Applies to: Exchange Server 2007 SP3, Exchange Server
2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2008-03-10
Unlike Microsoft Exchange 2000 Server and Exchange Server 2003, Exchange Server 2007 does not require configuration of a separate routing topology. Exchange 2007 uses the Active Directory directory service site topology to determine how messages are transported in the organization. This topic provides an overview of how Exchange 2007 uses the existing Active Directory site topology to transport messages between server roles.
The Hub Transport server role provides message transport inside the Exchange organization. When you are deploying a pure Exchange Server 2007 organization, no additional configuration is required to establish routing in the forest. If you are deploying Exchange 2007 in an existing Exchange 2000 Server or Exchange Server 2003 organization, you must follow specific configuration steps to enable routing between Exchange 2007 and Exchange 2000 Server and Exchange Server 2003. For more information about how to configure the Hub Transport server role for coexistence with Exchange 2000 Server or Exchange Server 2003, see Planning for Coexistence.
How Exchange 2007 Uses Site Membership
Exchange 2007 is a site-aware application. Site-aware applications can determine their own Active Directory site membership and the Active Directory site membership of other servers by querying Active Directory. In Exchange 2007, the Microsoft Exchange Active Directory Topology service is responsible for updating the site attribute of the Exchange server object. When an Exchange server role has to determine the Active Directory site membership of another Exchange server role, it can query Active Directory to retrieve the site name. All Exchange 2007 server roles also use site membership to determine which domain controllers and global catalogs servers to use for processing Active Directory queries. Because the Active Directory site membership is a server object attribute, you do not have to query DNS to resolve a server address to a subnet that is associated with an Active Directory site. Stamping the Active Directory site attribute on an Exchange server object enables Active Directory site membership to be assigned to a server that is not a domain member, such as a subscribed Edge Transport server.
The Exchange 2007 server roles use Active Directory site membership information as follows:
- The Mailbox server role uses Active Directory site
membership information to determine which Hub Transport servers are
located in the same Active Directory site as the Mailbox
servers. The Mailbox server submits messages for routing and
transport to a Hub Transport server that has the same
Active Directory site membership as the Mailbox server. The
Hub Transport server performs recipient resolution and queries
Active Directory to match an e-mail address to a recipient
account. The recipient account information includes the fully
qualified domain name (FQDN) of the user’s Mailbox server. The FQDN
is used to determine the Active Directory site of the user's
Mailbox server. The Hub Transport server delivers the message to
Mailbox server within its same Active Directory site, or it
relays the message to another Hub Transport server for delivery to
a Mailbox server that is outside the Active Directory site. If
there are no Hub Transport servers in the same
Active Directory site as a Mailbox server, mail can't flow to
that Mailbox server.
- Active Directory site membership and IP site link
information is used to prioritize the list of servers that are used
for public folder referrals. Users are directed first to the
default public folder database for their mailbox database. If a
replica of the public folder being accessed does not exist in the
default public folder database, the Mailbox store where the default
public folder database resides will provide a prioritized referral
list of Mailbox servers that hold a replica to the client. Public
folder databases that are in the same Active Directory site as
the default public folder database are listed first, and additional
referral locations are prioritized based on Active Directory
site proximity. Active Directory site proximity is determined
by aggregating the costs of the IP site links between the
Active Directory site where the default public folder database
resides and the Active Directory sites where public folder
replicas exist. The list of referrals is prioritized from lowest
cost to highest cost. The connecting client will try each referral
in the list until a connection is made or all attempts fail.
- The Unified Messaging (UM) server role uses
Active Directory site membership information to determine
which Hub Transport servers are located in the same
Active Directory site as the Unified Messaging server. The
Unified Messaging server submits messages for routing and transport
to a Hub Transport server that has the same Active Directory
site membership as the Unified Messaging server. The Hub Transport
server performs recipient resolution and queries
Active Directory to match a telephone number, or other UM
property, to a recipient account. The recipient account information
includes the fully qualified domain name (FQDN) of the user’s
Mailbox server. The FQDN is used to determine the
Active Directory site of the user's Mailbox server. The Hub
Transport server delivers the message to a Mailbox server within
its same Active Directory site, or it relays the message to
another Hub Transport server for delivery to a Mailbox server that
is outside the Active Directory Site.
- When the Client Access server role receives a user connection
request, it queries Active Directory to determine which
Mailbox server is hosting the user's mailbox. The Client Access
server then retrieves the Active Directory site membership of
that Mailbox server. If the Client Access server that received the
initial user connection is not located in the same site as the
user's Mailbox server, the connection is redirected to a Client
Access server in the same site as the Mailbox server.
- Exchange 2007 Hub Transport servers retrieve information
from Active Directory to determine how mail should be routed
inside the organization. When a message is submitted to the
Microsoft Exchange Transport service, the categorizer uses the
header information in the message to query Active Directory
for information about where the message must be delivered. If the
recipient's mailbox is located on a Mailbox server in the same
Active Directory site as the Hub Transport server, the message
is delivered directly to that mailbox. If the recipient's mailbox
is located on a Mailbox server in a different Active Directory
site, the message is relayed to a Hub Transport server in that site
and then delivered to the Mailbox server.
Determining Site Membership
Active Directory clients assume site membership by matching their assigned IP address to a subnet that is defined in Active Directory Sites and Services and associated with an Active Directory site. The client then uses this information to determine which domain controllers and global catalog servers exist in that site and communicates with those directory servers for authentication and authorization purposes. Exchange 2007 takes advantage of this relationship by also preferring to retrieve information about recipients from directory servers that are in the same site as the Exchange 2007 server.
All computers that are part of the same Active Directory site are considered well-connected, with a high-speed, reliable network connection. By default, when an Active Directory forest is first deployed, there is a single site named Default-First-Site-Name. If no other sites are manually configured by the administrator, all server and client computers in the forest are considered members of Default-First-Site-Name.
When more than one site is defined, the Active Directory administrator must define the subnets that are present in the organization and associate those subnets with Active Directory sites.
The Microsoft Exchange Active Directory Topology service checks the site membership attribute on the Exchange server object when the server starts. If the site attribute has to be updated, the Microsoft Exchange Active Directory Topology stamps the attribute with the new value. The Microsoft Exchange Active Directory Topology service verifies the site attribute value every 15 minutes and updates the value if site membership has changed. The Microsoft Exchange Active Directory Topology service uses the Net Logon service to obtain current site membership. The Net Logon service updates site membership every five minutes. This means that up to a 20-minute latency period may pass between the time that site membership changes and the new value is stamped on the site attribute.
Overview of IP Site Links
Relationships between Active Directory sites are defined by IP site links. The IP site link consists of two or more Active Directory sites. All Active Directory sites that are part of the link communicate at the same cost. The IP site link properties include a cost assignment, a schedule, and an interval. The schedule and interval properties are only used for determining Active Directory replication frequency. Exchange 2007 uses the cost assignment to determine the lowest cost route for traffic to follow when multiple paths exist to the destination. The cost of the route is determined by aggregating the cost of all site links in a transmission path. The Active Directory administrator assigns the cost to a link based on relative network speed and available bandwidth compared to other available connections.
By default, the Hub Transport server always tries a direct connection to a Hub Transport server in another Active Directory site. Messages in transport do not relay through each Hub Transport server in a site link path. However, Hub Transport servers in intermediate Active Directory sites along the routing path may perform message relay in the following scenarios:
- Direct relay between Hub Transport servers will not occur when
a hub site exists along the least cost routing path. You can
configure an Active Directory site as a hub site so that
messages are routed to the hub site to be processed before the
messages are relayed to the target server. Hub sites are discussed
later in this topic.
- Exchange 2007 uses the routing path derived from IP site
link information when communication to the destination
Active Directory site fails. If no Hub Transport server in the
destination Active Directory site responds, message delivery
backs off along the least cost routing path until a connection is
made to a Hub Transport server in an Active Directory site
along the routing path. The messages are queued in that
Active Directory site and the queue will be in a retry state.
This behavior is called queue at point of failure.
- The Hub Transport server can also use the IP site link
information to optimize routing of messages that are sent to
multiple recipients. The Hub Transport server delays bifurcation of
messages until it reaches a fork in the routing paths to the
recipients. The bifurcated message is relayed to each recipient
destination by a Hub Transport server in the Active Directory
site that represents the fork in the individual routing paths. This
functionality is called delayed fan-out.
Designating Hub Sites
By default, the Hub Transport servers that are located in Active Directory sites along the path between the source server and the destination server do not process or relay the messages in any way. You can use the Set-AdSite cmdlet to override this behavior by configuring an Active Directory site as a hub site. When a hub site exists along the least cost routing path between two Hub Transport servers, the messages are routed to the hub site for processing before they are relayed to the destination server. For this routing behavior to occur, the hub site must exist along the least cost routing path between two Hub Transport servers. This configuration should only be used when it is required by the network topology, such as when firewalls exist between Active Directory sites and prevent direct relay of Simple Mail Transfer Protocol (SMTP) communications.
Setting an Exchange Specific Cost on an IP Site Link
You can use the Set-AdSiteLink cmdlet in the Exchange Management Shell to configure an Exchange-specific cost to an Active Directory IP site link. The Exchange-specific cost is a separate attribute that is used instead of the Active Directory-assigned cost to determine the Exchange routing path. This configuration is useful when the Active Directory IP site link costs to do not result in an optimal Exchange message routing topology.
New in Exchange 2007 Service Pack 1
Microsoft Exchange Server 2007 Service Pack 1 (SP1) provides supports for configuration of a maximum message size limit on an Active Directory IP site link. By default, Exchange 2007 does not impose a maximum message size limit on messages that are relayed between Hub Transport servers in different Active Directory sites. If you use the Set-AdSiteLink cmdlet to configure a maximum message size on an Active Directory IP site link, routing generates a non-delivery report (NDR) for any message that has a size larger than the maximum message size limit that is configured on any Active Directory site link in the least cost routing path. This configuration is useful for restricting the size of messages that are sent to remote Active Directory sites that must communicate over low-bandwidth connections.
Exchange 2007 Placement in Active Directory Sites
For message routing between Exchange 2007 roles to occur correctly, all roles that are deployed in the forest must belong to an Active Directory site. Make sure that the IP addresses that you have assigned are in subnets that are correctly associated with Active Directory sites.
The first step in planning the placement of Exchange 2007 servers in the Active Directory site topology is to document the current topology. Your documentation should include the following:
- Subnets and their site association
- IP site links and their member sites
- IP site link costs
- Directory servers in each site
- Physical network connections
- Firewall locations
After you have diagrammed these objects, plan the placement of Exchange servers. Consider the following information when you are deciding where to put servers:
- A Hub Transport server must be able to communicate directly
with a global catalog server to perform Active Directory
- Mailbox servers should be located in the same site as a Hub
Transport server. We recommend that you deploy more than one Hub
Transport server in each Active Directory site to provide load
balancing and fault tolerance.
- Unified Messaging servers submit messages to a Hub Transport
server for transport to a Mailbox server. A Unified Messaging
server may be located in a hub site or near the IP/voice over
Internet Protocol (VoIP) gateway or IP Private Branch eXchange (IP
PBX). The Hub Transport server that has the same site membership as
the Unified Messaging server will receive messages for transport
and route the messages to other Hub Transport servers and Mailbox
servers in the organization.
- Client Access servers provide a connectivity point to the
Exchange organization for users who are accessing Exchange
remotely. A Client Access server must be deployed in each site that
contains Mailbox servers. The Client Access server lets the user
connect directly to the Mailbox server to retrieve messages, but
any messages that are sent from the remote client must be
transported through the Hub Transport server.
After you plan Exchange 2007 placement, you may identify areas where you can modify the Active Directory site topology to improve communication flow. You may want to adjust IP site links and site link costs to optimize delayed fan-out and queue at point of failure. An efficient Active Directory topology does not require any changes to support Exchange 2007.