EdgeSync
is a component of the Edge Transport server that allows replication of
certain data from Active Directory to the Edge Transport server to
support specific antispam and email filtering components. As an example,
an organization might want a copy of their recipient email address list
at the Edge Transport layer of their security system so that if an
email comes in for a user who does not exist in the organization, the
message can be purged immediately instead of taking up disk space to
queue, route, or even manage unnecessary content.
Understanding the EdgeSync Process
The EdgeSync process runs
on the Hub Transport server in an Active Directory forest and replicates
data to the Edge Transport server(s). The EdgeSync communication
between the Hub and Edge Transport server is secure. For example,
EdgeSync is required if you plan on recognizing and taking action on
email messages that are sent to nonexistent recipients. EdgeSync is also required if
you intend to recognize entries in Outlook 2003 and 2007 clients, also
known as Safelist Aggregation, which is covered later in this section.
Note
Active
Directory Lightweight Directory Services (AD LDS) must be installed on
the Edge Transport server before Exchange Server 2010 is installed
because it is required to use EdgeSync. AD LDS works in conjunction with
EdgeSync as a directory in which EdgeSync collects directory
information. AD LDS can be used in conjunction with an organization’s
Active Directory in an extranet scenario where employees (in Active
Directory) need mail routed through the Edge Transport server, but also
nonemployees such as contractors or vendors would be populated in AD LDS
and EdgeSync’d into the Edge Transport server system filter tables.
Using EdgeSync to Subscribe the Server to the Exchange Server 2010 Organization
EdgeSync is also used
to subscribe the Edge Transport server to the internal Exchange Server
2010 organization. Subscribing the Edge Transport server in this manner
automatically defines the Send Connectors on the Edge Transport server
after they have been replicated to AD LDS on the Edge Transport server
from a Hub Transport server. The Hub Transport server the Edge Transport
server has subscribed with will now route all email from
its domain addressed to Internet recipients through the subscribed Edge
Transport server(s). Send Connectors must be configured manually if the
Edge Transport server is not subscribed internally and utilizing
EdgeSync.
Note
Using EdgeSync
overwrites previously defined Send Connector configurations and disables
the Send Connector configuration on the Edge Transport server after
replication to the Edge Transport server has occurred, unless you
deselect having Send Connectors automatically defined when you import
the Edge subscription file on the Hub Transport server.
Maintaining the EdgeSync Schedule of Replication
EdgeSync runs on a
regularly scheduled basis with configuration data replicated every hour
and recipient information replicated every four hours. In Exchange
Server 2007’s EdgeSync instance, a full replication took place at every
interval, whereas with Exchange Server 2010’s EdgeSync instance, only
changes are now replicated (deltas), significantly reducing bandwidth
and time needed for replication. Also new to Exchange Server 2010’s
EdgeSync process is the support of a customizable EdgeSync schedule,
whereas Exchange Server 2007’s EdgeSync process was static and not
configurable. This ensures the information needed by the Edge Transport
server is up to date. EdgeSync replicates the following items from
Active Directory to the AD LDS instance on the Edge Transport server:
Outlook 2003 and 2007 Safe Senders and Safe Recipients Lists (Blocked Senders are not replicated)
Valid
email recipients listed in AD (used by the Block E-Mail Sent to
Non-Existent Recipients feature of the Recipient Filtering Agent)
Message classifications
Accepted and remote domains
Send Connector configuration
List of Hub Transport servers subscribed in Active Directory
Transport Layer Security (TLS) Send and Receive Domain Secure lists
Internal SMTP relay servers lists
Configuring EdgeSync on an Edge Transport Server
Configuring
EdgeSync begins with exporting the Edge Transport subscription file for
importing on a Hub Transport server that communicates with Active
Directory. The Edge Transport subscription file is in Extensible Markup
Language (XML) format. This procedure must be repeated for each Edge
Transport server:
1. | Ensure communication through ports 50389 and 50636 is available from the Hub Transport to the Edge Transport servers.
Note
Ports 50389 (LDAP) and 50636 (Secure LDAP) were assigned at installation and cannot be changed on the Edge Transport server.
|
2. | Use the Exchange Management Shell to export the Edge Transport subscription file.
|
3. | Open the Exchange Management Shell.
|
4. | Enter the following:
New-EdgeSubscription –FileName "C:\temp\EdgeSubscriptionInfo.xml"
Note
You must include the full path to the file.
|
5. | Copy
the Edge subscription file to the Hub Transport server. (For security
reasons, it is recommended to delete the Edge subscription file after it
has been copied to the Hub Transport server and replication has been
verified.)
|
6. | Use the Exchange Management Console or Shell to import the Edge Transport subscription file on the Hub Transport server.
|
7. | Place a copy of the EdgeSubscriptionInfo.xml file you created in the previous step onto the Hub Transport server (for example, C:\temp\EdgeSubscriptionInfo.xml) to import the Edge subscription file using the Exchange Management Console.
|
8. | Open the Exchange Management Console and select the Hub Transport section under Organization Configuration.
|
9. | In the action pane, click New Edge Subscription to launch the New Edge Subscription Wizard.
|
10. | Click Browse to select an Active Directory site.
|
11. | Click Browse to browse to the location of the Edge subscription file you copied from the Edge Transport server (for example, C:\temp\EdgeSubscriptionInfo.xml), and click Next.
|
12. | Click New.
|
13. | Click Finish when the completion page appears.
|
14. | Alternatively, you can use the Microsoft Exchange Management Shell to import the Edge Transport subscription file:
New-EdgeSubscription -filename "C:\temp\EdgeSubscriptionInfo.xml" -CreateInternetSendConnector $true -site "Default-First-Site-Name"
|
15. | Verify synchronization to the Edge Transport server’s AD LDS instance.
|
16. | Review the application log in Event Viewer for MsExchange EdgeSync events on the Hub and Edge Transport servers.
|
Configuring EdgeSync Using the Exchange Management Shell
As
noted earlier, EdgeSync is not configured through the Exchange
Management Console. Five EdgeSync commands exist for use with the
Exchange Management Shell:
Each shell command
has its own parameters you can set based on the action(s) performed by
the command. Each command performs a specific task or set of tasks.
The Get- command is used to retrieve the current configuration for EdgeSync. For example, entering Get- EdgeSubscription -Identity EDGE1 displays EdgeSync configuration on a server named EDGE1. This command can be run on any Exchange 2010 server on the network.
Running the Get-EdgeSubscription command on an Edge Transport server displays that server’s EdgeSync subscription, whereas running the Get-EdgeSubscription–Identity parameter to specify the name of the Edge Transport server. on a Hub Transport server can also display EdgeSync subscriptions on Edge Transport servers. Use the
Creating a New EdgeSync Subscription File
The New-EdgeSubscription
command is used to add a new Edge subscription to a Hub Transport
server and configure the options for adding a new subscription, such as
whether to automatically create the Send Connector or specify the Active
Directory site. The following example imports a new Edge Transport
subscription file, thus subscribing the Edge Transport server to the
network. This command is run on the Hub Transport server:
New-EdgeSubscription -FileName "C:\temp\EdgeServerSubscription.xml"
Removing an EdgeSync Subscription
The Remove-EdgeSubscription
command is used to unsubscribe an Edge Transport server from
participating in EdgeSync. The following example removes an Edge
subscription from Active Directory. This command is run on the Hub
Transport server:
Remove-EdgeSubscription -Identity EDGE3 -DomainController dc1.companyabc.com
This unsubscribes the Edge Transport server from the synchronization process on the Hub Transport server.
Starting EdgeSync Synchronization
Edge synchronization can be started by running the Start-EdgeSynchronization
command on any Exchange 2010 server joined to the Active Directory
domain. Starting Edge synchronization comes in handy when you have added
a new Edge server, want to test synchronization, or replicate changes
immediately. The Start-EdgeSynchronization command initializes EdgeSync to all Edge Transport servers:
Start-EdgeSynchronization
Testing EdgeSync Synchronization
After configuring EdgeSync, it is important to test it for success. Edge synchronization can be tested by running the Test-EdgeSynchronization
command on any Exchange 2010 server joined to the Active Directory
domain. Testing Edge synchronization comes in handy when you have added a
new Edge server and want to validate the EdgeSync configuration and
replication settings. The Test-EdgeSynchronization command produces a detailed report that can be used for troubleshooting. The Test-EdgeSynchronization command can be coupled with several different parameters; for example, the VerifyRecipient parameter validates that a single recipient was properly replicated to the Edge Transport server from Active Directory:
