Thursday, April 24, 2008

Who is your Active directory bridgehead server (ISTG)



When it comes to a bridgehead server in the world of exchange, we all would know there is no difference in Exchange 2000 and 2003, because role base administration and implementation was not clear at all, and there was not clear documentation guiding to get the servers hardened in this way.

So many of us installed exchange same way we install any other exchange and call it, this is Exchange bridgehead server. The most brilliant idea was to rename the mail stores on the BH server and the SG to, "Do not Create mail box" to prevent helpdesk to create mail box on the BH server. I remember still seeing helpdesk gets confused and cannot read, so they create mailbox on the BH server, and pisses all the exchange administrators.

What has changed in Exchange 2007? As we all know Role base administration is in place in exchange 2007, for administration and the implementation.

Old days we had (below roles are not really useful in a practical world)

  • Exchange Full Administrator
  • Exchange Administrator.
  • Exchange View-Only Administrator.

Exchange 2007

  • Exchange Organization Administrators
  • Exchange Recipient Administrators.
  • Exchange View-Only Administrators
  • Exchange Server Administrators.

Server Roles as follows

  • Mailbox (MB)
  • Client Access (CA)
  • Unified Message (UM)
  • Hub Transport (HT)
  • Edge Transport (ET)

Ok, now let's take a look at AD bridgehead server and ISTG (inter-site topology generator)

Windows 2000 Domain controllers each create Active Directory Replication connection objects representing inbound replication from intra-site replication partners. For inter-site replication, one domain controller per site has the responsibility of evaluating the inter-site replication topology and creating Active Directory Replication Connection objects for appropriate bridgehead servers within its site. The domain controller in each site that owns this role is referred to as the Inter-Site Topology Generator (ISTG).

  • Open Active Directory Replication Monitor
  • Add Site/Server Wizard from the Edit menu
  • Add the server
  • Right-click the name of the server just below the site name
  • Select Generate Status Report
  • After Active Directory Replication Monitor displays that the report is complete
  • Save it on your PC
  • Open it and locate
  • "Enterprise Data" section of the report

Can we select ISTG in a site?. Yes but it is not recommended by MS

Bridgehead Server Selection

By default, bridgehead servers are automatically selected by the intersite topology generator (ISTG) in each site. Alternatively, you can use Active Directory Sites and Services to select preferred bridgehead servers. However, it is recommended for Windows 2000 deployments that you donot select preferred bridgehead servers.

Selecting preferred bridgehead servers limits the bridgehead servers that the KCC can use to those that you have selected. If you use Active Directory Sites and Services to select any preferred bridgehead servers at all in a site, you must select as many as possible and you must select them for all domains that must be replicated to a different site. If you select preferred bridgehead servers for a domain and all preferred bridgehead servers for that domain become unavailable, replication of that domain to and from that site does not occur.

If you have selected one or more bridgehead servers, removing them from the bridgehead servers list restores the automatic selection functionality to the ISTG.

Oz ozugurlu,

Systems Engineer

MCITP (EMA), MCITP (SA),

MCSE 2003 M+ S+ MCDST

Security Project+ Server+

oz@SMTp25.org

http://smtp25.blogspot.com



No comments: