What is the Exchange Administrator module for Directory and Resource Administrator? (NETIQKB217)

  • 7700217
  • 02-Feb-2007
  • 19-Jun-2007

Resolution

goal
What is the Exchange Administrator module for Directory and Resource Administrator?

goal
Where is the FAQ about the Exchange Administrator module?

fact
Directory and Resource Administrator 6.x

fact
Directory and Resource Administrator 7.x

fact
Directory and Resource Administrator 8.0

fix
The Exchange Administrator module integrates with DRA (Directory and Resource Administrator) to treat Exchange 5.5 and Exchange 2000 mailboxes as an extension of the user account. You can then manage Exchange mailbox properties using the same windows DRA uses for managing user account properties.

ADDITIONAL QUESTIONS AND ANSWERS

Which versions of Microsoft Exchange Server does Exchange Administrator support?
NetIQ Exchange Administrator (ExA) supports both Exchange 5.5 and Exchange 2000. For ExA to manage both Exchange 5.5 and Exchange 2000 from a single ExA server, Microsoft hotfix Q280136 must be installed on the ExA server.

For more information also see NetIQ Knowledge Base article NETIQKB1674.

Which Exchange 5.5 objects does ExA manage?
ExA supports most properties associated with Exchange 5.5 mailboxes and provides the ability to add/remove mailboxes to/from Exchange 5.5 distribution lists. The Exchange 5.5 mailbox properties not supported by ExA are protocol options, permissions, and certificate options.

Which Exchange 2000 objects does ExA manage?
ExA supports most Exchange 2000 properties associated with contacts, groups, and user accounts. ExA does not yet support public folders or the Instant Messaging (IM) properties for mailboxes. Setting mailbox rights on mailboxes is not supported.

What if a user account has an Exchange 5.5 mailbox and an Exchange 2000 mailbox?
When configured to manage both Exchange 5.5 and Exchange 2000, ExA will allow both mailboxes to be managed. This capability can be beneficial during an Exchange 5.5 to Exchange 2000 migration. When a user account with both an Exchange 5.5 mailbox and an Exchange 2000 mailbox is cloned, only the Exchange 2000 mailbox is cloned.

Does ExA provide reports?
Yes, the Reporting and Query tool provides more than 15 Exchange-related reports.

Can ExA mailbox enable/disable user accounts for Exchange 2000?
Yes.

Can ExA mail enable/disable user accounts for Exchange 2000?
Yes.

Can ExA mail enable/disable contacts and groups for Exchange 2000?
Yes.

Can ExA move Exchange 5.5 mailboxes?
No. Consider NetIQ Exchange Migrator if you have a need to move Exchange 5.5 mailboxes.

Can ExA move Exchange 2000 mailboxes?
Yes, ExA can move Exchange 2000 mailboxes within an Exchange 2000 organization. ExA cannot move Exchange 2000 mailboxes between organizations. For proper operation of the move mailbox feature, Microsoft hotfix Q295694 must be installed on the ExA server. Contact Microsoft technical support to obtain this hotfix.

Which authentication method does ExA use for Exchange 5.5?
ExA attempts to use Windows NT Challenge/Response authentication when communicating with Exchange 5.5. If Windows NT Challenge/Response authentication fails, ExA uses Basic authentication.

If the preferred Exchange Server 5.5 is installed on a Windows 2000 domain controller, why must the Exchange 5.5 LDAP port be changed?
ExA performs some communication with Exchange 5.5 via LDAP. On a Windows 2000 domain controller, Active Directory uses port 389. Port 389 is also the default port used by Microsoft Exchange. As a result, any applications that attempt to communicate with Exchange 5.5 via LDAP, including ExA, will not work if Active Directory and Exchange attempt to share the same port. The port used by Exchange must be used only by Exchange. This is not an issue for Exchange 2000.

If the preferred Exchange Server 5.5 is installed on a Windows NT 4 domain controller or a Windows NT/2000 member server, must the Exchange 5.5 LDAP port be changed?
Not usually. As covered in the previous Q&A, the only reason to change the LDAP port on a Windows 2000 domain controller .
is because of a conflict with Active Directory. If there is no conflict over port 389 on a computer, then there is no need to change the Exchange 5.5 LDAP port.

If I must change the Exchange 5.5 LDAP port, do I need to change the port to a specific value?
No, ExA will work with any TCP port supported by Exchange 5.5. ExA is able to communicate with ExA enough to retrieve the LDAP port being used by the preferred Exchange server.

I just created a user account with an Exchange 2000 mailbox, but the email addresses do not appear on the property page. What is wrong?
Probably nothing. When a mailbox is created, Exchange 2000 does not immediately generate the email addresses. The Exchange 2000 Recipient Update Service handles this process on a regularly scheduled basis. Even when the process is scheduled to run immediately, we have observed that it may take several minutes before Exchange 2000 generates the email addresses.

Microsoft recommends that only universal groups be mail-enabled for Exchange 2000. Will ExA enable me to enforce that best practice?
Yes, a policy script that enforces this policy is included in the DRA/ExA SDK. This will be a built-in configuration option in a future release of ExA.

What permissions does the DRA service account require to allow ExA to manage Exchange 2000?
The DRA service account must be assigned the Exchange Full Administrator role at the organization level, either directly or through membership in a group to which this role has been assigned.

What permissions does the DRA service account require to allow ExA to manage Exchange 5.5?
The DRA service account must be assigned the Permissions Admin role at the organization level and for each Exchange site, either directly or via membership in a group to which this role has been assigned.

For more information on enabling Exchange 5.5 support refer to the following NetIQ Knowledge Base article:

NETIQKB335 How is Exchange 5.5 Mailbox support enabled in Directory and Resource Administrator version 6.30 and later?

NETIQKB292 How is Exchange 2000 mailbox support enabled in Directory and Resource Administrator?

.


Additional Information

Formerly known as NETIQKB217

Feedback service temporarily unavailable. For content questions or problems, please contact Support.