- Exchange's Core Components
- Design Goals
- Architecture Similarities
- Terminology Changes
- Architecture Changes
- Directory Services
- Directory Access
- How DSProxy Is Used
- How DS Referral Is Used
- Transport Services
- IIS Integration
- Distributed Configurations
- Addressing with Exchange 2000
- Address Generation
- Directory Connectivity
- Active Directory Connector (ADC)
- Site Replication Service
- Address Lists
- Accessing Filter Rules for Address Lists
- Configuring Filter Rules for Address Lists
- Active Directory Users and Computers
- Creating Users
- Creating Groups
- Creating Contacts
- Managing Users
- Managing Groups
- Managing Contacts
- DS Referral
- Configuration of Diagnostic Logging
- Displaying Routing and Administrative Groups
Two separate repositories house user information in an Exchange 5.x environment implemented on Windows NT 4.0 or Windows 2000. The Security Account Manager (SAM) database in NT 4.0 holds the user data, whereas the Exchange Directory holds the mailbox attributes and data.
In Exchange 2000, user information is unified and stored as an object in the Windows 2000 AD. The objects from Exchange 5.5 can be translated to their counterparts in Exchange 2000 and AD. See Table 3.1 for the translation of Exchange 5.5 objects into their Exchange 2000 and AD counterparts.
Table 3.1 Exchange Objects Compared with Their Active Directory Counterparts
Exchange 5.5 Object
Windows 2000 Active Directory Object
A mailbox becomes a mail-enabled user. The Exchange server uses the email address of the mail-enabled user to route messages. Mailboxes from Exchange 5.5 can be replicated into Active Directory as either users or contacts. The Active Directory Connector is used for these migrations.
A distribution list becomes a group. When synchronized into the Exchange 5.5 directory, these groups appear as distribution lists. A specific group can be specified as a security group, which allows the group to be placed into an access control list.
A custom recipient becomes a mail-enabled contact in Active Directory. A contact object has an email address, but is not associated with a mailbox. It does not have assigned security information, meaning that it cannot be used to log on to the system.
An AD object is referred to as either mail-disabled, mail-enabled, or mailbox-enabled. This is based on the object's email address attribute, and whether the object has an actual mailbox in the store. An email address is simply an attribute of an object in the AD. The object could be a user object, a list of users, or a contact item.
Mail-Disabled: A mail-disabled object has no capacity for email. A security group would be an example of a mail-disabled object.
Mail-Enabled: A mail-enabled object has at least one email address defined and can therefore participate in Exchange 2000 messaging.
Mailbox-Enabled: A mailbox-enabled object has an Exchange mailbox associated with it. With Exchange 2000, only a user object can have a mailbox. It is logical then that an object that is mailbox-enabled is also mail-enabled.
Active Directory objects can be accessed using the MMC. More interestingly, they can be manipulated programmatically using CDO and ADO. Administrators can save time by automating tasks through the use of these interfaces.
CDOCollaboration Data Objects.
A high-level application programming interface (API) that allows applications to programmatically access Exchange services and features.
MMCMicrosoft Management Console. The MMC is used for administration of the system and can be customized by using any combinations of snap-ins.