First Scenario
To
configure the two-way user Connection Agreement:
-
On
the Start menu, point to Programs, point to Administrative
Tools, and then click Active Directory Connector Management.
-
Right-click Active Directory Connector, point to New, and then
click Connection Agreement.
-
Click the General tab, and then:
-
Type the name of the Connection Agreement in the Name box.
-
Under Replication Direction, click Two-way.
-
When you receive the following message, click OK:
The connection agreement
must now write to the Exchange directory.
-
Click the Active Directory Connector server that you want to
use.
Note: If this is the first installation, there is only be
one server available.
-
Click the Connections tab, and then:
-
Under Windows Server Information:
-
Make sure that:
-
The Server box
contains the name of your Windows 2000-based server.
-
The Authentication box
defaults to "Windows Challenge/Response".
-
The account that you
are using has write permissions to the directory
because the agreement is a two-way agreement, and
read and write permissions are necessary.
-
Under Connect as, click
Modify, and then select an Administrative account that
has write permissions to Active Directory.
-
Under Exchange Server Information:
-
Make sure that:
-
The Server box
contains the name of your Exchange Server 5.5
computer.
-
The Authentication box
defaults to "Windows Challenge/Response".
-
The account that you
are using has at least Admin permissions to the
directory because the agreement is a two-way
agreement, and read and write permissions are
necessary.
-
The Lightweight
Directory Access Protocol (LDAP) port on the
Exchange Server 5.5 directory is correct (by
default, this port is 389).
-
In the Connect as list,
click Modify, and then select an account that has Admin
privileges in the Exchange Server 5.5 directory.
-
Click the Schedule tab, and then set the Replication time to
Always.
Note: The ADC automatically replicates all of the objects
during the first replication cycle; therefore, if you select the
Replicate the entire directory the next time the agreement is
run check box, you do not affect the first replication cycle.
-
Click the From Exchange tab, and then:
-
Under Exchange Recipients containers, click Add, and then
add each top-level Recipients container from your Exchange
Server 5.5 site.
Important: Do not add any containers from other
sites. If you use multiple sites, you need to set up
additional two-way connection agreements to servers in each
of the other sites.
-
Under Default destination, click Modify, and then click the
Users container.
Note: This is the default container in which the ADC
will create new objects if the ADC cannot match the Exchange
Server 5.5 object to an existing Active Directory object. If
user accounts exist in different organizational units, see
the IMPORTANT note in step 6.c.
-
Make sure that all of the objects under Select the objects
that you want to replicate are selected (all of the objects
are selected by default).
Important: The ADC replicates all of the Exchange
Server distribution lists (DLs) to Active Directory as
Universal Distribution Groups (UDGs). You can create these
UDGs in either a mixed-mode or native-mode Active Directory
domain. However, if you use the equivalent Exchange Server
DL object to control access to public folders in Exchange
Server, the Exchange 2000 information store process tries to
convert the UDG to a Universal Security Groups (USG) because
distribution groups are not security principals. If the UDG
exists in a mixed-mode Active Directory domain, the USG
conversion process does not succeed because USGs can only
exist in native-mode domains. This results in a public
folder in Exchange 2000 that has an ambiguous Access Control
List (ACL); because of this, only the folder owner can
access the folder's content, and other Exchange 2000 users
cannot even see the public folder in the client hierarchy.
When a UDG-to-USG conversion does not succeed, a 9552 event
ID message is logged in the Exchange 2000 Application event
log. In this scenario, you need a separate Recipient
Connection Agreement to replicate the DLs to a native-mode
domain.
-
Click the From Windows tab, and then:
-
Under Windows
Organizational Units, click Add, and then add the Users
container.
Important: If the
Active Directory domain contains additional
organizational units that contain users with Exchange
mailboxes, you must specify these organizational units
under Windows Organizational Units. If you do not
specify the organizational units as export containers,
the ADC cannot replicate the users back to the Exchange
Server 5.5 directory.
-
Under Default destination
box, click Modify, and then click the appropriate
Recipients container.
-
Make sure that all of the
objects under Select the objects that you want to
replicate box are selected (all of the objects are
selected by default).
-
Click to select the
Replicate secured Active Directory objects to the
Exchange directory check box. Secured Active Directory
objects are Active Directory objects that contain an
explicit Deny Access Control Entry (ACE).
-
Determine whether or not
you want to select the Create objects in location
specified by Exchange 5.5 DN check box. If you select
this check box, the ADC creates new objects in a
location that is based on the Exchange Server 5.5
distinguished name (legacyExchangeDN). If the
organizational units that you selected as export
containers contain subcontainers, you can select this
check box to prevent the ADC from creating these
subcontainers in the Exchange Server 5.5 directory.
-
Click the Deletions tab.
-
You are now finished configuring the recipient Connection
Agreement. To force replication, right-click the two-way
agreement, and then click Replicate Now.
|