stored in PF store
• Requires proxy object in Active Directory
• Proxy account contains mailbox parameters
• Located in special Exchange container under
  cnSystem,dcltdomaingt,dcltnetgt

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
47
Replication

• Replication handled by Exchange, not Windows
• Public Folder Replication Agent installed by E2K
• Uses messaging infrastructure (routing groups and
  connectors)
• Item-level Replication
• If document modified, entire document replicated
• Change Number tracks message modifications
• Missed updates backfilled

48
PF Access Protocols

• MAPI
• Default Public Folder store only
• Automatically redirected to local replica
• Win32
• Access via share point
• No automatic local redirection (except via Dfs)
• NNTP
• Can configure PF to be a newsgroup
• Can configure PF to take a usenet feed

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
49
Instant Messaging
IM Server
IM Client
User Interface
ExchangeSystemManager
ServerApplicationLayer
Multiprotocol Interface
MSNProvider
RVPProvider
Locator
IIS---------------------XML ParserISAPI
Metabase
Active Directory
50
IM Transactions
DomainController
IMClient
IM Router
IMClient
Firewall
IMClient
ProxyServer
51
Thanks for Attending

• Contact Bill Boswell at The Windows Consulting
  Group
• bboswell_at_winconsultants.com

52
Questions?
Click on the Ask a Question link in the lower
left corner of your screen to ask Bill Boswell a
question.
53
Thank you for your participation! Did you like
this Webcast? Send us your feedback on this
event and ideas for other event topics at
editor_at_searchwin2000.com.