IT tutorials
 
Applications Server
 

Installing Exchange 2013 : Types of Active Directory deployment that support Exchange

11/15/2013 8:19:05 PM
- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

1. Approaching the installation

If you have prepared the environment by installing the various prerequisites on the servers that will host Exchange, the Exchange installation process is straightforward and painless. The steps you’ll take include the following:

  • Select a name for the organization if you are deploying Exchange for the first time. The name can be up to 64 characters and cannot be blank. You can include spaces in the name; if you include spaces and install Exchange from the command line, enclose the name in quotes. You don’t need to enclose the name in quotes if you install with the graphical user interface (GUI). Users don’t see the organization name. Usually, the organization is named after the company that owns the system. However, this is not compulsory. Indeed, because of the number of corporate mergers, some consultants recommend choosing a nonspecific name such as Email or Exchange.

  • Identify the target servers on which to install Exchange and the roles each server will support.

  • Decide on a name for each server. A good naming convention conveys the purpose and use of a server without forcing the administrator to examine server properties to discover its purpose.

  • Install prerequisite components such as Microsoft .NET Framework 4.5, Microsoft Windows PowerShell 3.0, Windows Unified Communications Managed API 4.0, and Active Directory remote management tools on the servers on which you want to install Exchange 2013. Windows 2012 servers include Windows PowerShell 3.0, .NET Framework 4.5, and Windows Management 3.0, so less work needs to be done to prepare these servers, but it is always a good idea to consult the Exchange 2013 content on TechNet to validate the current list of prerequisite features and to understand whether any additional Windows hotfixes or other software must be installed before Exchange.

  • Remove or upgrade any servers that run unsupported versions of Exchange because these will stop the Exchange 2013 installation program. Exchange 2013 will not install if it detects a server running a version earlier than Exchange 2007 SP3 in the organization. Exchange 2010 servers must run Exchange 2010 SP3. In addition, Exchange 2007 and Exchange 2010 servers must be updated with the latest available roll-up update.

Server names are not quite so important anymore

You should use a naming convention for servers to identify the role and purpose of the server. However, ever since Exchange 2010 broke the link between server and mailbox with the introduction of the Database Availability Group (DAG), you can no longer associate a user’s mailbox with a particular mailbox server. In fact, although Exchange 2013 continues to stamp attributes such as HomeMTA and msExchangeHomeServerName with the names of mailbox servers to maintain backward compatibility with previous versions, the Get-Mailbox cmdlet no longer reports these values. (You can view them with ADSIEdit.) Instead, Exchange 2013 uses a globally unique identifier (GUID) to locate the active copy of a user’s mailbox. Because GUIDs don’t usually make sense to humans, the new method might be less easy on the eye, but it makes perfect sense to Exchange.

2. Types of Active Directory deployment that support Exchange

Active Directory implementations in use today extend from a single forest to multiple forests, and there are many variations in between. Some companies deployed Active Directory early and have an implementation that features a root domain that contains a small number of servers, such as the schema master, with applications and users deployed into a set of geographic or business-centric domains. Other companies have deployed multiple Active Directory forests because different businesses require separate security contexts. Yet other companies have acquired multiple forests through buying companies and are merging applications, domains, and forests into a more streamlined design. Some companies have deployed a single domain forest that supports everything. In large companies, it is quite common to find Active Directory under the control of a team separate from the group that manages Exchange. From the previous discussion about how Exchange uses Active Directory, you can see that close coordination of all concerned is necessary to achieve a smooth deployment.

Exchange supports three basic Active Directory designs. Apart from understanding that a forest can support only a single Exchange organization (mapping is always one to one between a forest and an Exchange organization), remember that a forest (and not a domain) is the security boundary for Active Directory. Thus, after you deploy multiple forests, you have to make sure servers and user accounts can access the resources they need to do work, regardless of the forest in which the resource is located:

  • Single forest. This is the simplest design and is normally most appropriate for small to medium deployments because it removes a great deal of complexity. All servers in the forest share the same schema and configuration, even if multiple domains are deployed, and difficulties are not usually encountered with security and permissions because all objects operate within a single security context.

  • Multi-forest. Sometimes referred to as cross-forest implementation, this deployment features two or more forests that operate independently from each other in terms of the accounts and applications that are deployed inside each forest. It is possible to synchronize user account information between forests so that users can access a common directory that includes everyone. Exchange can be deployed in one or more forests. A hybrid deployment, where some parts of Exchange are on-premises and some are located on a cloud platform, can be considered similar to a multiforest configuration.

    When Exchange is deployed in multiple forests, the organizations have different names, SMTP addresses, configurations, and so on and a messaging flow between the organizations can be established by SMTP connections to complement the common directory. Multi-forest deployments usually occur as the result of company acquisitions. Less commonly, companies have deployed Exchange in multiple forests to satisfy particular requirements for specific parts of the company that were inconsistent with the needs of other parts. Exchange 2013 supports the ability to move mailboxes between organizations, so this is not an obstacle. It’s also possible to use the Exchange 2013 Exchange Administration Center (EAC) or Exchange Management Shell (EMS) to access multiple organizations at one time. However, the different security contexts created by multiple forests make management more difficult and complex than in a single forest.

  • Resource forest. In this scenario, user accounts and groups are deployed in a root forest, and applications such as Exchange are deployed in a special resource forest. Exchange mailboxes exist in the resource forest and use disabled user accounts that belong to the resource forest. Users who log on to the root forest gain access to their mailboxes in the resource forest through an association with the mailboxes.

    Resource forests have some attraction because they allow a very clear separation of administrative responsibilities between Windows (the root domain) and applications, each of which is assigned its own resource domain. Resource domains are often used in a hosting environment in which the hosting provider creates a resource domain to host and manage Exchange. A one-way trust is usually used to connect the resource forest with the root forest because this allows the hosting provider to manage Exchange without having any control over Active Directory.

    There are many variations on these three basic themes in production today. For example, a design composed of root and resource forests is often referred to as a hybrid forest if mail-enabled accounts exist in both forests. You then get into the discussion about whether to deploy one domain per forest, multiple domains per forest, or a mixture of both. Multiple domains are commonly used to isolate Exchange management and operations or to distribute administrative activity across business units or geographic regions. Cost is another factor to include in the planning debate. Additional domains normally imply the need to deploy extra servers as domain controllers. Extra servers increase the complexity of the environment that you have to manage, monitor, and operate, and they drive cost in terms of hardware (servers and storage), datacenter power and cooling, network bandwidth, and software licenses.

Think before you leap

It is important to settle on the most appropriate design for your company before you begin to deploy Exchange because it is very difficult to change the basic shape of an Active Directory forest after it has been deployed. If you’re unsure about how to proceed, it’s advisable to start simple and deploy a single forest to support Exchange. The old KISS (Keep it simple, stupid) adage comes to mind here! Later, if you find that this model does not meet business requirements, you can evolve it by adding forests or even Exchange organizations. Remember that every additional domain and forest adds complexity—and therefore cost—to your implementation, so think long and hard before you venture away from a single forest.

3. Preparing Active Directory for Exchange

Out of the box, Active Directory knows nothing about Exchange, so you have to prepare Active Directory to support the deployment of your Exchange organization. Running any setup operation that updates Active Directory can only be executed on a server that has the Active Directory Domain Services (AD DS) feature installed. To install this feature on a server running Windows Server 2012, start Windows PowerShell and type the command:

Install-WindowsFeature RSAT-ADDS

The basic framework for preparation of Active Directory for a new Exchange organization is as follows:

  1. Make sure that the forest runs in Windows Server 2003 functional mode or higher. The computers used for domain controllers and global catalog servers should run Windows Server 2008 Standard edition or Enterprise edition at a minimum; Windows Server 2008 R2 (or greater) is the preferred operating system for Active Directory.

  2. Prepare the forest by adding or modifying elements in the Active Directory schema to support Exchange. This operation has to be done once for the forest and should be run in the domain that contains the schema master for the forest. You can do this by running the Exchange setup program with the /PrepareSchema or /PS switch. After this command completes, the Active Directory schema contains all the classes and attributes required to support Exchange.

  3. Introduce Exchange configuration data into the forest by running the Exchange Setup program with the /PrepareAD and /OrganizationName switches. After this command completes, you will find a Microsoft Exchange container created to hold details of the organization, from servers to databases to connectors. This process also creates the universal groups required to manage Exchange and sets appropriate permissions on objects so they can be managed.

  4. Prepare every domain that will contain an Exchange server or an Outlook client by running the Exchange setup program with the /PrepareDomain switch on a server in the domain you’re preparing. You can also run Setup with the /PrepareAllDomains switch to prepare all the domains in the forest.

You cannot perform these operations unless your account has administrator permission for the target forest or domain. You’ll also need to be a member of the Schema Administrators or Enterprise Administrators group to have sufficient permission to modify the schema before you can run the installation procedure with the /PrepareSchema switch. In addition, your account needs to be a member of the Exchange Organization Administrators security group (which is created when you prepare the organization) to be able to prepare a domain. Replication has to occur after each step to ensure that all domain controllers are at the same level, so it’s wise to leave an interval between each step to allow this process to complete.

Although the most common need for schema extensions arises when Exchange 2013 is first deployed for an organization, it’s important to recognize that schema updates might be required before a build-to-build upgrade can be performed. For example, Exchange 2010 SP3 uses a slightly different schema from Exchange 2013 RTM CU2, so one update must be applied to Active Directory before you can deploy the first Exchange 2010 SP3 server, and another update must be applied before Exchange 2013 RTM CU2 can be installed.

Remember that edge servers are informed about the version of the Active Directory schema through the subscription they have with the Exchange organization, so you need to take out a new subscription for each of these servers after you update the schema.

Although each of the steps described above can be executed separately, if you are installing Exchange from scratch to build a new organization, it is sufficient to run the installation procedure because it will do all the work to extend the Active Directory schema, add the necessary Exchange objects to instantiate the new organization to the configuration naming context, and install the new server. Subsequent server installations add their own objects to the organization data.
 
Others
 
- Sharepoint 2013 : Welcome to the Central Administration Web Site (part 4) - General Application Settings, Apps, Navigation
- Sharepoint 2013 : Welcome to the Central Administration Web Site (part 3) - Backup and Restore, Security
- Sharepoint 2013 : Welcome to the Central Administration Web Site (part 2) - System Settings, Monitoring
- Sharepoint 2013 : Welcome to the Central Administration Web Site (part 1) - Application Management
- Monitoring Microsoft Lync Server 2010 : Installing Operations Manager 2007 R2 (part 2) - Importing Management Packs, Deploying OpsMgr Agents
- Monitoring Microsoft Lync Server 2010 : Installing Operations Manager 2007 R2 (part 1) - Single Server OpsMgr 2007 R2 Install, Prerequisite Checker
- BizTalk Server 2009 : Executing Business Rules (part 2) - Calling the Engine from a .NET Application, Policy Chaining
- BizTalk Server 2009 : Executing Business Rules (part 1) - Returning a Value from the BRE to the Calling Orchestration
- BizTalk Server 2009 : Playing By The Rules? Use The Business Rule Engine - Going to Production
- BizTalk Server 2009 : Testing Business Rules
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us