Active Directory

Topic Last Modified: 2009-07-24

Microsoft Exchange Server 2007 stores many types of information in the Active Directory directory service. The first time that Exchange 2007 is installed into an Exchange 2007 domain hierarchy, the Active Directory schema is extended to accommodate the Exchange containers and properties.

Users and Groups

Exchange 2007 uses the Active Directory user and group account information to represent Exchange users and groups. In an Exchange 2007 environment, Active Directory users and groups are marked with Exchange-specific attributes that indicate whether they are Mail-disabled, Mail-enabled, or Mailbox-enabled. User accounts that are marked as Mail-enabled are valid recipients for e-mail messages, although they might not have a local mailbox. User accounts that are marked as Mailbox-enabled have a mailbox in the Exchange system.

Exchange 2007 administrators use the Exchange Management Console or the Exchange Management Shell to administer user accounts and group accounts. Applications that are written for Exchange 2007 can access user and group information that is stored by Exchange 2007 by using the Microsoft .NET Framework DirectoryServices API, Microsoft Windows Powershell, Lightweight Directory Access Protocol (LDAP), or Active Directory Service Interfaces (ADSI).

Configuration Data

Exchange 2007 stores its own configuration data in Active Directory.

Metabase Update Service

Internet Information Services (IIS), which is included in the Windows Server operating system, stores configuration data in the IIS metabase store. When Exchange 2007 is installed, the IIS metabase configuration information is copied into Active Directory only for Exchange servers that have the Client Access server role installed. Exchange 2007 modifies the information in Active Directory, and the metabase update service replicates the information from Active Directory to the IIS metabase. The metabase update service is part of the Exchange System Attendant. This replication occurs only from Active Directory into the IIS metabase. Changes that are made directly to the IIS metabase will not be replicated to Active Directory. The metabase update service updates the IIS metabase every couple of minutes. Therefore, there may be a delay before changes take effect.

See Also

Other Resources

Platform Technologies