By Justin Birt

Introduction

Microsoft Exchange 2007 offers the possibility multiple message stores in order to deliver massive capacity for user mailboxes. The benefit of multiple message stores over one large store is that each store can be kept nominally small (in the order of 500Gb) in order to provide manageable sizes in the event that disaster recovery is required and to reduce the impact within the organisation if such an event should occur.

The standard product offers 5 storage groups and databases per server. The Enterprise edition offers up to 50 storage groups and databases per server. Best practice dictates that there is a one to one relationship between storage groups and message stores.

The IDM v3.5.1 AD driver provides support for creating mailboxes for users by populating the homeMDB and mailNickname attributes. But in an enterprise environment how can you decide which of the available message stores to use for any given user.

This article explores some methods that can be introduced into the IDM v3.5.1 AD driver in order to load balance mailbox provision evenly across the available Exchange 2007 message stores using the standard policy rule constructs and object options available to the AD driver.

AD Driver Modifications

This section explores the changes necessary to the standard IDM v3.5.1 AD driver configuration.

Mapping Table

The key component used by this solution is a mapping table. These objects were introduced in IDM v3.5.1 and are an extremely flexible tool for expanding the conditional processing available to IDM policy rules.

In the example map table object below, you can see a simple mapping table in XML format, comprising of two columns and four rows.

The first column stores an incrementing index number and the second column the AD DNs of the available message stores.

In your environment, you can use the Novell utility ADManager.exe to interrogate the environment and retrieve the Exchange Message Store DN’s. These can then be cut & pasted into your mapping table. This can scale to as big as you like, if you have 50 storage groups/message stores, then add 50 rows to your mapping table!


<?xml version="1.0" encoding="UTF-8"?>
 <col-def name="Index" type="nocase"/>
  <row>
   <col>1
   <col>CN=[Message Store Name],CN=[Storage Group],CN=InformationStore,CN=[Server Name],CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ORG,DC=DEV
  </row>
 <col-def name="Message Store" type="nocase"/>
  <row>
   <col>2
   <col>CN=[Message Store Name],CN=[Storage Group],CN=InformationStore,CN=[Server Name],CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ORG,DC=DEV
    </row>
   <row>
    <col>3
    <col>CN=[Message Store Name],CN=[Storage Group],CN=InformationStore,CN=[Server Name],CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ORG,DC=DEV
   </row>
   <row>
    <col>4
    <col>CN=[Message Store Name],CN=[Storage Group],CN=InformationStore,CN=[Server Name],CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ORG,DC=DEV
   </row>
</mapping-table>


Having defined the mapping table, lets examine two ways in which it can be used in order to deliver Exchange 2007 message store load balancing.

Round Robin

With a couple of policy rules we can easily achieve a classic ’round robin’ distribution of mail boxes across the available Exchange Message Stores with just two policy rules.

The rule shown below should be placed in the Event Policy of the AD Driver Publisher channel.


<rule>
 <description>Driver: Initialise Count</description>
 <conditions>
  <and>
   <if-operation mode="case" op="equal">status</if-operation>
   <if-xpath op="true">self::status [text() ='Remote driver successfully started.']</if-xpath>
  </and>
 </conditions>
 <actions>
  <do-set-local-variable name="LV_Count" scope="driver">
   <arg-string>
    <token-text xml:space="preserve">1</token-text>
   </arg-string>
  </do-set-local-variable>
 </actions>
</rule>



So how does this work …

In the condition block, this rule is detecting if a status operation is in the channel and additionally, using some XPATH, tests whether the status message has some specific text ‘Remote driver successfully started’.

If the conditions are met then a local variable LV_Count is initialised with a value of 1. Note that the scope of this variable is set to driver, rather than policy. This is important.

What is being leveraged here is the fact that when the IDM AD driver first starts, it signals that startup was successful by sending a status message on the Publisher channel. This Policy Rule is looking explicitly for this message and initialising a driver scoped variable with the value 1.

The rule below should be placed in the Subscriber channel Create Policy.


<rule>
 <description>User: Exchange Provisioning </description>
  <conditions>
   <and>
    <if-class-name op="equal">User</if-class-name>
   </and>
  </conditions>
  <actions>
   <do-set-dest-attr-value name="homeMDB">
    <arg-value type="string">
     <token-map dest="Mailstore" src="Index" table="\[root]\ORG\IDM\ORG Driver Set\AD Driver\Mail Store">
      <token-local-variable name="LV_Count"/>
     </token-map>
    </arg-value>
   </do-set-dest-attr-value>
   <do-if>
    <arg-conditions>
     <and>
      <if-local-variable mode="nocase" name="LV_Count" op="equal">4</if-local-variable>
     </and>
    </arg-conditions>
    <arg-actions>
     <do-set-local-variable name="LV_Count" scope="driver">
      <arg-string>
       <token-text xml:space="preserve">1</token-text>
      </arg-string>
     </do-set-local-variable>
    </arg-actions>
    <arg-actions>
    <do-set-local-variable name="LV_Count" scope="driver">
     <arg-string>
      <token-xpath expression="$LV_Count + 1"/>
     </arg-string>
    </do-set-local-variable>
   </arg-actions>
  </do-if>
 </actions>
</rule>


In this rule, the AD homeMDB attribute is being set by looking up the current value of the LV_Counter variable in the index column of the mapping table and retuning the value stored in the Message Store column.

In the second action, the current value of LV_Counter is tested to see if it is 4. If it is, it is set back to 1. If it isn’t it is incremented by one.

So, having started the AD driver, the first user add document in the channel will be have the homeMDB attribute set to the first Exchange Message Store. When we get to the forth user add document, after the homeMDB attribute has been set to the DN stored in the fourth row of the mapping table, the LV_Counter variable is reset to 1 and the cycle starts again. Again this can be scaled. I have picked 4 for illustration. If your environment has 50 message stores then modify this rule accordingly.

Alternative Rule

As an alternative to a round robin approach to load balancing, on one installation I have worked on there was a requirement to place users in Exchange 2007 message stores alphabetically by surname. With some modification, it is possible to use the mapping table you already have to achieve this.

I used an ECMA library and one function defined in the AD driver to achieve this. Take a look at
Using ECMA Scripts in IDM Policy Rules if you haven’t used these in you driver configurations before.

In the ECMA script shown below, a function alphaIndex() is passed a string containing the surname of a user and returns an index number. The value of the index number depends on where the first character of the surname is relative to the alphabetical sequence.



/*
 *
 *  Script:   alphaIndex()
 *  Purpose:  Return an index number based on the alphabetical position of the
 *            of the surname. 
 *  Author:   Justin Birt
 *  Date:     20 September 2008 
 *  Web:      
 *
 */
 
 function alphaIndex(surname){

	var index;
	var instr = String(surname);

	index = 0;
	
	if(instr.match(/\b[a-f]/gi)){
		index = 1;
	}
	
	if(instr.match(/\b[g-l]/gi)){
		index = 2;
	}
	
	if(instr.match(/\b[m-r]/gi)){
		index = 3;
	}
	
	if(instr.match(/\b[s-z]/gi)){
		index = 4;
	}
	return index;
}


This function has four conditional tests that use regular expressions to establish whether the word boundary (ie: the first character) of the surname string falls within a range. Depending on which condition is met, the value of the variable index is set to a value between 1 and 4 and returned. If no match is found then the function returns 0.

Again in this example I have just shown 4 groupings. On a large Enterprise Exchange 2007 system you could have one message store for each letter of the alphabet.

Conclusions

It can be seen that by using the standard tools provided with the IDM v3.5.1 Active Directory driver, it is possible to enhance the support for Exchange 2007 by providing effective load balancing of user mail boxes across the available message stores in an enterprise system.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Loading...
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

Leave a Comment

  • johnehurst says:

    does LV_count maintain it’s current value the entire time additional events enter the channel?

    For instance if I was doing 5 user creates, would LV_count be seen as 2 for the 2nd user, 3 for the third, 4 for the 4th and 1 for the 5th?

    Does it stay in memory the entire time the driver is on or the engine is running?

    • geoffc says:

      If you look, you will see that the scope for the local variable when it is set is driver, not policy. Therefore the value will remain until the driver is restarted.

    • 9556613 says:

      Geoff has it in a nutshell. Because the variable is scoped at a driver level rather than a policy level it is initialised when the driver is started.

      Each event that passes through the policy will cause the value to increment until it reaches the defined maximum whereby it resets back down to the initial value.

      This process continues the whole time the driver is running, classic ’round robin’

By: 9556613
Oct 27, 2008
11:48 am
Reads:
2,511
Score:
Unrated
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow