Connecting to Other Messaging Systems

Connectivity Scenarios

Exchange is tightly integrated with Windows 2000. Exchange uses the Windows 2000 security model in which users, groups, and other objects (such as connectors) are grouped in domains. Within domains, the global catalog holds a read-only copy of all the attributes of each object in the domain. It also holds a subset of the attributes of all objects in every other domain in the forest.

This subset of attributes is synchronized with partner messaging systems. All user attributes that are configurable in the Active Directory Users and Computers snap-in are published in the global catalog. If you want to synchronize an attribute that isn't currently a part of the attributes in the global catalog, you can publish the attribute to the global catalog. (For more information, see the Windows 2000 online documentation.)

Exchange supports a variety of directory synchronization scenarios:


Connecting Exchange to a single partner system is the simplest scenario. In this "point-to-point" model, a single connector links Exchange and the partner system. The administrator can route messages from the entire Exchange organization through the connector. Directory synchronization is performed against one or more Windows 2000 domains. For example, Exchange servers can be contained in one domain (sometimes called a resource domain) and user accounts can be created in a different domain. In this scenario, you can select export containers from multiple domains and can designate an import container that is hosted in a different domain than the one on which the connector is installed.


In this scenario, several connections are established between the partner system and the Exchange organization for load balancing. Only one connector of a given type can be installed on a server. However, multiple connectors of the same type can be installed on different servers in the same routing group. Messages from Exchange to the partner system are dynamically distributed across like connectors in the same routing group.

In this case, only one of the connectors should perform directory synchronization. This ensures that the same connector "owns" all foreign entries and that it avoids synchronization loops that might occur if entries imported by one connector are exported by another.


When Exchange is used as a backbone, two or more discrete, disconnected "islands" of the same partner system are connected to Exchange. For example, a connector connects Island A to Exchange, and another connector connects Island B. The Exchange backbone network transports messages between users on different islands, as well as to and from Exchange users.

For this scenario, you will want to consider the following:


In this scenario, different connectors link Exchange to two or more different partner systems, for example, System X and System Y. You configure directory synchronization separately for each connector, selecting an import container and one or more export containers for each.

For this scenario, consider the following:

Note   If the partner systems are already synchronizing directly with each other, you must ensure that Exchange does not attempt to duplicate the synchronization of these entries. Otherwise, duplicate entries will be created in the import containers of the two connectors.

You can resolve this problem by excluding one connector's import container from the other connector's export container list. In some cases, more complex filtering may be required.

Related Topics

Coexistence with Exchange 5.5 Connectors Upgrading Exchange 5.5 Connectors