panhas IT weblog

Exchange 2010 Public Folders

A Public Folder in Exchange Server is a repository in which various information types can be stored. E-mail messages, documents and other files can be stored. Public folders are primarily used for centralizing contacts and calendars, discussion groups, messages that concern a group of people such as a support department, etc. Public Folders also support previous outlook versions for custom forms and OABs. Public Folder content replicates across Public Folder Databases every 15 min by default. This value cannot be less than one min. The public folder configuration objects are stored in AD. This means that AD replication must be working correctly for Public Folders to replicate. Every time there is a modification in a Public Folder Database, it notifies the other Public Folder Databases by sending e-mail that contains information about the changes. Multiple replicas provide the benefit of placing a folder to a server where users are located for easy and quick access. Communication is reduced across the WAN links to replication changes only. Replication provides also fault tolerance. Because Exchange is site-aware, always directs the client to connect to its local database replica first, then on another database at the same site and subsequently on distant databases with the lowest site cost and so on.

Exchange Server 2010 Preinstallation Steps

Before Exchange Server is installed the Active Directory Domain and Schema must be prepared. An account that is member of the Enterprise Admins group must be used and logged on in the same site and the same domain as the domain controller that hosts the schema master role. On the root of the CD drive that contains the Exchange Server setup disk the following commands must be run:

d:\setup.com /PrepareLegacyExchangePermissions

Needed only if Exchange 2003 Servers exist.

d:\setup.com /PrepareSchema

Prepares the schema for the installation. It adds new objects and modifies existing ones by adding to them new attributes.

d:\setup.com /PrepareAD /OrganizationName:”ExampleName”

Prepares the global exchange server objects in AD and creates the universal security groups in the root domain.

d:\setup.com /PrepareAllDomains

Needed only if multiple domains exist in the Forest.

After all commands are succesfull, a full replication cycle must taka place in all DCs in the Forest.

The /PrepareAD switch, creates the Microsoft Exchange container in the Configuration partition in AD,  populates it with all the necessary child containers needed to install exchange, creates an OU named Microsoft Exchange Security Groups, and then creates the security groups that are used to assign permissions in the Exchange organization. These are management role groups and are used for Role-Based Access Control (RBAC)

Using AD Users & Computers and the ADSIEdit utility an examinaiton can be done to confirm the previous actions.

Exchange Server and Active Directory

Exchange Server requires Active Directory. Exchange Roles (HT, CA, MB) use AD DS except the Edge Transport Role that uses AD LDS. An Exchange Server Organization and an Active Directory Forest is a one-to-one relationship. Despite that last fact, many exchange organizations can be managed from the same exchange management console. Exchange installation modifies the schema and creates exchange server specific objects and adds exchange server specific attributes to already existing objects. The configuration partition includes Exchange Server configuration objects: global settings, e-mail address policies, transport rules, and address lists. The domain partition includes recipient objects, mailbox-enabled users, mail-enabled users, groups, and contacts. The email attributes of the mail-enabled and mailbox-enabled recipients replicate to the Global Catalog. The GAL is generated from the GC. HT Servers access the GC in order to locate a recipients mailbox for delivery. CA servers access the GC to locate the user’s MB server and to display the GAL to clients. For this reason we need at least one GC server to each AD site. The new RODC of Windows Server 2008 cannot be used with Exchange server.

Exchange Server and the Domain Name System

Exchange uses DNS to locate AD and GC servers. Exchange is site-aware so it tries to contact the servers on the same site.  When Netlogon Service is started on the DC, it updates the DNS with SRV records that describe it as DC and GC. For Exchange to function, an internal DNS that supports dynamic updates is needed. SRV records in DNS identify servers that provide specific services.

SRV Records use the following format:

_Service._Protocol.Name    TTL    Class    SRV    Priority    Weight    Port    Target

Explanation:

_Service=Service Name like LDAP, Kerberos, etc.

_Protocol=TCP or UDP

TTL=Time to Live in sec

Class=IN (Internet)

Priority=Clients attempt to access servers with the lowest priority number

Weight=complementary mechanism to priority that provides Load Balancing. Clients access randomly servers that have the same priority and higher weights

Port=Listening TCP or UDP port

Target=FQDN of the system that provides the service

After that, exchange queries the DNS for the A or AAAA (Quad-A) record of the server to obtain it’s IP Address.

When Exchange Server authenticates with the domain it stores the site name in the registry, so when it queries AD it will ask for local AD site first.

Exchange also makes use of MX (Mail Exchanger) Records in order to deliver Internet messages when using the SMTP Protocol. The MX record contains the host name that accepts inbound e-mail for a specific domain and a preference value. When deploying multiple SMTP servers the one with the lowest preference value routes all messages unless it is not available. If equal preference values are used, load balancing is applied.

To support spam mail filtering, SPF (Sender Policy Records) for acceptable domain names and Reverse Lookup Records  for SMTP Servers can be configured.