Troubleshooting Directory Synchronization

 

Exchange System Manager is a helpful tool for troubleshooting directory synchronization problems. You can use this tool to trigger manual synchronization cycles and full reloads, which is a recommended first action if you discover that address information in Active Directory or the non-Exchange messaging system is incomplete or missing. Triggering a synchronization cycle is also a good idea after you apply a configuration change to determine whether you successfully solved the problem.

Important

For more information about troubleshooting guidance for interoperability between Lotus Notes R5/R6, Exchange Server 2003, and Windows Server 2003 Active Directory, see Resources for Moving to the Microsoft Collaboration Platform.

Directory synchronization issues can be classified as follows:

  • The messaging connector is unable to read or write recipient information in Active Directory   When you configure directory synchronization with Novell GroupWise, you must specify export and import containers for the recipient objects. The messaging connector requires the following access permissions:

    • Import Container   The computer account of the Exchange server that is running the messaging connector must be granted the Create All Child Objects and Delete All Child Objects permissions to create, modify, or delete recipients in this container. The computer account also requires the special permissions List Contents, Read All Properties, and Write All Properties.

    • Export Containers   The computer account of the Exchange server that is running the messaging connector must be granted the Read permission to read the recipient objects in the selected container. The computer account also requires the special permissions List Contents, Read All Properties, and Read Permissions.

      Note

      When you configure Import and Export containers in Exchange System Manager, you will be prompted to assign the computer account the required permissions automatically. To verify how permissions are assigned, start Active Directory Users and Computers, right-click the target container, select Properties, and then switch to the Security tab. Click Advanced, and then double-click the computer account (for example, SERVER01$ (CONTOSO\SERVER01$)).

  • The messaging connector is unable to communicate with the non-Exchange messaging system to export or import recipient information   Directory synchronization requires a functioning connector configuration. In addition, you must ensure that the connector has the permissions required to access and update directory information in the non-Exchange messaging system. Check the following:

    • Directory synchronization with Novell GroupWise   When you configure the Novell GroupWise API Gateway using the GroupWise administrator program, you must specify the directory synchronization option in the optional gateway settings. Ensure that you set the Directory Sync/Exchange option to Exchange so that directory information can be exchanged between Novell GroupWise and Exchange 2003 through the API gateway. For detailed instructions about how to configure optional gateway settings, see How to Prepare the Novell GroupWise Environment.

Communication with Active Directory

The Connector for Novell GroupWise relies on directory synchronization architecture to communicate with Active Directory. As shown in Figure 1, the LSDXA process is responsible for handling the actual directory synchronization processes. Lsdxa.exe resides in the \Program Files\Exchsrvr\Bin directory and is started automatically when you start the Microsoft Exchange Connector for Novell GroupWise service in the Services tool.

Tip

You can use Task Manager to verify that Lsdxa.exe is running on your bridgehead server. When the connector service is started, Lsdxa.exe is listed on the Processes tab.

Figure 1   The Exchange 2003 directory synchronization architecture

c15e4538-5e2c-4eb6-8c99-1a8b0b74acd7

The LSDXA process is responsible for parsing the Exchconn.ini file and loading the appropriate subprocesses into memory to communicate with Active Directory and the non-Exchange directory. To communicate with Active Directory, Lsdxa.exe starts the Microsoft Exchange Server DX Agent (DXAMEX), which is implemented in a dynamic-link library (DLL) called Dxamex.dll.

DXAMEX communicates with Active Directory through Active Directory Service Interfaces (ADSI). DXAMEX extracts the recipient information from the export containers that you specified in the connector configuration and places the data, in the form of a temporary file in message interchange format (MIF), into the \Program Files\Exchsrvr\Conndata\Temp directory. The file name depends on the system with which you are synchronizing recipient information (Table 1). In the other direction, the DXAMEX process seeks an MIF file named Dxamex.txt, which it processes to place recipient information into the import container that you specified in the connector configuration.

Table 1   MIF files for directory synchronization

Directory synchronization File name Example

Active Directory to Novell GroupWise

Dxagwise.txt

Load

A

DOMAIN:

POSTOFFICE:

OBJECT:

LASTNAME:

FIRSTNAME:Administrator

DESCRIP:Administrator

ACCOUNTID:

TITLE:

DEPARTMENT:

PHONE:

FAX:

GWADDR:Exchange.First Administrative Group.Administrator

EXCHANGEID:Microsoft Exchange Connector for Novell GroupWise

EndOfBuffer

Novell GroupWise to Active Directory

Dxamex.txt

Load

U

DN:admin

TA:GWISE:CONTOSO_DOM.CONTOSO_PO.admin

ALIAS:admin

NAME:admin

FULLNAME:admin

FIRSTNAME:

Initials:

LASTNAME:admin

GWISEADDR:CONTOSO_DOM.CONTOSO_PO.admin

UNID:3d39133c-9085ae59-5a332abf-7ded4de3

COMPANY:

DEPARTMENT:

TITLE:

OFFICE:

PHONE:

FAX:

MOBILEPHN:

USNCREATED:

EndOfBuffer

Note

If you want to examine the communication between the DXAMEX process and Active Directory, click the Diagnostics Logging tab for your bridgehead server, and then select the MSExchangeADDXA service. From the list of categories, select LDAP Operations and then set the logging level to Maximum. Remember to set the logging level back to the default setting of None after you complete a directory synchronization cycle. Otherwise, you might quickly fill the application event log with a very large number of entries.