Applies to: Exchange Server 2007 SP3, Exchange Server
2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2006-11-09
This topic provides information about how to subscribe the Edge Transport server to the Microsoft Exchange Server organization. The Edge Subscription process is the procedure that an administrator follows to establish an Edge Subscription for an Edge Transport server. You subscribe an Edge Transport server to an Active Directory directory service site to associate the Edge Transport server with the Exchange organization. After the Edge Transport server is subscribed, the Microsoft Exchange EdgeSync service periodically replicates recipient and configuration data from Active Directory to the Active Directory Application Mode (ADAM) instance on a computer that has the Edge Transport server role installed.
The Microsoft Exchange EdgeSync service is the data synchronization service that runs on a Hub Transport server. The Microsoft Exchange EdgeSync service that is running on the Hub Transport servers in the Active Directory site to which the Edge Transport server is subscribed periodically performs one-way replication of recipient and configuration data to ADAM. The Microsoft Exchange EdgeSync service copies only the information that is required for the Edge Transport server to perform anti-spam configuration tasks, and information about the Send connector configuration that is required to enable mail flow between the Exchange 2007 organization's Hub Transport servers and the Internet through one or more Edge Transport servers. The Microsoft Exchange EdgeSync service performs scheduled updates so that the information in ADAM remains current.
You must create an Edge Subscription if you use the recipient lookup feature or safelist aggregation. These features run on the Edge Transport server. Creating an Edge Subscription reduces the administration that is performed in the perimeter network by letting you perform needed configuration on the Hub Transport server role and then write that information to the Edge Transport server.
When an Edge Transport server is subscribed to an Active Directory site, the following connectors are created by the Microsoft Exchange EdgeSync service:
- An implicit Send connector from the Hub Transport servers that
are in the same forest to the Edge Transport server.
- A Send connector from the Edge Transport server to the Hub
Transport servers in the Active Directory site to which the Edge
Transport server is subscribed.
- A Send connector from the Edge Transport server to the
Internet.
Replication Data
When data is sent to ADAM from Active Directory, it is sent over an encrypted channel using a Secure Lightweight Directory Access Protocol (Secure LDAP) connection. Additionally, the Safe Senders lists and recipient information is hashed to protect the data. The Secure LDAP connection is secured by the ADAM credentials stored in the Edge subscription file. The Microsoft Exchange EdgeSync service replicates the following data from Active Directory to ADAM:
- Send connector configuration
- Accepted domains
- Remote domains
- Message classifications
- Safe Senders Lists
- Recipients
Configuring an Edge Subscription
Before you can establish replication to ADAM from an Active Directory site, you must create the Edge Subscription file on the Edge Transport server role. You must create a separate Edge Subscription file for each Edge Transport server that is subscribed to the Exchange organization. To configure an Edge Subscription, follow these steps:
- Export the Edge Subscription file on the Edge Transport
server.
- Copy the Edge Subscription file to the Hub Transport
server.
- Import the Edge Subscription file on the Hub Transport
server.
Note: You must complete the Edge Subscription process inside the organization within 24 hours of exporting the Edge Subscription file on the Edge Transport server. If you don't export the Edge Subscription file on the Edge Transport server within 24 hours, the bootstrap account expires and you must remove the Edge Subscription and start the procedure again. - Verify that synchronization is completed successfully by
inspecting MsExchange EdgeSync events in the Application log in
Event Viewer.
Important: It is a best practice to delete the Edge Subscription file from the Edge Transport server after you copy the file to the Hub Transport server where you will import the Edge Subscription file, and from the Hub Transport server after the Edge Subscription file is imported.
When an Edge Transport server is subscribed to an Active Directory site, all the Hub Transport servers that are installed in that Active Directory site at that time can participate in the EdgeSync process. If one of those servers is removed, the Microsoft Exchange EdgeSync service that is running on the remaining Hub Transport servers continues the data synchronization process. However, if new Hub Transport servers are installed in the Active Directory site, they will not participate in the EdgeSync process. To enable those Hub Transport servers to participate in the EdgeSync process, you must remove the Edge Subscription from both the subscribed Edge Transport server and the subscribed Active Directory site and then re-create the Edge Subscription.
For More Information
For more information, see the following topics: