Administrative Groups
Versions of Exchange Server prior to Exchange 2000 Server used the concept of sites,
which defined the administrative and routing topology for an Exchange
organization. Sites are familiar to administrators who have worked with
Active Directory directory service, and the concept is very similar in
defining the physical infrastructure of the organization. With Exchange
Server 5.5, the administration model was tied directly to the routing
and communication model, which was defined by the site. Beginning with
Exchange 2000 Server and carried into Exchange Server 2003, the site
concept is divided into administrative groups and routing groups. One
limitation of the use of sites in previous versions of Exchange Server
was that the administrative requirements of a large organization might
not fit neatly within the site structure. As a result, the management
of the administrative roles was more complicated, for example, in a
situation where sites were defined geographically but administration
was centralized. However, the centralized administration was delegated
in a way that individual administrators were responsible for different
sites. Exchange Server 5.5 sites are inflexible, so it is cumbersome in
situations such as this to divide the administration in a way that goes
against the site layout. With Exchange Server 2003, administrative
groups are used to define the administrative topology of the Exchange
organization. This is not tied to the physical topology, since in many
organizations the administrative topology is different from the
physical topology. It is possible for the administrative and routing
group topology to correspond, but Exchange Server 2003 gives you the
flexibility to separate them, if necessary.
Planning
The
use of administrative groups requires Exchange Server 2003, Enterprise
Edition. Exchange Server 2003, Standard Edition, is limited to a single
administrative group containing a single storage group consisting of
one mailbox store and one public folder store. |
Administrative groups can contain any of the following types of objects:
Servers
Policies
Routing groups
Public folder trees
Note
Since
small to mid-sized companies don’t have a need for administrative
groups, by default they are disabled. You have to enable the displaying
of administrative groups in the Exchange System Manager utility.
Right-click on the Organization name, click Properties, and then select
the check box to Enable Administrative Groups. |
You
can think of an administrative group as a collection of the previous
types of objects that have been organized into a container for
simplified administration. You assign permissions to the administrative
group rather than to the individual objects. This simplifies
administration, for example, if you had 25 servers throughout Texas
that all needed to have the same permissions, you could add them to a
single administrative group rather than configuring the permissions
individually on each server. This simplification is especially
important when you consider ongoing administration of the organization
after the initial configuration. If your company hires a new
administrator and you need to add her to the list of administrators, it
would be much simpler to do it once on an administrative group than
having to configure each server.
Administrative Models
Administrative
groups should be planned for prior to installing Exchange Server 2003,
though they can be implemented before and after installation. The main
reason it is important to plan your administrative groups prior to
installing Exchange is because over the long term, it will be easier to
support your organization and will require less administrative effort
if you get it right the first time. In addition, there is less chance
of users experiencing service disruptions because you need to
reconfigure something.
Depending on your organization’s needs, there are different administrative models you can use: a centralized model, a decentralized model, or a mixed
model that utilizes features of both. The centralized administrative
model is most commonly used in small to mid-sized companies that have a
limited number of IT personnel, but it can also be used in larger
organizations that want to have their Exchange environment managed
centrally by a few individuals. In a centralized model, there may be
only one or two administrative groups used. Administrative groups do
not have to follow the physical topology of an organization, so adding
every server in a global organization to a single administrative group
would have no effect on how the messaging infrastructure communicated.
The
decentralized model is similar to how Exchange Server 5.5 sites were
managed, where each site had its own administrative context (since
message routing and administration were connected). Decentralized
administration is most commonly used in larger organizations that have
many branch locations operating independently of other locations, with
their own local IT departments. In this type of model, you would have
many administrative groups, perhaps one for each physical location.
The
mixed model, as you would expect, uses a combination of centralized and
decentralized administration. This model is most commonly used by
larger organizations, where there is a need to centrally manage certain
aspects of Exchange Server 2003, such as policies, while decentralizing
administration of other aspects, such as the day-to-day Exchange server
administration.
Tip
It
is worth repeating that administrative groups are in no way tied to the
physical layout of the network, whereas routing groups are (routing
groups are discussed in the next section). It is important to
understand that administrative groups are a way to simplify the
administration of the Exchange organization and are not related to the
physical routing and communication between servers. |
Once
you have run ForestPrep and DomainPrep, you can gain access to the
Exchange System Manager indirectly and create and modify administrative
groups. Prior to the installation of Exchange (but after ForestPrep and
DomainPrep are run), you can use the Active Directory Sites And
Services console to modify the default administrative group. To create
an administrative group after the installation of Exchange, use the
Exchange System Manager utility, which is installed with Exchange
Server 2003 and is located in the Microsoft Exchange program menu in
the All Programs menu.
Routing Groups
Whereas
administrative groups have no relationship to the physical network
infrastructure, routing groups are directly related to the physical
layout. You can think of routing groups as being much like Active
Directory sites, which are used to group servers that share reliable,
well-connected bandwidth. Routing groups come into play when you have
multiple physical locations connected by slower wide area network (WAN)
bandwidth, such as an Integrated Services Digital Network (ISDN)
connection. Consider a scenario where you have two physical locations,
Dallas and St. Louis, which have five servers running Exchange Server
2003 in each location. The two locations are physically connected by a
128K ISDN line. In this type of environment, you would create two
routing groups, one for each location. This would map directly to the
Active Directory site structure. Each routing group would contain its
local servers, and a connector would be configured to connect the two
routing groups. This could be either a routing group connector (the
preferred way), an SMTP connector (for unreliable WAN connections), or
an X.400 connector.
Tip
Designing
a routing group structure and configuring routing group connectors is
not covered on this exam. However, understanding the concepts is
imperative to being able to deploy Exchange Server 2003 successfully in
a multi-location organization. |
When
you install the first Exchange Server 2003 server in an organization, a
default routing group is created. You can rename this routing group to
something more appropriate, and you can create additional routing
groups using the Exchange System Manager utility. Creating routing
groups is much like creating administrative groups, though a routing
group is contained within an administrative group. As with
administrative groups, by default, routing groups are not enabled. To
enable routing groups, start Exchange System Manager, right-click on
the organization name, click Properties, and select the check box to
Display Routing Groups.
Subsequent
Exchange servers are added to routing groups during the installation
process, and if necessary, you can move servers between routing groups
using Exchange System Manager. The only caveat is that in mixed mode,
you cannot move servers between routing groups that belong to different
administrative groups; you can only move servers between routing groups
within the same administrative group. If you need to move a server to a
routing group that is in a different administrative group, you must
first move the server to the administrative group that contains the
target routing group. Alternatively, you can move the entire routing
group from one administrative group to another. This is a limitation of
the default mixed mode operation, but once you convert to native mode,
this limitation is lifted.
The
other benefit that routing groups provide is a way of controlling
message transfer. In this way, too, routing groups are very similar to
Active Directory sites. With Active Directory, sites are used to define
areas of well-connected bandwidth and areas of low bandwidth for the
purpose of optimizing replication traffic. With routing groups, servers
within a routing group are assumed to have high-speed, reliable
bandwidth between them (such as on the same local area network [LAN]),
and message transfer occurs immediately. Between routing groups, where
bandwidth is assumed to be slow, a server in each group is designated
as a bridgehead server,
and traffic between routing groups is funneled through the bridgehead
server in each group. This optimizes the flow of message traffic
between routing groups and provides for a consistent, reliable flow of
traffic.
1: Create Administrative Groups
You
are the lead consultant of a team that is designing an Exchange Server
2003 infrastructure for Contoso, Ltd., a manufacturer of fine electric
and acoustic guitars. The company has manufacturing plants in the
United States, Mexico, Japan, and Germany, with world-wide headquarters
in Dallas, Texas, and sales offices in Dallas, Boston, St. Louis, Los
Angeles, Tokyo, Mexico City, and Berlin. You recommend a centralized
administrative model for the United States and a decentralized model
for the overseas locations. The proposal is accepted, and you begin to
create the administrative groups after installing the first server
running Exchange Server 2003 and creating the Contoso organization in
Dallas.
1. | From
the Start menu, point to All Programs, then point to Microsoft
Exchange, and then start the Exchange System Manager console.
|
2. | Right-click the Contoso organization and click Properties.
|
3. | When
the Properties dialog box opens, select the check boxes to display both
administrative and routing groups. Click OK to close the dialog box.
|
4. | You are prompted to exit and re-start Exchange System Manager for the changes to take effect. Do so.
|
5. | Expand the Administrative Groups node, and then right-click First Administrative Group and select Rename.
|
6. | Type in USA for the name, since you’ll later be installing the first server at the corporate headquarters in Dallas.
|
7. | Right-click the Administrative Groups container, select New, and then click Administrative Group. Type Germany
for the name and click OK. Notice that you have the USA administrative
group that you modified previously in the Active Directory Sites And
Services console.
|
8. | Repeat the process and create administrative groups for Mexico and Japan.
|
2: Create Routing Groups
This
exercise uses the same scenario as Exercise 1, but this time you will
be creating routing groups. Since the overseas offices have only a
single location apiece, you will need to create a single routing group
in each administrative group. In the USA administrative group, you will
want to rename the default routing group and create routing groups for
each location (Dallas, Boston, St. Louis, and Los Angeles).
1. | Open the Exchange System Manager console if it isn’t already open.
|
2. | Expand the Administrative Groups node so you can see all of your administrative groups.
|
3. | Expand the USA administrative group node, and then expand the Routing Groups node.
|
4. | Notice that Exchange has configured a default First Routing Group. Right-click it and rename it Dallas.
|
5. | Right-click the Routing Groups node in the USA administrative group node, select New, and then click Routing Group. Type Boston and click OK.
|
6. | Repeat the process to create routing groups in the USA administrative group for St. Louis and Los Angeles.
|
7. | Expand
the Japan administrative group node. Repeat step 5 to create a routing
group called Tokyo in the Japan administrative group.
|
8. | Repeat
the process to create routing groups called Mexico City and Berlin in
the Mexico and Germany administrative groups, respectively. |