Understanding the Active Directory Driver

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

 

Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

The Active Directory Driver is the core Microsoft Exchange component that allows Exchange services to create, modify, delete, and query for Active Directory data. The Active Directory Driver also leverages the Microsoft Exchange Active Directory Topology Service (MSExchangeADTopology), which allows the Active Directory Driver to use Directory Service Access (DSAccess) topology data. This data includes the list of available domain controllers and global catalog servers that are available to handle Exchange requests.

This topic discusses the following information relating to the Active Directory Driver:

  • $AdminSessionADSettings cmdlet variable

  • Relationship between the Active Directory Driver and DSAccess

$AdminSessionADSettings

$AdminSessionADSettings is an Exchange cmdlet variable that allows you to set your preferred domain controllers, global catalog servers, or centralized data centers in the Active Directory Driver table. $AdminSessionADSettings is exposed by the Exchange Management Shell to allow you to control a number of Exchange-specific Active Directory settings. For more information about the $AdminSessionADSettings variable, see the following resources:

Note

The content of each blog and its URL are subject to change without notice. The content within each blog is provided "AS IS" with no warranties, and confers no rights. Use of included script samples or code is subject to the terms specified in the Microsoft Terms of Use.

Active Directory Driver and DSAccess

DSAccess provides directory lookup services for components such as Simple Mail Transfer Protocol (SMTP), message transfer agent (MTA), and the Exchange store. Client requests use the DSProxy service for directory access. For more information about DSAccess, see the following topics:

By default, Lightweight Directory Access Protocol (LDAP) traffic between a server running Exchange Server 2007 and domain controllers are encrypted. For troubleshooting purposes, you may want to turn off encryption. To turn off encryption, use the following registry setting.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeADAccess\Disable LDAP Encryption

Warning

Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.

DSAccess implementation had several benefits that Exchange components leveraged, especially around topology discovery and simplification of Active Directory topology complexity. Unfortunately, DSAccess also had several limitations, specifically in regard to paging of results, especially in dealing with large multivalued attributes. One of the major changes in the Active Directory Driver when compared to DSAccess is that the Active Directory Driver does not access and store directory information in a cache. In Exchange 2007, it is up to the Exchange component that is using DSAccess to implement the appropriate cache when needed.

In Exchange 2007, the following services still use DSAccess. However, in these cases DSAccess is used only to obtain the current topology information and to have a consistent topology view through all Exchange services that are running on the server:

  • Microsoft Exchange Active Directory Topology (MSExchangeADTopology)

  • Microsoft Exchange Information Store (MSExchangeIS)

  • Microsoft Exchange System Attendant (MSExchangeSA)

  • World Wide Web Publishing Service (W3SVC)