EdgeSync is a component of the Edge
Transport server that allows replication of certain data from Active
Directory to the Edge Transport server to support specific antispam and
email filtering components. As an example, an organization might want a
copy of their recipient email address list at the Edge Transport layer
of their security system so that if an email comes in for a user who
does not exist in the organization, the message can be purged
immediately instead of taking up disk space to queue, route, or even
manage unnecessary content.
Understanding the EdgeSync Process
The
EdgeSync process runs on the Hub Transport server in an Active
Directory forest and replicates data to the Edge Transport server(s).
The EdgeSync communication between the Hub and Edge Transport server is
secure. For example, EdgeSync is required if you plan on recognizing
and taking action on email messages that are sent to nonexistent
recipients.
Note
Active
Directory Application Mode (ADAM) is installed on the Edge Transport
server during the installation process because it is required to use
EdgeSync. ADAM works in conjunction with EdgeSync as a directory in
which EdgeSync collects directory information. ADAM can be used in
conjunction with an organization’s Active Directory in an extranet
scenario where employees (in Active Directory) need mail routed through
the Edge Transport server, but also nonemployees such as contractors or
vendors would be populated in ADAM and EdgeSync’d into the Edge
Transport server system filter tables.
Using EdgeSync to Subscribe the Server to the Exchange Server 2007 Organization
EdgeSync
is also used to subscribe the Edge Transport server to the internal
Exchange Server 2007 organization. Subscribing the Edge Transport
server in this manner automatically defines the Send Connectors on the
Edge Transport server after they have been replicated to ADAM on the
Edge Transport server from a Hub Transport server. The Hub Transport
server the Edge Transport server has subscribed with will now route all
email from its domain addressed to Internet recipients through the
subscribed Edge Transport server(s). Send Connectors must be configured
manually if the Edge Transport server is not subscribed internally and
utilizing EdgeSync.
Note
Using
EdgeSync overwrites previously defined Send Connector configurations
and disables the Send Connector configuration on the Edge Transport
server after replication to the Edge Transport server has occurred,
unless you deselect having Send Connectors automatically defined when
you import the Edge subscription file on the Hub Transport server.
Maintaining the EdgeSync Schedule of Replication
EdgeSync
runs on a regularly scheduled basis with configuration data being
replicated every hour and recipient information being replicated every
4 hours. This ensures the information needed by the Edge Transport
server is up to date. EdgeSync replicates the following items from
Active Directory to the ADAM instance on the Edge Transport server:
Outlook 2003 and 2007 Safe Senders Lists (Blocked Senders are not replicated)
Valid
email recipients listed in AD (used by the Block E-Mail Sent to
Non-Existent Recipients feature of the Recipient Filtering Agent)
Accepted and remote domains
Send Connector configuration
List of Hub Transport servers
Configuring EdgeSync on an Edge Transport Server
Configuring
EdgeSync begins with exporting the Edge Transport subscription file for
importing on a Hub Transport server that communicates with Active
Directory. The Edge Transport subscription file is in Extensible Markup
Language (XML) format. This procedure must be repeated for each Edge
Transport server.
1. | Ensure communication through ports 50389 and 50636 is available between the Hub and Edge Transport servers.
Note
Ports 50389 (LDAP) and 50636 (Secure LDAP) were assigned at installation and cannot be changed on the Edge Transport server.
|
2. | Use the Exchange Management Shell to export the Edge Transport subscription file.
|
3. | Open the Exchange Management Shell.
|
4. | Enter the following:
New-EdgeSubscription –FileName "C:\temp\EdgeSubscriptionInfo.xml"
Note
You must include the full path to the file.
|
5. | Copy
the Edge subscription file to the Hub Transport server. (For security
reasons, it is recommended to delete the Edge subscription file after
it has been copied to the Hub Transport server and replication has been
verified.)
|
6. | Use the Exchange Management Console or Shell to import the Edge Transport subscription file on the Hub Transport server.
|
7. | Place a copy of the EdgeSubscriptionInfo.xml file you created in the previous step onto the Hub Transport server (for example, C:\temp\EdgeSubscriptionInfo.xml) to import the Edge subscription file using the Exchange Management Console.
|
8. | Open the Exchange Management Console. In the results pane for the Hub Transport role, click the Edge Subscriptions tab.
|
9. | In the action pane, click New Edge Subscription to launch the New Edge Subscription Wizard.
|
10. | Select an Active Directory site from the drop-down list.
|
11. | Click Browse to browse to the location of the Edge subscription file you copied from the Edge Transport server (for example, C:\temp\EdgeSubscriptionInfo.xml), and click Next.
|
12. | Click New.
|
13. | Click Finish when the completion page appears.
|
14. | Use the Microsoft Exchange Management Shell to import the Edge Transport subscription file.
New-EdgeSubscription -filename "C:\temp\EdgeSubscriptionInfo.xml"
-CreateInternetSendConnector $true -site "Default-First-Site-Name"
|
15. | Verify synchronization to the Edge Transport server’s ADAM instance.
|
16. | Review the application log in Event Viewer for MsExchange EdgeSync events on the Hub and Edge Transport servers.
|
As
noted earlier, EdgeSync is not configured through the Exchange
Management Console. Four EdgeSync commands exist for use with the
Exchange Management Shell:
Each
shell command has its own parameters you can set based on the action(s)
performed by the command. Each command performs a specific task or set
of tasks.
The Get- command is used to retrieve the current configuration for EdgeSync. For example, entering Get- EdgeSubscription -Identity EDGE1 displays EdgeSync configuration on a server named EDGE1. This command can be run on any Exchange 2007 server on the network.
Running the Get-EdgeSubscription command on an Edge Transport server displays that server’s EdgeSync subscription, whereas running the Get-EdgeSubscription–Identity parameter to specify the name of the Edge Transport server. on a Hub Transport server can also display EdgeSync subscriptions on Edge Transport servers. Use the
Creating a New EdgeSync Subscription File
The New-EdgeSubscription
command is used to add a new Edge subscription to a Hub Transport
server and configure the options for adding a new subscription, such as
whether to automatically create the Send Connector or specify the
Active Directory site. The following example imports a new Edge
Transport subscription file, thus subscribing the Edge Transport server to the network. This command is run on the Hub Transport server.
New-EdgeSubscription -FileName "C:\temp\EdgeServerSubscription.xml"
Removing an EdgeSync Subscription
The Remove-EdgeSubscription
command is used to unsubscribe an Edge Transport server from
participating in EdgeSync. The following example removes an Edge
subscription from Active Directory. This command is run on the Hub
Transport server.
Remove-EdgeSubscription -Identity EDGE3 -DomainController dc1.companyabc.com
Note
This unsubscribes the Edge Transport server from the synchronization process on the Hub Transport server.
Starting EdgeSync Synchronization
Edge synchronization can be started by running the Start-EdgeSynchronization
command on any Exchange 2007 server joined to the Active Directory
domain. Starting Edge synchronization comes in handy when you have
added a new Edge server, want to test synchronization, or replicate
changes immediately. The Start-EdgeSynchronization command initializes EdgeSync to all Edge Transport servers.
Start-EdgeSynchronization
