by Michael B. Smith, MCSE/Exchange MVP

If you've ever used a tool like Exchange Best Practices Analyzer (ExBPA), you may have wondered how it figures out what your Exchange topology looks like. Just as ExBPA discovers your environment by examining the Active Directory, you can use tools to examine your Active Directory and see what is stored by Exchange into the Active Directory. One such tool that you can use is named LDP.

Obligatory warning: Take real care when using tools such as LDP, admod, or dsmod. Making manual changes to your Active Directory can break it. That would be a very bad thing. However, using the tools to interrogate Active Directory to determine how things work or to examine various settings not easily visible through the standard administrative interfaces can be a great timesaver.

You install LDP as part of the Windows Support Tools. If you have not yet installed the Windows Support Tools, you can find them by going to http://www.microsoft.com/downloads and searching on 'Windows Support Tools'. Choose the version for your operating system and service pack. LDP is a very powerful tool for both interrogating and updating your Active Directory.

To use LDP to find Exchange information in the Active Directory, execute the following procedure on an Exchange server computer:

1. Click Start->Run and enter ldp.exe into the Open box and then click OK.
2. Click Connection->Connect and then click OK to open a connection.
3. Click Connection->Bind and then enter a user and password and then click OK to create a binding to the Active Directory (if you do not enter a user and password with access to the Exchange organization, then expanding the organization and lower level items in the tree will fail).
4. Click View->Tree and then click OK to view the entire Active Directory (this assumes a single domain forest) LDP defaults to the domain of the domain controller to which you are connected if you do not specify the distinguishedName of an object at this point).
5. In the left pane, expand the domain tree.
6. Double-click on the line that begins 'CN=Configuration" (not the line that begins 'CN=Microsoft Exchange System Objects").
7. Double-click on the line that begins 'CN=Services".
8. Double-click on the line that begins 'CN=Microsoft Exchange".
9. Double-click on the line that begins 'CN=First Organization" (or whatever you named your Exchange organization).
10. Now you can view the Active Directory information for your Exchange organization.

Most of the information is stored quite similarly to the view available from the Exchange System Manager. Spend some time investigating this data including all of the attributes and their properties. At some point, being able to do this will provide you worthwhile value.

For more information about finding Microsoft Exchange data in Active Directory using LDP, see Microsoft KB 252335 (How to Use Ldp.exe to View Entire Directory Tree and Locate the Microsoft Exchange Container). For general information about using LDP to extract information from Active Directory, see Microsoft KB 224543 (Using Ldp.exe to Find Data in the Active Directory) and KB 255602 (XADM: Browsing and Querying Using the LDP Utility). For a good general overview of LDP, refer to LDP.doc, which is typically installed at C:\Program Files\Support Tools\LDP.doc.

How to Use Ldp.exe to View Entire Directory Tree and Locate the Microsoft Exchange Container
http://support.microsoft.com/kb/252335/en-us

XADM: Browsing and Querying Using the LDP Utility
http://support.microsoft.com/kb/255602/en-us

Windows Support Tools
http://www.microsoft.com/downloads/results.aspx?pocId=&freetext=Windows%20Support%20Tools

When pictures in your email won't download, even though you have Outlook configured to download external content (or allow it on a per-message basis), the problem is usually a "full" temporary file folder.

You need to locate the SecureTemp folder and delete the contents (or the entire folder) then restart Outlook. The images should display correctly.

The SecureTemp folder for Outlook 2000 to 2003 installed on Windows XP is at
C:\Documents and Settings\username\Local Settings\Temporary Internet Files\OLK*. The OLK directory will end in a series of numbers.

Outlook 2007 places the Secturetemp folder at
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.Outlook\8A0VMD3A, where 8A0VMD3A can be any random characters.

Vista moves the Temp Internet folder to
C:\Users\username\AppData\Local\Microsoft\Windows\Temporary Internet Files\, so you'll need to look there for the OLK or Content.Outlook folder.

You can get the location of the folder from in the registry. You can even change the registry to point to a new location, but be sure the new folder exists before changing it in the registry. The OutlookSecureTempFolder value (for Outlook 2007) is at HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Security. For older versions of Outlook, change the 12.0 to your version number.

You can block top level domains(such as .ru, .cn) at Exchange server. In Exchange 2003, open the Exchange System Manager, expand your organization, Global Settings, right click on Message delivery and choose Properties. Add the domains you wish to block on the Sender filtering tab.

In Exchange 2007, look at the Organization Configuration, Hub Transport, Anti-spam tab, Sender Filtering.

Just don't block domains you'll might get legitimate email from.

If you use Outlook 2003 or 2007 and junk email filtering doesn't seem to be working, go to Tools. Options, Junk Email options and verify that your address is not on the Safe Sender or Safe Recipient list. These two lists override the Blocked Sender list and the junk mail filter.

If you will never send email to yourself, add your address to the blocked senders list.