Understanding the EdgeSync Synchronization Process

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

 

Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

After an Edge Transport server has been subscribed to the Exchange organization, the Microsoft Exchange EdgeSync service replicates data from the Active Directory directory service to the Active Directory Application Mode (ADAM) directory service instance on the Edge Transport server. The replicated data lets you implement a wider range of anti-spam features and enables domain security functionality. The EdgeSync synchronization process also lets you configure Send connectors and configuration objects that are common to both the Exchange organization and the Edge Transport server on a Hub Transport server and then have that data automatically populated to ADAM. The EdgeSync synchronization process keeps this data up to date by performing scheduled synchronization.

This topic provides detailed information about the EdgeSync synchronization process.

Microsoft Exchange EdgeSync Service

The Microsoft Exchange EdgeSync service is the data synchronization service that periodically replicates configuration data from Active Directory to a subscribed Edge Transport server. The Microsoft Exchange EdgeSync service runs on all Hub Transport servers under the context of the Local Service account. Data is pushed from Active Directory by the Hub Transport server inside the organization to the Edge Transport server in the perimeter network. This means that the Hub Transport server always initiates the synchronization session and that the Microsoft Exchange EdgeSync service performs only one-way synchronization from Active Directory to ADAM. Data from ADAM is never synchronized to Active Directory.

To perform synchronization, the Microsoft Exchange EdgeSync service establishes a mutually authenticated and authorized a secure Lightweight Directory Access Protocol (LDAP) channel from the Hub Transport server to the Edge Transport server. The EdgeSync replication account (ESRA) credentials that are provisioned during the Edge Subscription process are used to establish the secure LDAP connection. For more information about the ESRA credentials, see Understanding Edge Subscription Credentials.

By default, the Microsoft Exchange EdgeSync service uses the non-standard TCP port 50636 for secure LDAP communications. Your internal firewall must allow outbound communication through this port to the Edge Transport servers in the perimeter network. If you want to modify the secure LDAP port that is used to connect to ADAM, you must use the ConfigureAdam.ps1 script that is provided with Microsoft Exchange Server 2007. For more information about how to modify the ADAM configuration, see How to Modify ADAM Configuration.

EdgeSync Synchronization Process

When the Edge Subscription is established, initial replication occurs. Configuration objects and recipient data are populated to ADAM during initial replication. The initial replication process can take a long time if you have a large quantity of recipient data. For more information about the types of data that are replicated to ADAM, see EdgeSync Replication Data.

After ADAM is populated, the Microsoft Exchange EdgeSync service runs at set intervals to keep the data in ADAM up to date. At each of these intervals, new objects are added to ADAM, deleted objects are removed, and modified objects are updated. For more information about the synchronization intervals, see "Synchronization Schedule" later in this topic.

The directory service changes that are available to synchronize to ADAM at each synchronization interval are completely dependent on the data that has been replicated to the domain controller and global catalog server to which the Hub Transport server is bound. Every time that an Exchange 2007 server starts, the Microsoft Exchange Active Directory Topology Service discovers the domain controllers and global catalog servers that Exchange 2007 can use to retrieve configuration and recipient data from Active Directory. You cannot specify to bind to a particular directory when you are running the EdgeSync synchronization process.

A subscribed Edge Transport server is associated with a particular Active Directory site. If more than one Hub Transport server exists in the site, any of them can replicate data to the subscribed Edge Transport servers. But the same Hub Transport server will be preferred. To avoid contention among the Hub Transport servers when synchronizing, the selection of the preferred Hub Transport server occurs as follows:

  • The first Hub Transport server in the Active Directory site to perform a topology scan and discover the new Edge Subscription performs the initial replication. Because this discovery is based on the timing of the topology scan, any Hub Transport server in the site may perform the initial replication.

  • The Hub Transport server that performs the initial replication establishes an EdgeSync lease option and sets a "lock" on the Edge subscription. The lease option establishes that Hub Transport server as the preferred server to provide synchronization services to that Edge Transport server. The lock prevents the Microsoft Exchange EdgeSync service on another Hub Transport server from taking over the lease option.

  • The EdgeSync lease option lasts for one hour. No other Microsoft Exchange EdgeSync service can take over the option from another Hub Transport server during this one-hour period unless a manual synchronization occurs before this period expires. If the preferred Hub Transport server is not available to provide the Microsoft Exchange EdgeSync service when manual synchronization is performed, after a five-minute wait, the lock is released and another Microsoft Exchange EdgeSync service takes over the lease option and performs synchronization.

  • If manual synchronization is not performed, synchronization occurs based on the EdgeSync synchronization schedule. If the preferred server is not available when scheduled synchronization occurs, after a five-minute wait, the lock is released and another Microsoft Exchange EdgeSync service takes over the lease option and performs synchronization.

This method of locking and leasing prevents more than one instance of the Microsoft Exchange EdgeSync service from pushing data to the same Edge Transport server at the same time.

Note

When an Edge Transport server is subscribed to an Active Directory site, all the Hub Transport servers that are installed in that Active Directory site at that time can participate in the EdgeSync synchronization process. If one of those servers is removed, the Microsoft Exchange EdgeSync service that is running on the remaining Hub Transport servers will continue the data synchronization process. However, if new Hub Transport servers are installed in the Active Directory site, they will not participate in the EdgeSync synchronization process. To enable those Hub Transport servers to participate in the EdgeSync synchronization process, you have to resubscribe the Edge Transport server.

The following table lists the EdgeSync properties that are related to the locking and leasing process. The properties are not configurable.

EdgeSync lease properties

Property name Value Description

Lock duration

5 minutes

This setting determines for how long a particular Microsoft Exchange EdgeSync service will acquire a lock. If the Microsoft Exchange EdgeSync service on the Hub Transport server that is holding this lock does not respond, it will take five minutes for the Microsoft Exchange EdgeSync service on another Hub Transport server to take over the lease. Forcing EdgeSync synchronization does not override this value.

Option duration

1 hour

This setting determines for how long a Microsoft Exchange EdgeSync service can declare a lease option on an Edge Transport server. If the Microsoft Exchange EdgeSync service holding the lease is unavailable and does not restart during this option period, no other Microsoft Exchange EdgeSync service will take over the lease option, unless you force EdgeSync synchronization.

Lock renewal

1 minute

This setting determines how frequently the lock field is updated when a Microsoft Exchange EdgeSync service has acquired a lock to an Edge Transport server.

Synchronization Schedule

Different types of data synchronize on different schedules. The schedule specifies the maximum length of time that a Microsoft Exchange EdgeSync service should go between synchronization intervals. The EdgeSync schedule intervals are not configurable. However, if you use the Start-EdgeSynchronization cmdlet in the Exchange Management Shell to force synchronization of Edge Subscriptions to occur immediately, you override the timer that determines the next time that EdgeSync synchronization is scheduled to occur.

The following table lists the EdgeSync schedule parameters that determine when different types of data are synchronized to ADAM.

EdgeSync schedule parameters

Parameter Value Description

Configuration

1 hour

This parameter determines the frequency at which the Microsoft Exchange EdgeSync service will try to synchronize configuration data to an Edge Transport server.

Recipients

4 hours

This parameter determines the frequency at which the Microsoft Exchange EdgeSync service will try to synchronize recipient data to an Edge Transport server.

Topology

5 minutes

This parameter determines how frequently topology information is reloaded.

For More Information

For more information, see the following topics: