Re-evaluate your Exchange 2007 Active Directory architecture

Exchange Server 2007 usually works well with existing Active Directory designs. A poorly designed AD architecture can actually hinder performance. The first step in evaluating your AD design is to understanding site structure and topology.

One commonly overlooked aspect when planning an Exchange Server 2007 deployment is Active Directory design. Exchange

2007 is designed to integrate seamlessly with the existing Active Directory designs, but administrators often lack the authority to make architectural changes and performance can be less than optimal. Maybe it's time to reevaluate your Active Directory design.

Assuming that an organization only uses a single Active Directory (AD) forest, the most important AD design consideration for Exchange 2007 is site structure. Site structure encompasses the individual components within each AD site. Site topology is also an important consideration, especially for earlier versions of Exchange.

In Exchange 2003 and earlier versions, message routing decisions were based on a routing group topology. In mixed environments, Exchange 2007 uses a routing group for backward compatibility. In pure Exchange 2007 environments, however, the way in which messages are routed depends on AD site structure.

Microsoft recommends that Active Directory site topology mimic your network topology. For example, if your organization consists of three separate facilities -- each connected by WAN links -- you'd have three separate AD sites. The site connectors that link sites would mimic the placement of your WAN links, ensuring that your Active Directory site topology mimics your physical network topology.

Designing your AD topology to mimic your network topology is usually in your best interest. Doing so isn't always practical, though, especially if you've inherited an existing Active Directory that was designed for other reasons.

One of the main reasons that organizations create Active Directory sites is to isolate certain resources. For example, when a user logs onto his workstation, AD will attempt to authenticate into the network using a domain controller within the same site.

The site isn't isolated such that the workstation can't use a domain controller in a different site for authentication. However, Windows understands that resources within a site are typically on the same subnet, making it more efficient to communicate within the site when possible.

Because Active Directory sites offer a degree of isolation to resources within the site, some organizations create AD sites to isolate certain applications. When these types of applications are used heavily, the load they place on the domain controller can impact the controller's ability to perform other tasks such as user authentication requests. Building sites around applications helps to ensure that AD-dependent apps only communicate with specific domain controllers.

This type of architecture can work well for Exchange 2003 since that version doesn't use AD site topology for message routing. Exchange 2003 routes messages using the routing group topology, which runs independent of site topology.

However, when an organization with this type of architecture migrates to Exchange Server 2007, the existing AD design can negatively affect routing performance. This is especially true for organizations with more than five AD sites.

About the author: Brien M. Posey, MCSE, is a five-time recipient of Microsoft's Most Valuable Professional (MVP) award for his work with Exchange Server, Windows Server, Internet Information Services (IIS), and File Systems and Storage. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at www.brienposey.com.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.

This was first published in December 2009

Dig deeper on Microsoft Exchange Server and Active Directory

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close