Hey guys, I think you will be happy to know that I am towards the end of wrapping up the Exchange 2010 Address List Segregation white paper. I will post another update as soon as we are finished with the editing and when it will be posted.
With that being said I wanted to post some information that is a *must read*. This information is pretty generic, however you must be aware of the changes in the Exchange product before you start playing with Address List Segregation on an Exchange 2010 platform.
Exchange 2010 now has an Address Book Service - In earlier versions of Microsoft Exchange prior to Exchange Server 2010, the Exchange server provided a referral service that told Outlook clients where they could find a domain controller that registered the NSPI service as a connection point. This referral would direct the Outlook client NSPI address book queries to a global catalog server. In addition, some Outlook Anywhere connections could also point the Outlook client back to the local server, and then the local server’s NSPI calls will be proxied to a global catalog server in the local site.
The Outlook client expects to find this referral service on the same server that's used for mailbox access. In Exchange 2010 now both mailbox access and directory access are handled by the Client Access server.
When an Outlook client contacts a Client Access server there are a few possible things that can happen.
- If the user's mailbox is on an Exchange Server 2007 Mailbox server or an Exchange Server 2003 server, the directory request is referred to the user's mailbox server.
- If the user's mailbox is on an Exchange 2010 Mailbox server, then one of two actions happens.
- If the user's mailbox is in the same site as the Client Access server, the request is referred to the Client Access server.
- If the user's mailbox is in a different site, the request is referred to a Client Access server in the remote site.
Now for Exchange 2010, the Client Access server will facilitate both the Referral Service and the NSPI endpoint. These two components are necessary for directory access to flow through the Client Access server.
IMPORTANT NOTE: If your Client Access server roll is installed on a domain controller the Outlook will communicate directly with the domain controller. This will bypass the Client Access server all together and revert the Exchange functionality back to as it is in Exchange 2007.
The Exchange 2010 Address List Segregation white paper is being tested on a multiple machine setup with the domain controller NOT hosting ANY exchange roles.
If you are running Exchange 2010 on a domain controller clients will by pass MAPI and Domain on the Middle Tier. THIS IS NOT SUPPORTED FOR ADDRESS LIST SEGREGATION for the reason that if you switch your roles from the domain controller to a new server you will break your address list segregation functionality.