Introduction
This document discusses the changes made to the schema during the installation of Unified Messenger 4.x, to address the customer concern: “what is this product going to do to my schema?”. This document does not address every aspect of the installation, only the Unified Messenger installation options that affect the Active Directory Schema. The Windows 2000 Active Directory (AD) Schema is an information repository that describes the possible contents (object classes and attributes) of the remainder of the Active Directory1. There are methods to search and retrieve the schema just like the rest of the directory data, making that information available, manageable, and scaleable. The design allows third parties to extend the schema with classes and attributes to allow applications such as Unified Messenger (UM) to use the AD for the storage of user and gateway configuration properties.
While updates to Active Directory objects are a normal part of system administration, extending or otherwise changing the Active Directory schema is a very significant event. Because the schema describes the sort of objects that can be contained in the directory, it must be consistent throughout the entire domain forest. Changes to the schema therefore trigger replication of the schema and associated directory checks, which may consume considerable network bandwidth and directory server processing power. For this reason, Windows 2000 (and later) possess a Schema Admins group which is intended to contain the identities of those (usually few) individuals in an organization who are permitted to modify the schema.
The installation of Unified Messenger may extend and does change the schema, depending on the options selected. All changes are made using Microsoft-documented methods.
Schema changes made by the installation of Unified Messenger
As part of the installation of Unified Messenger there are three options that may be selected to be installed that will affect the schema. These are the AD updates for:1. Enable Octel Analog Networking 2. Enable Unified Messenger 3. Enable User Administration
Only one of these, Enable Octel Analog Networking, actually extends the schema by adding a class and attributes to that class in the schema. The Enable Unified Messenger
and Enable User Administration options do not add classes and attributes; selection of these two options make the changes necessary to support UM in an AD environment.
For Enable Unified Messenger, the Exchange extension data attribute2 is changed to be allowed to replicate to the Active Directory Global Catalog (GC). For Enable User Administration, a Display-Specifier is added to an existing class to allow the display of the Unified Messenger tab on the accounts’ property pages.
All of these selections only need to be made once per AD forest, and they must be made by an account that is a member of the Schema Admins group.
Enable Octel Analog Networking
This selection only needs to be made if Octel Analog Networking is required for any UM Voice Mail Domain (VMD) in the organization. This option enables administration of the Octel Analog Networking (OAN) gateway, found in the Exchange System Manager (ESM) application.
The following changes are made to the schema when the Enable Octel Analog Networking option is selected.
One Class is added to the Schema:
• Gateway. This is the overall definition of the gateway, which contains the attributes
Seven Attributes are added to the OAN gateway class:
• VoiceMailDomainID. The VMD that this OAN gateway serves • SerialNumber. The serial number of this UM OAN gateway
• SendingServer. The UM server responsible for sending OAN messages in this VMD
• NonDeliveryReportTime. The NDR time in hours
• MaxTTSTime. The maximum length of a TTS message to be sent via OAN • RemoteNodes. The OAN nodes with which this UM OAN gateway exchanges
messages
• Schedules. The schedules for this OAN gateway
2 The display name of this attribute is ms-Exch-Extension-Data. It is also present in the Exchange 5.5 directory schema, where it is the only recommended place for independent software ve ndors to store per-Exchange-user data.
The local nodes, delivery rules, and dialing page configurations are stored in the
RemoteNode attribute in a proprietary format.
Applicable Components
The Exchange System Management Tools (ESMT), including the ESM, are installed as part of an Exchange server installation or can be installed on any system on which Exchange servers and components need to be managed. In order to actually administer the OAN gateway, the Octel Analog Networking Administration extension needs to be installed on any ESM system from which you also intend to administer the OAN gateway.
Enable Unified Messenger & Enable User Administration
Enable Unified Messenger
UM stores subscriber configuration information in the ms-Exch-Extension-Data attribute. The UM Voice Server synchronizes with the AD GC to obtain details of subscriber
configuration and other addressable objects in the forest. Specifically the attribute
isMemberOfPartialAttributeSet is set to the value TRUE for the attribute schema
definition of the ms-Exch-Extension-Data attribute. The default value of this attribute is FALSE, which means that the Extension Data does not replicate to the GC.
In order to be allowed to make this change, the installation program first must be allowed to change the schema. It does so by going to the registry, changing
HKLM/System/CurrentControlSet/Services/NTDS/Parameters/SchemaUpdateAllowed to a 1 from a 0, making the change to isMemberOfPartialAttributeSet from FALSE to TRUE, then setting SchemaUpdateAllowed back to zero.
During the configuration phase of the installation of UM, a peer server and a peer directory server are nominated. The peer server is the Exchange server that is used by UM to send messages to subscriber mailboxes on behalf of unknown callers. The peer directory server is an AD GC. UM wants to know about all users in the organization, so it needs to go to the centralized directory source in the AD, take the information about all users in the directory, and build it into the Front End Database (FEDB). The
Extension Data must be replicated to the GC so UM gets information about all Accounts, Contacts (custom recipients), and Groups (distribution lists), especially those enabled for UM.
Enable User Administration
This option allows users, groups, and contacts objects to be enabled for UM. This must be installed on an AD server machine and should be done once per organization/forest. You must also install the Subscriber Administration for Exchange 2000 component on every machine where you use Active Directory Users and Computers to enable mailbox-enabled accounts for Unified Messenger.
You will always have to select both the Enable Unified Messenger and Enable User Administration options to have a properly configured system. You can select to install them individually, but until they are both installed, the AD will not have the required components to support UM.
Applicable Components
Once you have configured the AD to support UM, you will need to have the required tools installed on any machine where you use Active Directory Users and Computers to enable mailbox-enabled accounts for Unified Messenger. For this task, the Subscriber Administration extensions need to be installed.
If valid security credentials are supplied, the installation package will add the Unified Messenger tab to the set of tabs that the Active Directory Users and Computers MMC snap-in will display for each user, contact, or group. Specifically, the GUID A6688A44-CEDE-456E-AE57-3567D9909AE7 is added to the multi-valued attribute
adminPropertyPages on the user-Display object, which has the dn:
CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=<corp>,DC=<com>3 Active Directory Global Catalog Unified Messenger Server Exchange 2000 Server Active Directory Users and Computers Exchange System Management Tools
UM Subscriber Extensions Exchange tabs visible
UM tabs visible
Active Directory Users and Computers Exchange System Management Tools
Exchange tabs visible UM tabs NOT visible Active Directory
Users and Computers Exchange tabs NOT visible
UM tab NOT visible
The ESMT and UM extensions only appear on those machines on which they are installed. This is considerably different than Exchange 5.5. In Exchange 5.5, installing extensions on one server in the Exchange Site allowed those extensions to be replicated and used on every Exchange server in that Site. This is quite different from using extensions with the AD and Exchange 2000.
The AD can specify user interface elements on a per-class basis. These elements are property pages, context menus, localized class and attribute names, icons, and creation wizards. The display specification system stores the information for the property sheets of these elements. The user interface information is stored in an AD object called a
3 In the above example, the CN=409 indicates English. For localized languages, the CN= in this portion of the DN will be indicated by the language ID, i.e. 407 for German, 411 for Japanese, etc.
Display-Specifier. Each Display-Specifier object contains attributes describing the various user interface elements for the specific user interface to which it pertains. Each
Display-Specifier object is stored in a corresponding to a supported locale.
The user class has a corresponding Display-Specifier object called user-Display. When you bind to an object of a particular class, you look up the Display-Specifier object based on the same name as the class and within the container for the current locale. The AD user interface first looks in a locale container named after the local identifier for the current user’s session. If a folder of that name is not found, the US English locale is used.
Additionally, the MAPI Address book provider for the AD uses the GC as its data source so replication of the ms-Exch-Extension-Data attribute to the GC is necessary for MAPI to be able to support access to client applications through the
PR_EMS_AB_EXTENSION_DATA property.
Conclusion
The AD schema is designed to be changed and extended to support additional
functionality in an AD environment. UM takes advantage of the flexibility of this design by modifying the schema with the necessary components
In order to support Unified Messenger in an Active Directory environment, some changes need to be made to the AD schema. The extent of these changes depends on what type of support for UM is required. Changes to the schema will be required for subscriber/account administration. Extending the schema may be required if the organization requires the Octel Analog Networking option.
Notes
1. The information in this document generally applies to the Unified Messenger 4.x product stream. One minor difference between UM 4.00 and UM 4.01 and later should be pointed out: the Display-Specifier for user-Display was for the English language only in UM 4.00 and includes additional locales for UM 4.01 and later. 2. There is no un-installation routine for removing the schema changes made by
the UM installers. However, if you were familiar with the schema layout and how to use the ADSI Edit utility (installed from the Windows 2000 CD Support\Tools directory), the changes could be manually un-done if required.
Glossary
This glossary contains brief descriptions of some of the terminology used in this
document. For more information about any of these or other terms used, please go to http://support.microsoft.com, http://msdn.microsoft.com, or http://www.google.com and search on the desired term.
Active Directory (AD): an information repository with methods to search and retrieve the stored information, making that information available, manageable, and scaleable.
Attribute (or Property): holds the value of the Property.
Class: a storage unit in the Active Directory, it holds the collection of required and optional attributes.
CN: Common Name – identifies the name of an object in the directory.
DN: Distinguished Name – a globally unique identifier representing an individual’s identity.
Forest: a collection of domain trees.
Global Catalog (GC): a replica of attributes of every object in the Active Directory, used for queries that span the company across all domains.
Naming Contexts (NCs): the Domain NC contains all objects in the domain and replicates only in the domain; the Schema NC contains the class and attribute definitions and replicates in the forest; the Configuration NC contains the topology of forest elements and replicates in the forest.
Schema: contains the definitions of the objects stored in the Active Directory, defines classes and attributes, and is extensible, allowing new classes to be added, and attributes added to classes.
Tree: a hierarchical organization of domains.
References
1. LDF schema change definition files from the UM installation CD.
2. Microsoft Windows 2000 Active Directory Display Specifiers whitepaper
(http://msdn.microsoft.com/library/en-us/dnw2k/html/msdn_active_display.asp). 3. Unified Messenger architects and developers.
4. Personal experience.
I hope you have found this document useful. Please provide any comments to the author at [email protected].
