Ask the Expert

A single forest schema is an unacceptable model for my corporation. What other options do I have?

I'm trying really hard to understand something that I see as a major issue with adopting Exchange 2000. I'm the network manager of a large company within a larger corporation. I have my own staff and really don't depend upon the corporation's group for anything. We currently have an Exchange 5.5 server in our own domain and have our own site connectors, but are still in the same Exchange Organization, so we have a corporate Global Address List, shared Public Folders and can see free busy data across the corporation.

As an organization, if I want to be able to keep the same interoperability that I have today with Exchange 2000/Active Directory, it would require a single forest/schema, as I understand it. This just isn't an acceptable model in my position, as I now have to rely/extend ownership outside of my control. Are there other tools that will allow a Global Address List, shared Public Folders and simple Free/Busy data access? Or possibly I'm being lead astray and it is far simpler then this?

Thanks for all the fine information you present. Looking forward to your response.

    Requires Free Membership to View

First, let me confirm your understanding of Exchange 2000 and an Active Directory forest. The boundary of the Exchange organization is the forest. There can be only one Exchange organization per forest, and an Exchange 2000 organization cannot span multiple forests. In other words, there is a one-to-one mapping between Exchange organizations and their host forest.

One of the primary reasons for this is because Exchange 2000 does not have its own directory and directory service any more. Instead, it uses Active Directory to store all of its information, including directory information and configuration information.

So, basically you have two choices. I don't know exactly what specific tasks are being performed by what administrators in what entity; however, there is a fairly fine level of control you have when delegating administrative tasks. Both Active Directory and Exchange 2000 have built-in delegation wizards that enable you to delegate partial or full responsibility for objects and applications without having to give away the keys to the kingdom.

Your second choice is to use Microsoft MetaDirectory Services (MMS). The underlying reason that only one Exchange 2000 organization can exist per forest is that the schema of a Global Catalog server has to be the same for all GC servers in the forest in order to provide a consistent set of attributes. However, anyone with Schema Admin rights can extend the schema; therefore, replication is restricted to the forest boundary.

To resolve the issue of replicating directory entries between forests, Microsoft has a tool called Microsoft Metadirectory Services (formerly Zoomit Via), which is designed to handle inter-forest synchronization requirements. Whether or not this tool can replicate/synchronize everything you need I don't know; that is something that you will need to decide for yourself after reviewing the appropriate literature.

Start by reading KB article Q281893. Then, have a look at Chapter 20 of the Exchange 2000 Resource Kit, which discusses this issue further. Then, search TechNet for 'Microsoft Metadirectory Services' for additional information. You may also wish to consult with someone at Microsoft Consulting Services, as they have extensive experience with this tool, and with business scenarios such as yours.

This was first published in August 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: