24 Hours Of Exchange Server 2007 (Part 1 Of 24)

3,469 views

Published on

Integration of Exchange Server 2007 and Active Directory
[There may be some inconsistencies with the deck as I have not had a chance to do any cleanup. Most of that is usually related to terminology.]

Published in: Business, Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,469
On SlideShare
0
From Embeds
0
Number of Embeds
105
Actions
Shares
0
Downloads
557
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

24 Hours Of Exchange Server 2007 (Part 1 Of 24)

  1. 1. Harold Wong Senior Technology Specialist Microsoft Corporation 24 Hours of Exchange Server 2007 (Part 01 of 24): Integration of Exchange Server 2007 and Active Directory
  2. 2. What Will We cover? <ul><li>Microsoft ® Exchange Server 2007 integration with Active Directory ® directory service </li></ul><ul><li>Message routing using Active Directory sites </li></ul><ul><li>New Exchange Server administrator roles </li></ul>
  3. 3. Helpful Experience <ul><li>Experience with Active Directory </li></ul><ul><li>Understanding of Active Directory sites </li></ul><ul><li>Experience with Microsoft® Exchange Server 2003 </li></ul>Level 200
  4. 4. Agenda <ul><li>Integrating with Active Directory </li></ul><ul><li>Planning for Exchange Server 2007 </li></ul><ul><li>Understanding Exchange Server permissions </li></ul>
  5. 5. Architectural Goals
  6. 6. Active Directory Topologies Resource Forest Cross Forest Single Forest
  7. 7. Review: Integrating with Active Directory (1) <ul><li>Which of the following was not one of the </li></ul><ul><li>basic architectural goals in the development </li></ul><ul><li>of Exchange Server 2007? </li></ul><ul><li>Complexity </li></ul><ul><li>Flexibility </li></ul><ul><li>Trustworthiness </li></ul><ul><li>Scalability </li></ul>
  8. 8. Review: Integrating with Active Directory (2) <ul><li>Which type of Active Directory topology </li></ul><ul><li>allows you to separate the administration of </li></ul><ul><li>Exchange Server from that of Active Directory? </li></ul><ul><li>Single forest topology </li></ul><ul><li>Cross-forest topology </li></ul><ul><li>Resource forest topology </li></ul><ul><li>Multiple forest topology </li></ul>
  9. 9. Review: Integrating with Active Directory (3) <ul><li>In a cross-forest infrastructure, what </li></ul><ul><li>Exchange Server 2007 role manages the </li></ul><ul><li>communication between organizations? </li></ul><ul><li>Client Access server role </li></ul><ul><li>Edge Transport server role </li></ul><ul><li>Hub Transport server role </li></ul><ul><li>Mailbox server role </li></ul>
  10. 10. Agenda <ul><li>Integrating with Active Directory </li></ul><ul><li>Planning for Exchange Server 2007 </li></ul><ul><li>Understanding Exchange Server permissions </li></ul>
  11. 11. Active Directory Site Structure for Routing Mail
  12. 12. Overview of IP Site Links 10 10 15 10 15 10 10 10 IP Site Link
  13. 13. Access to Active Directory User Configuration Site Configuration Exchange Server 2007 Roles Schema Partition Configuration Partition Domain Partition
  14. 14. Server Roles and Active Directory Active Directory API Edge Transport Server Role Schema Partition Configuration Partition Domain Partition Mailbox Server Role Unified Messaging Server Role Client Access Server Role Hub Transport Server Role
  15. 15. <ul><li>Exploring the Demo Environment </li></ul><ul><ul><li>Explore Domain Users and Computers </li></ul></ul><ul><ul><li>Check the Active Directory Partitions </li></ul></ul>demonstration
  16. 16. Review: Planning for Exchange Server 2007 (1) <ul><li>Where does Exchange Server 2007 store </li></ul><ul><li>attribute, configuration, and recipient </li></ul><ul><li>information? </li></ul><ul><li>Schema partition </li></ul><ul><li>Configuration partition </li></ul><ul><li>Domain partition </li></ul><ul><li>All of the above </li></ul>
  17. 17. Review: Planning for Exchange Server 2007 (2) <ul><li>How does Exchange Server 2007 determine the best route to deliver mail within an Exchange organization? </li></ul><ul><li>By the cost of an IP site link </li></ul><ul><li>By the fastest WAN connection </li></ul><ul><li>Using routes configured in Exchange Server </li></ul><ul><li>By the replication interval of a site link </li></ul>
  18. 18. Review: Planning for Exchange Server 2007 (3) <ul><li>Which server role will first attempt direct </li></ul><ul><li>communication rather than examining site </li></ul><ul><li>link costs when sending data between sites? </li></ul><ul><li>Client Access server role </li></ul><ul><li>Edge Transport server role </li></ul><ul><li>Hub Transport server role </li></ul><ul><li>Mailbox server role </li></ul>
  19. 19. Agenda <ul><li>Integrating with Active Directory </li></ul><ul><li>Planning for Exchange Server 2007 </li></ul><ul><li>Understanding Exchange Server permissions </li></ul>
  20. 20. Administrative Changes <ul><li>Exchange Server 2003/2000 Administrative Groups </li></ul><ul><li>Insufficient flexibility to effectively manage permissions </li></ul><ul><li>Rarely used in Exchange Server 2003 organizations </li></ul>
  21. 21. Exchange Server Security and Permissions <ul><li>Exchange Server 2003 </li></ul><ul><li>Predefined Security Roles </li></ul><ul><li>Lack of specificity </li></ul><ul><li>Little difference between roles </li></ul><ul><li>No clear separation between Exchange Administrative Roles and Active Directory Admins </li></ul><ul><li>Exchange Server 2007 </li></ul><ul><li>New Administrator Roles </li></ul><ul><li>Managed from either the Exchange Management Console or the Exchange Management Shell </li></ul><ul><li>No need to alter ACL settings </li></ul>
  22. 22. Split Permissions Model
  23. 23. Administrator Roles in Exchange Server Exchange Organization Administrators Exchange Recipient Administrators Exchange Server Administrators Exchange View-Only Administrators <ul><li>Owners of the Exchange organization </li></ul><ul><li>Read access to all domain user containers </li></ul><ul><li>Write access to all Exchange-specific attributes </li></ul><ul><li>Owner of all local server configuration data </li></ul><ul><li>Must run Setup /PrepareDomain for each domain for this group to be applicable </li></ul><ul><li>Read access to all the Domain User containers   </li></ul><ul><li>Write access to all the Exchange-specific attributes </li></ul><ul><li>Owner of all local server configuration data. </li></ul><ul><li>Local administrator on the computer on which </li></ul><ul><li>Exchange Server is installed. </li></ul><ul><li>Members of Exchange View-Only Administrators </li></ul><ul><li>Read-only access to the entire Exchange organization tree </li></ul>Global Data Recipient Data Server Data
  24. 24. <ul><li>Accessing Administrative Roles </li></ul><ul><ul><li>Explore the Administrative Roles </li></ul></ul>demonstration
  25. 25. Review: Understanding Exchange Permissions (1) <ul><li>How many predefined administrative groups </li></ul><ul><li>are provided with Exchange Server 2007? </li></ul><ul><li>Three </li></ul><ul><li>Four </li></ul><ul><li>Five </li></ul><ul><li>Six </li></ul>
  26. 26. Review: Understanding Exchange Permissions (2) <ul><li>Which role provides permissions to modify any </li></ul><ul><li>Exchange property on an Active Directory user, contact, group, or public folder object? </li></ul><ul><li>Exchange Organization Administrators </li></ul><ul><li>Exchange Recipient Administrators </li></ul><ul><li>Exchange Server Administrators </li></ul><ul><li>Exchange View-Only Administrators </li></ul>
  27. 27. Review: Understanding Exchange Permissions (3) <ul><li>Which role does not provide organization-wide </li></ul><ul><li>permissions to an Exchange administrator? </li></ul><ul><li>Exchange organization administrators </li></ul><ul><li>Exchange recipient administrators </li></ul><ul><li>Exchange server administrators </li></ul><ul><li>Exchange view-only administrators </li></ul>
  28. 28. Session Summary <ul><li>Exchange Server 2007 utilizes Active Directory sites and site links for routing mail </li></ul><ul><li>Each server role manages Exchange data in Active Directory partitions </li></ul><ul><li>Improved Exchange administrative roles simplify permission delegation </li></ul>
  29. 29. Questions and Answers <ul><li>Submit text questions using the “Ask” button. </li></ul><ul><li>Don’t forget to fill out the survey. </li></ul><ul><li>For upcoming and previously live webcasts: www.microsoft.com/webcasts </li></ul><ul><li>Got webcast content ideas? Contact us at: http://go.microsoft.com/fwlink/?LinkId=41781 </li></ul><ul><li>Today's webcast was presented using Microsoft ® Office Live Meeting. Get a free 14-day trial by visiting: www.microsoft.com/presentlive   </li></ul>

×