In: Categories » Computers and technology » Microsoft OS family » Designing Active Directory for Exchange Server 2007
|
Active Directory (AD) is a necessary and fundamental component of any Exchange 2007 implementation. That said, organizations do not necessarily need to panic about setting up Active Directory in addition to Exchange, as long as a few straightforward design steps are followed. The following areas of Active Directory must be addressed to properly design and deploy Exchange 2007: . Forest and domain design . AD site and replication topology layout . Domain controller and global catalog placement . Domain name system (DNS) configuration Understanding Forest and Domain Design Because Exchange Server 2007 uses Active Directory for its underlying directory structure, it is necessary to link Exchange with a unique Active Directory forest. In many cases, an existing Active Directory forest and domain structure is already in place in organizations considering Exchange 2007 deployment. In these cases, Exchange can be installed on top of the existing AD environment, and no additional AD design decisions need to be made. It is important to note that Exchange 2007 can only be installed in a Windows Server 2003 Active Directory forest; Windows 2000 Server forests are not supported. In some cases, there might not be an existing AD infrastructure in place, and one needs to be deployed to support Exchange. In these scenarios, design decisions need to be made for the AD structure in which Exchange will be installed. In some specific cases, Exchange might be deployed as part of a separate forest by itself, as illustrated in Figure 4.1. This model is known as the Exchange Resource Forest model. This is often the case in an organization with multiple existing AD forests. Cross-Forest Trust Exchange Forest and Domain Production Forest and Domains In any case, AD should be designed with simplicity in mind. A single-forest, singledomain model, for example, solves the needs of many organizations. If Exchange itself is all that is required of AD, this type of deployment is the best practice to consider. NOTE The addition of Exchange 2007 into an Active Directory forest requires an extension of the AD forest’s Active Directory schema. Considerations for this factor must be taken into account when deploying Exchange onto an existing AD forest. Microsoft has gotten serious recently about support for Exchange Server across multiple forests. This was previously an onerous task to set up, but the ability to synchronize between separate Exchange organizations has been simplified through the use of Microsoft Identity Integration Server (MIIS) 2003. MIIS now comes with a series of preconfigured scripts to replicate between Exchange forests, enabling organizations which, for one reason or another, cannot use a common forest to unite the email structure through object replication. Outlining AD Site and Replication Topology Layout Active Directory sites should mirror existing network topology. Where there are pools of highly connected AD domain controllers, for example, Active Directory sites should be created to optimize replication. Smaller organizations have the luxury of a simplified AD site design. In general, the number of sites is small—or, in most cases, composed of a single physical location. Midsize and larger organizations might require the creation of multiple Active Directory sites to mirror the wide area network (WAN) connectivity of the organization. Exchange 2007 no longer uses a separate replication mechanism (routing groups) from Active Directory, and Exchange replication takes place within the context of Active Directory sites. This makes proper AD site topology creation a critical component of an Exchange deployment. Reviewing Domain Controller and Global Catalog Placement Concepts In small or midsize organizations, you have effectively two options regarding domain controller placement. The first option involves using the same physical server for domain controller and Exchange Server duties. This option is feasible for smaller organizations because its impact on the server is minimal. This type of deployment strategy is not feasible for enterprise organizations, however, and the domain controller functions should be separated onto dedicated systems. Configuring DNS Because AD and Exchange are completely dependent on DNS for lookups and overall functionality, configuring DNS is an important factor to consider. In the majority of cases, DNS is installed on the domain controller(s), which enables the creation of Active Directory-integrated DNS zones. AD-integrated zones enable DNS data to be stored in AD with multiple read/write copies of the zone available for redundancy purposes. Although using other non-Microsoft DNS for AD is supported, it is not recommended. The main decision regarding DNS layout is the decision about the namespace to be used within the organization. The DNS namespace is the same as the AD domain information, and it is difficult to change later. The two options in this case are to configure DNS to use either a published, external namespace that is easy to understand, such as cco.com, or an internal, secure namespace that is difficult to hack in to, such as cconet.internal. In general, the more security-conscious an organization, the more often the internal namespace will be chosen.
|
legal disclaimer
1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service
Useful tools and features
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.
related articles
The CPU story is not over, however. The need for processors capable of handling far more than 4GB of memory has led to development of two competing 64-bit architectures. Intel developed and promoted a 64-bit architecture called IA-64 or Itanium, intended primarily for database and network server computers. Advanced Micro Devices also produced a 64-bit architecture, called x64 or AMD-64. Intel is now manufacturing chips that use the x64 instruction set. x64 processors typically yield better performance than Itanium running 32-bi...
2. Managing Startup Programs under Windows XP
Besides ensuring that your computer has adequate memory, one of the next best ways to improve your subjective experience of Windows' speed is to make the logon process faster. The logon process can be greatly slowed by large numbers of programs that are launched automatically upon logon; the desktop and Start menu don't respond until all of the login programs have been activated. Keeping the list of startup programs short is a constant struggle, however. To hide the fact that many common programs are poorly written and ...
3. How to Configure Automatic Updates in Windows XP
Automatic Updates is a mechanism with an awkwardly plural-sounding name by which Microsoft or corporate network managers distribute critical security updates to Windows users. Fixes sent by this means are considered so important for adequate security in the hostile Internet environment that Microsoft prefers that you configure it to download and install the updates, and if necessary even restart your computer without your being aware of it. There are four levels of Automatic Updates protection to which you can subscribe:...
4. MS DOS Versus PC DOS
With modern PCs having a very high level of standardization and compatibility, today it is easy to see how Microsoft can market complete packaged operating systems that will install and work unmodified on practically any PC you can purchase or build. Without the standardization and compatibility we have come to depend on, different specific "flavors" of a given operating system would be required for specific different hardware. That is exactly how things were back in the early '80s when the IBM PC was introduced. Many o...
To use Remote Desktop to reach your computer from the Internet, both the computer and your Internet connection must always be up and running. In addition, you must be able to make connections from the outside world to your computer, so there are additional requirements: If you use dial-up Internet service, you'll need someone at home to establish the connection before you can connect to your computer. If you use cable or DSL Internet service, you must either have a static IP address ass...
6. How to Update DirectX ~ Advantages
Although most Windows applications place fairly low demands on the display system, putting up fairly static displays and updating them relatively infrequently, interactive games and video displays are very graphics intensive. Game players pay big bucks for fps, or frames per second, which is a measure of how fast the hardware and software can generate new images as the scene changes and objects move. Under about 30fps, the image flickers and motion is noticeably jerky. Beyond 30fps, faster updates aren't noticeable, and the e...
7. Using Simple File Sharing in Windows
Although most home users are typically happy letting anyone at any computer read or modify any file, business users need to restrict access to files with payroll, personnel, and proprietary information. Windows XP and its predecessors, Windows NT and Windows 2000, were primarily designed for business use, so they require usernames and passwords for identification, and have a security system that lets computer owners restrict access to sensitive files on a user-by-user and file-by-file basis on each computer. Unfortunate...
8. The Evolution of Microsoft Windows ~ The Windows 9x Family
By the mid-1990s, processor power had increased and memory prices had decreased dramatically since Windows' original release. The Internet had also sprung onto the world stage, from an academic tool to an instrument of global communication and commerce. (You may recall that Windows 3.1 did not even include support for the TCP/IP network protocol used on the Internetyou had to purchase it from a third-party vendor.) Users' expectations likewise had grown with computers' capabilities, and desktop publishing, graphics editing, and...