In order to offer Exchange services, the Edge Transport Server has a local copy of the most significant information of the company’s Active Directory. This is stored in a Lightweight Directory Services database, which was formerly known as “Active Directory Application Mode” or ADAM. This database only stores a subset of the Active Directory information, and only informational items like recipients that exist in the internal Exchange organization. No information is stored that can compromise the company’s Active Directory security.
Being in the DMZ (demilitarized zone), the Exchange Server 2010 Edge Transport Server role does not have full access to the corporate network, so it does not have access to the corporate Domain Controllers, and since the Edge Transport Server is in the DMZ, it cannot use the company’s internal DNS servers, and so needs to use external DNS servers instead. The Edge Transport Server must always be able to resolve external SMTP hosts for delivering messages, hence the external DNS server entries.
As part of its role, the Edge Transport Server also needs to deliver SMTP messages to the internal Hub Transport Server. To resolve these servers, they have to be added to the Edge Transport Server’s HOSTS file.
As can be derived from this article, the Exchange Server 2010 Edge Transport Server role has the following prerequisites:
.NET Framework 3.5
Active Directory Lightweight Directory Services.
1 Installing Active Directory Lightweight Directory Services
The Active Directory Lightweight Directory Services (AD LDS), previously known as Active Directory Application Mode or ADAM, can be installed using the Windows Server 2008 Server Manager. To install the AD LDS follow the steps below.
On the Introduction page, click Next.
On the Confirmation page, click Install.
On the Installation Results page, click Finish.
2 Installing the Edge Transport Server role
The Edge Transport Server is now installed, but not yet configured. It is possible to configure everything, like the Accepted Domains, Send Connectors, etc., manually using the Exchange Management Console. An easier way is to use a synchronization process which synchronizes information from the Hub Transport Server within the company’s Active Directory and Exchange organization to the Edge Transport Server in the DMZ. This process is called the Edge Transport Synchronization, or Edgesync.
3 Configuring Edge Transport Synchronization
As I mentioned, the Exchange Server 2010 Edge Transport Server is not part of the internal Active Directory and Exchange organization, and is typically installed in the network’s DMZ. A mechanism obviously needs to be in place for keeping the server up to date with information.
For example, for the recipient filtering in the Edge Transport Server to take place, the server needs to know which recipients exist in the internal Exchange environment. The Edge Transport Server also needs to have knowledge about the existing Hub Transport Server in the internal Exchange organization, where the Edge Transport Server has to deliver its SMTP messages to.
This information is pushed from an internal Hub Transport Server to the Edge Transport Server by a process called Edgesync. Please note that for a successful synchronization from the Hub Transport Server to the Edge Transport Server, you have to open port 50636 on the internal firewall. This port has to be opened from the internal network to the DMZ and not vice versa.
To setup an Edge Synchronization, a special XML file has to be created on the Edge Transport Server. This XML file has to be imported to a Hub Transport Server on the internal network creating a relationship between the Edge Transport Server and the respective Hub Transport Server. Once that relationship is created, the Edgesync service can be started. To setup the Edgesync service, please follow these steps:
Enter the following command:
Copy the <<filename.xml>> to a directory on the Hub Transport Server.