• FAQs
• Articles
• Tutorials
• Web Tools
• Reference
• Blog
• Proxy
• Software
• Cell Phones

• Microsoft Exchange Articles
• Planning an Exchange Server 2003 Infrastructure
• Backing up the Exchange Server 2003 Environment
• Configuring and Maintaining Exchange Server 2003 Virtual Servers
• Configuring Exchange Server 2003 Administrative Permissions
• Creating and Managing Public Folders
• Disabling Services and Protocol Logging on Exchange 2003 Servers
• Exchange Server 2003 Data Storage and Management
• Exchange Server 2003 Maintenance and Management Activities
• Exchange Server 2003 Overview
• Exchange Server 2003 Virtual Servers
• Implementing Exchange Server 2003 Security to Secure Mailboxes
• Installing Exchange Server 2003
• Installing Exchange Server 2003 Clusters
• Managing Exchange Server 2003 Mailboxes
• Managing Exchange Server Connectivity across Firewalls
• Managing the Exchange of Business Documents
• Migrating from Exchange 2000 to Exchange Server 2003
• Migrating from Exchange 5.5 to Exchange Server 2003
• Monitoring Exchange Server 2003
• Protecting Exchange Server 2003 against Computer Viruses
• Restoring Exchange Server 2003
• Securing Exchange Server 2003 through Digital Signatures and Encryption
• Troubleshooting Exchange Server 2003
• Configuring and Managing SMTP transport
• Understanding Microsoft Outlook
• Understanding Outlook Web Access Client
• Articles Menu
• » Windows Server
• » Microsoft Networking
• » Microsoft Security
• » Active Directory
• » Microsoft IIS
• » Microsoft IPSec
• » Microsoft DNS
• » Microsoft DHCP
• » Microsoft WINS
• » Microsoft Filesystems
• » Remote Access
• » Microsoft Exchange
• » Microsoft SMS
• » Microsoft ISA Server
• » Microsoft Biztalk Server
• Main Menu
• » Networking
• » Physical Layer
• » Data Link Layer
• » Network Layer
• » Network Security
• » Wireless Networks
• » VoIP
• » Telephony
• » Mobile Telephony
• » Electronics
• » Radio
• » Television
• » Cryptology
• » Passwords
• » Smart Cards
• » Privacy
• » Malware
• » Vulnerabilities
• » Unix
• » Macintosh
• » Microsoft Windows
• » The Web
• » Web Publishing
• » E-mail
• » Instant Messaging
• » Databases
• » Computer Hardware
• » CPU's
• » Memory
• » Storage
• » Video
• » Audio
• » Multimedia
• » Satellite
• » Java
• » IT Management
• » Science
• » Miscellaneous

Exchange Server 2003 Overview

Understanding the Different Messaging Systems

With shared-file messaging systems, directories and files typically reside on a file server. The structure of directories and files at the centralized file server location are commonly called post offices. The post office is the mail store for many users. Users have to access a mail box in the post office in order to access email messaging. When a user sends a message, the message or written data is stored in the directories of the post office. The recipient of the message next identifies the data as inward bound messages. The client programs deal with the entire process of sending and receiving messages. They recurrently poll the post office to determine whether any recent messages arrived. When clients access the same post office and one client opens common files for writing; the files are locked. The rest of the clients have to wait until the client has completed its task.

Microsoft Mail for PC networks is an example of a messaging system that uses the shared file post offices approach. Microsoft Mail post offices have a maximum capacity of 500 users.

The advantages of shared-file messaging systems are:

• Because the client performs the entire message processing, the need for an extremely powerful machine on the server end is eliminated.
• The shared-file messaging systems are autonomous of the core network operating system (OS).
• Shared-file messaging systems are easy to install – users who have mailboxes simply require direct read and write access to the data structure/store of the post office.

The disadvantages of shared-file messaging systems are:

• Clients regularly polling the post office to determine whether any recent messages arrived produce huge quantities of network traffic.
• Configuring users with read and write access introduces the risk of a user purposefully or accidentally deleting files.
• Mailbox rules are not supported by the shared-file messaging systems because the post office is a passive file structure.
• It is generally recommended to not exceed 500 users because of the network traffic generated by the polling processes of the clients.

With the client-server messaging systems, clients no longer need to poll the messaging server nor directly access the resources of the server. Most of the processing is performed by the active messaging server. The active server services or components process the client program requests, and contacts the client program when any new messages appear. Clients merely inform the server of the message requests.

The advantages of client-server messaging systems are:

• Clients no longer poll the server. This in turn reduces network traffic.
• Because the active server services performs the reading and writing of messages, only these components require direct read-write access to the appropriate messaging databases.
• Client-server messaging systems provide scalability for large growing organizations.

The disadvantages of client-server messaging systems are:

• Because the server performs most of the processing, more robust and expensive server hardware is needed for the client-server messaging systems.
• This messaging system also introduces more intricacy into the network. This could be an issue for smaller organizations.

The collaboration or groupware messaging systems enable users to locate, share and publish information more swiftly and easily. The collaboration or groupware messaging systems offers a powerful and efficient workflow and workgroup abilities. Types of collaboration solutions based on Exchange Server and Outlook 2000 are noted below:

• Discussion groups: A discussion group has a public folder repository. Users are able to share and post information, as well as post responses to current input of the public folder, through a standard or customized post form
• Instant collaboration: These solutions need the integrated Outlook modules to achieve collaboration solutions through minor configuration.
• Real time collaboration: Real time collaboration makes it possible for online sessions and conferences to be created, administered, joined and tracked. Exchange Conferencing Server provides support for data and video conferencing. Exchange also supports multi-user chat environments. Its Instant Messaging platform enables users to interact in real time.
• Routing systems: Exchange Server has extensive routing capabilities.
• Tracking systems: Tracking systems enable information/documents to be tracked. Workflow and tracking solutions are typically implemented together.
• Reference systems: A reference system contains unstructured data, for instance, email and voice mail messages, URLs, or Microsoft Office documents. Exchange Server is fitted with content indexing that can provide fast accurate text searches.
• Web Storage System: This solution can combine data repositories of different types. Exchange Server’s folder system and Windows Server’s file system can be combined and portrayed as one location for maintaining data.

Active Directory Overview

To understand how Exchange Server 2003 integrates with Active Directory, you have to understand the Active Directory components and concepts discussed here.

Active Directory was designed to provide a centralized repository of information, or data store that could securely manage the resources of an organization. Active Directory makes it possible for different types of information to be stored in a centralized distributed database. The Active Directory directory services ensure that network resources are available to, and can be accessed by users, applications and programs. The Active Directory data store is the database that holds all the directory information such as information on users, computer, groups, other objects, and information on the objects which users can access. It also includes other network components. Another name used to refer to the Active Directory data store is the directory.

Domains are the main logical structure in Active Directory because they contain the Active Directory objects. Network objects such as users, printers, shared resources, and more, are all stored in domains. Domains are also security boundaries. Access to objects in the domain is controlled by access control lists (ACLs). Active Directory domains can be organized into a hierarchical structure through the use of forests and domain trees. You can use the domain functional level to enable additional Active Directory features. You do this by raising the domain functional level of the domain controllers within the domain. The domain functional levels that can be specified are Windows 2000 Mixed, Windows 2000 Native, Windows Server 2003 Interim and Windows Server 2003. In Active Directory, when two domains trust each other or a trust relationship exists between the domains, the users and computers in one domain can access resources residing in the other domain.

A forest is the grouping of multiple domain trees into a hierarchical structure. Domain trees in a forest have a common schema, configuration, and global catalog. Domains within the forest are linked by two-way transitive trust. Through the forest functional level, you can enable additional forest wide Active Directory features. The forest functional levels that can be specified are Windows 2000, Windows Server 2003 Interim, and Windows Server 2003. Forest trust can be created between two Active Directory forests.

A site is the grouping of one or more Internet Protocol (IP) subnets which are connected by a reliable high-speed link. Sites normally have the same boundaries as a local area network (LAN). Sites should be defined as locations that enable fast and cheap network access. Sites are typically defined as locations in which network access is highly reliable, fast and not very expensive. Sites are created to enable users to connect to a domain controller using the reliable high-speed link; and to optimize replication network traffic. Sites determine the time and the manner in which information should be replicated between domain controllers. A site contains the computer objects and connection objects which are used to configure replication between sites.

An Organizational Unit (OU is a container that enables you to organize objects such as users, computers and even other OUs in a domain to form a logical administrative group. A domain can have it own unique OU hierarchy. An OU enables you to apply security policies, deploy applications, delegate administrative control for Active Directory objects, and to run scripts. An important thing to understand is that OUs are not security principals. The user accounts, group accounts, and computer accounts within the OUs are security principals. An OU is the smallest Active Directory component to which you can delegate administrative authority. When you delegate administrative control over an OU, you enable other users or groups to administer the OU. The actual delegation of administrative control is usually performed by higher-level Administrators. Delegation of control over OUs enables you to transfer management tasks to various users within the organization.

The Active Directory schema defines what types of objects can be stored in Active Directory. It also defines what the attributes of these objects are. The schema is defined by the following two types of schema objects or metadata:

• Schema class objects, also known as schema classes: Defines the objects that can be created and stored in Active Directory. The schema attributes store information on the schema class object when you create a new class. A schema class is therefore merely a set of schema attribute objects.
• Schema attribute objects, also known as schema attributes: Schema attributes provide information on object classes. The attributes of an object is also called the object’s properties.

Although Active Directory includes a large number of object classes, you can create additional object classes if necessary. These additions are known as extensions to the schema. Extensions can only be performed on the domain controller acting the Schema Master role. The object classes that can be used on access control lists (ACLs) to protect security objects are User, Computer, and Group. These object classes are called security principals. A security principal has a Security Identifier (SID) which is a unique number. A security principal’s SID consists of the security principal's domain and a Relative ID (RID). The RID is a unique suffix.

The Global Catalog (GC) is an important component in Active Directory because it serves as the central information store of the Active Directory objects located in domains, and forests. Because the GC maintains a list of the Active Directory objects in domains and forests, without actually including all information on the objects; and it is used when users search for Active Directory objects or for specific attributes of an object; the GC improves network performance and provides maximum accessibility to Active Directory objects. The first domain controller installed in a domain is designated as the global catalog server by default.

The Global Catalog server stores a full replica of all objects in its host domain, and a partial replica of objects for the remainder of the domains in the forest. The partial replica contains those objects which are frequently searched for. It is generally recommended to configure a Global Catalog server for each site in a domain. Global Catalog servers are crucial for Active Directory’s UPN functionality because they resolve user principal names (UPNs) when the domain controller handling the authentication request is unable to authenticate the user account because the user account actually exists in another domain. The authenticating domain controller would have no knowledge of the particular user account. The Global Catalog server in this case assists in locating the user account so that the authenticating domain controller can proceed with the logon request for the user. The Global Catalog server deals with all search requests of users searching for information in Active Directory. It can find all Active Directory data irrespective of the domain in which the data is held. The Global Catalog server deals with requests for the entire forest. The Global Catalog server also makes it possible for users to provide Universal Group membership information to the domain controller for network logon requests.

Active Directory operates in a multi-master replication manner. What this means is that each domain controller in the domain holds a readable, writable replica of the Active Directory data store. In multi-master replication, any domain controller is able to change objects within Active Directory. Multi-master replication is ideal for the majority of information located in Active Directory. However, certain Active Directory functions or operations are not managed in a multi-master manner because they cannot be shared without causing some data uniformity issues. These functions are called Flexible Single Master Operations (FSMOs).

There are five Operations Master (OM) roles which are automatically installed when you install the first domain controller. These five OMs are installed on the domain controller. Two of these OM roles apply to the entire Active Directory forest. The roles that apply to the forest are the Schema Master role and the Domain Naming Master role. The other three OM roles apply to each domain. The roles that apply to a domain are the Relative identifier (RID)/relative ID Master role, the Primary Domain Controller (PDC) Emulator role, and the Infrastructure Master role. When a domain controller is assigned a FSMO, that domain controller becomes a role master. The particular domain controller that is assigned these roles performs single-master replication within the Active Directory environment.

The two forest-wide Operations Master roles are:

• Schema Master role: The domain controller with the Schema Master role is the only domain controller in the entire Active Directory forest that can perform any changes to the schema. You can use the Active Directory Schema MMC snap-in to make changes to the schema, and only if you are a member of the Schema Admins group. Any changes made to the schema would affect each domain controller within the Active Directory forest. You can transfer the Schema Master role to a different domain controller within the forest. You can also seize the role if the existing domain controller holding the role had a failure and cannot be recovered.
• Domain Naming Master role: Only one Domain Naming Master role is allowed in the entire forest. The domain controller that is assigned the Domain Naming Master role is responsible for tracking all the domains within the entire Active Directory forest to ensure that duplicate domain names are not created. The domain controller with the Domain Naming Master role is accessed when new domains are created for a tree or forest. This ensures that domains are not simultaneously created within the forest. The default configuration is that the first domain controller promoted in a forest, is assigned this role.

The three domain-wide Operations Master roles are:

• Relative identifier (RID) Master role: When a security object is created within Active Directory, it is allocated a security ID. The security ID is made up of the domain security ID and a relative ID. The domain security ID is the same for each security ID created in the particular domain. The relative ID on the other hand is unique to each security ID created within the domain. The domain controller assigned the RID Master role is responsible for tracking and for assigning unique relative IDs to domain controllers whenever new objects are created. The default configuration is that the RID Master role and PDC Emulator role is assigned to the same domain controller.
• PDC Emulator role: In domains that contain Windows NT Backup Domain Controllers (BDCs), the domain controller assigned the PDC Emulator role functions as the Windows NT Primary Domain Controller (PDC). The PDC Emulator role has importance when it comes to replication – BDCs only replicate from a Primary Domain Controller! Objects that are security principles can only be created and replicated by the PDC Emulator. It is the PDC Emulator that enables down-level operating systems to co-exist in Windows 2000 and Windows Server 2003 Active Directory environments.
• Infrastructure Master role: The domain controller assigned the Infrastructure Master role updates the group-to-user references when the members of groups are changed. These updates are sent by the Infrastructure Master to the remainder of the domain controllers within the domain through multi-master replication. The Infrastructure Master role also deletes any stale or invalid group-to-user references within the domain. To do this, the Infrastructure Master role checks with the Global Catalog for stale group-to-user references.

Understanding Exchange Server 2003 and Active Directory Integration

In Windows 2000 and Windows Server 2003 environments, in Active Directory terminology, each domain controller contains a full copy of its own directory partition. Another term used to refer to directory partition is naming context. In Active Directory environments, a directory tree contains all Active Directory objects in the forest. In Active Directory, the directory tree is partitioned. This enables portions of the tree to be distributed to domain controllers in other domains in the forest.

The Active Directory naming contexts are:

• Domain naming context: The domain naming context (NC) contains all objects that are stored in a domain. Each domain controller in a domain has a read/write copy of the domain partition. Objects in the domain partition are replicated to only the domain controllers within a domain. The domain naming context stores the domain objects for Exchange Server 2003. This includes user objects, group objects and contacts. With Exchange Server 2003, Active Directory user accounts and Exchange Server 2003 mailboxes are no longer distinct components.
• Configuration naming context: The configuration naming context stores information on the components of Active Directory that defines the structure of the directory. Configuration data defines the domains, trees, forests and the location of domain controllers and global catalog servers. With regard to Exchange Server 2003, the configuration naming context stores information that defines the physical structure of the Exchange organization. Any objects stored in the configuration partition are replicated to each domain controller in each domain, and in a forest.
• Schema naming context: The schema naming context lists the objects and types of data that can be stored in Active Directory. It contains objects that can be created in the Active Directory directory, and the attributes which these objects can contain. Objects stored in the schema partition are replicated to each domain controller in domains/forests. When you install Exchange Server 2003, the Active Directory schema is extended to contain Exchange Server 2003 specific classes and attributes.

To access the global catalog, Exchange Server 2003 uses the services listed here:

• DSProxy service: The DSProxy service of Exchange creates an address book for the down-level Outlook clients that cannot directly access the Global Catalog server. This includes clients other than Microsoft Outlook 2000 and 2003 clients who can access the Global Catalog server directly. The DSProxy service also supports the older Messaging Application Programming Interface (MAPI) clients. The DSProxy service forwards requests from these clients directly to the Global Catalog server.

• DSAccess service: The DSAccess service of Exchange Server 2003 is used to discover the current Active Directory topology. It also directs Exchange to the different Active Directory components. DSAccess generates a list of all Active Directory domain controllers and Global Catalog servers, and then points the Exchange resources to the proper AD Active Directory resource.

The DSAccess service can also detect when a domain controller or the Global Catalog fails. The DSAccess service then initiates Exchange to fail over systems dynamically. The DSAccess service polls Active Directory to determine whether any Active Directory site structure changes and domain controller placement changes have occurred. It is then able to determine domain controller and Global Catalog server suitability as a contact for Active Directory.
The DSAccess service caches queries and recently accessed information between Exchange and Active Directory. This in turn speeds up query response time and results in less queries being made to Global Catalog servers.
The DSAccess service identifies Active Directory servers as falling into either of these groups:

• Domain controllers; a maximum of 10 operational domain controllers are placed in this group.
• Global Catalog servers; a maximum of 10 operational Global Catalog domain controllers are selected for this group.
• Configuration domain controller; only one domain controller becomes the configuration domain controller. This ensures that any changes which Exchange makes to the directory do not result in conflicts. The changes are then replicated to the remainder of other domain controllers.
• All domain controllers; contains the identified configuration domain controller, and all other identified domain controllers and Global Catalog servers. Where a server falls within multiple groups, there are multiple listings for that specific server.

Another area in which Exchange Server 2003 integrates with Active Directory is through security groups and distribution groups. With Windows Server 2003 groups are categorized into security groups and distribution groups:

• Security groups: Security groups are created for assigning permissions. A security group is a collection of users who have the same permissions to resources, and the same rights to perform certain system tasks. These are the groups to which you assign permissions so that its members can access resources. Each user that is a member of the group would have the same permissions. In addition to this, any e-mail sent to a security group is received by each member of that particular group.
• Distribution groups: A distribution group is not created for security purposes. Distribution groups are created to share information with a group of users through e-mail messages, and are also usually used to distribute bulk e-mail to users. Distribution groups enable the same message to be simultaneously sent to its group members – messages do not need to be individually sent to each user. Exchange and Active Directory integration makes it possible for distribution groups to be used to send bulk e-mail to groups of users.

Active Directory security and distribution groups are extended to support e-mail addresses. This means that a group can be utilized as a mail recipient. Here, the message will be passed to all members of the particular group.

Groups can also be sorted into various scopes. The different group scopes make it possible for groups to be used differently to assign permissions for accessing resources. The scope of a group defines the place in the network where the group will be used or is valid. This is the degree to which the group will be able to reach across a domain, domain tree, or forest:

• Machine local groups: These groups are not utilized by Exchange Server 2003 for security.
• Domain local groups: Domain local groups can have user accounts, computer accounts, global groups, and universal groups from any domain as group members. You can only use domain local groups for assigning permissions to local resources, or to resources that reside in the domain in which the domain local group was created.
• Global groups: Global groups are containers for user accounts and computers accounts in the domain, and are used to assign permissions to objects that reside inany domainin a tree or forest. You can include a global group in the access control list (ACL) of objects in any domain in the tree/forest. A global group can however only have members from the domain in which it is created. What this means is that a global group cannot include user accounts, computer accounts, and global groups from other domains.
• Universal groups: Universal groups can have user accounts, computer accounts, global groups, and other universal groups, from any domain in the tree or forest as members. You can add members from any domain in the forest to a universal group. You can use universal groups to assign permissions to access resources that are located in any domain in the forest. Universal groups are only available when the domain functional level for the domain is Windows 2000 Native or Windows Server 2003. Universal groups are not available when domains are functioning in the Windows 2000 Mixed domain functional level.

Lastly, Exchange Server 2003 also extends the capabilities of the Active Directory by integrating the email and mobile phone, and remote access functionality into a centralized administration/management tool. For instance, the Active Directory Users and Computers snap-in is used for the management of user accounts and mailboxes. While Windows 2000 and Windows Server 2003 includes numerous snap-ins, not all aspects of Exchange Server administration are encompassed. Therefore, the Setup program of Exchange Server registers more snap-ins when the management utilities of Exchange Server are installed.

The Exchange Server snap-ins are listed here:

• The Exchange System snap-in is used to configure an Exchange organization.
• The Exchange Advanced Security snap-in is utilized for implementing advanced security.
• The Exchange Conferencing Services snap-in is used to configure resource accounts for scheduling online conferences.
• The Exchange Folders snap-in is utilized to configure configuration settings for public folders.
• The Exchange Message Tracking Center snap-in is utilized for message tracking purposes.

Understanding Exchange Server 2003 and IIS Integration

Microsoft’s integrated Web server, Internet Information Services (IIS) enables you to create and manage Web sites within your organization. It allows you to share and distribute information over the Internet or intranet. With the introduction of the Windows Server 2003 operating system came the launch of Internet Information Services (IIS) 6. IIS 6 is fully integrated with Windows Server 2003. When Exchange Server 2003 is installed on a Windows Server 2003 computer, the Setup program of Exchange automatically sets IIS 6 to Worker process isolation mode.

Worker process isolation mode is the main application mode used in IIS, and includes the application pools, worker processes, health monitoring, and all other IIS 6 specific architectural elements.

The characteristics of worker process isolation mode are:

• An application pool can have one or multiple web applications.
• The worker processes handles the HTTP requests from the queue.
• An application pool can contain one worker process or multiple worker processes (Web garden).
• Each application pool has an associated kernel mode queue in http.sys.
• A single application failure does not result in multiple applications failing.
• ASP applications, ASP.NET applications and ISAPI extensions are loaded into the worker processes.
• Inetinfo.exe manages the metabase and the FTP Service, SMTP Service and the NNTP Service.
• Web Administration Service (WAS) manages the application pools and worker processes.

Exchange Server 2003 Setup also enables certain ISAPI extensions because it uses these ISAPI extensions for the following features:

• Outlook Web Access (OWA)
• Exchange Web Forms
• WebDAV

Exchange Server 2003 and IIS services integration includes:

• Simple Mail Transfer Protocol (SMTP) service: SMTP is a TCP/IP application layer protocol used for routing and transferring e-mail between SMTP hosts on the Internet. It is a client/server and server/server protocol. Windows 2000 Server and Windows Server 2003 include the SMTP service with IIS 5 and IIS 6. This is the SMTP service that Exchange Server 2003 utilizes to provide e-mail services. Exchange Server 2003 does not include its own SMTP service. The SMTP service is extended to provide the necessary functionality that Exchange Server 2003 uses.

A few features and characteristics of the SMTP service are listed here:

• SMTP can be used to forward mail from one SMTP host to another SMTP host. SMTP cannot deliver mail directly to the client. Mail clients use POP3 or IMAP to receive e-mail. Windows Server 2003 includes the POP3 service for providing clients with mailboxes, and for handling incoming e-mail.
• SMTP enables IIS machines to protect mail servers such as Microsoft Exchange servers from malicious attacks by operating between these servers and Sendmail host at the ISP of the organization.
• SMTP uses mail servers such as Exchange servers that include support for IMAP and POP3 to provide mailboxes to users, and process incoming e-mail and e-mail storage.
• The SMTP service is fully integrated with event and performance monitoring of Windows Server 2003.
• A few additional enhancements included with the Exchange Server 2003 SMTP service are:
  • Native support for Real-Time Blacklists (RBLs)
  • Improved antivirus support
• Network News Transfer Protocol (NNTP) service: The NNTP service is a TCP/IP application layer protocol used to send network news messages to NNTP servers and NNTP clients on the Internet. It is a client/server and server/server protocol. The NNTP protocol enables a NNTP host to replicate its list of newsgroups and messages with another host through newsfeeds, using a push method or a pull method. A NNTP client can establish a connection with a NNTP host to download a list of newsgroups, and read the messages contained in the newsgroups. Exchange Server 2003 public folders are used to make access to newsgroups available. The Exchange Server 2003 organization is used to configure security. When you install Exchange Server 2003, no extensions are made to the NNTP service.

• World Wide Web (WWW) service: The WWW service of IIS is used to connect HTTP requests from IIS clients to IIS websites. The service is also used to publish Web services. Outlook Web Access (OWA) is integrated with IIS and provides client access to an Exchange mailbox through a Web browser. The Hypertext Transfer Protocol (HTTP) protocol which is a component of the WWW service is used as the transport for OWA functionality. HTTP is a TCP/IP application layer protocol, and is used to connect to websites, and to create Web content. HTTP handles the publishing of static and dynamic Web content.

A few Outlook Web Access (OWA) specific enhancements in Exchange Server 2003 include:

• Support for mail rules
• Support for digital signatures
• Support for public folders
• Spell checker support
• Context menus/right-click functionality
• Ability to flag messages as read or unread
• Context menus and right-click functionality
• Outlook 2003 can be used to connect to Exchange Server 2003 servers through the HTTP protocol. This is called RPC over HTTP.
• S/MIME support

Understanding Exchange Server Components

• SMTP Service. Exchange Server is reliant on SMTP transport. Messages passed to Exchange Server move through the queuing engine within the SMTP transport.
• Information Store Service:This is an extremely important component of Exchange Server. The Information Store service upholds the repository of server user data. The Information Store service separates server user data into a private or a public category. Private messages are managed in private mailboxes. Public data on the other hand can be shared between users. This is done through the use of public folders.
• Storage Groups:TheInformation Store is arranged into storage groups. A storage group is a group of separate databases which have a common set of transaction log files. It is these storage groups that contain the mailbox stores, public stores, or both of these stores.
• System Attendant (SA):TheSA service carries out maintenance functions. The SA service monitors server services and the messaging connectors; and initiates the Information Store’s defragmentation routines. It also deals with the DSProxy service to pass on MAPI address lookups to the Global Catalog server. The SA service can also be utilized to shut down Exchange Server. The SA does not stop standard Windows 2000 and Windows Server 2003 components such as the SMTP and NNTP services, and the IIS service. The SA cannot however be utilized to start the services and components. The Services utility has to be utilized to start each component manually. Alternatively, the server can be rebooted.
• To support SMTP, NNTP, POP3, HTTP/Web Distributed Authoring and Versioning (WebDAV) and IMAP4; Exchange Server integrates with IIS:
  • SMTP; enables Internet mail messages to be transmitted and received.
  • NNTP; enablesnewsfeeds to access newsgroups (public folder resources).
  • POP3;provides the services to download messages from mailboxes.
  • HTTP/WebDAV;makes it possible formailboxes and public folders to be accessed through most Web browsers.
  • IMAP4; is a modern mail access protocol.
• Additional components are installed for backward compatibility. These include SiteReplication Service (SRS) and the Exchange Event Service. Optional components such as conferencing services can be manually selected during Exchange Server Setup.
• Message Transfer Agent (MTA): SMTP transport replaces the role of the MTA in Exchange Server. It is no longer the central routing engine. The MTA is the component that connects Exchange Server to foreign systems.
• Event Service:Server related scripting agents created for Exchange Server 5.5 are supported by the Event Service. Event scripts can be replaced by Event sinks.
• Site Replication Service (SRS) and Active Directory Connector (ADC):Enabledirectory interoperability among Exchange Server 5.5 and Exchange Server. SRS and ADC deal with directory replication with the legacy Exchange directory service.
• MS Mail Connector:TheMS Mail Connector contains the MS Mail Connector Interchange component, a MS Mail Connector, and the MS Mail MTA service(s) to supply connectivity to MS Mail post offices.
• Microsoft Schedule+ Free/Busy Connector:TheMicrosoftSchedule+ Free/Busy Connector exchanges Schedule+ Free/Busy information between Exchange Server users and MS Mail post offices’ users.
• Connector for Lotus cc:Mail:This connector should be utilized when integrating Exchange Server in a Lotus cc:Mail messaging network. The Connector for Lotus cc:Mail enables messages to be transmitted between the systems. It also supports direct directory synchronization between the Lotus cc:Mail post office and Active Directory.
• Connector for Lotus Notes: The connector enables connectivity to a Lotus Notes network through directory synchronization and message transfer.
• Connector for Novell GroupWise: This connector should be utilized when integrating Exchange Server in a Novell GroupWise messaging network. It also supports directory synchronization.
• Directory Synchronization with MS Mail (DXA):DXA utilizes the MS Mail DirSync protocol to communicate address information amid Exchange Server and MS Mail.
• Key Management Server:Providesadvanced security features (encryption) for email messages. It works together with Microsoft Certificate Server to manage encryption keys and X.509 version 3 certificates.
• Instant Messaging:Integrates with the IIS Web Publishing service to provide instant messaging communication
• Outlook Web Access (OWA): OWAsupports HTTP access to mailbox and public folder resources. OWA is a component of the default Exchange Server installation setup.
• Exchange Chat Service:This service deals with the configuration of chat rooms on the server. The chat rooms support real-time collaboration via an Extended IRC (IRCX) client or standard Internet Relay Chat (IRC).
• Video and Data Conferencing: The Conferencing Server of Exchange Server enables users to schedule and enter a meeting from Outlook or a Web browser.

Understanding Exchange Server Component to Component Communication

• Active Directory directory service: The Global Catalog is a valuable resource. At least one Global Catalog has to be accessible in each domain. Additional Global Catalogs can be configured in each site. Exchange Server utilizes its directory access cache to cache directory information on the Exchange server. The IIS process, SA and Information Store and other components carry out directory lookups through the DSAccess service. When the information is available in the cache, Active Directory is not used. This process reduces the work load on Active Directory
• System Attendant:The components that theSA communicates with are listed below:
  • Active Directory: It communicates with Active Directory to create proxy email addresses for any new recipient objects. The SA also communicates with Active Directory to create routing tables.
  • Information Store:Communication takes place with the Information Store each time a monitor is configured to verify server services and messaging links status.
  • IIS Process: Communication with IIS takes place whenever the IIS metabase needs to be updated. The SA obtains the necessary information from Active Directory. It then passes this to the IIS service.
  • Key Management Service (KMS): The SA also performs functions when the KMS is installed. It receives user requests through email messages from the Information Store for advanced security.
• Information Store:The components that theInformation Store communicates with are listed below:
  • Active Directory: It communicates with Active Directory to retrieve configuration information on its resources, and also security information.
  • MAPI based clients:Informs these clients when new messages have turned up.
  • MTA: Indicates when new mail needs to be transferred through connectors to foreign systems.
  • System Attendant:Communicateswith the SA to provide information for tracking log files
  • Connectors for Novell GroupWise, Lotus cc:Mail and Lotus Notes:Communication occurs between gateways to foreign messaging environments. It also communicates with third party gateways and connectors.
  • SMTP transport: Communicates with SMTP service to forward messages for sending.
• SMTP service: The components that theSMTP service communicates with are listed here:
  • Active Directory:It communicates with Active Directory to locate address information and expand distribution groups
  • Information Store: Communicates with the Information Store to obtain messages from the Information Store, and insert messages in the Information Store.
  • Remote SMTP services:Communication takes place between remote SMTP services to convey email messages.

Understanding the Role of the Categorizer

The Exchange Server 2003 extensions of the SMTP service are regarded as the core control station of native Exchange Server message transfers. Many SMTP components deal with message handling and transfer. When the Information Store flags that a new message exists, the store driver informs the advanced queuing engine that the new message needs to be routed.

The engine then conveys the message to the Categorizer and message router subsequent to the message header being parsed. Messages are passed to the Categorizer to determine the manner in which they should be processed. The Categorizer is a component of Exchange Server that delivers mail messages to their proper destination. The Categorizer queries the DSAccess service to find an Active Directory server list. It then uses this information to deliver the message.

When a message is addressed to a local recipient, Internet recipient and a recipient on a different Exchange server, the Categorizer performs the following actions:

• Uses Active Directory to resolve the address of the originator
• When local group expansion is permitted on the server, it expands the distribution groups to determine each recipient.
• It then proceeds to resolve the recipients that are located in Active Directory. The remainder of the recipients is labeled as unknown.
• Any recipients that have restrictions are labeled for separate processing based on these restrictions.
• Many copies of the message are produced where the recipients need separate processing, and are then located in the appropriate delivery queues. The advanced queuing engine is then informed that categorization is completed.

Understanding the Two Versions of Exchange 2003

The different versions of Exchange 2003 are:

• Exchange 2003 Standard Edition: This version of Exchange 2003 is suited for a small organization. It also works well as a utility server in a large environment and as a bridgehead server for an Exchange organization. The Exchange 2003 Standard Edition provides the basic message server version of the software, and supports one mailbox database of up to 16GB. Exchange 2003 Standard Edition includes support for Web access, support for mobile access, and support for server recovery functionality.
• Exchange 2003 Enterprise Edition: This version of Exchange 2003 is ideal for organizations that need more than a single 16GB Exchange messaging database, and for organizations that need to use the advanced capabilities and features of Exchange. Exchange 2003 Enterprise Edition can support a maximum of 20 Exchange messaging databases per server.

How Improvements in Windows 2003 Enhance Exchange 2003

There are a number of Windows Server 2003 enhancements that provide improvements for Exchange Server 2003:

• A number of security enhancements included with Windows Server 2003 provides additional security features for Exchange Server 2003. Most services are disabled when you install Exchange Server 2003. This improves Exchange Server 2003 when you install it. The necessary services have to be enabled with Exchange Server 2003.
• Windows Server 2003 IPSec provides for the following secure communications:
  • Secure server-to-server communications
  • Secure site-to-site communications
  • Secure remote user–to–LAN communications
• Windows Server 2003 includes the secured wireless LAN (802.1X) technology. Dynamic key determination is used. This improves wireless security over the Wired Equivalency Protocol (WEP). Encryption improvements for wireless communications enable Exchange Server 2003 to provide a secured messaging system.
• A number of Windows Server 2003 administrative tools and the Exchange Server 2003 System Manager include the drag-and-drop feature. This feature enables you to select objects using the mouse and then drag and drop the object in a different location. The drag-and-drop feature can be used to move Active Directory directory objects from one container to another container. You can use the same feature to add objects to group membership lists.
• Windows Server 20003 includes a number of configuration wizards and management wizards which can be used to configure and manage Windows 2003 and Exchange 2003 systems. You can use the wizards to add configurations, modify configurations, and remove configurations. Administrators no longer need to manually navigate through a series of commands.
• Included with Windows Server 2003 is the ability of the server to cache Global Catalog (GC) information on domain controllers. This means that a domain controller can be located in a remote location, with the Global Catalog information being cached to the remote system. Directory information is available to remote users – it is only the cache of the information and not a fully replicated copy of the directory information.

Global catalog replication has also been improved in Windows Server 2003 Active Directory. When there is an extension of the partial attribute set, only the attributes which have been added, are replicated. This in turn decreases the amount of traffic generated by global catalog replication.

• Volume shadow copies, a new Windows Server 2003 feature that can be used to create copies of files at a specific point in time. Shadow copies can only be created on NTFS volumes to create automatic backups of files or data per volume. When enabled, the volume shadowcopies feature protects you from accidentally losing important files in a network share. Because shadow copies enable users to view previous versions of files, the feature allows users to restore a backup of deleted files. Exchange 2003 uses the volume shadow copies feature to improve online backups of Exchange databases and for mailbox recovery.

Because of volume shadowcopies includes online backup of files support, you can back up files that are open and are being used. You can add an Exchange backup agent so that Exchange databases can be backed up. You can use the volume shadowcopies feature to recover any lost or corrupt mailboxes. Volume shadow copies also enable you to compare changes between a current version of the file and a previous version of the file.

• Windows Server 2003 also provides performance and functionality enhancements, such as network bandwidth demand improvements. These improvements mean that you no longer have to add servers, processors and site connections because of the system effectiveness in the actual operating system.
• With Windows Server 2003 came the capability of Exchange Server no longer supporting a 2 node clustering configuration, but an 8 node clustering configuration. This means that 8 servers can be clustered, which in turn leads to performance load balancing improvements, and real-time system failover and fault-tolerance capabilities. Clustering makes it possible for the load of the users accessing mailboxes to be distributed over the servers in the cluster. An 8 node clustering configuration allows thousands of users to be able to access the mail store concurrently.
• Another feature of Windows Server 2003 is Remote Installation Service (RIS) for Servers. RIS for Servers allows an organization to create server configuration images and push these server configuration images to a RIS server which can then be utilized to re-image another system. The image can contain service packs, patches and updates, and hotfixes. Instead of using the installation CD to install a server, you can use RIS server installation template.

Exchange 2003 Security Improvements

A number of security specific improvements are included with Exchange Server 2003:

• IPSec encryption is provided between Exchange front-end and back-end servers. IPSec encryption provides security for Exchange server-to-server end communications. You can utilize IPSec encryption to secure data, and provide data integrity as information is passed between your Exchange servers.
• S/MIME encryption can now be utilized to send and receive Outlook Web Access (OWA) attachments.
• Windows Server 2003 allows you to create cross-forest trusts and cross-forest Kerberos authentication.

Cross-forest Kerberos authentication provides the following benefits:

• Enables messages to be shared securely.
• Enables attachments to be shared securely.
• Exchange Server 2003 allows administrators to define and create lists for safe addresses and blocked addresses, which in turn results in message flow being more controlled.
• Exchange Server 2003 allows administrators to also block attachments in Outlook Web Access (OWA), and thereby reduce the threat of distributing viruses.
• Another security improvement is the filtering of inbound recipients. This allows you to control desired or undesired message communications.
• Included with Exchange Server is the means for administrators to limit distribution lists to only authenticated users. Users are considered authenticated when they can log on to a domain or forest. In previous versions of Exchange, any user could send an email to a distribution list.

Exchange 2003 Performance Improvements

A number of performance specific improvements are included with Exchange Server 2003:

• With Exchange Server 2003, you can allocate memory to improve Exchange server performance and thereby optimize the memory for servers greater than 1GB. Windows Server 2003 enables memory to be tuned between kernel memory and application memory. Kernel memory can be optimized to optimize server configuration.
• Exchange Server 2003 allows you to control message notification sent from the Exchange server.
• Exchange Server 2003 uses the caching of information to improve messaging system performance and operating system performance:
  • Global Catalog (GC) information can be cached on domain controllers so that the cache is used and not the Global Catalog server for each request.
  • Distribution list information can also be cached. This also results in less queries being made to the Global Catalog server.

Bookmark Exchange Server 2003 Overview

Latest Blog Posts

• Acai Berry Spam via MSN

• Obama Seeks Power to Shut Down the Internet

• Help Beta Test Tech-FAQ 2.0!

• Windows 7 Forum

• Boston College: Ability to Use a Command Line is a Sign of Criminal Activity

• Google Hacked?

• Recycle your old phone – Make some money, and save the environment too!

• SourceForge vs. Freshmeat

• Fastest Web Browser: Google Chrome

• New Webmaster Forum