As far as Active Directory is concerned, its minimum
level needs to be on a Windows Server 2003 level, both for the domain
functional level as well as the forest functional level. This might be
confusing, since Exchange Server 2010 only runs on Windows Server 2008
or Windows Server 2008 R2, but that's just the actual server which
Exchange Server 2010 is running on!
The Schema Master in the forest
needs to be Windows Server 2003 SP2 server (Standard or Enterprise
Edition) or higher. Likewise, in each Active Directory Site where
Exchange Server 2010 will be installed, there must be at least one Standard or Enterprise Windows Server 2003 SP2 (or higher) server configured as a Global Catalog server.
From a performance
standpoint, as with Exchange Server 2007, the ratio of 4:1 for Exchange
Server processors to Global Catalog server processors still applies to
Exchange Server 2010. Using a 64-bit version of Windows Server for
Active Directory will naturally also increase the system performance.
NOTE
It
is possible to install Exchange Server 2010 on an Active Directory
Domain Controller. However, for performance and security reasons it is
recommended not to do this, and instead to install Exchange Server 2010
on a member server in a domain.
1. Active Directory partitions
A Windows Server Active
Directory consists of one forest, one or more domains and one or more
sites. Exchange Server 2010 is bound to a forest, and therefore one
Exchange Server 2010 Organization is connected to one Active Directory
forest. The actual information in an Active Directory forest is stored
in three locations, also called partitions:
Schema partition
– this contains a "blue print" of all objects and properties in Active
Directory. In a programming scenario this would be called a class. When
an object, like a user, is created, it is instantiated from the user
blueprint in Active Directory.
Configuration partition
– this contains information that's used throughout the forest.
Regardless of the number of domains that are configured in Active
Directory, all domain controllers use the same Configuration Partition
in that particular Active Directory forest. As such, it is replicated
throughout the Active Directory forest, and all changes to the
Configuration Partition have to be replicated to all Domain Controllers.
All Exchange Server 2010 information is stored in the Configuration
Partition.
Domain Partition
– this contains information regarding the domains installed in Active
Directory. Every domain has its own Domain Partition, so if there are 60
domains installed there will be 60 different Domain Partitions. User
information, including Mailbox information, is stored in the Domain
Partition.
2 Delegation of control
In Exchange Server 2003 the
concept of "Administrative Groups" was used to delegate control between
different groups of administrators. A default "First Administrative
Group" was created during installation, and subsequent Administrative
Groups could be created to install more Exchange 2003 servers and
delegate control of these servers to other groups. The Administrative
Groups were stored in the Configuration Partition so all domains and
thus all domain controllers and Exchange servers could see them.
Exchange Server 2007
used Active Directory Security Groups for delegation of control, and
only one Administrative Group is created during installation of Exchange
Server 2007, called "Exchange Administrative Group – FYDIBOHF23SPDLT."
All servers in the organization are installed in this Administrative
Group. Permissions are assigned to Security Groups and Exchange
administrators are member of these Security Groups.
3 Active Directory Sites
Exchange Server 2010 uses Active Directory Sites for routing messages. But what is an Active Directory site?
When a network is
separated into multiple physical locations, connected with "slow" links
and separated into multiple IP subnets then, in terms of Active
Directory, we're talking about sites. Say, for example, there's a main
office located in Amsterdam with an IP subnet of 10.10.0.0/16. There's a
branch office located in London, and this location has an IP subnet of
10.11.0.0/16. Both locations have their own Active Directory Domain
Controller, handling authentication for clients in their own subnet.
Active Directory site links are created to control replication traffic
between sites. Clients in each site use DNS to find services like Domain
Controllers in their own site, thus preventing using services over the
WAN link.
Exchange Server 2010
uses Active Directory sites for routing messages between sites. Using
our current example, if there is an Exchange Server 2010 Hub Transport
Server in Amsterdam and an Exchange Server 2010 Hub Transport Server in
London, then the IP Site Links in Active Directory are used to route
messages from Amsterdam to London. This concept was first introduced in
Exchange Server 2007, and nothing has changed in Exchange Server 2010.
Exchange Server 2003 used
the concept of Routing Groups, where Active Directory already used
Active Directory Sites; Active Directory Sites and Exchange Server
Routing Groups are not compatible with each other. To have Exchange
Server 2003 and Exchange Server 2010 work together in one Exchange
organization, some special connectors have to be created – the so-called
Interop Routing Group Connector.
