Subscribing the Edge Transport Server to the Exchange Organization

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

 

Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

This topic provides information about how to subscribe the Edge Transport server to the Microsoft Exchange Server organization. The Edge Subscription process is the procedure that an administrator follows to establish an Edge Subscription for an Edge Transport server. You subscribe an Edge Transport server to an Active Directory directory service site to associate the Edge Transport server with the Exchange organization. After the Edge Transport server is subscribed, the Microsoft Exchange EdgeSync service periodically replicates recipient and configuration data from Active Directory to the Active Directory Application Mode (ADAM) instance on a computer that has the Edge Transport server role installed.

The Microsoft Exchange EdgeSync service is the data synchronization service that runs on a Hub Transport server. The Microsoft Exchange EdgeSync service that is running on the Hub Transport servers in the Active Directory site to which the Edge Transport server is subscribed periodically performs one-way replication of recipient and configuration data to ADAM. The Microsoft Exchange EdgeSync service copies only the information that is required for the Edge Transport server to perform anti-spam configuration tasks, and information about the Send connector configuration that is required to enable mail flow between the Exchange 2007 organization's Hub Transport servers and the Internet through one or more Edge Transport servers. The Microsoft Exchange EdgeSync service performs scheduled updates so that the information in ADAM remains current.

You must create an Edge Subscription if you use the recipient lookup feature or safelist aggregation. These features run on the Edge Transport server. Creating an Edge Subscription reduces the administration that is performed in the perimeter network by letting you perform needed configuration on the Hub Transport server role and then write that information to the Edge Transport server.

When an Edge Transport server is subscribed to an Active Directory site, the following connectors are created by the Microsoft Exchange EdgeSync service:

  • An implicit Send connector from the Hub Transport servers that are in the same forest to the Edge Transport server.

  • A Send connector from the Edge Transport server to the Hub Transport servers in the Active Directory site to which the Edge Transport server is subscribed.

  • A Send connector from the Edge Transport server to the Internet.

Replication Data

When data is sent to ADAM from Active Directory, it is sent over an encrypted channel using a Secure Lightweight Directory Access Protocol (Secure LDAP) connection. Additionally, the Safe Senders lists and recipient information is hashed to protect the data. The Secure LDAP connection is secured by the ADAM credentials stored in the Edge subscription file. The Microsoft Exchange EdgeSync service replicates the following data from Active Directory to ADAM:

  • Send connector configuration

  • Accepted domains

  • Remote domains

  • Message classifications

  • Safe Senders Lists

  • Recipients

Configuring an Edge Subscription

Before you can establish replication to ADAM from an Active Directory site, you must create the Edge Subscription file on the Edge Transport server role. You must create a separate Edge Subscription file for each Edge Transport server that is subscribed to the Exchange organization. To configure an Edge Subscription, follow these steps:

  1. Export the Edge Subscription file on the Edge Transport server.

  2. Copy the Edge Subscription file to the Hub Transport server.

  3. Import the Edge Subscription file on the Hub Transport server.

    Note

    You must complete the Edge Subscription process inside the organization within 24 hours of exporting the Edge Subscription file on the Edge Transport server. If you don't export the Edge Subscription file on the Edge Transport server within 24 hours, the bootstrap account expires and you must remove the Edge Subscription and start the procedure again.

  4. Verify that synchronization is completed successfully by inspecting MsExchange EdgeSync events in the Application log in Event Viewer.

    Important

    It is a best practice to delete the Edge Subscription file from the Edge Transport server after you copy the file to the Hub Transport server where you will import the Edge Subscription file, and from the Hub Transport server after the Edge Subscription file is imported.

When an Edge Transport server is subscribed to an Active Directory site, all the Hub Transport servers that are installed in that Active Directory site at that time can participate in the EdgeSync process. If one of those servers is removed, the Microsoft Exchange EdgeSync service that is running on the remaining Hub Transport servers continues the data synchronization process. However, if new Hub Transport servers are installed in the Active Directory site, they will not participate in the EdgeSync process. To enable those Hub Transport servers to participate in the EdgeSync process, you must remove the Edge Subscription from both the subscribed Edge Transport server and the subscribed Active Directory site and then re-create the Edge Subscription.

For More Information

For more information, see the following topics: