In a modern Exchange system, the Global Catalog servers handle requests for the GAL or a custom address list. They do so using a special service called the Name Server Provider Interface, or NSPI.
As shown in Figure 5.26, the DSProxy service on an Exchange server decides how to handle Outlook clients who need a place to send their NSPI requests.
Figure 5.26 Diagram of DSProxy operation. (Click image for enlarged view.)
Outlook versions older than Outlook 98 service release 2 send their NSPI requests directly to the home Exchange server of the user. The DSProxy service exposes an NSPI interface to handle these requests. The original Exchange client uses MAPI to do name service lookups. DSProxy handles these requests, as well.
When an Exchange server receives an NSPI request from a legacy client, it passes the request to a Global Catalog server for processing. The Global Catalog server determines the content of the address list and returns the first few items to the Exchange server, which forwards the reply to the legacy Outlook client.
For reasons of security and performance, the Exchange server does not open or modify either the client's NSPI requests or the Global Catalog server's replies.
Modern Outlook clients, Outlook 2000 SR2 and higher, know that Global Catalog servers can handle NSPI requests. These clients connect to the user's home Exchange server and send a request to the RFR service, hosted by DSProxy.
RFR works with DSAccess to determine the name of a qualified Global Catalog server and returns that name to the Outlook client. The Outlook client sends its NSPI requests directly to that Global Catalog server.
Under normal circumstances, the Global Catalog server selected by DSAccess resides in the same site as the Exchange server. But the Outlook client might reside in another location, so the DSAccess choice forces the Outlook client to send its NSPI request across the WAN.
You can set a Registry entry at the desktop running the Outlook client that tells Outlook to use a Global Catalog server in the local site and to ignore the referral from the Exchange server:
Key: HKCU | Software | Microsoft | Exchange | Exchange Provider Value: Closest GC Data: 1 (REG_DWORD)
You can also hardcode the FQDN of a Global Catalog in the Exchange Provider key. The Value name is DS Server with a REG_SZ data type. You would not ordinarily want to make this entry except for testing.
To confirm that the Closest GC (or DS Server) Registry entry worked in Outlook 2003, hold the Ctrl key, right-click the Outlook icon in the Notification Area, and select Connection Status from the flyout menu. This opens a Connection Status window that lists the Directory servers selected by the client. To confirm that the entry worked in earlier versions of Outlook, follow these menu items and windows: Tools -> Address Book -> Tools -> Options -> Global Address List -> Properties. This opens a properties window that lists the Global Catalog used by Outlook.
Static DSProxy port mappings
If you have a firewall between your Outlook clients and a domain controller, the clients cannot send their NSPI requests directly to a Global Catalog server. You can force the clients to use the Proxy services of DSProxy rather than getting a referral to a Global Catalog server by setting a Registry entry at the Exchange server to disable referrals:
Key: HKLM\System\CurrentControlSet\Services\MSExchangeSA\Parameters Value: No RFR Service Data: 0x1 (REG_DWORD)
For this to work, you'll need to open a conduit in the firewall to allow the Exchange server to query a Global Catalog server. This requires locking down the NSPI and RFR services to use specific ports. Use the following Registry entries to assign the ports. Work with your Network Services colleagues to select the ports. You might want to use port numbers in the stratosphere of the allowable number space to avoid conflicts. Port numbers from 1024 to 65535 are allowed.
Key: HKLM | System | CurrentControlSet | Services | MSExchangeSA Â| Parameters Value: TCP/IP Port Data: <port_number> (REG_DWORD)
Key: HKLM | System | CurrentControlSet | Services | MSExchangeSA Â| Parameters Value: TCP/IP NSPI Port Data: <port_number> (REG_DWORD)
Key: HKLM | System | CurrentControlSet | Services | MSExchangeIS Â| Parameters Value: TCP/IP Port Data: <port_number> (REG_DWORD)
15 tips in 15 minutes: Managing recipients and distribution lists
Tip 1: Exchange security groups
Tip 2: Group membership expansion
Tip 3: Managing Exchange group email properties
Tip 4: Exchange 2003 Query-Based Distribution Groups
Tip 5: DSAccess for Exchange
Tip 6: DSProxy for Exchange
Tip 7: Managing Exchange recipient policies
Tip 8: Exchange Recipient Update Service and proxy addresses
Tip 9: Restricting mail storage on an Exchange server
Tip 10: The Exchange server mailbox management service
Tip 11: Blocking a user's email access
Tip 12: Accessing another user's mailbox in Outlook
Tip 13: Exchange mail retention
Tip 14: Managing recipients with system policies
Tip 15: Managing recipients with Global Settings
This chapter excerpt from Learning Exchange Server 2003 by William Boswell is printed with permission from Addison-Wesley Professional, Copyright 2004. Click here for the chapter download or to purchase the book.