Understanding the Active Directory Driver
Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-07-31
The Active Directory Driver is the core Microsoft Exchange component that allows Exchange services to create, modify, delete, and query for Active Directory data. The Active Directory Driver also leverages the Microsoft Exchange Active Directory Topology Service (MSExchangeADTopology), which allows the Active Directory Driver to use Directory Service Access (DSAccess) topology data. This data includes the list of available domain controllers and global catalog servers that are available to handle Exchange requests.
This topic discusses the following information relating to the Active Directory Driver:
$AdminSessionADSettings cmdlet variable
Relationship between the Active Directory Driver and DSAccess
$AdminSessionADSettings is an Exchange cmdlet variable that allows you to set your preferred domain controllers, global catalog servers, or centralized data centers in the Active Directory Driver table. $AdminSessionADSettings is exposed by the Exchange Management Shell to allow you to control a number of Exchange-specific Active Directory settings. For more information about the $AdminSessionADSettings variable, see the following resources:
DSAccess provides directory lookup services for components such as Simple Mail Transfer Protocol (SMTP), message transfer agent (MTA), and the Exchange store. Client requests use the DSProxy service for directory access. For more information about DSAccess, see the following topics:
- Exchange Server 2003 and Active Directory
- Dependency on DSAccess
- Configuring DSAccess for Perimeter Networks
By default, Lightweight Directory Access Protocol (LDAP) traffic between a server running Exchange Server 2007 and domain controllers are encrypted. For troubleshooting purposes, you may want to turn off encryption. To turn off encryption, use the following registry setting.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeADAccess\Disable LDAP Encryption
|Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.|
DSAccess implementation had several benefits that Exchange components leveraged, especially around topology discovery and simplification of Active Directory topology complexity. Unfortunately, DSAccess also had several limitations, specifically in regard to paging of results, especially in dealing with large multivalued attributes. One of the major changes in the Active Directory Driver when compared to DSAccess is that the Active Directory Driver does not access and store directory information in a cache. In Exchange 2007, it is up to the Exchange component that is using DSAccess to implement the appropriate cache when needed.
In Exchange 2007, the following services still use DSAccess. However, in these cases DSAccess is used only to obtain the current topology information and to have a consistent topology view through all Exchange services that are running on the server:
Microsoft Exchange Active Directory Topology (MSExchangeADTopology)
Microsoft Exchange Information Store (MSExchangeIS)
Microsoft Exchange System Attendant (MSExchangeSA)
World Wide Web Publishing Service (W3SVC)