Deploying in a domain environment
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Deploying in a domain environment
During installation, if you choose to install Message Queuing with Active Directory Integration and the installation computer is part of a domain, Message Queuing objects are created in Active Directory. For more information about installation options, see Installation overview. For more information about Message Queuing objects in Active Directory, see Message Queuing and Active Directory.
An Active Directory domain includes one or more domain controllers that store directory information for the domain. The collection of all domains in a Windows Server 2003 network is called a forest, and one or more domains in the forest can be designated as a global catalog, with directory information for other domains in the forest, in addition to its own. Active Directory employs a multi-master model, so that any Windows Server 2003 family domain controller can read from or write to objects stored in Active Directory. For more information, see Introduction to Active Directory, in Active Directory Help.
Accessing Active Directory
In a domain environment, computers running Windows XP, or a Windows Server 2003 operating system, and Message Queuing can directly access Message Queuing objects in Active Directory. On the other hand, Windows 2000 computers running Message Queuing require either a Windows Server 2003 domain controller running the Downlevel Client Support Component to provide the Message Queuing Directory Service, or a Windows 2000 domain controller hosting a Message Queuing server in its site and its domain to access such objects in Active Directory. In addition to this requirement, a Windows NT 4.0, Windows 98, or Windows 95 computer running MSMQ 1.0 also requires that this domain controller be configured as a global catalog server.
Note
- When receiving a user's request to Active Directory, Active Directory Service Interfaces (ADSI) resolves the query by attempting to locate a domain controller in the user's domain. This can potentially be a problem for users who log on to remote computers in a different domain from their own. If the remote computer's domain is not connected to the user's domain, the Active Directory query will fail.
Sites
In a domain environment, a Message Queuing network can be divided into different Windows Server 2003 family sites, which are interconnected using routing links. Sites map the physical structure of your network, whereas domains generally map the logical structure of your organization, independently of each other. There may be multiple domains in a single site as well as multiple sites in a single domain. For more information, see Message Queuing and Active Directory. For more general information on sites in Windows Server 2003 family, see Sites overview, in the Active Directory Help file.
In the context of Message Queuing, a site can consist of the following:
Windows Server 2003 domain controllers, which hold configuration and status information in the Active Directory and replicate such information between sites using site links. Active Directory employs what is called a multi-master model, which means that any Windows Server 2003 domain controller can read from or write to objects stored in Active Directory.
Windows Server 2003 family computers, all of which use the same network protocol (typically IP). Any two computers in a site that use the same network protocol have direct connectivity with each other. Such connectivity also implies fast and cheap communication.
Collections of associated subnets, each with a single IP subnet address.
When a Message Queuing client communicates with a Message Queuing server, it directs the request to a predetermined server in the same site, if one is available.
Site considerations
All sites are determined during the planning and installation of Windows Server 2003 family computers in your organization. There is not a separate site topology as there was in previous versions of Message Queuing. This simplifies your site planning.
However, it is recommended that you consider the factors listed in the following table.
| Site consideration | Requirement or suggestion |
|---|---|
Communication link |
The communication link between sites must be permanent. |
Available network bandwidth |
The network bandwidth must be able to support the volume of messages transmitted within the site. |
Performance |
The number of domain controllers in each site affects performance. Each additional domain controller in a site generates more network traffic for Active Directory replication throughout that site. You need to weigh the benefits of redundancy against the performance overhead of increased replication. |
Performance and connectivity |
Configuring a domain controller as a global catalog server in each site will enhance performance and reduce connectivity issues. |
Organizational |
Group together users who work in the same site to improve overall performance of the system, reduce network traffic, and reduce resource use. |
Note
- There is no longer a special definition of a site in the context of Message Queuing as there was for MSMQ 1.0. When upgrading from MSMQ 1.0, each MSMQ 1.0 site is mapped to a Windows Server 2003 family site, and for cross-platform messaging, each foreign connected network is mapped to a foreign site. If you are upgrading from MSMQ 1.0, see Upgrade overview for a list of changes.
Offline mode
A Message Queuing computer can also belong to a domain but be temporarily unable to communicate with a domain controller. This is known as offline mode and occurs when:
The computer itself is offline.
All the domain controllers in its site are offline.
An attempt is made to access a remote computer and the remote computer is temporarily unable to query a domain controller for authentication.
In all these cases, the computer's configuration as a member of a domain is maintained in the registry, and normal domain operation resumes as soon as a domain controller becomes available. While in offline mode, messages can be sent directly by using direct format names. When other format names are used, the messages are stored on the local computer and are sent as soon as a domain controller becomes available. For more information, see "Format names" in Queue names.
Managing computers in a domain under the Local User account
Computers that are part of a domain can be managed under the Local User account. To do this, the Message Queuing Directory Service must be running on the domain controller, and you need to add the EnableLocalUser key (DWORD=1), to the registry of the local computer, at location HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSMQ\Parameters\EnableLocalUser
Caution
- Incorrectly editing the registry may severely damage your system. It is recommended that you back up any valuable data on the computer before making changes to the registry.