1. Preparing a New
Environment for Exchange 2010
The first step preparing to
deploy Exchange Server 2010 is ensuring that the domain and forest are
set to the appropriate functional level. To introduce Exchange Server
2010 to an Active Directory environment, the forest must be configured
at the Windows Server 2003 functional level or higher. The functional
level that you can configure for a domain is dependent on the operating
system deployed on each domain controller in that domain. A Windows
Server 2003 functional level domain requires domain controllers running
the Windows Server 2003 operating system or later. A Windows Server 2008
functional level domain requires domain controllers running the Windows
Server 2008 operating system or later. Forest functional levels are
dependent on the domain functional level of all the domains in a forest.
The Windows Server 2003 forest functional level can be set only if all
of the domains in the forest are configured at the Windows Server 2003
domain functional level or higher. In addition to the Windows Server
2003 forest functional level requirement, it is necessary for the
environment to meet the following conditions:
The computer that holds
the Schema Master role must be running the Windows Server 2003
operating system or later.
The computer that functions as the Global
Catalog server at each site must be running the Windows Server 2003
operating system with Service Pack 1 or later.
Although Microsoft Exchange
Server 2010 became available after the release of Windows Server 2008
R2, there are many real-world networks where domains are not set at the
Windows Server 2003 functional level or higher. This may be because
older Windows 2000 domain controllers are still present on the network.
It also may be because administrators never raised the functional level
on networks that initially had Windows 2000 or Windows NT domain controllers when those domain controllers were
eventually decommissioned. You can view the domain and forest functional
level using the Active Directory Domains and Trusts console, as shown
in Figure
1. You can also raise the domain
and forest functional levels using this console.
Once you have ensured that
the domain and forest are set to the appropriate level and that the
Global Catalog servers and Schema Master meet the minimum requirements,
you need to perform three steps prior to introducing the first Exchange
Server 2010 server in your environment.
You must complete
additional preliminary steps required if your organization has an
existing Exchange Server 2003 deployment.
1.1. Prepare Schema
If your environment does
not have an existing Exchange 2003 deployment, the first step that you
need to take to prepare Active Directory is to run the command Setup /PrepareSchema.
This can be done separately, or it can be done automatically as part of
the installation of the
first Exchange Server 2010 server in the organization. Prior to running the Setup /PrepareSchema
command, you must ensure that the following conditions are met:
You must execute this
command from a user account that is a member of both the Schema Admins
group and the Enterprise Admins group.
You must execute this command on a 64-bit
computer in the same Active Directory domain and same Active Directory
site as the computer that holds the Schema Master role.
The forest functional level is
set to Windows Server 2003 or higher.
The computer hosting the Schema Master role is
running the Windows Server 2003 operating system or later operating
system, such as Windows Server 2008.
Computers that function as Global Catalog
Servers in each site are running the Windows Server 2003 operating
system with Service Pack 1 or later or a later operating system, such as
Windows Server 2008.
You can determine which
computer in your environment holds the Schema Master role using the
Active Directory Schema snap-in. This snap-in becomes available for
custom MMCs when you run the command regsvr32
schmmgmt.dll. You can then view the
Schema Master by selecting Operations Master from the File menu, as
shown in Figure 2. You can also determine which computer holds
the Schema Master role by running the command dsquery
server –hasfsmo schema from an elevated command prompt.
You should wait for the
changes that running this command makes to replicate across your
organization prior to performing the step of preparing Active Directory.
If your organization’s domain controllers are running the Windows
Server 2003 operating system, you can track replication across the
domain using the Active Directory Replication Monitor tool
(replmon.exe), which is part of the Windows Server 2003 Support Tools.
If your organization’s domain controllers are running the Windows Server
2008 operating system or later, you can use the repadmin.exe tool to
monitor, diagnose, and troubleshoot replication issues.
Note:
MONITOR REPLICATION
WITH REPADMIN
To learn more about
monitoring Active Directory replication with the repadmin.exe tool,
consult the following link on TechNet: http://technet.microsoft.com/en-us/library/cc770963(WS.10).aspx.
1.2. Preparing
Active Directory
Once the changes introduced
by running Setup /PrepareSchema have propagated throughout the organization, you
need to run the Setup /PrepareAD command. You will need to specify the name of
the Exchange organization that you are creating if no present
organization exists. Figure 3 shows the execution of this command in an
Active Directory environment that does not have an existing Exchange
organization.
Running the Setup
/PrepareAD /OrganizationName command accomplishes the following:
Creates the
Microsoft Exchange container if it is not already present. A Microsoft
Exchange container will be present if there is an existing Exchange
organization.
Verifies that the schema
has been updated.
Creates the containers and objects under the
CN=<Organization Name>,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=<root domain>.
Creates the default Accepted
Domains entry based on the forest root namespace.
Sets permissions in the
configuration partition.
Creates the Microsoft Exchange Security
Groups OU in the root domain. Creates the following groups within this
OU:
Exchange Organization Administrators
Exchange Recipient Administrators
Exchange Servers
Exchange
View-Only Administrators
Exchange Public
Folder Administrators
ExchangeLegacyInterop
Prepares the local domain for
the introduction of Exchange. This means that it is not necessary to run
the Setup /PrepareDomain command in the specific domain where you ran
the Setup /PrepareAD command.
This command must be run
using a user account that is a member of the Enterprise Admins group.
Like the Setup /PrepareSchema command, you must run this command on a computer
that is in the same domain and Active Directory site as the computer
that holds the Schema Master role. You learned how to determine which
computer hosts the Schema Master role earlier in this lesson. You should
ensure that the changes introduced by running this command are able to
propagate across your organization before preparing domains for the
introduction of Exchange Server 2010 using the Setup
/PrepareDomain command. You learned
how to track and verify Active Directory replication earlier in this
lesson.
1.3. Preparing
Individual Domains for the Introduction of Exchange
The final step in
preparing Active Directory for the introduction of Exchange Server 2010
is to run the Setup /PrepareDomain or Setup /PrepareAllDomainsSetup /PrepareAllDomains
command performs the same function as the Setup
/PrepareDomain command, except that it
prepares all domains in the forest rather than a specific domain.
Accounts used to run this command must be configured as follows: command. The
The account used to
run Setup /PrepareAllDomains command must be a member of the Enterprise Admins group.
If the domain was created
prior to the execution of the Setup /PrepareAD command and you are running Setup /PrepareDomain,
the user account that is used to run this command must be a member of
the Domain Admins group in the domain the command is being run against.
If the domain was created after
the execution of the Setup /PrepareAD
command, the account used to run Setup
/PrepareDomain must be a
member of the Exchange Organization Administrators group and the Domain
Admins group in the domain that the command is being run against.
Running
Setup /PrepareDomain performs the
following tasks:
Configures
permissions for Exchange Servers, Exchange Organization Administrators,
Authenticated Users, Exchange Servers, Exchange Recipient
Administrators, and Exchange Mailbox Administrators groups
Creates a domain global
group called Exchange Install Domain Servers
It is not necessary to run
this command in the domain where you ran the Setup /PrepareAD command, as running Setup /PrepareAD
also prepares the local domain.
Note:
PREPARING THE ACTIVE DIRECTORY ENVIRONMENT
For more information
on preparing Active Directory and domains, consult the following
document on TechNet: http://technet.microsoft.com/en-us/library/bb125224.aspx.
