Simon Barratt

MS Exchange 2003 - Day 3

Today we got more into AD.  Using the ADSI MMC plug in, you can choose which of the three AD partitions to view/change.  This was news to me  -I wasn't aware that AD had partitions!  These partitions are: Domain, Configuration and Schema.  The Domain partition store the user and group information, the Configuration partition stores the configuration type information (connections etc. across forest) and the Schema partition stores object types and attributes across forest.  The area we played around in was the Configuration partition.

Here lies the double edged sword of Exchange.  Building a messaging environment that relies on external directory, rather than introducing your own is a good idea.  Making it only work with AD was a mistake.  As I said in Day 1, most organisations delayed the implementation of Exchange because of its reliance on AD, and that AD was a difficult directory to implement across an organisation.  I believe MS could of made greater inroads had they opened up their environment.  But maybe they are only interested in the total control of your environment!

It seems that you are provided with a few options of slicing up the directory by using address lists.  Unless you are hosting multiple organisations, I am not sure there is much need to do this.  And, the only way to hide an address list from the dialogue boxes is to create a hierarchical tree.  This means that the people who are authorised to the list, have to click through the tree hierarchy to get to it!

One area of concern that came up, is the use of the AD Full Name within Outlook.  By default the full name is <%givenname> <%sn>, and this is how it displays in Outlook, which means you have to search by first name.  Obviously in Notes this does not matter, as you can address using either format.  So here is the work around!  Using the ADSI edit MMC, you can hack through the configuration partition of AD to modify how the full name gets generated, allowing you to make it <%sn> <%givenname> (lastname firstname), but this change only affects new accounts that are created.  I am pretty sure that all our full name are first last (this is the default after all!).  A quick Google turns up ADMOD.NET, a free tool that allows you to modify AD attributes in batch for existing users.  So we could go back and set every name the way we want.  I don't understand something as basic as this, requires you to jump all these hoops - talk about a glaring oversight!

Moving on to the client, there are some nice controls to dictate which features are available to the users.  So you can dictate which user can use OWA, or POP3, mobile access etc.  In addition, there is a web based tool, that you can download from the MS site, which allows you to control how OWA behaves.

Speaking of web clients, there does not appear to be a way of administering Exchange from a web browser, everything has to be done via the Exchange System Manager, and the recommendation in the class, is to install this on the server and use TS to log on to the server to run it, as it is too sluggish running from your client.  Admin options seem a bit limiting.

There appears to be some tools available to simplify the process of setting up the Outlook client (Office Resource Kit).  I need to make sure our desktop group are aware of these and we get the client setup correctly.  In particular the cached mode option.  MS appear to of done a nice job of taking Notes' replication model and implementing it in Outlook.  This mode is key to any centralisation option.  The client just 'chats' away in the background, bringing down new email when necessary.  Although, no-one seems to know how often it checks!

We moved on to the RPC over HTTP feature next.  Which allows the Outlook client to connect to the Exchange server, without requiring a VPN connection, by virtue of the fact that the RPC requests are wrapped up in http first, and get sent out on port 80.  As mentioned previously, setting this up requires you to have all your ducks in a row.  Once they are all lined up, this does work.  The discussion in the class, was that "this is ok", but it only gets our users into email.  As they will still need VPN access for all the other applications in use, there is no great rush to use this feature - which is fair enough considering what you need to install to activate it.  How it will work for us, with our split DNS model, is whole other question!

We then moved on to some of the Outlook client options.  Just touched on calendaring and availability.  First impressions, are that Outlook suffers the same fate as the rest of Office - feature bloat!  You get an overwhelmingly confusing array of whistles and bells to set.  The more we can set up by default for our users the better!  Also, the use of Word as your default email editor, seems to be another option that generates unnecessarily large emails!  Why would you want to do this?

Some simple omissions:  You can only set a single contiguous block of time for your daily availability, we are used to blocked out the 12-1pm hour too.  You can only switch Out of Office on or off.  You can not specify a date range for when you are out, and then, annoyingly, it asks you every time you launch Outlook, if you want to turn it off!!!

There is a public free/busy service advertised in the outlook client, but when you follow the links you are told that this service is not offered by MS any more!

Oh well, upwards and onwards!