Microsoft Exchange 2000 Server Adminstrator's Companion
Many of the features of Outlook 2000 are especially relevant in a book about Exchange 2000 Server because they involve interaction between the Outlook 2000 client and Exchange Server. These features include the ability to work while disconnected from the Exchange server and to let more than one user work with a specific computer. This section discusses these topics.
Using Outlook 2000 Off Line
Exchange Server and Outlook 2000 form the two ends of a powerful communications system. Most of the time, people communicate while the programs are in direct contact with each other so that the give and take of the process can proceed freely.
Recall from Chapter 1, however, that communication with messaging systems such as Exchange Server is asynchronous, which means that one party can send a message without the other party's being available to receive the message. Even though messages and replies might fly through your Exchange Server environment as rapidly as they do on the telephone, there is no requirement that the recipient be available when a message is sent or that the sender still be on line when the message is received.
This simple fact means that you can also use the Outlook 2000 client without being connected to the Exchange server. You can read messages in the local folders or create messages that are stored in your Outbox and sent when you reconnect to Exchange Server. This powerful feature makes users more productive in many situations that are typically thought of as downtime. (For example, you've probably seen people sitting on planes answering their e-mail.)
You can work off line with Outlook 2000 without modifying the software in any way. In fact, when you start Outlook 2000 off line, the environment looks almost the same as it does when you are connected to an Exchange server. The folder list displays all of the folders for your mailbox, and you can create messages as though you were connected. Of course, the Outlook 2000 client must previously have been connected to the Exchange Server at some point, and the folders must be marked for synchronization for the folder hierarchy to be the same as the one you see when you work off line.
By default, however, public folders are not displayed in the folder list when you are working off line. To understand why this is so, you must learn about a process called synchronization.
Synchronizing a Mailbox
Synchronizing a mailbox is a simple process from the user's perspective, but to accomplish it the system must perform several complex tasks. When Exchange Server synchronizes the contents of a folder on an Outlook 2000 client machine with the contents of the matching folder on the Exchange server, the system makes a copy of any messages that exist in only one location and places them in the other location. Exchange also synchronizes messages that have been deleted in one location but not in the other location.
The standard, default folders (Inbox, Outbox, Deleted Items, Calendar, Sent Items, Contacts, Tasks, Drafts, Journal, and Notes) in your Outlook mailbox are synchronized automatically, as long as you have set up a location in which to store the contents of these folders. By default, Outlook works with folders on the Exchange server. To work with these folders when you are disconnected from Exchange Server, you must set up an offline folder for them, as described next.
NOTE
Folders that you add to your mailbox are not synchronized automatically. You must explicitly set up synchronization for them, as described later in this chapter in the section "Synchronizing Public Folders."
Setting Up an Offline Folder To enable synchronization, you must set up an offline folder for your Outlook client. The offline folder is stored in a file that has the extension .OST. You create an offline folder in one of two ways: implicitly, by enabling offline access, or explicitly, by creating the folder.
NOTE
When you first configure a new installation of Outlook 2000, you are asked the simple question, "Do you travel with this computer?" If you select Yes, Outlook 2000 sets up an offline folder with the default name in the default location as part of the installation process.
To enable offline access and implicitly set up an offline folder, you simply have to try to open the offline folder settings by pointing to Synchronize on Outlook's Tools menu and choosing Offline Folder Settings. Outlook informs you that offline folders are not enabled and asks if you want to create an offline folder (an .OST file). If you choose to do so, Outlook opens the Offline Folder File Settings dialog box, shown in Figure 16-4. Click OK to create the .OST file in the default location. (You can also put it anywhere you want.)
Figure 16-4. Setting up an offline folder in Outlook 2000.
Once it has created the file, Outlook opens the Offline Folder Settings dialog box, shown in Figure 16-5, where you specify the folders to be synchronized. By default, all of the normal personal folders are configured for offline use, but you can selectively disable those that you do not want synchronized. You can also set advanced filters to specify exactly what files to synchronize in each of these folders.
Figure 16-5. Specifying the folders to synchronize.
Finally, you can use the Quick Synchronization tab of the Offline Folder Settings dialog box, shown in Figure 16-6, to create smaller groups of folders that take less time to synchronize than the whole group. For example, you might create a group that synchronizes only your Inbox and Outbox. Any groups you create on this tab will show up as commands on the Synchronize submenu of Outlook's Tools menu.
Figure 16-6. Creating smaller groups of folders to synchronize quickly.
Synchronizing Offline Folders Automatically When you start Outlook 2000, it determines whether the client computer is connected to an Exchange server. You can create messages, delete messages, and perform other standard functions while off line. The next time you start Outlook and connect to an Exchange server, Outlook and Exchange Server automatically synchronize the contents of your offline folder. Folders set for synchronization in Outlook 2000 are identified by a blue double-arrow symbol at the lower left of the folder's icon in the folder list, as shown in Figure 16-7. Folders not set for synchronization, such as the Notes folder shown in the figure, do not have the symbol.
Figure 16-7. Folder list identifying folders to be synchronized.
You can also specify other types of automatic synchronization for your offline folder. To do so, choose Options from the Tools menu and display the Mail Services tab (Figure 16-8). You can choose from three options for synchronizing the contents of your offline folder:
- When Online, Synchronize All Folders Upon Exiting This option is useful if you regularly work off line because when you choose it, you do not have to remember to explicitly synchronize the contents of your offline folders before you disconnect from the Exchange server. The downside to choosing this option is that logging off from Outlook may involve waiting while synchronization occurs.
NOTE
You can stop the synchronization process by right-clicking the progress indicator for the synchronization in the Outlook status bar at the bottom of the main Outlook window and then clicking the Cancel button in the shortcut menu.
- When Online, Automatically Synchronize All Offline Folders Every X Minutes You can keep your offline folders updated by specifying that they should be synchronized on a regular basis. This option includes a field that allows you to specify how frequently this automatic synchronization should occur.
- When Offline, Automatically Synchronize All Folders Every X Minutes At first, this option may seem a bit confusing. After all, how can you synchronize off line folders when you are off line? Outlook allows you to use a remote dial-up connection to send and receive messages—or to synchronize mailboxes—while you are off line. Because transmission over a dial-up connection is usually much slower than over a direct connection, choose this option with care.
If you choose one or more of these options, the type of synchronization you specify will occur in addition to the default synchronization that takes place every time you reconnect to Exchange Server. The options you specify here will remain in effect until you explicitly turn them off.
Figure 16-8. Setting automatic synchronization options.
Synchronizing Offline Folders Manually Although your offline folders are synchronized with the matching folders in Exchange Server automatically whenever you connect to the Exchange server and you have several other options for automatic synchronization, you still might want to synchronize your offline folders manually from time to time. When you point to Synchronize on the Tools menu, you have several options, as shown in Figure 16-9.
Figure 16-9. Synchronize submenu of the Tools menu.
You can choose to synchronize all of the folders that are enabled for offline operation, to synchronize only the selected folder, or to synchronize any of the sets of folders you have configured on the Quick Synchronization tab. (Refer back to Figure 16-6.) You also have the option of downloading the address book for your Exchange server. When you choose Download Address Book, you are given the choice of downloading a detailed version of the address book, containing a complete set of information about the recipients it contains, or a minimal version that contains only a list of the recipients (Figure 16-10).
Figure 16-10. Downloading address book information.
Because an offline address book can be very large, you can also choose to download only the changes that have been made since you last downloaded the address book. This option can significantly reduce the time that the download takes. You can improve the speed of the download further by not downloading the full details of the address book. As the dialog box notes, however, this partial download prevents you from sending encrypted messages through remote mail, because the digital IDs for the address book are not downloaded.
REAL WORLD When Synchronization Doesn't Work
Despite the fact that you've configured everything correctly on your Outlook 2000 client, at times your folders may not synchronize automatically when you reconnect. If Outlook determines that you have a slow connection, it automatically stops synchronization from occurring. You can still synchronize either all folders or a specific folder by pointing to Synchronize on the Tools menu and choosing the appropriate menu item.
It is possible that other errors may prevent synchronization. A synchronization log file, as shown in Figure 16-11, is always placed in the Deleted Items folder of the offline folder. Check this log for error codes that may help you solve synchronization problems.
Figure 16-11. Synchronization log indicating that an error occurred.
Disabling Offline Use of Your Mailbox Whenever you enable your Outlook 2000 client for offline use, you automatically enable the standard folders in your mailbox for offline use. The only way to disable offline use of your mailbox folders is to disable offline use for your Outlook client. You can disable offline use by choosing either Services or Options from the Tools menu in Outlook 2000.
To disable offline access through the Services dialog box, choose Microsoft Exchange Server, click the Properties button, and display the Advanced tab. Clear the Enable Offline Use check box.
To disable offline access through the Options dialog box, display the Mail Services tab, clear the Enable Offline Access check box, and then click Apply or OK. (Refer back to Figure 16-8.)
These two methods have the same effect. You will no longer be able to use Outlook 2000 with the contents of any of your Exchange-based folders if you are not connected to an Exchange server. If you open Outlook with offline access disabled when you are not connected to an Exchange server, you receive a message that Outlook could not open your default e-mail folders, and Outlook opens with your default file system instead.
NOTE
Disabling offline access after you've created an offline folder does not delete the offline folder. It is not deleted until you explicitly delete it.
Synchronizing Public Folders
As we mentioned earlier in this chapter, the standard mailbox folders are automatically enabled for offline access. You can verify this capability by displaying the property sheet for one of the folders in the mailbox, such as your Inbox. One of the tabs in the property sheet is labeled Synchronization. (This tab is discussed in the next section, "Shaping Synchronization.") However, if you display the property sheet for a public folder, you do not see the Synchronization tab, because public folders, by default, are not enabled for offline access. Public folders typically contain large amounts of information that would clog your client machine. In addition, the contents of public folders are often subject to change, making synchronization difficult. (See the Real World sidebar "Public Folder Synchronization Conflicts" later in this section.)
You can, however, easily enable a public folder for offline access. Simply move the public folder to the Favorites list in the Public Folders container of the folder list. You can make this change by dragging the folder into the Favorites folder or by pointing to Folder on the File menu and choosing Add To Public Folder Favorites. When you drag a public folder to the Favorites folder, it has the same name as the original public folder. When you choose Add To Public Folder Favorites, you see the dialog box shown in Figure 16-12. This expanded list of options allows you to give the folder in the Favorites list a different name and to specify whether the hierarchy of subfolders should be moved with and maintained in the folder as new subfolders are added to the main Favorites folder. When you add a folder to the Favorites list by dragging the folder, only that folder is added to the list.
Figure 16-12. Adding a public folder to the Favorites list.
When you designate a public folder as a Favorite, you do not move it from its established place in the public folder hierarchy; you simply add the folder to your list of Favorites. When a public folder is in the Favorites list, the property sheet for the folder contains a Synchronization tab. You can remove a folder from the Favorites list by selecting it in the list and then deleting it.
REAL WORLD Public Folder Synchronization Conflicts
Conflicts can arise if more than one person is using and modifying the items in a public folder off line. If you change an item in a public folder while you are off line, when you synchronize that folder, Exchange Server checks the timestamp on the existing version of the item. If the timestamp for the item is later than the original timestamp on the item you have changed, it means that someone else changed the contents of the folder item since you last downloaded it. If this type of conflict occurs, you receive a message that includes copies of all conflicting versions of the item. It is up to you to resolve the conflict, either by combining all of the versions of an item into a single version and then clicking Keep This Item or by clicking Keep All to keep all versions of the message (Figure 16-13).
Figure 16-13. Specifying how to resolve a conflict.
This procedure is more complicated than it sounds. A user may find it difficult to decide whether to keep an existing item or overwrite it, and the wrong decision could have negative results. For this reason, you should place controls on who is allowed to download and modify public folders, through the standard Exchange security system.
Shaping Synchronization
After you have enabled offline access for your Outlook client, you can shape the way that each folder synchronizes with Exchange. If a folder is enabled for offline use, the property sheet for the folder contains a Synchronization tab, as shown in Figure 16-14.
Figure 16-14. Synchronization tab of a folder's property sheet.
You can make a folder available off line by selecting When Offline Or Online in the This Folder Is Available area at the top of the tab. By default, a public folder that has been added to the Favorites list is enabled only for online access, so you must explicitly change this setting if you want to enable synchronization for the folder.
When you indicate that a folder is available for offline or online access, you have the option of creating a filter for the synchronization process. Click the Filter button to display a dialog box that allows you to define filtering conditions (Figure 16-15). This dialog box has several tabs that allow you to define a complex condition. After you set up a filter, Outlook uses the conditions described in the filter to control which messages are synchronized between the Outlook client and the corresponding folders in Exchange Server. Keep in mind that these limits are imposed on all future synchronization attempts but have no effect on any messages that currently reside in the offline message store.
Figure 16-15. Filtering messages to be synchronized.
Filtering is an enormously useful tool for getting all of the benefits of offline access without incurring the excessive overhead caused by synchronizing less important messages. You could create a filter that disables synchronization for any messages that have large file attachments, for example, or you could synchronize only messages from your boss. Be careful to remember when you have synchronization filters on. In an offline folder, there is no indication that the messages presented in the folder are not the complete set of messages stored in the matching Exchange folder.
Deciding Whether to Copy or Synchronize
Synchronization is no more than a sophisticated way to copy messages automatically between folders on the Exchange server and the offline folder on an Outlook 2000 client. For your Inbox, Outbox, and other mailbox folders, synchronization works well. But should you use the process for public folders?
Public folders can serve a wide variety of purposes. A public folder can be a simple repository of static information, such as a library, or it can be a dynamically changing discussion group. You can copy the contents of a public folder to your mailbox simply by dragging the folder into the Mailbox container in your Outlook folder list. When should you copy and when should you synchronize the contents of a public folder?
The longer you have the contents of a public folder away from the Exchange server, the more likely it is that you will have a conflict when you reconnect—that is, you will have made changes to your offline copy while others will have changed the version on the Exchange server. Although public folders do have a way to detect conflicts, as we described earlier, you must resolve those conflicts manually, which can be time-consuming.
In deciding whether to copy or synchronize a public folder, you should carefully analyze how the folder is intended to be used off line. If its contents are meant only to be read, you probably will find that a simple copy operation works well. If you will be making changes in the contents of the folder, you should seriously consider preventing later conflicts by applying filters to the synchronization process so that you modify only the messages that are unlikely to be modified by other users.
Enabling Multiple Users in Outlook 2000
The capabilities of Outlook 2000 and the capabilities of Exchange 2000 work in conjunction with each other. Outlook is a client, and Exchange is a server. When an Outlook client is connected to an Exchange server, the client is representing a single user. In some situations, however, the same Outlook client can be used to support multiple users at different times. This section explores the scenarios in which this situation can occur.
Understanding Outlook Profiles, Exchange Mailboxes, and Windows 2000
Before you learn how to implement multiple users with Outlook, you need to understand the differences between an Outlook profile and an Exchange mailbox as well as how both of these entities interact with Microsoft Windows 2000 accounts.
A profile is a client-side configuration. An Outlook profile is a set of information services configured for a particular user or purpose. The Exchange Server information service in a profile includes a reference to an associated Exchange server and mailbox. When a user starts Outlook, he or she uses the information in an Outlook profile to establish a connection with a particular Exchange server.
Normally, each client machine has a single, default Outlook 2000 profile. When a user starts Outlook on that machine, the default profile is used to determine which Exchange mailbox will be used on the server side of the environment. If a user is starting Outlook for the first time or is using a machine that does not have a profile, he or she is prompted to create a profile before fully logging on to the associated Exchange server. To see the profile that your Outlook client is currently using, choose Services from the Tools menu of Outlook 2000. You will see the dialog box shown in Figure 16-16.
Figure 16-16. Viewing the current profile from within Outlook 2000.
Sometimes a single profile on an Outlook client is not enough. The following section discusses situations in which more than one profile is required.
Creating Multiple Profiles with Outlook 2000
You might want to use more than one Outlook profile for any of several reasons. Perhaps you are using Outlook on a machine that you share with other users. Having separate profiles allows each profile to reflect the various mailboxes and configuration information for a given user. You might also be using a machine under different circumstances (such as in the office and on the road), making it desirable to be able to select a profile based on your current situation.
When you first log on to Outlook 2000, you are prompted to create a profile, which is used as the default profile. To create an additional profile, right-click the Outlook icon on your desktop and choose Properties from the shortcut menu. The property sheet shown in Figure 16-17 opens.
This property sheet is almost identical to the one available in Outlook 2000 when you choose Services from the Tools menu. (Refer back to Figure 16-16.) The one big difference is that this property sheet has a Show Profiles button. Clicking this button displays a list of the profiles on the machine, as shown in Figure 16-18.
Figure 16-17. Outlook 2000 property sheet containing the Show Profiles button.
Figure 16-18. A list of mail profiles.
To add a new profile, simply click the Add button, which starts the Inbox Setup Wizard. This wizard prompts you for the values needed for a profile, including the name of the target Exchange server and the mailbox that the profile will use on that server. The Inbox Setup Wizard also asks if you will be using this machine while traveling—and if so, it will set up an offline folder. You can also delete or modify existing profiles in this dialog box.
At the bottom of the Mail dialog box, you can specify a user profile to be used as the default profile for this client machine. Outlook uses this default profile to connect to an Exchange server, unless you specify otherwise. The use of a default profile can be somewhat cumbersome, however, because it requires you to display the Outlook property sheet when you want to use a different profile. Instead, you can have Outlook prompt you for a profile every time you start Outlook. To enable this feature, choose Options from the Tools menu in Outlook 2000. In the Options dialog box, display the Mail Services tab (Figure 16-19).
Figure 16-19. Specifying a startup profile in Outlook 2000.
In the Startup Settings area are two radio buttons. Always Use This Profile is selected by default, indicating that Outlook should start up with a specific profile. You can indicate any profile as the default profile, and it will override any setting you made in the Mail dialog box. (Refer back to Figure 16-18.)
The Prompt For A Profile To Be Used radio button tells Outlook to prompt you for a profile every time you start the program. If you select this option, a dialog box appears every time you start Outlook (Figure 16-20), allowing you to select the profile to use.
Figure 16-20. Selecting a profile when starting Outlook 2000.
Providing Access to Different Exchange Mailboxes
The Outlook profile described in the preceding section includes client-side configuration information. But remember that Outlook is the client portion of a client/server system. You still need the appropriate user privileges to access the server side of the equation in Exchange Server.
Exchange security is based on the Windows 2000 security model. Each Exchange object has an access control list (ACL) consisting of a discretionary access control list (DACL) and a system access control list (SACL). These lists are used in conjunction with the user's access token to either grant or deny access. For instance, before an Outlook client can access an Exchange server, the user must log on to a network and receive a ticket from the Windows 2000 domain controller. This ticket is used to gain entrance to the Exchange server. Figure 16-21 illustrates this process.
MORE INFO
For more information on the security concepts presented here, please consult the Windows 2000 Server Distributed Systems Guide in the Microsoft Windows 2000 Server Resource Kit (Microsoft Press, 2000).
If you specify a different Windows 2000 user name with each profile, you can use multiple Outlook profiles to access different Exchange mailboxes. In some situations, however, you may want to allow an individual to access different Exchange mailboxes while using the same Windows 2000 user name. For example, you may want a receptionist to be able to open the mailbox of another receptionist who has called in sick for the day.
Figure 16-21. Using the Outlook client to connect to an Exchange 2000 server.
A mailbox in Exchange is really just a storage place in an Exchange server's private store provided for a mailbox-enabled user. When you create a mailbox, you can give other Windows 2000 users permission to access it. You can grant this permission from the Active Directory Users and Computers snap-in by opening the property sheet for the user and then displaying the Exchange Advanced tab. On this tab, click the Mailbox Rights button to open the Permissions dialog box shown in Figure 16-22. When you click the Add button, you see a list of Windows 2000 users and groups. You can select one or more of these entities and then click OK to grant them access to the mailbox. You can also delete accounts from the list, but you can never delete the primary account for the mailbox.
NOTE
If you do not see the Exchange Advanced tab, you need to enable the Advanced view in Microsoft Management Console by choosing the Advanced command from the View menu.
You can also allow other users to see any of the folders in your mailbox by granting them permission through the standard property sheet for a folder in Outlook. If users have permission for a specific folder or if their Windows 2000 accounts have been granted permissions on the mailbox, they can open the folder by choosing Other User's Folders from the Open submenu of the main File menu. They can also add the mailbox to their profile by using the option on the Advanced tab of the Microsoft Exchange Server property sheet. They simply click the Add button in the top portion of the Advanced tab and select the mailbox they want to add.
Figure 16-22. Granting permissions to other Windows 2000 users.
Using Outlook to Delegate Mailbox Access
The previous section described how the administrator controls access to another user's mailbox using Active Directory Users and Computers. Using Outlook, users can grant privileges to other users without contacting the administrator. They can grant these privileges by right-clicking the folder (such as Calendar), choosing Properties, and then adding the appropriate user on the Permissions tab, as shown in Figure 16-23. These permissions are similar in nature to Windows 2000 ACLs, except that they are Exchange-specific and can be assigned only to certain mail-enabled Active Directory objects. There is no one-to-one correlation between the permissions you see here and the Windows 2000 permissions.
Figure 16-23. Granting access using Outlook.
In addition, a user can use the Delegates tab of the Options dialog box (available from the Tools menu) to delegate access to the folders in his or her mailbox. The user can also assign different levels of permissions for each folder. The person being granted delegate access will receive e-mail indicating that permissions have been granted and detailing what level those permissions are.
Once the privileges have been assigned to another user, that user can access the folders by pointing to Open on the File menu and choosing Other User's Folder In Microsoft Outlook. This option is commonly used by administrative assistants checking their bosses' schedules or in situations in which a mailbox represents a conference room, a TV, a company car, or any other resource that can be checked out. In these cases, the Calendar is used to track resource use. By providing a few users the ability to modify the resource's Calendar, and the rest of the company the ability to review it, you can maintain a centralized location for companywide resource tracking.
Setting Up Roving Users
A roving user is a user who does not have a fixed physical location and may consequently log on to many different machines. To accommodate such a user, you could set up a user profile on each of the machines he or she might use, but this solution may be impractical. Another way to address this situation is by creating a roving user profile.
NOTE
In Windows 2000 parlance, these users have roaming profiles. Exchange Server calls them roving profiles.
The configuration information for a roving user is stored on a shared disk on a network server, allowing this information to be accessed from any machine that can connect to the network. When you set up a roving user profile on a machine running Windows 2000, client machines that log on to the network with that profile look on the shared disk for configuration information. The common access to the storage of a roving profile eliminates the need to have this profile stored on many machines. When you enable roving users in Windows 2000, that's all you have to do. Outlook 2000 will automatically support roving Exchange users. For more information about setting up a shared user profile on Windows 2000 and various clients, refer to the documentation for those products.
You can also accommodate roving users through Outlook Web Access and the Web Store. These features are discussed in Chapter 17.