Exchange’s Use of Domain Controllers

by Michael B. Smith, MCSE/Exchange MVP

If you’ve ever had to install and maintain Exchange Server (any version since Exchange 2000), you know that it is pretty picky about its domain controllers. ‘Way back when, in Exchange 5.5 and before, Exchange didn’t care about domain controllers. That was because Exchange had its own directory built right in and there was a copy of that directory on every Exchange server.

Starting with Exchange 2000, Exchange uses Active Directory instead. In order to use AD, Exchange has to communicate with a domain controller. And Exchange uses that domain controller for lots of things, some not so obvious. For example:

… To find out a person’s email address

…To find out a contact’s email address

…To find out the email address of a public folder

…To find a distribution group

…To find out where someone’s email should be delivered

…To find out who can modify a distribution group

…To find out which mailbox server a user should be connected to

…To load all Exchange configuration information

…and many others

Since Exchange was originally designed with an on-board directory, it uses a great deal of directory information. In order to reduce the impact of Exchange queries and updates to Active Directory, Exchange maintains a series of caches to optimize the access to the Active Directory. There are three caches, named:

…DSAccess - caches information about user objects

…Mailbox info - cache information about mailboxes, including security

…Mailbox limits - cache information about mailbox limits and quotas

The DSAccess cache is, by default, only five minutes. The first Mailbox info cache has a default of two hours. The Mailbox limits cache, which is fed from the Mailbox info cache, is also two hours. The impact of this tiered cache is that, under the worst possible conditions, it can take up to four hours for a change that you make in Active Directory Users and Computers (Exchange 2000/2003) or the Exchange Management Console (Exchange 2007) to take effect. By that time, you may have been so frustrated that you rebooted your server! Of course, after you rebooted the change was in effect. Now you know better.

There are mechanisms for changing these cache values. For Exchange 2000 and 2003, refer to the Microsoft Knowledge Base article KB 327378. For Exchange 2007, see this TechNet article: http://technet.microsoft.com/en-us/library/bb684892.aspx.

While most of us probably use Exchange in a single-domain forest, Exchange is architected to work in large organizations that may have many domains contained within their Active Directory forest. This means that Exchange may potentially need to have information about users whose information is stored in domains other than the one you are stored in. This is why Exchange generally will use Global Catalog servers in preference to normal domain controllers. Global catalog servers store selected information about every object in an Active Directory forest. The Global catalog is also often referred to as the “partial attribute set” because the selected information is only a small subset of the total information available about each object. Include in the information is all of the information that Exchange requires about each object.

The primary case when Exchange doesn’t use a global catalog server is when Exchange is making changes to itself - that is, updating Exchange configuration information. Exchange configuration information is stored in a special piece of Active Directory known as the “configuration naming context”. This part of Active Directory exists upon, and is replicated to, all domain controllers, not just global catalog servers.

As a final note for today, Exchange examines the Active Directory environment every 15 minutes. Therefore, if a particular server goes offline and another comes back online within that time frame, it may take up to 15 minutes for Exchange to recognize and respond to that change.

Resources

Exchange 2000 and Exchange 2003 mailbox size limits are not enforced in a reasonable period of time; fix requires Exchange 2000 SP3
http://support.microsoft.com/kb/327378 

Mailbox Size Limits Are Not Enforced in a Reasonable Period of Time
http://technet.microsoft.com/en-us/library/bb684892.aspx 

Exchange Quick Tip: Moderated Public Folder Permissions

A user asks "We have a Public Folder which is set up to be moderated and when a new entry is made into the folder the moderator approves or denies it. However, once the entry has been approved, anyone can go in and edit the entry/contact and the moderator is not notified. Is there anyway I can set up this folder so the moderator is notified both when changes are made to an entry?"

No. You need to change folder permissions so users can't edit existing items. They'll have to open an existing item and post it as a new one, which will require moderator approval.

Outlook Quick Tip: Customize Email Notification

Users often complain because Outlook notifies them of new mail, even if they are using rules to move messages and for messages that go into the Junk email folder. While you can't tell Outlook to only notify you when the messages remain in the Inbox, you can disable new message notification and use Rules to play sounds or display the Desktop Alert.

Go to Tools, Options, Email Options, Advanced Options to disable the envelope and Desktop Alert (the small blue window). Then go to Windows Control Panel, Sounds applet and disable the New Mail alert sound.

Next, create a rule to display the Desktop Alert and play a sound. This should be the last rule in your list. Start with "Check Messages when they arrive", don't select any conditions so that it applies to all remaining messages, select Play a sound and Display a Desktop alert as the actions and save the rule. Provided all previous rules contain the 'Stop Processing' action, the rule will apply to all messages left in the Inbox.

Hint: You can create multiple rules to play different sounds depending on who the message is from or other conditions.

Outlook 2007's SMS Link

An Outlook user asks "I keep getting this reply back when Outlook 2007 calendar sends an automatic reminder text message. Outlook did not receive response from the Web service because of a problem connecting to the server. Try again later. Is the problem with the Microsoft server or my cell phone provider. Any fixes?"

Depending on your point of view, the problem could be with either Microsoft or your cell phone provider as the service now supports only three cellular companies (Nextel, Sprint PCS, and West Central). The fix is to change services, which isn't practical.

If you need reminders or messages forwarded to your phone, take a look at the SMS add-ins listed at Pager, SMS, and Other Mobile Notification Tools for Outlook