In order to offer Exchange services, the Edge Transport Server has a local copy of the most significant information of the company’s Active Directory. This is stored in a Lightweight Directory Services database, which was formerly known as “Active Directory Application Mode” or ADAM. This database only stores a subset of the Active Directory information, and only informational items like recipients that exist in the internal Exchange organization. No information is stored that can compromise the company’s Active Directory security.
The Edge Transport Server should never be a member of the forest that holds the Exchange organization.
Figure 1. The Edge Transport Server located in the DMZ.
Being in the DMZ (demilitarized zone), the Exchange Server 2010 Edge Transport Server role does not have full access to the corporate network, so it does not have access to the corporate Domain Controllers, and since the Edge Transport Server is in the DMZ, it cannot use the company’s internal DNS servers, and so needs to use external DNS servers instead. The Edge Transport Server must always be able to resolve external SMTP hosts for delivering messages, hence the external DNS server entries.
Figure 2. External DNS Settings on the network interface of the Edge Transport Server.
As part of its role, the Edge Transport Server also needs to deliver SMTP messages to the internal Hub Transport Server. To resolve these servers, they have to be added to the Edge Transport Server’s HOSTS file.
Being in the DMZ (and therefore not a part of the internal domain) the Edge Transport Server’s DNS Suffix has to be configured manually. To do this, follow the steps below.
Open the properties of “My Computer” on the Edge Transport Server.
Select Computer Name and click on the Change button.
On the Computer Name tab click the More button.
In the “Primary DNS Suffix for this computer” enter your external DNS Suffix.
Click OK and reboot your computer.
As can be derived from this article, the Exchange Server 2010 Edge Transport Server role has the following prerequisites:
1 Installing Active Directory Lightweight Directory Services
The Active Directory Lightweight Directory Services (AD LDS), previously known as Active Directory Application Mode or ADAM, can be installed using the Windows Server 2008 Server Manager. To install the AD LDS follow the steps below.
Log on to the server, click the Start button and select the Server Manager.
In the Server Manager, click “Roles” and in the action click “Add Roles.”
Click Next on the “before you begin” page.
On the “select server role” page, select the “Active Directory Lightweight Directory Services” and click Next.
On the Introduction page, click Next.
On the Confirmation page, click Install.
On the Installation Results page, click Finish.
The Active Directory Lightweight Directory Services role is now installed and the server is ready for the Edge Server Role.
2 Installing the Edge Transport Server role
When all the prerequisite software for the Exchange Server 2010 Edge Transport Server role is installed, you can move on to the Exchange server itself.
Log on to the server with local administrator credentials, go to the installation media and start the setup.exe installation program.
Once all prerequisite software is installed correctly, the first two options are grayed out and you can directly select “Install Exchange Server 2010.”
On the Introduction Page click Next.
Accept the License Agreement and click Next.
Select whether or not you want to participate in the Error Reporting Feature and click Next.
On the Installation Type page select “Custom Installation” and click Next. If needed, you can select another directory where the Exchange software is installed.
On the Server Role Selection page select the Edge Transport Server role. Notice that when you select this role the other roles (Mailbox, Client Access, etc.) are grayed out immediately. Click Next to continue.
The setup program will now perform a readiness to check to see if your server is capable of running the Edge Transport Server role. When successfully completed click Install to continue.
The Exchange binaries will now be copied to the local disk, the Management Tools will be installed and the Edge Transport Server will be installed. This can take quite some time to finish.
When finished you can continue configuring the Edge Transport Server using the Exchange Management Console.
The Edge Transport Server is now installed, but not yet configured. It is possible to configure everything, like the Accepted Domains, Send Connectors, etc., manually using the Exchange Management Console. An easier way is to use a synchronization process which synchronizes information from the Hub Transport Server within the company’s Active Directory and Exchange organization to the Edge Transport Server in the DMZ. This process is called the Edge Transport Synchronization, or Edgesync.
3 Configuring Edge Transport Synchronization
As I mentioned, the Exchange Server 2010 Edge Transport Server is not part of the internal Active Directory and Exchange organization, and is typically installed in the network’s DMZ. A mechanism obviously needs to be in place for keeping the server up to date with information.
For example, for the recipient filtering in the Edge Transport Server to take place, the server needs to know which recipients exist in the internal Exchange environment. The Edge Transport Server also needs to have knowledge about the existing Hub Transport Server in the internal Exchange organization, where the Edge Transport Server has to deliver its SMTP messages to.
This information is pushed from an internal Hub Transport Server to the Edge Transport Server by a process called Edgesync. Please note that for a successful synchronization from the Hub Transport Server to the Edge Transport Server, you have to open port 50636 on the internal firewall. This port has to be opened from the internal network to the DMZ and not vice versa.
Figure 3. The Edge Transport Server in the DMZ is kept up to date via the Edgesync process.
To setup an Edge Synchronization, a special XML file has to be created on the Edge Transport Server. This XML file has to be imported to a Hub Transport Server on the internal network creating a relationship between the Edge Transport Server and the respective Hub Transport Server. Once that relationship is created, the Edgesync service can be started. To setup the Edgesync service, please follow these steps:
Log on to the Edge Transport Server using an administrator account and open an Exchange Management Shell.
Enter the following command:
Copy the <<filename.xml>> to a directory on the Hub Transport Server.
Log on to the Hub Transport Server using an administrator account and open an Exchange Management Shell command prompt.
Enter the following command:
When successfully finished on the Exchange Management Shell command prompt, enter the following command:
The Edge Synchronization process should now successfully start.
On the Edge Transport Server, open the Exchange Management Shell and check if the settings are identical to the settings on the Hub Transport Server.
When making changes to the internal Exchange organization, these changes will automatically replicate to the Edge Transport Server in the DMZ