Occasionally you may have to resubscribe an Edge Transport server to an Active Directory site. When the Edge Subscription is recreated, new credentials are generated and the complete Edge Subscription process must be followed. This process is used in the following scenarios:

• New Hub Transport servers have been deployed in the subscribed Active Directory site and you want the new server to participate in EdgeSync synchronization. For more information about this scenario, see "Adding or Removing a Hub Transport Server" later in this topic.
  
  
• The license key for the Edge Transport server was applied after the Edge Subscription was created. The licensing information for the Edge Transport server is captured when the Edge Subscription is created and is shown in the Exchange Management Console for the Exchange organization. For subscribed Edge Transport servers to appear as licensed, they must be subscribed to the Exchange organization after the license key is applied on the Edge Transport server. If the license key is applied on the Edge Transport server after you perform the Edge Subscription process, the licensing information is not updated in the Exchange organization and you must resubscribe the Edge Transport server.
  
  
• You want to make sure that the Exchange server version information is synchronized after you upgrade an Exchange server to a more recent build. In this case, the Edge Transport server build version number is not replicated to other server roles. This is because the EdgeSync synchronization process provides a one-way replication of data from Active Directory to AD Lightweight Directory Services. For more information, see the "Microsoft Exchange EdgeSync Service" section of the Understanding the EdgeSync Synchronization Process topic.
  
  
• The ESRA credentials are compromised.
  
  

Important:

To resubscribe an Edge Transport server, export a new Edge Subscription file on the Edge Transport server and then import the XML file on a Hub Transport server. You must resubscribe the Edge Transport server to the same Active Directory site to which it was originally subscribed. You do not have to first remove the original Edge Subscription. The resubscription process will overwrite the existing Edge Subscription.

There are some scenarios where you may have to remove an Edge Subscription from the Exchange organization or from both the Exchange organization and the Edge Transport server. If the Edge Transport server will be resubscribed to the Exchange organization, do not remove the Edge Subscription from the Edge Transport server. When you remove the Edge Subscription from an Edge Transport server, all replicated data is deleted from ADAM. This can take a long time if you have lots of recipient data.

The following list provides examples of situations that require that you remove the Edge Subscription.

• You no longer want the Edge Transport server to participate in the EdgeSync synchronization process. In this scenario, you must remove the Edge Subscription from both the Edge Transport server and from the Exchange organization.
  
  
• An Edge Transport server is being decommissioned. In this scenario, you must remove the Edge Subscription from the Exchange organization only. If you uninstall the Edge Transport server role from the computer, the ADAM instance and all Active Directory data that is stored in ADAM is also removed.
  
  
• You want to change the Active Directory site association for the Edge Subscription. In this scenario, you must remove the Edge Subscription from only the Exchange organization. After the Edge Subscription is removed from the Exchange organization, you can resubscribe the Edge Transport server to a different Active Directory site.
  
  

If you want to remove an Edge Subscription, follow these steps:

1. Stop mail flow on the Edge Transport server. Disable any receive connectors on the Edge Transport server to prevent it from accepting any new messages and then wait for the queues to drain.
   
   
2. Remove the Edge Subscription by running the Remove-EdgeSubscription cmdlet on a Hub Transport server inside the Exchange organization. If you are not going to resubscribe the Edge Transport server, also run this cmdlet on the Edge Transport server after this step has been performed on a Hub Transport server.
   
   

When you remove the Edge Subscription from the Exchange organization, the effect is as follows:

• Synchronization of information from Active Directory to ADAM stops.
  
  
• The ESRA accounts are removed from both Active Directory and ADAM.
  
  
• The computer that has the Edge Transport server role installed is removed from the source server list of any Send connector.
  
  
• The automatic inbound Send connector from the Edge Transport server to the Exchange organization is removed from ADAM.
  
  

When you remove the Edge Subscription from an Edge Transport server, the effect is as follows:

• You can no longer use the Edge Transport server features that rely on Active Directory data.
  
  
• Replicated data is removed from ADAM.
  
  
• The tasks that were disabled when the Edge Subscription was created are re-enabled to allow for local configuration.
  
  

Depending on the reason that you have removed an Edge Subscription, you may want to resubscribe that same Edge Transport server to the original Active Directory site to which it was subscribed or to a different Active Directory site. When the Edge Subscription is recreated, new credentials are generated and the complete Edge Subscription process must be followed.

If you are removing the Edge Transport server from service, follow the procedures in How to Completely Remove Exchange 2007 from a Server.

You can subscribe one or more Edge Transport servers to a single Active Directory site. If you deploy additional Edge Transport servers in your perimeter network and subscribe them to the same Active Directory site where an Edge Subscription already exists, the following actions occur:

• A new Edge Subscription object is created in Active Directory.
  
  
• Additional ESRA accounts are created for each Hub Transport server in the Active Directory site. These accounts are replicated to ADAM and used by the EdgeSync synchronization process during synchronization with the new server.
  
  
• The new Edge Subscription is added to the source server list of the automatic Send connector to the Internet. Messages submitted to that connector for processing will be load-balanced between the subscribed Edge Transport servers.
  
  
• An inbound Send connector from the Edge Transport server to the Exchange organization is automatically created.
  
  
• EdgeSync synchronization to the Edge Transport server starts.
  
  

If a Hub Transport server is added to the Active Directory site to which an Edge Transport server is already subscribed, it does not automatically participate in the EdgeSync synchronization process. To enable a newly deployed Hub Transport server to participate in the EdgeSync synchronization process, you must resubscribe each Edge Transport server to the Active Directory site.

Removing a Hub Transport server from an Active Directory site where an Edge Transport server is subscribed will not affect EdgeSync synchronization, unless that Hub Transport server is the last Hub Transport server in that site. If you remove all Hub Transport servers from the Active Directory site where an Edge Transport server is subscribed, the subscribed Edge Transport servers are orphaned.

Any errors that occur during the EdgeSync synchronization process are reported to the Application log of the Windows Event Viewer. These errors will typically appear on the Hub Transport server. However, subscribed Edge Transport servers will report errors if synchronization has not occurred in a long time.

Test-EdgeSynchronization is a diagnostic cmdlet that provides a report of the synchronization status of subscribed Edge Transport servers. This task provides useful information to the administrator when it is run manually. It can also be called by Microsoft Operations Manager. When the task is called by Microsoft Operations Manager, alerts are generated if an Edge Transport server is not synchronized.

The Test-EdgeSynchronization cmdlet provides proactive alerting when an Edge Transport server is no longer synchronized. The output of this cmdlet lets you view which objects have not been synchronized to the Edge Transport server. The task compares the data that is stored in Active Directory and the data that is stored in ADAM. Any inconsistencies in data are reported in the results output by this command.

You can use the ExcludeRecipientTest parameter with the Test-EdgeSynchronization cmdlet to exclude validation of recipient data synchronization. If you include this parameter, only the synchronization of configuration objects is validated. Validating that recipient data is synchronized will take longer than validating only configuration data.

If you want to verify the EdgeSync synchronization results for a specific recipient, you can use Ldp.exe to view the recipient properties that are stored in ADAM. You must locate the recipient by its Active Directory GUID and, because the data is sent hashed, you must also be able to interpret the information that is returned when you view the recipient details. This tool should be used only for viewing recipient information and should never be used to modify data in ADAM. For more information, see How to Verify EdgeSync Results for a Recipient.

New in Exchange 2007 SP1

For more information, see the following topics:

• Subscribing the Edge Transport Server to the Exchange Organization
  
  
• Using an Edge Subscription to Populate ADAM with Active Directory Data
  
  
• EdgeSync Replication Data
  
  
• Understanding the EdgeSync Synchronization Process
  
  
• EdgeSync and Send Connectors
  
  
• Understanding Edge Subscription Credentials
  
  
• Managing Edge Subscriptions
  
  
• EdgeSync Cmdlets