Improvements in Exchange 2003

1. Installation and upgrade

Windows 2000 Server and Windows 2003 Server are the only systems to support coexistence with Exchange 2003. To enable installation, Windows 2000 needs to be installed with, at a minimum, Service Pack 3. As with the previous version of Exchange (2000), the 2003 version integrates its directories within the Active Directory. If the Windows 2000 environment is of concern, all global catalog domain controllers and servers are required to have Service Pack 3 as a minimum. All domain types are supported – the native Windows 2000 and 2003 and mixed Windows 2000/ 2003.

Upgrading to Exchange 2003 can only be done from Exchange 2000. If you have an older version, i.e. the 5.5, you should upgrade Exchange 2000 to Exchange 2003 first, and then move the mailboxes from the old server to the new one. You can also use the ´Exchange Server Deployment Tools´, which comprise the Active Directory Connector – a well-known Exchange 2000 tool for moving mailboxes from Exchange 5.5 to Exchange 2003 Server. Use also pfmigrate (Public Folder Migration Tool) to move the existing folders.

2. Something new….

Exchange 2003 runs on Windows 2000. At a first glance, 2003 seems to be simply a polished version of Exchange 2000. Once installed, its ´System manager´ looks almost identical, similar expansion procedures are applied to the Active Directory scheme (forestprep, domainprep) before the installation, even the tools to move mailboxes from Exchange 5.5 retain their original names, (Active Directory Connector). However appearances are misleading. The list of genuine, new, features is rather long. We may now have a look at them.

2.1 Query Based Distribution Group

Exchange Server distribution lists have been known since the earliest versions of Exchange, but they have always had a common feature – static membership. A list had to be created in advance, followed by the addition of the list of users to be able to finally send something to the list itself. Why not have these procedures in reverse? Start with the submission of a message and leave the ´initiative´ to the server. The ´dynamic´ distribution lists within Exchange 2003 function similarly. A query-based distribution group uses the Lightweight Directory Access Protocol (LDAP) query filter rules to dynamically build membership in the distribution group. This occurs upon sending a query instead of specifying static user membership. Here, the Administrator’s task is limited only to defining the membership rules – for example, the users belonging to the same department. Exchange itself categorizes the list of recipients basing on the LDAP query to the Active Directory and the recipient’s attribute. In this example the ´Department´ attribute. Query Based Distribution Group is also an excellent means of hiding the membership of a query-based distribution group in the Global Address List because it is dynamically generated each time mail is sent. It is worth remembering that not all attributes are replicated to the Global Catalog for each object – a badly created dynamic list will fail to function properly. Therefore, it is good practice to verify the query-handling feature by clicking the Preview tab, after the lists have been created, to have the distribution group returned.

An experienced administrator might notice a certain risk associated with the dynamic distribution lists, namely high CPU utilization and an increased working set, because each message to the query-based distribution group causes a corresponding LDAP query to be run against the Microsoft Active Directory service to determine its membership. There is a transport component, the categorizer, which is responsible for membership building. The categorizer sends the LDAP query request to the global catalog server to generate a recipient list that contains all the users. It is worth mentioning that the categorizer requires as much as 2KB of RAM for every user while building the list. Microsoft recommends placing a dedicated server without email boxes to generate dynamic distribution lists.

Query Based Distribution Groups can be used for Microsoft Exchange 2000 Server or Exchange 2003 and Exchange 2000 SP3 users.

2.2 Out Of Office Assistant

We have all experienced situations, where once a message is sent to a distribution list, several ´Out Of Office´ notifications are received after a certain period of time. This is particularly aggravated during the holiday season, generating unusual traffic and consuming email server resources. Exchange 2003 can help with this by blocking ´Out of Office´ messages from distribution lists. If a recipient is not specified on the To: or Cc: line, the ´Out of Office´ message is not sent.

2.3 Server Configuration

With the advent of Windows 2000, a very useful feature was added, namely the ´systemstate´ dump that is similar to Exchange 2003’s ´exchdump´. This tool allows the user to dump (either wholly or partly) the Exchange configuration. ´Exchdump´ is provided with the following controls:

ALL – full server configuration.
REMOTE – an option to engage a remote dump. By default, the configuration is dumped from a local machine.
HTTP – to dump, for example, the OWA Server configuration.
SMTP – to dump the SMTP Server.
RG – Routing Groups.
USER – provides information on user properties. It is recommended to give the user name as ´User Principle Name´.
RP – Recipient Policies.
FH – Folder Hierarchy.

2.4 Recovery Storage Group

The Recovery Storage Group’s purpose is simple: It lets you restore a database and its mailboxes without using a separate recovery server. This ability is invaluable when you need to restore just one mailbox. When you use an Exchange-aware backup program, the Recovery Storage Group lets you mount a mailbox database from a backup onto any other Exchange server in the same administrative group as the server on which the original database resided. You can then copy data from the Recovery Storage Group’s databases (however, you can’t create new mailboxes). Problems with the recovery of a crashed mailbox have been known since the earliest Exchange versions. To ensure a successful restoration of just one mailbox, users had to use the backup to restore the whole Exchange database and export the mailbox afterwards. The biggest problem was associated with the database restoration because of the need to use another server. Instead, the Recovery Storage Group lets you mount a mailbox database from a backup onto any other Exchange server in the same administrative group as the server on which the original database resided. You can access a mailbox in the Recovery Storage Group using the ´exmerge´ tool that is available for downloading at Microsoft’s http://www.microsoft.com/exchange/2003/updates During the whole restoration, the operation is completely transparent to the users and the email server operates regularly.

2.5 Volume Shadow Copy

A new service named ´volume shadow copy´ has been implemented in Windows 2003. Exchange 2003 can profit from this, creating the ´Shadow Copy Backup´, allowing open and in-use files to be backed up. Roughly speaking, it enables backups of the whole volume with the Exchange databases without rebooting the machine. Afterwards, the ´shadow copy´ is used instead of the running disc. This is to avoid damaging databases while backing up online. Unfortunately, ´ntbackup.exes´ ability to reap these benefits has been compromised – third-party applications are now required.

2.6 Outlook Web Access

Also known since 5.5, here within 2003 it has been completely modified. Its enhanced OWA – Premium version has in fact almost the same functionality as a standard Exchange client, beginning from email encryption and ending with spell check capabilities.

Upon logging in to Outlook Web Access, a client has two versions from which to choose – the Basic and Premium ones. The Basic, as its name indicates, is limited to a few functions only. It is mainly designed for users who access the server via low capacity connections. Any HTML 3.2 – compliant web browser is supported, whilst Microsoft’s recommended one is Internet Explorer 5.01 or higher and Netscape Navigator 4.7 or later. OWA provides message encoding: for the Middle Europe it is the ISO 8859-2.

Premium is a more robust Outlook-like environment and it supports:

New color schemes,
Preview pane,
Shortcut menu,
Quick flagging,
Public folder management,
Spelling Checker (Polish version is not supported),
Personal tasks (creation, preview, deletion),
Calendar Folder,
Support for common rules,
User validation through “Global Address Book”,
Item window sizing,
Email encryption/signing.

As for security logon options, the user can choose between the “Private computer” or “Public or shared computer”. This choice is related to the inactivity time before the user is automatically disconnected from the Exchange server: Private computer offers a longer period of time, 24 hours, before this automatic disconnect, Public computer offers 15 minutes respectively. These values may be modified via the system register.

Cookie authentication enablement is new in Exchange 2003. Once the session is terminated, the cookie is deleted from the machine. Snappier performance is also a plus. The current version supports data compression in its two options:

High – both dynamic and static pages are compressed,
Low – only static pages are compressed,

Also, data compression option can be disabled. In order to enable data compression, both OWA and email boxes must reside on Exchange 2003. The email content is also refreshed less frequently (with Exchange 2000, refreshment is done after each operation – mail deletion, movement etc): the view is refreshed automatically only after 20 percent of the messages are moved or deleted from a page, not after each deletion. Assuming, that the inbound box has 20 messages, the view will be refreshed only after four (20%) messages are deleted (copied, moved)

As it has been mentioned earlier, Outlook Web Access supports S/MIME feature to provide authentication and message integrity. As you know, two certificates (keys) are required here – a private certificate and a public one. The public certificate is stored within Active Directory accessible form OWA. For better performance, the whole communication process is over the Exchange server – Active Directory path. Hence, the OWA client does not “sense” any additional network traffic. In case the public certificate (for message encryption) is not found in Active Directory, Contacts will be browsed in the user’s email box. The private certificate that is used to encrypt messages must either be installed on the machine connecting OWA, or located on a “smart card”.

2.7 Outlook Mobile Access

OMA, as its name indicates, is a sister product to OWA, designed and optimized especially for devices type Pocket PC, and -PAQ etc. When coupled with Outlook Mobile Access via a Web browser, the client has to submit the username, the password and the domain name. Once successfully verified, he or she can receive/send messages and create contacts and tasks.

2.8 Cluster services

Exchange 2003 Server can now be installed on 8-node clusters. Also, handling of ´failover´ tasks is enhanced through the change in the service dependability. The Exchange services (http, smtp, pop3) are dependant on ´System Attendant´, and not on Exchange Store. Whenever a failure occurs, the services (pop3, smtp etc) can simultaneously start from the Exchange store (mailbox store, public folder store). In Exchange 2003, ´Volume mount points´ are now supported on the shared disk, which contains directories on a volume for an application to ´mount´ a different volume, that is, to set it up for use at the location a user specifies – but also, only in the presence of Windows 2003 (Enterprise Edition and Datacenter Edition versions). Mounting is helpful in ´bypassing´ 26 drive letter limitation systems.

The above-mentioned number of nodes within a cluster is also dependent on the given operating system.

Windows 2000 Advanced Server – 2 nodes,
Windows 2000 Datacentre Server – 4 nodes,
Windows 2003 Server Enterprise Edition – 8 nodes,
Windows 2003 Server Datacenter Edition – 8 nodes.

Again, it should be noticed, that Exchange 2003 coexists well with Windows 2003 Server.

Furthermore, Kerberos has replaced NTLM to authenticate users in virtual Exchange servers.

2.9 System Manager – queue

The Exchange System Manager Queue Viewer is another feature Microsoft added based on specific Exchange administrator feedback. Every Exchange 2000 administrator has directly experienced the torture of being forced to click until a view of the queue appears. Each queue was separately located – for X.400 within the protocol setup, similarly for SMTP. With Exchange 2003 queues are centralized on a per-server basis. You can disable all outbound mail, set up your own view refresh rate, preview hidden queues (for example, a queue of messages to be sent at a fixed time).

2.10 MS Outlook 2003

It would be hard to not mention the new Exchange client, namely MS Outlook. Here, some essential changes have also been introduced. Firstly, the user authentication protocol has been replaced – Outlook 2003 uses Kerberos. Windows Server 2003 provides support for implementing the remote procedure call (RPC) protocol over HTTP, known as “RPC over HTTP”. The main advantage of this solution is that it provides security for the client–server communication via the Internet. No more expensive ´Virtual Private Network´ is required, because all the traffic travels on port 443 – SSL. In order to exploit the RPC over HTTP feature, all Exchange Servers must be installed on Windows 2003. All domain controllers and ´global catalog´ servers (installed with Windows 2003), must be appropriately set up to communicate with Outlook and Exchange. It is important to note a certain requirement that is placed on the machines to connect Exchange server using RPC over HTTP –Windows XP with Service Pack 1 PLUS patch – Q331320. Outlook 11 performs slowly or stops responding when connected to Exchange Server 2003 through HTTP (http://support.microsoft.com/?kbid=331320).

No more pestering by users, especially those using low capacity connections – client performance is improved by reducing the number of change notifications when a client is working in the cached Exchange mode. In addition, the server detects and only sends the native format of messages to the client. Clients using a cached Exchange mode also receive the number and size of messages to be downloaded. Even in the case of a complete breakdown in communication with the server, Outlook will still be available. This service is active by default. If you have users who have large Exchange mailboxes and have OST files already configured for Outlook, please note that you may need to take special steps to help avoid errors when those users upgrade to Outlook 2003 with Cached Exchange Mode enabled.

3. ….some old features become obsolete

Certain old features have been eliminated with the new server version. These are:

Key Management Service – This service in tandem with the certificate Windows 2000 server provided a PKI for Exchange. The current Exchange version is able to operate in conjunction with any PKI solution that supports X.509v3 compatible certificates– including Windows 2003.
Drive M. The only drive to exist in one Exchange version – 2000. It was a source of problems since not everyone was aware of the backup exclusion list, antivirus scanning problems etc. Everything mentioned above might damage the Exchange databases. (See also – Remove the IFS mapping for drive M in Exchange 2000 Server (http://support.microsoft.com/?kbid=305145).
Real Time Collaboration – a support for any kind of communicators, chats etc. It has been removed because of a new Microsoft product to support such services (code Name Greenwich)
A connector for Lotus cc:Mail and for MS Mail

To summarize, the new Exchange Server seems to be a good product, particularly when combined with Windows 2003. After certain experiences with Exchange 2000, Microsoft has improved troublesome functions of its predecessor. The server’s performance has now been enhanced, easier mailbox backup is provided, and Outlook Web Access seems to be almost a completely new product. Exchange 2003’s feature set might be enough to make some organizations consider the migration.