Global Address List Synchronization Walkthrough: Lab Setup

  • Article

Applies To: Windows Server 2003 with SP1

Previous Sections in This Walkthrough

  1. Overview

  2. Scenario Design

Complete the following procedures to set up the lab environment for this walkthrough. These procedures describe the software installation requirements and the specific options that must be configured to demonstrate an implementation of GAL synchronization.

To set up the lab environment:

  • Set up the Contoso forest computer

  • Configure the DNS server

  • Set up the Fabrikam forest computer

  • Create the scenario folders on the scenario computers

  • Populate and configure Active Directory objects, including OUs and users.

  • Configure the e-mail environment

The following diagram represents the test environment used for this walkthrough.

Art Image

Hardware Requirements

The recommended test environment for this walkthrough is two servers on an isolated network, each hosting one forest. The following software must be installed:

  • Microsoft® Windows Server™ 2003, Enterprise Edition, which contains the required Internet Information Services (IIS) service and ASP.NET components

  • Microsoft Exchange Server 2003, Standard Edition Server

  • Microsoft SQL Server™ 2000 with Service Pack 3a

  • Microsoft Identity Integration Server 2003 with Service Pack 1

Hardware requirements must meet the minimum requirements outlined for each of the software packages listed above. The minimum hardware requirements can be found in the product documentation for each of the listed products or at https://www.microsoft.com.

Set Up the Contoso Forest Computer

The first computer will host the Contoso forest. Name the server connoa-dc-01 and install the following software:

  • Windows Server 2003, Enterprise Edition

  • DNS server

  • Active Directory

  • Internet Information Services (IIS) service

  • ASP.NET

  • Exchange Server 2003

  • Microsoft SQL Server 2000 Service Pack 3a

  • Microsoft Identity Integration Server 2003 with Service Pack 1

Note

Exchange Server 2003 requires that the Internet Information Services (IIS) service components are installed and running on the server computer where Exchange Server 2003 is installed.

Configure the DNS Server

The DNS server will host two zones, one for the Contoso forest and one for the Fabrikam forest. Create two primary Active Directory-integrated zones:

  • Connoa.concorp.contoso.com

  • Fabnoa.fabcorp.fabrikam.com

Make sure you enable dynamic updates so the DNS zones can be properly updated during the installation of Active Directory.

Set Up the Fabrikam Forest Computer

The second computer will host the Fabrikam forest. Name the computer fabnoa-dc-01 and install the following software:

  • Windows Server 2003, Enterprise Edition

  • Active Directory

  • Internet Information Services (IIS) service

  • Exchange Server 2003

Configure it to use connoa-dc-01 as its DNS server prior to installing Active Directory.

Note

Exchange Server 2003 requires that the Internet Information Services (IIS) service components are installed and running on the server computer where Exchange Server 2003 is installed.

Create the Scenario Folder

All of the files necessary for the configuration of this scenario are included in the GALSynchronization folder provided with this document. These files must be copied to a file directory on the each of the servers used in this scenario.

To create the folder for this scenario

  1. On each of the servers used in this scenario, create the following folder:

    C:\Scenarios\GALSynchronization

  2. Copy all of the contents of the GALSynchronization folder, provided with this document, into the new folder on each server.

Populating and Configuring Active Directory Objects

Populating Active Directory consists of creating the organizational unit structure and creating users, groups and contacts within each corresponding organizational unit.

Two command line scripts are used to populate the separate Active Directory forests:

  • contoso-buildad.cmd - populates the Contoso Active Directory forest.

  • fabrikam-buildad.cmd - populates the Fabrikam Active Directory forest.

If you want to recreate the Active Directory environment after you have completed this scenario, you must delete the organizational unit and object structure initially created by these scripts, and then run these scripts again. If you do not delete the existing GAL Synchronization scenario organizational unit and object structure, the scripts will not work.

After populating Active Directory, configure the Active Directory objects by configuring the mail addresses in Exchange Server 2003 and by creating Exchange mailboxes for the user accounts.

To populate the Active Directory in the connoa domain:

  1. Log on to the server running Microsoft Identity Integration Server 2003 using the Administrator account

  2. Locate the file contoso-buildad.cmd in the C:\Scenarios\GALSynchronization folder and open it by using Notepad. You should see the following statements:

    @echo off
rem
rem Copyright © Microsoft Corporation.  All rights reserved.
rem
rem TODO: Enter the right information for the server, user credentials 
rem       and AD Domain if different from the scenario documentation
rem ==========================================
set servername=CONNOA-DC-01
set username=administrator
set domainname=connoa
set password=*
rem ==========================================
set addomain=DC=connoa,DC=concorp,DC=contoso,DC=com
rem ==========================================
ldifde -k -v -i -f contoso-ous.ldif -c "OU=COMPUTERNAME,ADDOMAIN" "OU=%COMPUTERNAME%,%addomain%" -s %servername% -b %username% %domainname% %password%
ldifde -k -v -i -f contoso-contacts.ldif -c "OU=COMPUTERNAME,ADDOMAIN" "OU=%COMPUTERNAME%,%addomain%" -s %servername% -b %username% %domainname% %password%
ldifde -k -v -i -f contoso-users.ldif -c "OU=COMPUTERNAME,ADDOMAIN" "OU=%COMPUTERNAME%,%addomain%" -s %servername% -b %username% %domainname% %password%
ldifde -k -v -i -f contoso-groups.ldif -c "OU=COMPUTERNAME,ADDOMAIN" "OU=%COMPUTERNAME%,%addomain%" -s %servername% -b %username% %domainname% %password%

  3. Edit the cmd file and change the variables listed in the following table to reflect your scenario. These values are found in the cmd file in the lines that begin with "set."

    Variable Value

    Servername

    Name of the domain controller for the connoa Active Directory domain.

    Username

    Name of an administrative account that is allowed to create objects in Active Directory, (for example, Administrator).

    Domainname

    NetBIOS name of the Active Directory domain, (for example, CONNOA).

    Password

    Password of the administrative account that you specified earlier.

If you use a domain name other than connoa.concorp.contoso.com, then you need to follow these instructions:

  1. While editing the contoso-buildad.cmd file change the addomain=dc=connoa,dc=concorp,dc=contoso,dc=com” to match the name of your domain in LDAP notation.

  2. Prior to running contoso-buildad.cmd file, edit the contoso-contacts.ldif file. Replace all @contoso.com strings with the Exchange mail domain of your scenario.

  3. Save the changes to contoso-buildad.cmd and close Notepad.

  4. At the command prompt, run contoso-buildad.cmd.

The contoso-buildad.cmd file creates eight organizational units (OUs) in Active Directory. One OU is named after the computer running Microsoft Identity Integration Server 2003, such as CONNOA-DC-01. Under this OU, another OU named GALSynchronization is created. Under this OU, the Contoso and Fabrikam OUs are created.

The Contoso OU is populated with three other OUs: Users, Groups and Contacts, Each of these OUs will be populated with users, groups, and contacts respectively. The Fabrikam OU is populated with an empty Contacts OU.

After the contoso-buildad.cmd file is finished running, the following objects are within the organizational units:

  • 13 new users in the Users organizational unit.

  • 7 new groups in the Groups organizational unit.

  • 5 new contacts in the Contacts organizational unit.

Next, you must populate the directory for the fabnoa domain.

To populate the Active Directory in the fabnoa domain:

  1. Log on as Administrator to the domain controller hosting the fabnoa domain.

  2. Locate the file fabrikam-buildad.cmd, and then open it by using Notepad. Change the variables listed in following table to reflect your scenario.

    Variable Value

    Servername

    Name of the domain controller for the fabnoa Active Directory domain.

    Username

    Name of an administrative account that is allowed to create objects in Active Directory (for example, Administrator).

    Domainname

    NetBIOS name of the Active Directory domain (for example, FABNOA).

    Password

    Password for the administrator account.

If you use a domain name other than fabnoa.fabcorp.fabrikam.com, then you need to follow these instructions:

  1. While editing the fabrikam-buildad.cmd file, change the LDAP string addomain=dc=fabnoa,dc=fabcorp,dc=fabrikam,dc=com” to match the name of your domain.

  2. Prior to running fabrikam-buildad.cmd, edit the fabrikam-contacts.ldif file. Replace all @fabrikam.com strings with the Exchange mail domain of your scenario.

  3. Save the changes to fabrikam-buildad.cmd and close Notepad.

  4. At the command prompt, run fabrikam-buildad.cmd.

The fabrikam-buildad.cmd script creates five organizational unit (OU) objects in Active Directory. One OU is named after the server running Microsoft Identity Integration Server 2003, FABNOA-DC-01. Under this OU, another OU is created and named GALSynchronization. Under the GALSynchronization OU, two OUs are created: Contoso OU and Fabrikam OU. The Fabrikam OU is populated with three other OUs: Users, Groups, and Contacts, each of which is populated with users, groups, and contacts respectively. The Contoso OU is populated with an empty Contacts OU.

The import assumes an empty Active Directory, except for the default Active Directory and Exchange objects and the default configurations that have only the initial Active Directory objects. If you are setting up this scenario for a second time, you need to delete the existing Active Directory users, groups, and contacts before running the scripts to populate this Active Directory domain.

Configure the E-mail Environment

Configuring the e-mail environment consists of configuring mail address creation on Exchange Server 2003 and then creating mailboxes for the user accounts.

Configure the Mail Addresses in Exchange Server 2003

This scenario requires that the following attributes are set for the newly created objects:

  • proxyAddresses

  • targetAddress

  • legacyExchangeDN

You must set the SMTP mail domain correctly for both Active Directory forests in this walkthrough. This configuration is performed by adjusting the Exchange Default Recipient Policies.

To adjust the Exchange Default Recipient Policies for both forests

  1. On the domain controller hosting the connoa domain, start the Exchange Server 2003 System Manager.

  2. Expand Recipients, and then click Recipient Policies.

  3. Right-click Default Policy and select Properties.

  4. Click the E-Mail Addresses (Policy) tab.

  5. In Generation rules, in Type, click SMTP, and then click Edit.

  6. In SMTP Address Properties, in Address, type @contoso.com for the connoa domain in the Contoso Active Directory forest.

  7. Click OK.

  8. Click OK.

  9. If asked to apply the changes to all recipients now, click Yes.

  10. On the domain controller hosting the fabnoa domain, start the Exchange Server 2003 System Manager.

  11. Expand Recipients, and then click Recipient Policies.

  12. Right-click Default Policy and select Properties.

  13. Click the E-Mail Addresses (Policy) tab.

  14. In Generation rules, in Type, click SMTP, and then click Edit.

  15. In SMTP Address Properties, in Address, type @fabrikam.com for the fabnoa domain in the Fabrikam Active Directory forest.

  16. Click OK.

  17. Click OK.

  18. If asked to apply the changes to all recipients now, click Yes.

Create Exchange Mailboxes for the Active Directory User Accounts

The newly created Active Directory objects have to be enabled for Exchange Server 2003. Create mailboxes for each user account and establish e-mail addresses for the group and contact objects. The operations must be performed within both Active Directory forests.

Important

You must create mailboxes for each user account and establish e-mail addresses for the group objects in both forests.

To create mail boxes for the newly created objects in the connoa domain

  1. On the domain controller for the connoa Active Directory domain, start Active Directory Users and Computers.

  2. Click the organizational unit named after the domain controller (CONNOA-DC-01), click GALSynchronization, click Contoso, and then click Users.

  3. Press CTRL+A to select all users within the organizational unit.

  4. Right-click the selected users, and then click Exchange Tasks.

  5. On the Exchange Task Wizard Welcome page, click Next.

  6. From the list of available tasks, ensure that Create Mailbox is highlighted and then click Next.

  7. For the Create Mailbox page, use the default values and click Next.

  8. Click Finish.

To establish e-mail addresses for the newly created groups in the connoa domain

  1. On the domain controller for the connoa Active Directory domain, in Active Directory Users and Computers, under the Contoso organizational unit, click Groups.

  2. Press CTRL+A to select all groups within the organizational unit.

  3. Right-click the selected groups and click Exchange Tasks.

  4. In the Exchange Task Wizard Welcome page, click Next.

  5. From the list of available tasks, select Establish E-mail Address on Groups. Click Next.

  6. For the Establish E-Mail Address on Groups page, use the default values and click Next.

  7. Click Finish.

To create mail boxes for the newly created objects in the fabnoa domain

  1. On the domain controller for the Fabnoa Active Directory domain, start Active Directory Users and Computers.

  2. Click the organizational unit named after the domain controller (FABNOA-DC-01), click GALSynchronization, click Fabrikam, and then click Users.

  3. Select all users within the organizational unit.

  4. Right-click the selected users and click Exchange Tasks.

  5. On the Exchange Task Wizard Welcome page, click Next.

  6. From the list of available tasks, ensure that Create Mailbox is highlighted and then click Next.

  7. For the Create Mailbox page, use the default values and click Next.

  8. Click Finish.

To establish e-mail addresses for the newly created groups in the Fabnoa domain

  1. On the domain controller for the fabnoa Active Directory domain, in Active Directory Users and Computers, under the Contoso organizational unit, click Groups.

  2. Select all groups within the organizational unit.

  3. Right-click the selected groups and click Exchange Tasks.

  4. In the Exchange Task Wizard Welcome page, click Next.

  5. From the list of available tasks, select Establish E-mail Address on Groups and click Next

  6. For the Establish E-Mail Address on Groups page, use the default values and click Next.

  7. Click Finish.

At this point your servers should be setup and configured properly for this walkthrough. You are ready to begin.

Next