Global Address List Synchronization Walkthrough: Lab Setup
Applies To: Windows Server 2003 with SP1
Complete the following procedures to set up the lab environment for this walkthrough. These procedures describe the software installation requirements and the specific options that must be configured to demonstrate an implementation of GAL synchronization.
To set up the lab environment:
Set up the Contoso forest computer
Configure the DNS server
Set up the Fabrikam forest computer
Create the scenario folders on the scenario computers
Populate and configure Active Directory objects, including OUs and users.
Configure the e-mail environment
The following diagram represents the test environment used for this walkthrough.
The recommended test environment for this walkthrough is two servers on an isolated network, each hosting one forest. The following software must be installed:
Microsoft® Windows Server™ 2003, Enterprise Edition, which contains the required Internet Information Services (IIS) service and ASP.NET components
Microsoft Exchange Server 2003, Standard Edition Server
Microsoft SQL Server™ 2000 with Service Pack 3a
Microsoft Identity Integration Server 2003 with Service Pack 1
Hardware requirements must meet the minimum requirements outlined for each of the software packages listed above. The minimum hardware requirements can be found in the product documentation for each of the listed products or at https://www.microsoft.com.
The first computer will host the Contoso forest. Name the server connoa-dc-01 and install the following software:
Windows Server 2003, Enterprise Edition
DNS server
Active Directory
Internet Information Services (IIS) service
ASP.NET
Exchange Server 2003
Microsoft SQL Server 2000 Service Pack 3a
Microsoft Identity Integration Server 2003 with Service Pack 1
Note
Exchange Server 2003 requires that the Internet Information Services (IIS) service components are installed and running on the server computer where Exchange Server 2003 is installed.
The DNS server will host two zones, one for the Contoso forest and one for the Fabrikam forest. Create two primary Active Directory-integrated zones:
Connoa.concorp.contoso.com
Fabnoa.fabcorp.fabrikam.com
Make sure you enable dynamic updates so the DNS zones can be properly updated during the installation of Active Directory.
The second computer will host the Fabrikam forest. Name the computer fabnoa-dc-01 and install the following software:
Windows Server 2003, Enterprise Edition
Active Directory
Internet Information Services (IIS) service
Exchange Server 2003
Configure it to use connoa-dc-01 as its DNS server prior to installing Active Directory.
Note
Exchange Server 2003 requires that the Internet Information Services (IIS) service components are installed and running on the server computer where Exchange Server 2003 is installed.
All of the files necessary for the configuration of this scenario are included in the GALSynchronization folder provided with this document. These files must be copied to a file directory on the each of the servers used in this scenario.
On each of the servers used in this scenario, create the following folder:
C:\Scenarios\GALSynchronization
Copy all of the contents of the GALSynchronization folder, provided with this document, into the new folder on each server.
Populating Active Directory consists of creating the organizational unit structure and creating users, groups and contacts within each corresponding organizational unit.
Two command line scripts are used to populate the separate Active Directory forests:
contoso-buildad.cmd - populates the Contoso Active Directory forest.
fabrikam-buildad.cmd - populates the Fabrikam Active Directory forest.
If you want to recreate the Active Directory environment after you have completed this scenario, you must delete the organizational unit and object structure initially created by these scripts, and then run these scripts again. If you do not delete the existing GAL Synchronization scenario organizational unit and object structure, the scripts will not work.
After populating Active Directory, configure the Active Directory objects by configuring the mail addresses in Exchange Server 2003 and by creating Exchange mailboxes for the user accounts.
To populate the Active Directory in the connoa domain:
Log on to the server running Microsoft Identity Integration Server 2003 using the Administrator account
Locate the file contoso-buildad.cmd in the C:\Scenarios\GALSynchronization folder and open it by using Notepad. You should see the following statements:
@echo off rem rem Copyright © Microsoft Corporation. All rights reserved. rem rem TODO: Enter the right information for the server, user credentials rem and AD Domain if different from the scenario documentation rem ========================================== set servername=CONNOA-DC-01 set username=administrator set domainname=connoa set password=* rem ========================================== set addomain=DC=connoa,DC=concorp,DC=contoso,DC=com rem ========================================== ldifde -k -v -i -f contoso-ous.ldif -c "OU=COMPUTERNAME,ADDOMAIN" "OU=%COMPUTERNAME%,%addomain%" -s %servername% -b %username% %domainname% %password% ldifde -k -v -i -f contoso-contacts.ldif -c "OU=COMPUTERNAME,ADDOMAIN" "OU=%COMPUTERNAME%,%addomain%" -s %servername% -b %username% %domainname% %password% ldifde -k -v -i -f contoso-users.ldif -c "OU=COMPUTERNAME,ADDOMAIN" "OU=%COMPUTERNAME%,%addomain%" -s %servername% -b %username% %domainname% %password% ldifde -k -v -i -f contoso-groups.ldif -c "OU=COMPUTERNAME,ADDOMAIN" "OU=%COMPUTERNAME%,%addomain%" -s %servername% -b %username% %domainname% %password%
Edit the cmd file and change the variables listed in the following table to reflect your scenario. These values are found in the cmd file in the lines that begin with "set."
Variable Value Servername
Name of the domain controller for the connoa Active Directory domain.
Username
Name of an administrative account that is allowed to create objects in Active Directory, (for example, Administrator).
Domainname
NetBIOS name of the Active Directory domain, (for example, CONNOA).
Password
Password of the administrative account that you specified earlier.
If you use a domain name other than connoa.concorp.contoso.com, then you need to follow these instructions:
While editing the contoso-buildad.cmd file change the addomain=dc=connoa,dc=concorp,dc=contoso,dc=com” to match the name of your domain in LDAP notation.
Prior to running contoso-buildad.cmd file, edit the contoso-contacts.ldif file. Replace all @contoso.com strings with the Exchange mail domain of your scenario.
Save the changes to contoso-buildad.cmd and close Notepad.
At the command prompt, run contoso-buildad.cmd.
The contoso-buildad.cmd file creates eight organizational units (OUs) in Active Directory. One OU is named after the computer running Microsoft Identity Integration Server 2003, such as CONNOA-DC-01. Under this OU, another OU named GALSynchronization is created. Under this OU, the Contoso and Fabrikam OUs are created.
The Contoso OU is populated with three other OUs: Users, Groups and Contacts, Each of these OUs will be populated with users, groups, and contacts respectively. The Fabrikam OU is populated with an empty Contacts OU.
After the contoso-buildad.cmd file is finished running, the following objects are within the organizational units:
13 new users in the Users organizational unit.
7 new groups in the Groups organizational unit.
5 new contacts in the Contacts organizational unit.
Next, you must populate the directory for the fabnoa domain.
To populate the Active Directory in the fabnoa domain:
Log on as Administrator to the domain controller hosting the fabnoa domain.
Locate the file fabrikam-buildad.cmd, and then open it by using Notepad. Change the variables listed in following table to reflect your scenario.
Variable Value Servername
Name of the domain controller for the fabnoa Active Directory domain.
Username
Name of an administrative account that is allowed to create objects in Active Directory (for example, Administrator).
Domainname
NetBIOS name of the Active Directory domain (for example, FABNOA).
Password
Password for the administrator account.
If you use a domain name other than fabnoa.fabcorp.fabrikam.com, then you need to follow these instructions:
While editing the fabrikam-buildad.cmd file, change the LDAP string addomain=dc=fabnoa,dc=fabcorp,dc=fabrikam,dc=com” to match the name of your domain.
Prior to running fabrikam-buildad.cmd, edit the fabrikam-contacts.ldif file. Replace all @fabrikam.com strings with the Exchange mail domain of your scenario.
Save the changes to fabrikam-buildad.cmd and close Notepad.
At the command prompt, run fabrikam-buildad.cmd.
The fabrikam-buildad.cmd script creates five organizational unit (OU) objects in Active Directory. One OU is named after the server running Microsoft Identity Integration Server 2003, FABNOA-DC-01. Under this OU, another OU is created and named GALSynchronization. Under the GALSynchronization OU, two OUs are created: Contoso OU and Fabrikam OU. The Fabrikam OU is populated with three other OUs: Users, Groups, and Contacts, each of which is populated with users, groups, and contacts respectively. The Contoso OU is populated with an empty Contacts OU.
The import assumes an empty Active Directory, except for the default Active Directory and Exchange objects and the default configurations that have only the initial Active Directory objects. If you are setting up this scenario for a second time, you need to delete the existing Active Directory users, groups, and contacts before running the scripts to populate this Active Directory domain.
Configuring the e-mail environment consists of configuring mail address creation on Exchange Server 2003 and then creating mailboxes for the user accounts.
This scenario requires that the following attributes are set for the newly created objects:
proxyAddresses
targetAddress
legacyExchangeDN
You must set the SMTP mail domain correctly for both Active Directory forests in this walkthrough. This configuration is performed by adjusting the Exchange Default Recipient Policies.
On the domain controller hosting the connoa domain, start the Exchange Server 2003 System Manager.
Expand Recipients, and then click Recipient Policies.
Right-click Default Policy and select Properties.
Click the E-Mail Addresses (Policy) tab.
In Generation rules, in Type, click SMTP, and then click Edit.
In SMTP Address Properties, in Address, type @contoso.com for the connoa domain in the Contoso Active Directory forest.
Click OK.
Click OK.
If asked to apply the changes to all recipients now, click Yes.
On the domain controller hosting the fabnoa domain, start the Exchange Server 2003 System Manager.
Expand Recipients, and then click Recipient Policies.
Right-click Default Policy and select Properties.
Click the E-Mail Addresses (Policy) tab.
In Generation rules, in Type, click SMTP, and then click Edit.
In SMTP Address Properties, in Address, type @fabrikam.com for the fabnoa domain in the Fabrikam Active Directory forest.
Click OK.
Click OK.
If asked to apply the changes to all recipients now, click Yes.
The newly created Active Directory objects have to be enabled for Exchange Server 2003. Create mailboxes for each user account and establish e-mail addresses for the group and contact objects. The operations must be performed within both Active Directory forests.
Important
You must create mailboxes for each user account and establish e-mail addresses for the group objects in both forests.
On the domain controller for the connoa Active Directory domain, start Active Directory Users and Computers.
Click the organizational unit named after the domain controller (CONNOA-DC-01), click GALSynchronization, click Contoso, and then click Users.
Press CTRL+A to select all users within the organizational unit.
Right-click the selected users, and then click Exchange Tasks.
On the Exchange Task Wizard Welcome page, click Next.
From the list of available tasks, ensure that Create Mailbox is highlighted and then click Next.
For the Create Mailbox page, use the default values and click Next.
Click Finish.
On the domain controller for the connoa Active Directory domain, in Active Directory Users and Computers, under the Contoso organizational unit, click Groups.
Press CTRL+A to select all groups within the organizational unit.
Right-click the selected groups and click Exchange Tasks.
In the Exchange Task Wizard Welcome page, click Next.
From the list of available tasks, select Establish E-mail Address on Groups. Click Next.
For the Establish E-Mail Address on Groups page, use the default values and click Next.
Click Finish.
On the domain controller for the Fabnoa Active Directory domain, start Active Directory Users and Computers.
Click the organizational unit named after the domain controller (FABNOA-DC-01), click GALSynchronization, click Fabrikam, and then click Users.
Select all users within the organizational unit.
Right-click the selected users and click Exchange Tasks.
On the Exchange Task Wizard Welcome page, click Next.
From the list of available tasks, ensure that Create Mailbox is highlighted and then click Next.
For the Create Mailbox page, use the default values and click Next.
Click Finish.
On the domain controller for the fabnoa Active Directory domain, in Active Directory Users and Computers, under the Contoso organizational unit, click Groups.
Select all groups within the organizational unit.
Right-click the selected groups and click Exchange Tasks.
In the Exchange Task Wizard Welcome page, click Next.
From the list of available tasks, select Establish E-mail Address on Groups and click Next
For the Establish E-Mail Address on Groups page, use the default values and click Next.
Click Finish.
At this point your servers should be setup and configured properly for this walkthrough. You are ready to begin.