Understanding Directory Access Options


Topic Last Modified: 2005-04-22

As discussed in "Preparing to Administer Your Exchange Server 2003 Environment" and "Managing an Exchange Server 2003 Organization," Exchange is tightly integrated with Active Directory. This integration requires that the core components of Exchange 2003 access directory information in Active Directory. The shared component named Directory Access (DSAccess) controls how most components in Exchange interact with Active Directory.

Exchange components dependent on DSAccess

Component Dependency on DSAccess

Exchange Metabase Update (DS2MB)

Directory changes tracked by update sequence number (USN)

Exchange Routing Engine (RESVC)

User and configuration lookups

SMTP Categorizer (SMTP CAT)

List of global catalog servers in the topology

Directory Service Proxy (DSProxy)

List of global catalog servers in the topology

Exchange Information Store

User and configuration lookups


User and configuration lookups

Message transfer agent (MTA)

User and configuration lookups

In Exchange 2003, DSAccess is the centralized mechanism that determines the Active Directory topology, opens the appropriate Lightweight Directory Access Protocol (LDAP) connections, and works around server failures. DSAccess is responsible for the following functions:

  • Retrieving and writing information from Active Directory, such as configuration data and recipients.

  • Caching information from Active Directory for better performance when querying Active Directory. DSAccess caches configuration and recipient data locally so that this information is available for subsequent queries from other Exchange servers. Caching information locally has the additional benefit of preventing the network traffic that is caused by additional queries to Active Directory.

  • Constructing a list of available domain controllers and global catalog servers that other Exchange components can query. For example:

    • The MTA routes LDAP queries through the DSAccess layer to Active Directory.

    • To connect to databases, the store process uses DSAccess to obtain configuration information from Active Directory.

    • To route messages, the transport process uses DSAccess to obtain information about the connector arrangement.

Of the previously listed functions, the only function that you can control on a server is the one that deals with constructing a list of available domain controllers and global catalog servers. You can have this list constructed automatically by DSAccess, or you can manually create this list for DSAccess to use.


Community Additions