Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 71 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
71
Dung lượng
2,13 MB
Nội dung
You need to balance the load on the processors or disks of your Exchange servers, or the load on your networks, by changing the distribution of mailboxes across your Exchange servers • Mailbox moves are quite easy. Find and right−click the user in the Users subcontainer in the Active Directory Users and Computers container. Then select Exchange tasks from the pop−up menu. This opens the Exchange Task Wizard. Click over to the Available Tasks page, and select Move Mailbox (see Figure 15.15). Click Next, and select the new location for the mailbox, as I have done in Figure 15.16. Click Next, and the wizard initiates the mailbox move. When the move is complete, close the wizard by clicking Finish. The mailbox should now show up in the mailbox store on the server to which the mailbox was moved. Figure 15.15: Using the Exchange Task Wizard to move a mailbox to a different server Figure 15.16: Using the Exchange Task Wizard to specify the server and mailbox store to which a mailbox should be moved Tip You move mailboxes between servers in different administrative groups in the same way as you move them between servers in the same administrative group. You can also use the Exchange Task Wizard to move mailboxes between mailbox stores on the same Exchange server. You'd do this, for example, if you were having disk capacity or performance problems and had created a new mailbox store on a different disk drive. Backing Up Exchange Databases Any backup product worth its salt will let you back up and restore Exchange Information Store databases, regardless of the server they reside on. As Figure 15.17 indicates, the Windows 2003 backup program once enhanced by installation of Exchange Server can indeed back up mailbox and public stores, regardless of their Backing Up Exchange Databases 487 home server. Figure 15.17: Preparing to back up Information Store databases on different Exchange servers using the Windows 2003 backup program, as enhanced by installation of Exchange Server 2003 Third−party backup products from a variety of vendors also support multiserver Exchange database backup. For more on third−party options in specific and Exchange Server backup in general, see the section 'Backing Up Exchange Server 2003' in Chapter 8 and Chapter 17, 'Exchange Server Reliability and Availability.' Warning Windows Server 2003's backup program can not back up either registry or system state information on remote servers. Third−party backup products are usually capable of backing up these two vital Windows 2003 components. Implementing Front−End/Back−End Server Topologies I introduced you to the notion of front−end/back−end servers in Chapter 14, 'Managing Exchange 2003 Services for Internet Clients,' in the section 'Front−End/Back−End Exchange Server Configurations.' Basically, when using a POP3, IMAP4, or HTTP (Outlook Web Access or OWA client), a user contacts a front−end server. The front−end server then relays or proxies, bi−directional communications between the user's client and the back−end server that contains the user's mailbox and public folder hierarchy information. The front−end server makes an LDAP query to determine the user's Exchange server. The front−end server also handles Secure Sockets Layer (SSL) data encryption tasks. Setting up a front−end/back−end configuration is very easy. Select the server that is to function as your front−end server, and open the server's Properties dialog box by right−clicking the server and selecting Properties from the pop−up menu. I've decided to make EXCHANGE02 my front−end server. In Figure 15.18, I've done the one and only thing that I need to do to accomplish this end: I selected This Is a Front−End Server. Then all I had to do was stop and restart all of the default POP3, IMAP4, and HTTP virtual servers and all of the Exchange services on EXCHANGE02, and my new server is up and running. Implementing Front−End/Back−End Server Topologies 488 Figure 15.18: Turning an Exchange server into a front−end server To make things easier, I added some host records to my DNS. As you can see in Figure 15.19, I added records for POPMAIL, IMAPMAIL, OWAMAIL, and SMTPMAIL. All but the last record points to EXCHANGE02, my front−end server. SMTPMAIL points to my other Exchange server, EXCHANGE01. Now when users need to enter a URL, or a POP3 or IMAP4 server name, or an OWA URL, they can just enter the appropriate name based on these host records. Now let's see how this all works. Figure 15.19: New DNS host records make it easy for users to take advantage of a front−end server. In Figure 15.20, you can see the login dialog box that opens when I enter the URL http://owamail.bgerber.com/exchange in my web browser. I'm trying to access my mailbox, which resides on EXCHANGE01. I don't need to point to EXCHANGE01; my front−end server, EXCHANGE02, takes care of communications between my web browser and EXCHANGE01, where my mailbox and public folder hierarchy information reside. In Figure 15.21, I'm reading a 'very informative' news article about a new contract. Implementing Front−End/Back−End Server Topologies 489 Figure 15.20: Logging on to an Exchange server through a front−end server to use Outlook Web Access Figure 15.21: Accessing an Exchange mailbox and public folders through a front−end server using Outlook Web Access Finally, take a look at Figure 15.22, where I'm setting up my Outlook Express IMAP4 client to access my IMAP4 and SMTP servers using the new host records that I created. Again, even though my mailbox and public folder hierarchy information are located on EXCHANGE01, my front−end server, EXCHANGE02, will handle communications between my IMAP4 client and EXCHANGE01 in a way that's totally transparent to me. Figure 15.22: Setting up an IMAP4 client to access an Exchange server through a front−end server Implementing Front−End/Back−End Server Topologies 490 I really like front−end/back−end server topologies. They make it easier for users to access key Exchange Internet access protocols on back−end servers, and they significantly reduce the security− related load on back−end servers. Adding an Exchange Server to a New Administrative Group in a Domain I introduced you to administrative groups in Chapter 12, in the section Managing Administrative Groups. I talked about how you use administrative groups to distribute management of an Exchange organization based on such criteria as geography or organizational hierarchy. In this chapter, Ill extend that discussion to multi−administrative group Exchange organizations. In this section, Ill cover these topics: Handling administrative groups, routing groups, and Exchange 5.5 Server sites• Adding a new administrative group to an Exchange organization• Installing an Exchange server in a new administrative group• Lets get right to these three very interesting topics. Administrative Groups, Routing Groups, and Exchange Server 5.5 Sites In Exchange Server 5.5, you created a new site by installing the first Exchange server in the site. As you installed a new server, you designated either that it would join an existing site or that a new site should be created when the server was installed. Servers could not be moved between sites. Exchange 5.5 sites served two major purposes. First, they served as a means of controlling management of a specific set of servers. You could give management rights for different sites to different Windows NT groups or users. Sites also served as a place to corral a set of servers linked by reliable, higher−bandwidth networks and as the management locus for intersite message routing. By setting up connectors between sites, you enabled the routing of e−mail and Exchange server administrative messages between sites, and you specified the network services to be used for routing. To enhance reliability, you could also set up multiple redundant routing links between any pair of sites. In Exchange 5.5, administrative and routing functions were co−terminous with the site. Administrative control was granted over the entire site. All servers in the site were linked to other sites and the servers in those sites by the same set of connectors. With Exchange Server 2003, administrative and routing functions are separated. Administrative groups work like Exchange 5.5 sites in that you can delegate control over an entire administrative group to Windows 2003 groups or users. Routing is handled differently in Exchange 2003 than it was in Exchange 5.5. Its done through routing groups, which reside inside Routing Groups containers within administrative groups. Visualize it this way: \Exchange Organization\Administrative Group\Routing Groups Container\Routing Groups. A Routing Groups container can hold many routing groups. A routing group holds information on both the Exchange servers that belong to the routing group and the connections that are used to connect the routing group to other routing groups in an Exchange organization. Administrative and routing groups work differently, depending on whether an Exchange organization is operating in Mixed or Native mode. Youll remember from Chapter 12 (in the section The Exchange Server Hierarchy) that, upon installation, Exchange servers run in Mixed mode. This means that they can connect to Adding an Exchange Server to a New Administrative Group in a Domain 491 and communicate with Exchange 5.5 servers using Active Directory Connector. To retain compatibility with Exchange 5.5 sites, Exchange 2003 administrative groups and routing groups are co−terminous in Mixed mode. A Routing Groups container is installed when the first Exchange server is installed in an administrative group. The servers in an administrative group must all reside in one of the routing groups in the administrative groups Routing Groups container. They can not reside in routing groups in other administrative groups. Additionally, Exchange 2003 servers can not be moved between Administrative groups in Mixed mode. When an Exchange organization is switched to Native mode, Exchange servers can be moved to any administrative or routing group container in an Exchange organization. This enables you to delegate control of message routing for a set of Exchange servers to a group of managers other than the managers who handle other administrative tasks for those servers (for example, management of system policies or public folders). Warning Before you even think about switching to Native mode, please read the warning note in Chapter 12, in the section The Exchange Server Hierarchy. Key point: You cant return to Mixed mode after changing to Native mode. Adding a New Administrative Group to an Exchange Organization Unlike in Exchange 5.5, in which a new site is created when the first Exchange server is installed in it, in Exchange 2003, you have to create a new administrative group before you install your new server. I love simple tasks, and this is one of the simplest. To add a new administrative group to your Exchange organization, right−click the Administrative Groups container in your Exchange organization and select New > Administrative Group. Use the resultant Properties dialog box, shown in Figure 15.23, to give your administrative group a name. You can name the group anything you want, and you can change the name anytime, so dont be too concerned about what you name it right now. When youre done, click OK. You should see your new administrative group in the Administrative Groups container (see Figure 15.24). Figure 15.23: Using the new administrative group Properties dialog box to create a new administrative group Adding a New Administrative Group to an Exchange Organization 492 Figure 15.24: A new administrative group displayed in Exchange System Manager Note in Figure 15.24 that both of my administrative groups now show their routing groups containers. To display the routing groups containers, I had to open the Properties dialog box for my Exchange organization, Barry Gerber and Associates (Exchange), and select Display Routing Groups from General property page. Go ahead and set this parameter for your Exchange organization. If youre not seeing administrative groups, you can make them visible on the same property page. Also note in Figure 15.24 that the First Routing Group container in the routing groups container in my first administrative group includes Connectors and Members subcontainers. Once I specified that routing groups should be displayed, the Connectors container, which originally lived in the First Administrative Group container (see Figure 15.14), moved to the routing groups container. The Members subcontainer holds the Exchange servers that belong to the routing group. It is displayed when Display Routing Groups is selected as per the previous paragraph. By default, the second and succeeding administrative groups you create have no routing groups in them. You have to create them by right−clicking the Routing Groups container and selecting New > Routing Group, or you have to allow them to be created automatically during the installation of a new Exchange server in an Administrative group. Now lets move onward and install a new Exchange server in our new administrative group. Tip Add administrative groups only when you need to distribute management responsibilities. That statement might seem a bit redundant, given the discussion of administrative groups in this chapter and in Chapter 12. However, I want to make it clear that Exchange 2003 organizations of significant size can exist quite happily with only one administrative group. Because you can create as many routing groups as you need in an administrative group, you can handle a wide range of server location/networking topology issues within a single administrative group. If you determine that one administrative group is enough, youll still find the following discussion useful as it deals with cross−routing group communications. Installing a New Exchange Server in a New Administrative Group This is another very simple task. Follow the directions in the earlier sections of this chapter, Installing an Additional Windows 2003 Server and Installing an Additional Exchange 2003 Server. The only difference is that the Exchange Installation Wizard now shows you a drop−down list from which you can pick the administrative group in which you want to install your new Exchange server (see Figure 15.25). Select your new administrative group, and your new server will be installed in the group. Figure 15.26 shows my new server, EXCHANGE03, installed in my new administrative group. Yessssssss! You can also see my other Exchange servers in Figure 15.26. Notice the Members container for First Routing Group in First Administrative Group. As advertised earlier in this section, it holds EXCHANGE01 and EXCHANGE02. Ill talk more about the Members container later in this chapter. Installing a New Exchange Server in a New Administrative Group 493 Figure 15.25: Selecting the administrative group into which a new Exchange server will be installed Figure 15.26: A new Exchange server after it has been installed in a new administrative group Upon installation of the first Exchange server in your organization, your first administrative group was populated with three subcontainers: Servers, Folders, and Routing Groups. The Routing Groups container doesnt show up in Exchange System Manager until you tell Exchange System Manager to display routing groups, as we did earlier in this chapter. As you have seen, when you create a new administrative group in Mixed mode, the group has only a Routing Groups container. When you install the first Exchange server in the new administrative group, the new administrative group is populated with a Servers subcontainer and its Routing Groups subcontainer is populated with a First Routing Group container, which in turn is populated with Connectors and Members subcontainers. The server is placed in the Servers group. It is also represented in the Routing Groups\Members container of the new administrative group. Compare Figures 15.24 and 15.26 for visual confirmation of these events. For some of the exercises well be doing from here on, you need to switch your Exchange organization to Native mode. Before you make the final move to Native mode, let me remind you once again that this is bridge−burning time. After youve switched to Native mode, you cant go back without reinstalling your entire Exchange organization. So, think before you leap. If you cant switch to Native mode, you can still track through the remaining sections of this chapter. Ill point out those tasks that require Native mode. Furthermore, if its possible to do a particular task in some form in Mixed mode, Ill tell you how. To switch your Exchange organization to Native mode, right−click your organization (at the top of Exchange System Manager) and select Properties. On the General property page of the resultant Properties dialog box for your organization, select Change Mode and then click Yes to confirm your choice. Thats it: Your bridges are burned. Installing a New Exchange Server in a New Administrative Group 494 Before we leave this section, Im going to rename my two administrative groups. You can change the name of an administrative group only when your Exchange organization is running in Native mode. Im going to call the first administrative group Los Angeles and the second group New York. This will add a little realism to some of the tasks that were going to do in the next section and will make it easier for you to see whats going on than if we used the original names: First Administrative Group and Second Administrative Group. To rename an administrative group, right−click it and select Rename from the pop−up menu; then change the groups name. Figure 15.27 shows my newly named administrative groups. You can also change an administrative group name by clicking it, waiting a second or two, and clicking it again. When you do this, the old name is highlighted and you can then type in the new name just as you can with directory and file names in the Windows Explorer directory and file browser. Figure 15.27: Two Exchange Server administrative groups after they have been renamed Managing Multiple Administrative Groups in a Domain Now that youve installed a new Exchange server in a new administrative group, you have to manage that server and its relationship to other Exchange servers. Well talk about a number of management tasks in this section: Delegating control of an administrative group• Adding subcontainers to administrative groups• Using routing groups and connectors• Managing public folders• The first three of these tasks relate directly to the management of administrative groups and routing groups. Youll most likely need to perform the last management task in this list in multirouting group environments, whether one or more administrative groups are involved. Ive chosen not to go into specifics on single−administrative group/multiple−routing group environments (see my earlier tip Add Administrative Groups Only When You Need to Distribute Management Responsibilities). So, it turns out that this section is the best place to discuss public folder management. Ill also point you back here when I discuss management of Exchange servers that you install in new Windows 2003 domains. Delegating Control of an Administrative Group In Chapter 8, in the section Granting Permission for the Exchange Administration Group to Manage Exchange Server, I showed you how to delegate control of your Exchange organization to the Windows 2003 group Exchange Admins. That delegation gave anyone in the Exchange Admins group permission to fully manage your Exchange organization. Managing Multiple Administrative Groups in a Domain 495 Now lets say that you want to give a different Windows 2003 security group permission to manage each of your administrative groups, which are subcontainers of your Exchange organization. Except for the fact that your administrative group names will have the standard names in Mixed mode, you delegate control over administrative groups in exactly the same way, whether your Exchange organization is operating in Mixed or Native mode. First, you need to create your security groups. I need two security groups: one for each of my administrative groups, Los Angeles and New York. As youll remember, you create users and groups using the Active Directory Users and Computers snap−in. Find and right−click the Users container, and select New > Group from the pop−up menu. Enter the name of the group on the New Object − Group wizard, shown in Figure 15.28, and ensure that Global and Security are selected. On the next wizard page, accept the default (do not create an Exchange e−mail address). Then click Next and Finish on the last wizard page. Now follow these same instructions to create a group to manage your other administrative group. Figure 15.28: Creating a Windows 2003 security group to which control of an administrative group will be granted To delegate control of an administrative group to a security group, right−click the administrative group and select Delegate Control from the pop−up menu. In Figure 15.29, Im delegating control of my Los Angeles administrative group to the security group that I created in the last paragraph, Exchange LA Admins. I clicked Add on the Users or Groups page of the Exchange Administration Delegation Wizard. This opened the Delegate Control dialog box. I selected Exchange Full Administrator in the dialog box and then clicked Browse so that I could select the group Exchange LA Admins in the Select Users, Computers, or Groups dialog box, shown in the bottom−right corner of Figure 15.29. For more on the role options in the Delegate Control dialog box, check out the section Granting Permission for the Exchange Administration Group to Manage Exchange Server in Chapter 12. After selecting the appropriate security group, I selected OK until I was out of the two dialog boxes, then clicked Next on the wizard, and then clicked Finish. Managing Multiple Administrative Groups in a Domain 496 [...]... remote bridgehead server You can choose which SMTP virtual server on an Exchange bridgehead server will perform the bridgehead function That grayed−out stuff about Exchange 5.x credentials is used when youre connecting to an Exchange 5.x server By default, Exchange 2003 cross−routing group communications use Windows Server 2003based authentication When youre connecting to an Exchange 5.x server, the fields... (see Figures 15. 58 and 15.59) Figure 15. 58: Selecting the administrative group into which a new Exchange server will be installed 520 Managing Servers in Multidomain Environments Figure 15.59: Selecting the routing group into which a new Exchange server will be placed As soon as your new Exchange server is up and running, youre ready to begin managing it and your new Windows 2003 server Join me in... section, were going install an Exchange server in a new root domain When youve done this, you shouldnt have any problems installing an Exchange server in a child domain As we go through the Windows 2003 and Exchange 2003 installation processes, it should be clear how youd do an installation in a child domain 513 Installing an Exchange Server in a New Domain in the Same Windows 2003 Forest By creating a... about OUs and sites in Mastering Windows Server 2003, by Mark Minasi, Christa Anderson, Michele Beveridge, C.A Callahan, and Lisa Justice (Sybex, 2003) Connecting Exchange Servers Using Routing Groups in Administrative Groups That Have No Exchange Servers Im not going to take too much of your time here Basically, to set up routing groups in administrative groups without Exchange servers, you do the following:... one Exchange server in the target routing group, then you probably dont want to allow public folder referrals If you forward referrals, an Outlook client could try to find a public folder on a distant Exchange server before looking on a local server 501 Using Routing Groups and Connectors Remote Bridgehead A bridgehead server is an Exchange server in a routing group that communicates with bridgehead servers... with domains with multiple DNS servers You can just set up secondary zones on each DNS server, set up one DNS server with a secondary zone, and point the other DNS servers in the domain to that server in their network settings, or you can do other neat tricks These options are beyond the scope of this book For more information, check out Mastering Windows Server 2003 (Sybex, 2003) Before moving on, we... Bridgehead servers receive messages for themselves and other servers in a routing group They process their own messages and route messages for other servers to those servers One or more of the Exchange servers in a routing group can be set as a bridgehead server For fault tolerance, its a good idea to set up multiple bridgehead servers, if you have them In Figure 15.33, Ive designated the only server in... tasks Managing Servers in Multidomain Environments Windows Server 2003 includes an impressive array of cross−domain management functionality With the appropriate permissions, you can manage Active Directory and individual Windows 2003 servers from any server in any domain in a forest Exchange Server works very much the same way, again with appropriate permissions, enabling you to manage your Exchange organization... entry for the DNS server or servers for your other domain You can just enter the IP address of the server( s) or the fully−qualified domain name (for me, that would be 192.1 68. 0.3 or bg01.bgerber.local) By performing the last two steps, youve made it possible for the DNS server you are on to send information about itself to the DNS server or servers for your other domain 4 Now go to a DNS server for your... group(s) entirely different from the group(s) that manage other functionality on your Exchange servers Connecting Exchange Servers in Two Administrative Groups, Each of Which Has Its Own Routing Group To connect the Exchange servers in two administrative groups, you need to do two things: 1 Ensure that each of your Exchange servers is in the appropriate routing group 2 Create connectors between your routing . virtual servers and all of the Exchange services on EXCHANGE0 2, and my new server is up and running. Implementing Front−End/Back−End Server Topologies 488 Figure 15. 18: Turning an Exchange server. the section 'Backing Up Exchange Server 2003& apos; in Chapter 8 and Chapter 17, &apos ;Exchange Server Reliability and Availability.' Warning Windows Server 2003& apos;s backup program. links between the Exchange servers in a routing group and Exchange servers in other routing groups. Members are the Exchange servers that are included in a routing group. An Exchange server can exist in