Setting Up Web Admin
Because Web Admin is easier to set up than the Exchange 2000 Hosting Pack, let's explore how to install and configure Web Admin. Here are the steps you follow:
- Change AD to native mode, if necessary.
- Install Web Admin. I recommend that you install it on a front-end Exchange server for two reasons. First, that configuration allows single sign-on with Basic authentication and, second, it provides the Exchange 2000 components that Web Admin requires.
If you don't install Web Admin on an Exchange server, you must install the Microsoft Exchange System Management Tools and the Microsoft Collaboration Data Objects (CDO) 1.21 library on the machine on which you've installed Web Admin. To install the tools, run the Microsoft Exchange 2000 Installation Wizard, which you'll find on the Exchange 2000 CD-ROM, and select Microsoft Exchange System Management Tools from the Components Selection list. The CDO library (cdo.dll) is on the Exchange 2000 CD-ROM in the setup\i386\exchange\bin directory. Copy cdo.dll to the \%systemroot%\system32\ folder on the Web Admin machine, then register the DLL with the command
regsvr32.exe %systemroot%\system32\cdo.dll
If you install Web Admin on a domain controller (DC), you also need to add Domain Users to the Log on locally policy in the Domain Controller Security Policy. Otherwise, end users won't be able to use Web Admin to administer their mailboxes.
- Configure the virtual directory for Web Admin to use basic authentication and set the domain to a backslash (\). Here's why you need to make these configurations: When you use an unqualified user logon, IIS searches only the local computer's user database and the domain in which the server is a member. By setting the domain to a backslash, you tell IIS to search against all trusted domains to validate the unqualified user logon.
If you run Web Admin on an Exchange server, open ESM, expand the Protocols node, and expand HTTP. Under Exchange Virtual Server, find the virtual server called Exchange, right-click it, and select Properties. Click the Access tab, then select Authentication to open the Authentication Methods dialog box, which Figure 1 shows. By default, the Basic authentication and Integrated Windows Authentication check boxes are selected. Leave the Basic authentication check box selected and enter a backslash in its Default domain text box. Then, clear the Integrated Windows Authentication check box and click OK.
If you're not running Web Admin on an Exchange server, open the MMC Internet Information Services snap-in, right-click Default Web Site, and select Properties. Click the Directory Security tab. In the Anonymous access and authentication control section, click Edit. Select the Basic authentication check box if it's not already selected. A pop-up message box will remind you to use Secure Sockets Layer (SSL) if you plan to perform authentication over an unsecured network. Because you're using clear text for authentication, you should enable SSL if you plan to use Web Admin in a production environment. (See the IIS documentation for information about how to configure SSL.) Click Edit, then enter a backslash in the Select a default domain text box. For this change to take effect, you must restart the IIS services, which is easiest to do by rebooting the server. However, don't reboot the server yet.
- Register adstype.dll by running the command
regsvr32 X:\webadmin\comadstype\adstype.dll
where X is the appropriate drive. Adstype.dll is an ActiveX component that lets you view access control entry (ACE) objects, which wouldn't be possible if you were using VBScript with Web Admin. This DLL is already on your computer, but you still need to register it.
- Create the Web Admin Web site. Run the MMC Internet Services Manager snap-in and select the Web site in which you want to create the virtual directory for Web Admin. Don't use the Default Web Site because it contains sample code and Help documentation. If you put the WebAdmin virtual directory, sample code, and Help documentation together all on the same Web site, you might have trouble later uninstalling and upgrading IIS. Right-click the target Web site and select New, Virtual Directory to invoke the Virtual Directory Creation Wizard. Enter WebAdmin as the virtual directory alias. (Any other name works, but it might hinder future upgrades.) As Figure 2 shows, enter the path to the webadmin\html directory, then click Next. Leave all entries at their default settings, and click Next, Finish. After the Virtual Directory Creation Wizard finishes, right-click the new WebAdmin virtual directory, select Properties, and click the Directory Security tab. In the Anonymous access and authentication control section, click Edit and clear the Anonymous access check box. You need to remove anonymous access so that only administrators can change the Web Admin Web site's configurations.
- Configure the Web Admin Web tool. Open your Web browser and enter the URL
http://localhost/webadmin
where localhost is the name of your IIS computer. In the Web Admin opening page, which Figure 3 shows, click the Go Setup link in the Web Admin Setup Wizard box to launch the 90-second setup process. After you read the information that the wizard displays, click Next. The wizard then prompts you for an account and password. Because the default domain (i.e., \) you configured in Step 3 doesn't take effect until you restart the IIS services, enter
DOMAIN\Administrator
for the account, where DOMAIN is the name of your domain.
In the next screen, which Figure 4 shows, you tell the wizard how to set up AD. Assuming that you've already installed Exchange 2000, select the Set Security Settings on Exchange Configuration Container check box. Leave all the other check boxes selected.
At the bottom of the screen in Figure 4, notice the statement The Web Admin is currently in: Service Provider Mode. Web Admin lets you delegate the management of AD. You can choose one of four administrative roles:
- Service Provider—manages the entire domain (i.e., manages all users, groups, and servers). Acts as the top-level domain administrator.
- Reseller—creates and manages new hosted customers. Acts as a multi-organizational administrator.
- Organizational Administrator—manages users and groups in a particular organization.
- End User—manages his or her own personal information (e.g., address, phone, title) and resets his or her own passwords.
The role you select determines the scope of responsibility enabled during tool use. Leave the default role of Service Provider. Finally, click Next, then click Finish to complete the Web Admin setup. After you reboot the server, Web Admin will be ready to use in your provisioning process.
Build in Quality
Setting up and managing a hosted Exchange environment is a complex undertaking that involves many tasks. By using provisioning tools and services, you can automate these tasks so that you repeatedly produce the same result—properly built and configured servers and applications—throughout the hosted environment. Knowing which provisioning tools and services to use and knowing where to find them is the first step.
Microsoft is committed to delivering automated provisioning tools in the context of an overall framework (i.e., MPF). In the immediate future, Microsoft plans to release the next generation of tools. These tools will be based on APF, Web Admin, and the Hosting Pack.
Corrections to this Article:
- Since the publication of this article, Microsoft has stopped providing the Exchange 2000 Hosting Pack. The company recommends that you visit the Microsoft Service Providers Web site (http://www.microsoft.com/serviceproviders) for relevant hosting information.