Extending ActiveRoles Server Management to Exchange Resource ForestsActiveRoles Exchange Resource Forest Manager: An Add-On Application for ActiveRoles Server
Many medium- and large-size organizations find themselves in an environment that requires a multi-forest Active Directory deployment to cope with organizational structure issues (e.g., autonomous business units and decentralized IT departments), business policy or legal and regulatory requirements. Although it offers the highest level of security isolation and separation of administrative responsibility, it also introduces the need for inter-forest management; among the most important is the Exchange 2000 or Exchange 2003 messaging system. With multiple forests, one of the options for integrating Exchange with Active Directory is the resource forest model. While the Exchange Resource Forest model does separate Exchange Infrastructure management from the various user account forests, it also requires complex directory provisioning and synchronization between forests. Each time an administrator creates a user account in an account forest, a disabled shadow account with a mailbox must be created in the Exchange forest and appropriate security permissions assigned. The account properties must also be synchronized between the account forest and the Exchange forest so that the Global Address List (GAL) is consistent. These processes cannot be automated using native Active Directory mechanisms and require great amounts of administrative time to keep up with. To reduce administrative costs and automate the provisioning lifecycle and synchronization processes involved with the Exchange Resource Forest model, ActiveRoles Server offers Exchange Resource Forest Manager which exploits the multi-forest management capability of ActiveRoles Server to synchronize and provision accounts between a User Account Forest and the Exchange Resource Forest. Additionally, Exchange properties are projected from the Resource Forest onto the property pages of users in the User Forest for single point user account management. --------------------------------------------------------------------------------------------------------------- Benefits --------------------------------------------------------------------------------------------------------------- AutoProvision - provision of mailboxes in the Exchange forest upon creation of user accounts in account forests (Provision of mailboxes for existing accounts is also supported). Exchange Mailbox AutoProvision Policies - because Exchange Resource Forest Manager is an add-on application for ActiveRoles Server it can take full advantage of the Exchange Mailbox AutoProvision policies that provide automatic selection of mailbox store based on round-robin, least loaded store or organizational data such as user’s department or directory location. Synchronization - updating directory data in the Exchange forest upon changes to user accounts in account forests Deprovisioning - deprovision Exchange forest mailboxes upon deprovision of user accounts in account forests Policy Check - the Check Policy feature of ActiveRoles Server is used to detect and, in some cases, auto-correct data inconsistencies or data corruption such as broken links or mismatched data between master accounts and shadow accounts. Change History - the Management History feature of ActiveRoles Server is used to document the changes made to the master accounts and shadow accounts. Error Logging - uses the EDM Server Event Log to provide information about problems if any occur at solution run time.
|