IT tutorials
 
Applications Server
 

Installing Exchange Server 2010 : Preparing for Exchange 2010 Ahead of Time (part 1) - Existing Exchange Organizations , Preparing the Schema

11/10/2014 3:49:12 AM
- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire

In some large organizations, you may find it necessary to prepare your Active Directory prior to installing Exchange Server 2010. You may need to do this for a number of reasons. Remember that the various steps to prepare the forest require membership in the Schema Admins and Enterprise Admins groups as well as Domain Admins membership in each of the forests' domains.

In a small or medium-sized business, you may be the person where the proverbial buck stops. You may have a user account that has all of these permissions, and you can run everything easily by yourself. In that case, simply log on as a user with the necessary permissions and run Setup.

However, large organizations are a bit different. Here are a few points you should consider:

  • Large organizations may have configuration control and change management in place. Configuration management and change control are best practices that should be followed. You may need to document the steps that you will take, request permissions to proceed, and schedule the forest preparation.

  • Large Active Directories may have many Active Directory sites and domain controllers.

  • Organizations that are distributed across large geographic areas may have replication delays on their domain controllers of anywhere from 15 minutes to seven days. Replication of schema and domain changes may need to be completed prior to proceeding with Exchange server installations.

  • Permissions to update the schema, configuration partition, and child domains are sometimes spread across a number of different individuals or departments. You may need to have another administrator log in for you to run various preparation steps.

If you have to prepare the Active Directory forest ahead of time, there are a few steps you will need to take. The number of steps will vary depending on the following factors:

  • Whether or not you have a previous version of Exchange Server running

  • The number of domains that you have in your forest

  • The permissions you have within the forest root domain and the child domains

Important Steps Prior to Preparing any Domain

Before running any of the Active Directory preparation steps, make sure that the machine from which you are running the setup.exe program is in the same Active Directory site as the Schema Master and has good connectivity to the Schema Master as well as a domain controller from each domain within the forest. The Windows 2008 R2 or SP2 server must meet all of the Exchange Server 2010 prerequisites. Further, ensure that you have installed the Active Directory management tools on your Windows 2008 SP2 or R2 server by running ServerManagerCmd -I RSAT-ADDS.


1. Existing Exchange Organizations

If you have any Exchange 2003 servers in your organization, you must first prepare each domain so that Exchange Server 2010 can properly communicate with Exchange 2003 and so that Exchange 2003 can access certain newly created attribute sets in Active Directory. This must be done for each domain that has Exchange 2003 servers or that was prepared for Exchange 2003. You can determine this by searching the domain for the Exchange Domain Servers or Exchange Enterprise Servers groups.

The process of preparing the legacy Exchange permissions gives the Exchange Enterprise Servers and Exchange Domain Servers groups read and write permissions to the attributes in the Active Directory Exchange-Information property set. It also provides authenticated users with the ability to read information in the Exchange-Information property set.

To prepare a specific domain, use an account that is a member of that domain's Domain Admins group. For example, to configure the legacy Exchange permissions for the domain somorita.local from the Exchange installation files folder, run the following command:

setup.com /PrepareLegacyExchangePermissions:somorita.local

If you are logged on as an account that is a member of the Enterprise Admins group, you can run setup.com one time and prepare all the domains in the forest by running this command:

setup.com /PrepareLegacyExchangePermissions

2. Preparing the Schema

Next is the step that usually scares Active Directory administrators the most: extending the Active Directory schema. Essentially the schema is the set of rules that define the structure (the objects and the attributes of those objects) for Active Directory. This operation requires the user account running this operation to have both Enterprise Admins and Schema Admins group memberships.

This scares Active Directory administrators for a couple of reasons. First, schema changes cannot be undone. Ever. Second, once the schema changes are made, they replicate to every domain controller in the entire forest.

Naturally, schema changes are not done to an Active Directory forest very often. When schema changes are performed, often the Active Directory administrators do want to know exactly what is being changed. This is a bit more difficult to document for Exchange due to the sheer number of changes. The number of changes will depend on whether you are running any previous version of Exchange and which particular version. An Active Directory that has never been prepped for Exchange will have more than 3,000 changes made to the schema, including new classes (object types), new attributes, new attributes being flagged for the global catalog replication, and existing attributes being flagged to replicate to the global catalog. If you want to point your Active Directory administrators to a specific list of changes, this document is helpful:

www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=3d44de93-3f21-44d0-a0a1-35ff5dbabd0b

If you, or your Active Directory administrators, are curious about what is being changed, take a look at the LDF files in the \Setup\Data folder within the Exchange 2010 setup files. For the most part, you probably don't have to worry about this unless you have done something nonstandard with your Active Directory, such as defining your own classes or attributes without giving them unique names and unique object identifiers.

To extend the schema effectively, the server from which you are running the schema preparation must be in the same Active Directory site as the Schema Master domain controller. You can locate the schema master domain controller using the Schema Management console; the console is not available by default, so you first must register it. At the command prompt, type regsvr32.exe schmmgmt.dll; you will see a message indicating the schmmgmt.dll registration succeed.

Then you can run the management console program (mmc.exe) and add the Active Directory Schema snap-in. This snap-in will not appear unless the schmmgmt.dll registered properly. Once you have the Active Directory Schema console open, right-click on Active Directory Schema and choose Operations Master. The Change Schema Master dialog (shown in Figure 1) will show you which server currently holds the Schema Master role.

To extend the schema, run the following command from within the Exchange 2010 setup folder:

Setup.com /PrepareSchema

Note that this can take between 15 and 30 minutes depending on the speed of the computer on which you are running Setup, the speed of the Schema Master domain controller, and the network connection between the computers. If Setup detects that the forest has Exchange 2003, it will automatically perform the /PrepareLegacyExchangePermissions step if it has not already been done.

Figure 1. Determining which domain controller holds the Schema Master role
 
Others
 
- Securing an Exchange Server 2007 Environment : Securing Outlook Web Access
- Securing an Exchange Server 2007 Environment : Protecting Against Spam (part 2) - Filtering Junk Mail
- Securing an Exchange Server 2007 Environment : Protecting Against Spam (part 2) - Filtering Junk Mail
- Securing an Exchange Server 2007 Environment : Protecting Against Spam (part 1) - Protecting Against Web Beaconing
- Securing an Exchange Server 2007 Environment : Securing Outlook 2007 (part 2) - Encrypting Communications Between Outlook and Exchange , Blocking Attachments
- Securing an Exchange Server 2007 Environment : Securing Outlook 2007 (part 1) - Outlook Anywhere
- Securing an Exchange Server 2007 Environment : Securing Your Windows Environment (part 3) - Keeping Up with Security Patches and Updates
- Securing an Exchange Server 2007 Environment : Securing Your Windows Environment (part 2) - Utilizing Security Templates
- Securing an Exchange Server 2007 Environment : Securing Your Windows Environment (part 1) - Windows Server 2003 Security Improvements , Windows Vista Security Improvements
- Securing an Exchange Server 2007 Environment : Client-Level Secured Messaging - Exchange Server 2007 Client-Level Security Enhancements
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
programming4us programming4us
 
Popular tags
 
Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS