Applies to: Exchange Server 2007 SP3, Exchange Server
2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-02-20
After an Edge Transport server has been subscribed to the Exchange organization, the Microsoft Exchange EdgeSync service replicates data from the Active Directory directory service to the Active Directory Application Mode (ADAM) directory service instance on the Edge Transport server. The replicated data lets you implement a wider range of anti-spam features and enables domain security functionality. The EdgeSync synchronization process also lets you configure Send connectors and configuration objects that are common to both the Exchange organization and the Edge Transport server on a Hub Transport server and then have that data automatically populated to ADAM. The EdgeSync synchronization process keeps this data up to date by performing scheduled synchronization.
This topic provides detailed information about the EdgeSync synchronization process.
Microsoft Exchange EdgeSync Service
The Microsoft Exchange EdgeSync service is the data synchronization service that periodically replicates configuration data from Active Directory to a subscribed Edge Transport server. The Microsoft Exchange EdgeSync service runs on all Hub Transport servers under the context of the Local Service account. Data is pushed from Active Directory by the Hub Transport server inside the organization to the Edge Transport server in the perimeter network. This means that the Hub Transport server always initiates the synchronization session and that the Microsoft Exchange EdgeSync service performs only one-way synchronization from Active Directory to ADAM. Data from ADAM is never synchronized to Active Directory.
To perform synchronization, the Microsoft Exchange EdgeSync service establishes a mutually authenticated and authorized a secure Lightweight Directory Access Protocol (LDAP) channel from the Hub Transport server to the Edge Transport server. The EdgeSync replication account (ESRA) credentials that are provisioned during the Edge Subscription process are used to establish the secure LDAP connection. For more information about the ESRA credentials, see Understanding Edge Subscription Credentials.
By default, the Microsoft Exchange EdgeSync service uses the non-standard TCP port 50636 for secure LDAP communications. Your internal firewall must allow outbound communication through this port to the Edge Transport servers in the perimeter network. If you want to modify the secure LDAP port that is used to connect to ADAM, you must use the ConfigureAdam.ps1 script that is provided with Microsoft Exchange Server 2007. For more information about how to modify the ADAM configuration, see How to Modify ADAM Configuration.
EdgeSync Synchronization Process
When the Edge Subscription is established, initial replication occurs. Configuration objects and recipient data are populated to ADAM during initial replication. The initial replication process can take a long time if you have a large quantity of recipient data. For more information about the types of data that are replicated to ADAM, see EdgeSync Replication Data.
After ADAM is populated, the Microsoft Exchange EdgeSync service runs at set intervals to keep the data in ADAM up to date. At each of these intervals, new objects are added to ADAM, deleted objects are removed, and modified objects are updated. For more information about the synchronization intervals, see "Synchronization Schedule" later in this topic.
The directory service changes that are available to synchronize to ADAM at each synchronization interval are completely dependent on the data that has been replicated to the domain controller and global catalog server to which the Hub Transport server is bound. Every time that an Exchange 2007 server starts, the Microsoft Exchange Active Directory Topology Service discovers the domain controllers and global catalog servers that Exchange 2007 can use to retrieve configuration and recipient data from Active Directory. You cannot specify to bind to a particular directory when you are running the EdgeSync synchronization process.
A subscribed Edge Transport server is associated with a particular Active Directory site. If more than one Hub Transport server exists in the site, any of them can replicate data to the subscribed Edge Transport servers. But the same Hub Transport server will be preferred. To avoid contention among the Hub Transport servers when synchronizing, the selection of the preferred Hub Transport server occurs as follows:
- The first Hub Transport server in the Active Directory
site to perform a topology scan and discover the new Edge
Subscription performs the initial replication. Because this
discovery is based on the timing of the topology scan, any Hub
Transport server in the site may perform the initial
replication.
- The Hub Transport server that performs the initial replication
establishes an EdgeSync lease option and sets a "lock" on the Edge
subscription. The lease option establishes that Hub Transport
server as the preferred server to provide synchronization services
to that Edge Transport server. The lock prevents the
Microsoft Exchange EdgeSync service on another Hub Transport
server from taking over the lease option.
- The EdgeSync lease option lasts for one hour. No other
Microsoft Exchange EdgeSync service can take over the
option from another Hub Transport server during this one-hour
period unless a manual synchronization occurs before this
period expires. If the preferred Hub Transport server is not
available to provide the Microsoft Exchange EdgeSync
service when manual synchronization is performed, after a
five-minute wait, the lock is released and another
Microsoft Exchange EdgeSync service takes over the lease
option and performs synchronization.
- If manual synchronization is not performed, synchronization
occurs based on the EdgeSync synchronization schedule. If the
preferred server is not available when scheduled synchronization
occurs, after a five-minute wait, the lock is released and another
Microsoft Exchange EdgeSync service takes over the lease
option and performs synchronization.
This method of locking and leasing prevents more than one instance of the Microsoft Exchange EdgeSync service from pushing data to the same Edge Transport server at the same time.
Note: |
---|
When an Edge Transport server is subscribed to an Active Directory site, all the Hub Transport servers that are installed in that Active Directory site at that time can participate in the EdgeSync synchronization process. If one of those servers is removed, the Microsoft Exchange EdgeSync service that is running on the remaining Hub Transport servers will continue the data synchronization process. However, if new Hub Transport servers are installed in the Active Directory site, they will not participate in the EdgeSync synchronization process. To enable those Hub Transport servers to participate in the EdgeSync synchronization process, you have to resubscribe the Edge Transport server. |
The following table lists the EdgeSync properties that are related to the locking and leasing process. The properties are not configurable.
EdgeSync lease properties
Property name | Value | Description |
---|---|---|
Lock duration |
5 minutes |
This setting determines for how long a particular Microsoft Exchange EdgeSync service will acquire a lock. If the Microsoft Exchange EdgeSync service on the Hub Transport server that is holding this lock does not respond, it will take five minutes for the Microsoft Exchange EdgeSync service on another Hub Transport server to take over the lease. Forcing EdgeSync synchronization does not override this value. |
Option duration |
1 hour |
This setting determines for how long a Microsoft Exchange EdgeSync service can declare a lease option on an Edge Transport server. If the Microsoft Exchange EdgeSync service holding the lease is unavailable and does not restart during this option period, no other Microsoft Exchange EdgeSync service will take over the lease option, unless you force EdgeSync synchronization. |
Lock renewal |
1 minute |
This setting determines how frequently the lock field is updated when a Microsoft Exchange EdgeSync service has acquired a lock to an Edge Transport server. |
Synchronization Schedule
Different types of data synchronize on different schedules. The schedule specifies the maximum length of time that a Microsoft Exchange EdgeSync service should go between synchronization intervals. The EdgeSync schedule intervals are not configurable. However, if you use the Start-EdgeSynchronization cmdlet in the Exchange Management Shell to force synchronization of Edge Subscriptions to occur immediately, you override the timer that determines the next time that EdgeSync synchronization is scheduled to occur.
The following table lists the EdgeSync schedule parameters that determine when different types of data are synchronized to ADAM.
EdgeSync schedule parameters
Parameter | Value | Description |
---|---|---|
Configuration |
1 hour |
This parameter determines the frequency at which the Microsoft Exchange EdgeSync service will try to synchronize configuration data to an Edge Transport server. |
Recipients |
4 hours |
This parameter determines the frequency at which the Microsoft Exchange EdgeSync service will try to synchronize recipient data to an Edge Transport server. |
Topology |
5 minutes |
This parameter determines how frequently topology information is reloaded. |
For More Information
For more information, see the following topics: