1. White space
2. Free busy information
3. Dailtone data
Windows provided a solution to these issues by introducing Active Directory Integrated zones, which
stored their zone information within Active Directory instead of text files. The advantages of this new
type of zone included using Active Directory replication for zone transfers and allowing resource records
to be added or modified on any domain controller running DNS. In other words, all Active Directory
Integrated zones are always primary zones as they contain writable copies of the zone database.
Primary zones, which store their zone information in a writable text file on the name server.
Secondary zones, which store their zone information in a read-only text file on the name server.
A stub zone is a read-only copy of a zone, which obtains its resource records from other name
servers. It contains copies of only three types of resource records:
1. SOA record for the zone.
2. Name server (NS) records for all name servers authoritative for the zone.
3. Host (A) records for all name servers authoritative for the zone.
These resource records are necessary to identify the authoritative DNS server for the zone. A stub zone
is used to streamline name resolution, especially in a split namespace scenario.
A DNS server that is hosting a stub zone is configured with the IP address of the authoritative server
from which it loads. DNS servers can use stub zones for both iterative and recursive queries. When a
DNS server hosting a stub zone receives a recursive query for a computer name in the zone to which the
stub zone refers, the DNS server uses the IP address to query the authoritative server, or, if the query is
iterative, returns a referral to the DNS servers listed in the stub zone. A stub zone reduces the amount of
DNS traffic on the network and makes DNS more efficient especially over slow WAN links.
Stub zones are easy to create and can make name resolution between forests more efficient, but they
have other uses as well. For example, stub zones can enable name servers to perform recursion without
needing to query the Internet root name servers or internal corporate root servers, thus decreasing the
number of hops between name servers and making name resolution more efficient. Another use of stub
zones is to keep delegated zone information up to date and prevent lame delegations from wrecking
name resolution within a forest, and that would make a good topic for a future article. Both of these are
good topics for future articles, so stay tuned for more on stub zones later.
Q - Files been backed up in System State System State Components and Services
The system state could include any or all of the following components and services:
System File Protection catalog and files
Performance monitor configuration files
SYSVOL (if this is a domain controller)
Certificate Services database (if this is a certificate server)
Cluster database (if this server is part of a cluster)
UDDI (only with Windows Server 2003 using VSS)
Disk quota information
Terminal Server Licensing database
Content Indexing catalogs
5. How replication happens in CCR, LCR
6. How Exchange 5.5 Removes
7. AD Partition
Nonauthoritative Restore of a Domain Controller
A nonauthoritative restore is the default method for restoring Active Directory. To perform a
nonauthoritative restore, you must be able to start the domain controller in Directory Services Restore
Mode. After you restore the domain controller from backup, replication partners use the standard
replication protocols to update Active Directory and associated information on the restored domain
A nonauthoritative restore returns the domain controller to its state at the time of backup and then
allows normal replication to overwrite that state with any changes that occurred after the backup was
taken. After you restore the system state, the domain controller queries its replication partners. The
replication partners replicate any changes to the restored domain controller, ensuring that the domain
controller has an accurate and updated copy of the Active Directory database.
A nonauthoritative restore allows the entire directory to be restored on a domain controller, without
reintroducing or changing objects that have been modified since the backup. The most common use of a
nonauthoritative restore is to bring an entire domain controller back, often after catastrophic or
debilitating hardware failures. It is uncommon for data corruption to drive a nonauthoritative restore,
unless the corruption is local and the database cannot be successfully loaded.
If you intend to restore a deleted object (or objects), see Performing an Authoritative Restore of Active
You can perform a nonauthoritative restore on a Windows Server 2003 system that is a stand-alone
server, member server, or domain controller. You must start a server in Directory Services Restore Mode
to perform a nonauthoritative restore.
8. Read Only Domain Controller
9. Log file size of exchange 2007
10. Disk mount procedure in 2003
11. Why stm database file is not there in exchange 2007
12. How exchange database checks the online maintenance
14. Outlook MAPI
While Moving Mailbox In Exchange What Happened To the New Email
Some background here: one of the tasks performed by Online Maintenance is to identify mailboxes that
are past the retention date and to delete them. As part of this task, it will also run the Cleanup Agent,
which is the task that identifies orphaned/reconnected mailboxes. If you recall, in Exchange 2000 and
2003, if you delete a mailbox, it is not immediately deleted, nor is it marked as disconnected. If a
mailbox is orphaned (no user connected to it), it gets marked as disconnected; if it is disconnected and
past the retention date, it gets deleted.
For more information on the tasks run during Online maintenance, please see the following link:
During a mailbox move, the destination mailbox will be created so that data can be copied to it. This
destination mailbox is not yet associated with a user account though. This process of associating with
the user account does not happen until the very end of the mailbox move and all content has been
copied to the destination mailbox. During the final step of the move, the user attributes are updated to
point to the new server (if applicable) and new database. This process of updating attributes is what
associates the destination mailbox with the user account.
If you manually run the Cleanup Agent on the destination mailbox store during a move, you will find that
the destination mailbox will show up as a disconnected mailbox. If you then run the Cleanup Agent again
right after the move completes, you will find that in some cases the destination mailbox will also be
purged. This can cause problems, because when a move is successful, the source mailbox is removed as
well. If the Cleanup Agent is run from another Exchange server that is pointing at a different Active
Directory Site, and the Exchange attributes (homeMDB, homeMTA, msExchHomeServerName) have not
yet been updated, the Cleanup Agent will detect that this mailbox is not attached to a user account, and
that it is past the retention date; and therefore,
15. What is the latest Exchange 2003 Service Pack? Name a few changes in functionality in that
16. What are System Public Folders? Where would you find them?
17. What is the Link State Table? How would you view it?
18. What is the Routing Group Master? Who holds that role?
What is DS2MB?
Answer - Metabase update service, also referred to as the directory
service/metabase synchronization process, or DS2MB (because
this process is implemented in DS2MB.dll) is a component in
Exchange Server 2003 that is used to synchronize several
Exchange configuration settings in Active Directory with
counterpart settings in the IIS metabase. The function of
DS2MB is to replicate configuration information from Active
1. Virtual space (Microland)
2. Exchange fine tune (Microland)
3. What is Forms Based Authentication?
What is DSACCESS? Starting with Exchange Server 2000 Microsoft began using
the AD - Active Directory as the repository for Exchange
related data. So microsoft had to create certain rules to
make sure that the Exchange Server communiated with the AD
in such a way that it did not create excessive network
traffic or overwhelm domain controllers with too many LDAP
requests. ( For beginners i would like to explain this in a
little more detail - whenever Exchange would need any data
from the Active Directory it will use an LDAP query for
geting the data. Now all the data is present in the AD and
AD is present on DCs - that is Domain Controlers, hence
Exchange would be sending LDAP queries to DCs for the data.)
So for controlling the communication between
Exchange and AD; microsoft created a component called the
DS Access. DS Access would act as an intermediary between
the AD and Exchange Server.
Thus, DS is used by all the Exchange components
to query the AD and acquire the configuration and recipient
information. Example of the Exchange components that use DS
Access are Exchange System Attendant, Message Transfer
Agent and the Exchange information store.
DS Access is a generic name assigned to a group
of DLLs - DSAccess.dll, Dscmgs.dll and Dscperf.dll. These
are collectively called the DS Access or the DS access
cache. The DS Access cache is actually made up of two
The Configuration Cache - The configuration cache is used
to store information pertaining to the configuration data,
including store and routing objects. It is set to 5 MB by
When the system boots, DS Access initiates a
discovery process designed to identify the AD topology
(primarily related to the site structure), the domain
controllers, and which domain controllers act as global
DS Access repeats the discovery process every 15
minutes to check for configuration changes and verify that
the known domain controllers are still available. Whenever
Exchange server needs to access a domain controller or a
global catalog server, it consults the DS Access cache to
determine which server is best fit for the job.
The User Object Cache - By default the Exchange Server sets
aside 140 MB for the user object cache, which stores user
object data. Objects within this cache are flushed when the
cache fills up or when the object's TTL expires. The
default TTL for the user object is 5 mins.
This user object cache is designed for preventing
excessive LDAP queries. When the Exchange server needs to
know something about a user, it checks the DS Access cache
first to see if the information is already stored there. If
the information is cached, then Exchange uses the cached
copy instead of issuing an LDAP query. If the required
information is not cached, Exchange has to retrieve the
necessary information from the DC via an LDAP query and it
stores the results in the DS Access cache.
4. What are Recipient Policies?
5. How would you work with multiple recipient policies?
6. What is a Front End server? In what scenarios would you use one?
7. What type of authentication is used on the front end servers?
8. What is a Front End server? In what scenarios would you use one?
9. What type of authentication is used on the front end servers?
What is the dumpster?
Transport Dumpster is a new feature of Exchange Server 2007 Hub Transport servers through which the
transport can defer the deletion of certain emails in their queues. The condition for an email to be
retained in the transport dumpster is that at least one of the recipient’s mailboxes must resides on a
CCR mailbox server. This retained email can later be re-delivered if necessary. The amount of mail
retained in the queues is a Organization wide setting on the Transport Settings container.
This only works with mailboxes on CCR, with CCR the replication of mailbox data from the active node to
the passive is asynchronous and will always lag slightly behind the active node. In the event of a failure
which precludes the most recent logs from being replicated over, the transport dumpster can be used to
re-deliver the recent mail as this should constitute the majority of the changes in the database.
Transport Dumpster operates on the hub transports within an Active Directory Site. When a lossy CCR
failover occurs, a request will be made to the Hub Transport server to redeliver the lost mail. Please
note that the Transport Dumpster is holding the mail that has already been delivered, any pending mail
will be held in the local submission.
The Transport Dumpster is configured by default. You can view the transport dumpster settings by
running get-TransportConfig. There are two important setting when configuring the transport dumpster:
MaxDumpsterSizePerStorageGroup – The maximum size of the transport dumpster queue per storage
group. This is a universal setting for all storage groups, you can’t set variable sizes for each storage
group. The recommended size is 1.5 times the maximum message size that can be sent. For example, if
the maximum size for messages is 10 megabytes (MB), you should configure the
MaxDumpsterSizePerStorageGroup parameter with a value of 15 MB.
MaxDumpsterTime – The amount of time an email will remain in the transport dumpster queue. This is
the time a message will be retained if it is not forced out for space reasons
(MaxDumpsterSizePerStorageGroup). It is recommended that this be set to 7 days.
If either of the above is set to 0, the Transport Dumpster will be disabled.
The default setting for the Transport Dumpster are:
MaxDumpsterSizePerStorageGroup: 18 MB
MaxDumpsterTime: 7 days (7.00:00:00)
If either the size limit or time limit is hit, mail will be removed from the queue by order of first in, first
You should take into account that the Transport Dumpster will require additional storage space on the
Hub Transport server for the Transport Dumpster queue. The maximum size the queue is the
MaxDumpsterSizePerStorageGroup times the number of CCR Storage Groups.
10. What are the e00xxxxx.log files?
11. What is the e00.chk file?
12. What is circular logging? When would you use it?
13. What's the difference between online and offline defrag?
14. How would you know if it is time to perform an offline defrag of your Exchange stores?
15. How would you plan for, and perform the offline defrag?
16. What is the eseutil command?
18. What is the isinteg command?
19. How would you monitor Exchange's services and performance? Name 2 or 3 options.
20. Name all the client connection options in Exchange 2003.
21. What is Direct Push? What are the requirements to run it?
22. How would you remote wipe a PPC?
23. What are the issues with connecting Outlook from a remote computer to your mailbox?
24. How would you solve those issues? Name 2 or 3 methods
25. What is RPC over HTTP? What are the requirements to run it?
26. What is Cached Mode in OL2003/2007?
27. What are the benefits and "issues" when using cached mode? How would you tackle those
28. What is S/MIME? What are the usage scenarios for S/MIME?
29. What are the IPSec usage scenarios for Exchange 2003?
30. How do you enable SSL on OWA?
31. What are the considerations for obtaining a digital certificate for SSL on Exchange?
32. Name a few 3rd-party CAs.
33. What do you need to consider when using a client-type AV software on an Exchange server?
34. What are the different clustering options in Exchange 2003? Which one would you choose
36. How would you configure mail transfer security between 2 routing groups?
Virtual Memory Recommendation Exchange 2007
a.) If the server has less than 8 GB of RAM amount of virtual memory should be 1.5 times the
b.) If the server has more 8 GB of Ram amount of virtual memory should be Physical memory + 10
c.) Store.exe error normally comes with this.
Internal System Attendant components and their responsibilities
Component Responsibility Comments
DSAccess Locating domain System Attendant must find domain controllers and
Component controllers in the network global catalogs in the network, so that the Exchange
and providing other services can access recipient and configuration
Exchange services with information. To find domain controllers, System
Active Directory Attendant uses ADSI to do a server-less binding.
information To proxy directory access from other Exchange
components, such as Exchange store and SMTP
transport engine, to Active Directory, System
Attendant includes a DSAccess component
(DSAccess.dll). DSAccess also caches directory
information to reduce the number of queries to
Active Directory. For more information about roles of
domain controllers and global catalogs, and DSAccess,
see Exchange Server 2003 and Active Directory.
DSProxy Proxying legacy MAPI System Attendant's DSProxy component (Dsproxy.dll)
Component clients to Active Directory refers Outlook 2000 and later versions to a global
catalog server so that the MAPI client can
communicate with Active Directory to get access to
the global address list. DSProxy also relays directory
communication for older MAPI clients that cannot be
referred directly. For more information about
DSProxy see Exchange Server 2003 and Active
Free/Busy Maintaining free/busy System Attendant is involved when publishing
Component information for Outlook free/busy information in Outlook Web Access. When
Web Access users a user creates an appointment, the Exchange store
extracts the free/busy information from the user's
calendar and sends the data in a message to the
System Attendant mailbox. The free/busy component
(Madfb.dll) processes these messages and publishes
the free/busy information in the SCHEDULE+ FREE
BUSY system public folder. For more information
about publishing free/busy information, see Exchange
Information Store Service Architecture.
Mailbox Managing mailboxes The mailbox manager component enforces message
Manager retention policies and mailbox quotas that you can
Component use to manage mailbox store sizes.
Metabase Replicating settings from The Directory Service to metabase update service
update Active Directory to the IIS (Ds2mb.dll) is an internal component of System
service metabase Attendant. The Metbase Update Service replicates
protocol settings from Active Directory to the IIS
metabase to apply Internet protocol settings that you
configure in Exchange System Manager to the
Internet protocol engines, such as the SMTP service.
For more information about the metabase update
service, see Exchange Server 2003 and Active
Offline Generating offline address The offline address book generator (Oabgen.dll)
Address Book books creates address lists in the Exchange store on an
Generator offline address list server. Users can then connect to
this server and download the offline address lists.
Offline address lists provide access to address
information when a user is working remotely and
does not have a permanent connection to the server.
Because offline address lists are stored in a hidden
public folder, it is possible to replicate the offline
address lists to multiple servers.
Recipient Applying recipient policies The Recipient Update Service (Abv_dg.dll) is the
Update and generating proxy System Attendant component that monitors all mail-
Service addresses enabled user objects and recipient policies, and
applies recipient policies to mail-enabled user objects.
For more information about the Recipient Update
Service, see Exchange Server 2003 and Active
Server Monitoring server System Attendant monitors server resources at
Monitor resources periodic intervals and updates link state information
Component (LSI) through Windows Management Instrumentation
(WMI). System Attendant also updates the routing
table so that the routing engine can make informed
routing decisions based on the current status of
servers and connectors. For more information about
link state information, see Message Routing
System Attendant is also responsible for maintaining
the message tracking logs if message tracking has
been enabled on a server.
System Verifies computer account The computer account of an Exchange server must be
Attendant configuration a member of a global security group called Exchange
Component Domain Servers to grant Exchange Server 2003 the
required access permissions to Active Directory.
System Attendant verifies, in the background, that
the computer account belongs to this group.
Offline address lists use system public folders to contain the required address list information. Their
associated public folders are created during the public store maintenance interval, and the content of
the public folder is updated according to the Update interval that you specify on the Properties dialog
box of each offline address list. By default, the Offline Address List (System) public folders are hidden
from users. This procedure outlines how to view the system public folders.
1. Domain – All of the objects in the directory for a domain.
2. Configuration – Configuration information for AD and applications that is replicated throughout
the entire forest.
3. Schema –
4. Application –
The Edge Transport role
Is installed on the edge of the network and therefore is installed on a standalone server that is not a
member of the Active Directory domain. Because the server is not a member of the Active Directory
domain, Active Directory Application Mode (ADAM) is used to sync AD with the Edge Transport server.
ADAM and a component called EdgeSync are used to perform scheduled one-way synchronization of the
configuration and recipient information from Active Directory. This allows the Edge Transport to
perform recipient lookups and Spam filtering.
The Edge Transport role performs a number of functions including Anti-spam and Anti-virus protection.
The Edge Transport uses connection filtering, content filtering, recipient filtering, SenderID, sender and
IP reputation to reduce the amount of Spam delivered to the end users inbox. Mail tagged as Spam will
sit in a Spam quarantine from which administrators can delete or allow messages tagged as Spam. One
of the top features is the ability for Outlook 2003 and 2007 clients to merge their Spam settings (like
white and black lists) to the Edge Transport server to increase the efficiency and accuracy of the filters.
The built in VSAPI has been improved and the introduction of transport agents will allow third party AV
applications to provide stronger AV filtering.
Edge Transport Rules are used to protect the Exchange organization by applying rules and, based on
whether the message passes or fails, appropriate action is taken. Unlike the Anti-virus and Anti-Spam
processing, Edge Transport rules are based on SMTP and MIME addresses, words in the subject or
message body, and SCL rating. The Edge Transport role also handles address rewriting; in Exchange 2007
an administrator can modify the SMTP address on in or outbound mail.
The Edge Transport server is also responsible for all mail entering or leaving the Exchange organization.
Mail travels inbound through the Edge Transport and once the Edge Transport Rules have been applied
the message is passed on to the Hub Transport server. Because the Edge Transport is responsible for all
in and outbound mail, you can configure multiple Edge Transport servers for redundancy and load
Hub Transport Role
The Hub Transport role is responsible for all internal mail flow. This role is similar to the bridgehead
server in an Exchange 2000/2003 organization. In fact it originally was called the Bridgehead Role until it
The Hub Transport server, as well as the rest of the server roles, is installed on member server(s) in an
Active Directory domain. There is no need for ADAM on this, or any other role aside from the Edge
Transport. Because it is a member of an AD domain, all its configuration information is stored in AD and
any other Hub Transport servers you install will get their configuration from AD.
Inbound mail is accepted from the Edge Transport and passed on to the user's mailbox and all outbound
mail is relayed from the Hub Transport to the Edge Transport and out to the Internet. The Hub Transport
and Edge Transport servers are very similar and in fact, one can forgo the Edge Transport server and
configure the Hub Transport to accept mail from, and send mail to, the Internet. Hub Transport agents
can also be deployed to enforce corporate message policies such as message retention, something that
will come as good news to administrators attempting to comply with SarbOx rules.
The Anti-Spam and Anti-virus features of the Edge Transport can be configured on the Hub Transport in
order to reduce the number of servers required. It is quite feasible that you may only have one server in
your Exchange organization with all the roles installed on it. In this case you cannot have an Edge
Transport and all those features will be passed on to the Hub Transport role.
The simplest of the roles has to be the Mailbox Role. Quite simply the Mailbox role holds the Exchange
databases within which the user mailboxes are contained. It is also home to the Public Folder databases
if you enabled Public Folders. (They are not enabled by default in Exchange 2007)
Client Access Role
The Client Access Role is similar to the role a Front-End server would play in an Exchange 2000/2003
organization. The Client Access server is the server that users connect to with their mail client, mobile
device, or web browser. The Client Access server handles all connections whether they come from an
application such as Outlook 2003 or 2007, Outlook Express, or any other MAPI, POP3 or IMAP4 client.
The Client Access server also handles connections made from mobile devices such as a Windows Mobile
5 Smartphone, or any other device using Exchange ActiveSync. Exchange ActiveSync in Exchange 2007
supports all devices with PocketPC 2002/2003 and Windows Mobile 5. Figure 2 shows how all the clients
and roles connect to each other.
Unified Messaging Role
The last, and in my opinion, coolest role is the Unified Messaging Role. The Unified Messaging role is
responsible for merging your VOIP infrastructure with your Exchange organization. What does this allow
combined voice, fax, and mail in one inbox
access to voice, fax and mail via multiple interfaces
Need to check your voicemail but all you have is Internet access? No problem, connect to the Exchange
server with OWA and you will find your voicemail as attachments in email messages. Running late for a
meeting and no access to email or your calendar? Call the Exchange server and move the start of the
appointment in your calendar and the attendees with get an email notifying them of the change.
Unified messaging will change the way user’s access voice, fax and email and they will love you for it.
Now before you get too excited this will require some special hardware to interact with your phone
system and more information will be released as Exchange 2007 gets closer to RTM.
Dial Tone Recovery
A dial tone recovery involves creating an empty database on a server to replace a failed database. This
empty, or dial tone, database allows users to send and receive e-mail while the failed database is
recovered. By using a dial tone recovery approach, you can restore basic e-mail service to users
(providing them with a "dial tone") and then restore users' previous data as it becomes available.
METHODS OF PERFORMING A DIAL TONE RECOVERY:
Dial tone recovery on the server with the failed database
Dial tone recovery using an alternate server for the dial tone database
Dial tone recovery using and staying on an alternate server for the dial tone database
Exchange's Daily Scheduled Maintenance
Exchange daily scheduled maintenance period by default occurs from 2:00 a.m. to 6:00 a.m.,
INFORMATION STORE (IS) PERFORMS MAINTENANCE TASKS—
Deleted Item Retention Store Cleanup,
Deleted Mailbox Store Cleanup
Note - That help keep your Exchange mailbox and public folder databases free of unnecessary
Online defragmentation - As users add and remove messages, the amount of used space in Exchange's
database files fluctuates. The IS conscientiously recycles free space in the database file, only increasing
the size of the file when there isn't enough unallocated space. During an online defragmentation, the IS
reallocates and rearranges pages to put all the free space in a contiguous block at the end of the
database file. Doing so makes future allocations more efficient. After a defrag, you can check the event
log for event ID 1221, which tells you how much free space a particular database file contains. This
information in turn helps you estimate how long you have before the IS increases the database file size.
Tombstone maintenance - When a user marks an item for deletion from the IS, Exchange doesn't
immediately delete the item. Rather, Exchange replaces the deleted item with a tombstone--basically,
Exchange sets an "Is this deleted?" flag on the object and replicates the object (along with the flag) to
other servers. After a 30- or 60-day period (depending on the object type), Exchange removes the
tombstone and truly deletes the item during tombstone maintenance.
Deleted Item Retention store cleanup - If you've turned on Deleted Item Retention, Exchange places
deleted items in the Deleted Item Retention store (aka the dumpster). Deleted items stay in the
dumpster until the end of the specified Deleted Item Retention period, after which Exchange deletes
Deleted Mailbox store cleanup - Exchange Server 2003 and Exchange 2000 Server support a dumpster
for deleted mailboxes. This mechanism can be a real lifesaver if you accidentally delete an important
mailbox. The process is the same as for deleted items.
Message table checking - The IS performs some limited consistency checking to examine the message
tables in each mailbox and update those tables as needed. Don't confuse this process with the more
comprehensive, and much slower, message table tests that Isinteg performs.
Index purging - For efficiency, the IS dynamically builds database indexes when users change the view
criteria in Outlook. However, keeping a limitless store of view information around is impossible, so after
a variable period (usually about 7 days) old views expire and Exchange removes them.
Exchange 2007 does not use the stream (.stm)
Exchange 2007 does not use the stream (.stm) file format that was used in Exchange Server 2003. Data
that was formerly divided between .edb and .stm files is now stored only in .edb files. Exchange 2007
Exchange 2007 Database structure
LOG FILE SIZE IN EX 2007 IS 1 MB
MAILBOX DATABASE .EDB
1. Local Continuous Replication (LCR)
2. Cluster Continuous Replication (CCR)
3. Standby Continuous Replication (SCR) -- Which Was Introduced In Exchange Server Service Pack 1
Local continuous replication provides a degree of fault tolerance on a single mailbox server. The basic
premise is that LCR creates a secondary copy of an Exchange Server database on a separate volume than
CCR uses a similar method to create a separate copy of the database and stores it on a separate
SCR is similar to CCR; however, CCR can only create one replica of a protected database. SCR can create
multiple replicas of a database.
Continuous replication is based on a technique called log shipping, which involves copying each log file
to the location where the backup database is stored while the log file is built. The log file is then
replayed against the replica database, bringing the database into a current state.continuous replication
as a storage group-level operation, but I think it's more accurate to classify it as a database-level
operation. Log files reside at the storage group level, but continuous replication, in any form, limits the
protected storage group to a single database. Therefore, continuous replication could be considered a
database-level operation because it involves a single database.
How Exchange Server Database Transactions Work
The process that database transactions use is the same process used by all mailbox servers, Database
Transaction Copied Server's Memory Known As the ESE Cache.
EXTENSIBLE STORAGE ENGINE (ESE) DATABASE CACHE (ESE CACHE )
Database updates from the current transaction are performed within the ESE cache but are not written
directly to the database.
Cached database pages that have been updated but not written to disk are referred to as dirty pages. If
additional transactions perform operations against dirty pages, then the operation is performed within
the ESE cache. In such a case, Exchange uses a mechanism called the version store to make sure the
database remains in a consistent state.
Next, the transaction is recorded in a transaction log file. Depending on the size of the transaction, this
process may involve closing the current log file and starting another one. Because the log file is only 1
MB, Exchange may consider the excessively large transactions as multiple log files. Each time a log file
reaches the 1 MB limit, it is closed and a new log file starts.
When a backup is running against an Exchange server, the contents of the log files are written to the
database. At this point, the checkpoint file is advanced so that it references the oldest log file that has
not yet been committed to the database.
Transaction Log File Size Changes
Another change in Exchange Server 2007 is that the transaction log files are now 1MB instead of 5MB as
was the case in previous versions of Exchange.
In previous versions of Exchange if a crash destroyed the last few log files that hadn’t been committed to
the database yet, you would need to restore or repair the database to have it mounted again.
Exchange Server 2007 introduces a new feature called Lost Log Resilience (or LLR in short) which will
hold the last few log files in memory until the database is shut down. This means that you will
never have a case where part of for example log file 5 has been written to the database, but part of log
file 4 hasn’t. The benefit of this is that if you don’t have anything against losing the last few log files, you
can tell Exchange to simply throw away the data and mount the database.
So the reason why the log files has been reduced to 1MB is to reduce LLR exposure. Now if you lose the
last log, it costs up to 1MB of the most recent data instead of 5MB.
Another improvement worth mentioning is that the log file sequence numbers now can go above 1
million. As some of you might be aware previous versions of Exchange had a limit of 1 million, so if a
database had been running long enough to generate a million logs, you had to shut it down and start
over from log #1 ("reset the log sequence"). This would happen every few years for most databases.
With the smaller log sizes and the increasing amount of messages passing through most databases, the
Exchange Product group decided 2 billion log files (per storage group!) would be a better maximum log
The checkpoint file is used to track which transactions have been committed to the database and which
transactions have to be committed to the database. The name of the file is EX0.chk (X stands for the
storage group) and its size is 8KB.
DATABASE CACHE SIZE IN EXCHANGE 2003
Exchange 2003 runs on a 32-bit operating system, which limits the maximum size of the virtual address
space to 4 gigabytes (GB). The operating system leaves only 2 GB of addressable RAM for a single
application such as Exchange (or 3 GB when the /3GB switch is set in the Exchange boot.ini file). With
such a limited amount of addressable RAM available, the size of the database cache must be carefully
managed to allow Exchange to perform at its highest level.
Database Cache Size in Exchange 2007
A large database cache greatly increases performance because disk input/output (I/O) is reduced and
the ability to read information from memory is much faster than having to read information from a disk.
With the 64-bit architecture in Exchange 2007, the maximum size of the database cache is no longer
constrained by limits on the virtual address space. Instead, it is determined by the amount of available
memory and by database I/O. For example, on a server that has 16 GB of physical RAM, ESE may
increase the database cache to 8 GB if this amount is sufficient to meet its memory needs, and leave the
remaining memory for system cache and other applications that are running on the server.
Because the maximum size of the database cache is not set by default, ESE can increase the size of the
database cache to consume almost all available RAM on the server if there is enough database I/O
pressure to justify the increase. If other applications or the Windows Server system cache request or
require memory, ESE decreases the size of the database cache as required. ESE does not increase the
size of the cache unless there is enough database I/O pressure to justify the growth. The default
minimum database cache size for Exchange 2007 is 512 megabytes (MB) on servers that have at least 2
GB of RAM.
Setting the Maximum Size of the Database Cache
You can use Active Directory Service Interfaces (ADSI) Edit to set the maximum size of the database
FSMO (Flexible Single Master Operations in Windows Server 2003)
Role Name Scope Description
Controls and handles updates/modifications to the Active
Schema Master 1 per forest
Controls the addition and removal of domains from the forest
Naming 1 per forest
if present in root domain
Provides backwards compatibility for NT4 clients for PDC
operations (like password changes). The PDCs also run
PDC Emulator 1 per domain domain specific processes such as the Security Descriptor
Propagator (SDPROP), and is the master time server within
Allocates pools of unique identifier to domain controllers for
RID Master 1 per domain
use when creating objects
Synchronizes cross-domain group membership changes. The
Infrastructure 1 per
infrastructure master cannot run on a global catalog server
(GCS)(unless all DCs are also GCs.)
The schema master domain controller controls all updates and modifications to the schema. Once the
Schema update is complete, it is replicated from the schema master to all other DCs in the directory. To
update the schema of a forest, you must have access to the schema master. There can be only one
schema master in the whole forest.
Domain naming master:
Domain naming master controls the addition or removal of domains in the forest. This DC is the only one
that can add or remove a domain from the directory. It can also add or remove cross references to
domains in external directories. There can be only one domain naming master in the whole forest.
When an object in one domain is referenced by another object in another domain, it represents the
reference by the GUID, the SID (for references to security principals), and the DN of the object being
referenced. The infrastructure FSMO role holder is the DC responsible for updating an object's SID and
distinguished name in a cross-domain object reference. At any one time, there can be only one domain
controller acting as the infrastructure master in each domain.
Note: The Infrastructure Master (IM) role should be held by a domain controller that is not a Global
Catalog server (GC). If the Infrastructure Master runs on a Global Catalog server it will stop updating
object information because it does not contain any references to objects that it does not hold. This is
because a Global Catalog server holds a partial replica of every object in the forest. As a result, cross-
domain object references in that domain will not be updated and a warning to that effect will be logged
on that DC's event log. If all the domain controllers in a domain also host the global catalog, all the
domain controllers have the current data, and it is not important which domain controller holds the
infrastructure master role.
Relative ID (RID) Master:
The RID master is responsible for processing RID pool requests from all domain controllers in a particular
domain. When a DC creates a security principal object such as a user or group, it attaches a unique
Security ID (SID) to the object. This SID consists of a domain SID (the same for all SIDs created in a
domain), and a relative ID (RID) that is unique for each security principal SID created in a domain. Each
DC in a domain is allocated a pool of RIDs that it is allowed to assign to the security principals it creates.
When a DC's allocated RID pool falls below a threshold, that DC issues a request for additional RIDs to
the domain's RID master. The domain RID master responds to the request by retrieving RIDs from the
domain's unallocated RID pool and assigns them to the pool of the requesting DC. At any one time, there
can be only one domain controller acting as the RID master in the domain.
The PDC emulator is necessary to synchronize time in an enterprise. Windows 2000/2003 includes the
W32Time (Windows Time) time service that is required by the Kerberos authentication protocol. All
Windows 2000/2003-based computers within an enterprise use a common time. The purpose of the
time service is to ensure that the Windows Time service uses a hierarchical relationship that controls
authority and does not permit loops to ensure appropriate common time usage.
The PDC emulator of a domain is authoritative for the domain. The PDC emulator at the root of the
forest becomes authoritative for the enterprise, and should be configured to gather the time from an
external source. All PDC FSMO role holders follow the hierarchy of domains in the selection of their in-
bound time partner.
In a Windows 2000/2003 domain, the PDC emulator role holder retains the following functions:
Password changes performed by other DCs in the domain are replicated preferentially to the
Authentication failures that occur at a given DC in a domain because of an incorrect password
are forwarded to the PDC emulator before a bad password failure message is reported to the
Account lockout is processed on the PDC emulator.
Editing or creation of Group Policy Objects (GPO) is always done from the GPO copy found in the
PDC Emulator's SYSVOL share, unless configured not to do so by the administrator.
The PDC emulator performs all of the functionality that a Microsoft Windows NT 4.0 Server-
based PDC or earlier PDC performs for Windows NT 4.0-based or earlier clients.
This part of the PDC emulator role becomes unnecessary when all workstations, member servers, and
domain controllers that are running Windows NT 4.0 or earlier are all upgraded to Windows 2000/2003.
The PDC emulator still performs the other functions as described in a Windows 2000/2003 environment.
At any one time, there can be only one domain controller acting as the PDC emulator master in each
domain in the forest.
1. Exchange version difference in 2003 and 2007
2. Recipient policy type