Installing and Configuring the Active Directory Connector Lynne Williams Judy MacCallum Support Professionals Product Support Services Microsoft Corporation - PowerPoint PPT Presentation

Slide1 l.jpg
Download
1 / 37

Installing and Configuring the Active Directory Connector Lynne Williams Judy MacCallum Support Professionals Product Support Services Microsoft Corporation. Objectives. The importance of preparing the Microsoft® Active Directory® and Exchange 5.5 before the ADC deployment

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Installing and Configuring the Active Directory Connector Lynne Williams Judy MacCallum Support Professionals Product Support Services Microsoft Corporation

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Slide1 l.jpg

Installing and Configuring the Active Directory ConnectorLynne Williams Judy MacCallumSupport ProfessionalsProduct Support ServicesMicrosoft Corporation


Objectives l.jpg

Objectives

  • The importance of preparing the Microsoft® Active Directory® and Exchange 5.5 before the ADC deployment

  • The process of deploying Microsoft Exchange 2000 Server Active Directory Connector

  • Troubleshooting replication


Agenda l.jpg

Agenda

  • Function of the Active Directory Connector

  • Preparing the Active Directory for the ADC

  • Preparing Exchange 5.5 for the ADC

  • Common issues you may encounter during installation

  • Configuration issues

  • Troubleshooting the ADC


The active directory connector function l.jpg

The Active Directory ConnectorFunction

  • Enables two-way synchronization between the Diectory Service in Exchange 5.5 and the Microsoft Windows® 2000 Active Directory

Exchange 5.5

Directory

Windows 2000

Active Directory


Preparing the exchange 5 5 organization steps to take l.jpg

Preparing the Exchange 5.5 OrganizationSteps to Take

  • Check account mapping using NTDSAtrb utility

  • Run DS/IS Consistency Check

  • Check Application Log in Event Viewer for any existing Exchange 5.5 problems

  • Resolve any existing Exchange 5.5 problems


Preparing the exchange 5 5 organization ntdsnomatch utility l.jpg

Preparing the Exchange 5.5 OrganizationNTDSNoMatch Utility

  • Also known as NTDSAtrb utility

  • Located on Exchange 2000 SP1 CD and on the SP2 CD in the Server\Support\Utils\I386 folder

  • Multiple mailboxes with the same primary Microsoft Windows NT® account must be resolved before installing and configuring the ADC

  • Mailboxes in Active Directory are attributes of the Active Directory object, not an object itself


Preparing the exchange 5 5 organization 2 ntdsnomatch utility l.jpg

Preparing the Exchange 5.5 Organization (2)NTDSNoMatch Utility

  • Checks for mailboxes with duplicate primary Windows NT account

  • Creates a comma-separated value (.csv) file that you can import into the Exchange 5.5 directory


Preparing the exchange 5 5 organization 3 ntdsnomatch utility l.jpg

Preparing the Exchange 5.5 Organization (3)NTDSNoMatch Utility

  • User Account has more than one mailbox in Exchange 5.5 association of primary mailboxes with incorrect user accounts

  • Set the value NTDSNoMatch in the Custom Attribute 10 field for accounts you do not want associated with existing user accounts

  • Q274173, “Documentation for the NTDSNoMatch Utility”


Associated nt account mapping l.jpg

Associated-NT-Account Mapping

Domain A

Exchange 5.5

Site 1

Mailbox 1

Mailbox 2

User A

User B

User C

Domain B

Exchange 5.5

Site 2

Mailbox 3

Mailbox 4

Mailbox 5

User D


Associated nt account mapping 2 l.jpg

Domain A

Exchange 5.5

Site 1

Mailbox 1

Mailbox 2

User A

User B

User C

Exchange 5.5

Site 2

Domain B

Mailbox 3

Mailbox 4

Mailbox 5

User D

Associated-NT-Account Mapping (2)


Preparing the exchange 5 5 organization 4 ntdsnomatch utility l.jpg

Preparing the Exchange 5.5 Organization (4)NTDSNoMatch Utility

  • NTDSNoMatch must be run from a Windows 2000-based computer. The program will not run from Windows 95, Windows 98, or Windows NT 4.0.

  • Make sure the account you are using has permissions to read the Exchange 5.5 directory.

  • Run from command prompt: ntdsatrb servernameor ntdsatrb servername:port#


Preparing the exchange 5 5 organization ds is consistency l.jpg

Preparing the Exchange 5.5 OrganizationDS/IS Consistency

  • In the Exchange Server 5.5 Administrator program, select a server  that runs Exchange Server 5.5 and that contains a public information store

  • On the File menu, click Properties, and then click the Advanced tab

  • Click Consistency Adjuster

  • In DS/IS Consistency Adjustment, click the "Remove unknown user  accounts from public folder permissions" check box, click the "Remove unknown user accounts from mailbox permissions" check box, and then click the "All inconsistencies" button Important: Clear all other check boxes


Preparing the active directory dcdiag l.jpg

Preparing the Active DirectoryDCDIAG

  • Run dcdiag from a command prompt: DCDIAG /s:DomainController /v > LogFileName

  • Check for any errors

  • Resolve any errors

  • Re-run dcdiag, until it shows no errors


Preparing the windows 2000 environment netdiag l.jpg

Preparing the Windows 2000 EnvironmentNETDIAG

  • Netdiag /v > filename.txt

  • Check for errors

  • Resolve any errors

  • Re-run Netdiag until error free


Preparing the windows 2000 environment windows 2000 user accounts l.jpg

Preparing the Windows 2000 EnvironmentWindows 2000 User Accounts

  • If not existing in Active Directory already, import from Windows NT 4.0 using ADMT, or create accounts

  • If you have already created disabled accounts from ADC replication, follow article:

    Q316047, “XADM: How to Enable Disabled Accounts That the ADC Creates”


Installing the active directory connector pre installation considerations l.jpg

Installing the Active Directory ConnectorPre-installation Considerations

  • ADC must be installed on a computer that is running Windows 2000 Server or Windows 2000 Advanced Server

  • Need to know the user ID and password for an account with Domain Administrator, Enterprise Administrator, and Schema Administrator privileges


Installing the active directory connector 2 pre installation considerations l.jpg

Installing the Active Directory Connector (2)Pre-installation Considerations

  • ADC setup extends the schema (must have Schema Administrator permissions)

  • Creates objects in the Active Directory (must have Enterprise Administrator permissions)

  • Creates Security Groups in local domain called “Exchange Services” and “Exchange Administrators” (must be member of Domain Administrators Group)


Installing the active directory connector 3 pre installation considerations l.jpg

Installing the Active Directory Connector (3)Pre-installation Considerations

  • ADC Setup creates objects in the Active Directory Configuration container. This requires that the account running Setup belong to the Enterprise Administrators group.

  • Subsequent installations of ADC require only Domain Administrator permissions.


Active directory connector additional planning l.jpg

Active Directory ConnectorAdditional Planning

  • Before creating the Recipient Connection Agreement, make a full backup

    • Q319474, “How to remove the ADC-Global-Names Attribute from Exchange 5.5

    • Q288569, “XADM: How to Prevent Tombstones from Deleting Mailboxes”

  • Plan your replication time. Initial replication will be time consuming depending on the number of objects to replicate. The following replications will take less time.


Installation issues l.jpg

Installation Issues

  • Not logging on with adequate permissions to complete setup (Q253593)

  • Installing ADC on Windows 2000 domain controller that is running Exchange 5.5 (Q250989)

  • Look at the ADC Setup log for errors


User accounts and the adc two scenario considerations l.jpg

User Accounts and the ADCTwo Scenario Considerations

  • Exchange 5.5 Mailboxes already associated with user accounts in the Active Directory – you can proceed with creating a two-way Recipient CA

  • Exchange 5.5 Mailboxes associated with Windows NT 4.0 accounts in a different domain – you will need to do one of the following:

    • Run the ADMT to migrate user accounts and SidHistory (Q260871, “HOW TO: Set Up ADMT for Windows NT 4.0 to Windows 2000 Migration”)

    • Upgrade Windows NT 4.0 domain to Windows 2000

    • Use a third-party utility that supports SidHistory migration


Active directory connector gather information l.jpg

Active Directory ConnectorGather Information

  • Name of the Exchange 5.5 organization

  • Name of the service account for the Active Directory ADC

  • Name of the service account used to access Exchange 5.5

  • Name of the server running Exchange and site to which you are connecting

  • IP address of the target server

  • Name of the organizational unit (OU) in the Active Directory that you want to replicate

  • LDAP port

  • LDAP security


Configuration of the adc two way recipient connection agreement l.jpg

Configuration of the ADCTwo-Way Recipient Connection Agreement

  • Create connection agreements using the Active Directory Connector Management snap-in


Configuration of the adc 2 two way recipient connection agreement l.jpg

Configuration of the ADC (2)Two-Way Recipient Connection Agreement


Configuration of the adc 3 two way recipient connection agreement l.jpg

Configuration of the ADC (3)Two-Way Recipient Connection Agreement


Configuration of the adc 4 two way recipient connection agreement l.jpg

Configuration of the ADC (4)Two-Way Recipient Connection Agreement


Configuration of the adc 5 two way recipient connection agreement l.jpg

Configuration of the ADC (5)Two-Way Recipient Connection Agreement


Configuration of the adc 6 two way recipient connection agreement l.jpg

Configuration of the ADC (6)Two-Way Recipient Connection Agreement


Configuration of the adc 7 two way recipient connection agreement l.jpg

Configuration of the ADC (7)Two-Way Recipient Connection Agreement

Q253829, “Description of Active Directory Connector Deletion Mechanism”


Configuration of the adc two way recipient connection agreement common issues l.jpg

Configuration of the ADCTwo-Way Recipient Connection Agreement Common Issues

  • On the Connections tab, under Windows Server Information, enter the Global Catalog server

  • Make sure you choose the correct Recipient container or OU to replicate

  • Select the correct Exchange 5.5 server

  • LDAP port on Exchange 5.5


Verifying replication of the adc l.jpg

Verifying Replication of the ADC

  • Looking to see if replication occurred

  • Turn up logging

  • Look at event logs

  • Reference: Q253841, “XADM: Troubleshooting Active Directory Connector Replication Issues”


Troubleshooting replication looking to see if replication occurred l.jpg

Troubleshooting ReplicationLooking to See if Replication Occurred

  • Look at user accounts in Active Directory Users and Computers for mail attributes

  • Test replication by changing middle initial of a test user to see if change replicates

  • In Exchange Administrator, change a middle initial of a test user and see if it replicates to Active Directory


Troubleshooting replication turning up diagnostic logging l.jpg

Troubleshooting ReplicationTurning Up Diagnostic Logging

  • On the Start menu, point to Programs, point to Administrative Tools,  and then click "Active Directory Connector Management" to start Microsoft Management Console

  • In the left pane, click Active Directory

  • On the Action menu, click Properties to view the "Active Directory Connector Properties" dialog box

  • On the Diagnostics Logging tab, select the logging category that you want to configure, and then click the appropriate logging level from the Category Logging Levels list


Troubleshooting replication diagnostic logging levels l.jpg

Troubleshooting ReplicationDiagnostic Logging Levels

  • None: Critical events and error events 

  • Minimum: Success or failure of adding or removing a user account

  • Medium: Proxy error warnings

  • Maximum: Logs all events - provides complete record of the ADC service and the status of replication

    Unless you  are troubleshooting a problem, avoid using the Maximum logging level because it logs a large amount of information and can affect server performance


Troubleshooting replication check application event logs l.jpg

Troubleshooting ReplicationCheck Application Event Logs

  • May need to increase size of event logs

  • Look for events generated by MSADC

  • Q313212, “XADM: Mailboxes Do Not Replicate from Active Directory to Exchange”

  • Q306360, “XADM: Event ID 8270, 1171, and 8146 Error Messages from Active Directory”


Additional information l.jpg

Additional Information

  • Q256862, “How to Correct Mismatched Accounts After Active Directory Connector Replication”

  • Q326060, “XADM: How to Move a Connection Agreement to Another Server”

  • Q276440, “XADM:Using CSVDE.EXE to Backup and Restore Connection Agreements”


Slide37 l.jpg

Thank you for joining today’s Microsoft Support

WebCast.

For information about all upcoming Support WebCasts,

and access to the archived content (streaming media

files, PowerPoint® slides, and transcripts), visit:

http://support.microsoft.com/webcasts/

Your feedback is sincerely appreciated. Please send any

comments or suggestions about the Support

WebCasts to supweb@microsoft.com.


  • Login