3. Preparing the Active Directory Forest
The next step is to prepare the Active Directory
forest to support an Exchange organization. Although this process does
not make as many changes to the forest, it does make quite a few more
noticeable changes, such as creating the various Exchange configuration
containers and creating Exchange security groups. An example of the
configuration containers that are created is shown in Figure 2.
Here are some tasks that the Active Directory preparation process includes:
Defining the Exchange organization name if
it does not exist already in the Microsoft Exchange container under the
Services container of the Active Directory configuration partition
Creating configuration objects and containers under the Exchange organization container (see Figure 2)
Creating
the Microsoft Exchange Security Groups organizational unit in the
forest root domain and then creating the Exchange universal security
groups:
Delegated Setup
Discovery Management
Exchange All Hosted Organizations
Exchange Servers
Exchange Trusted Subsystem
Exchange Windows Permissions
ExchangeLegacyInterop
Help Desk
Hygiene Management
Organization Management
Public Folder Management
Recipient Management
Records Management
Server Management
UM Management
View-Only Organization Management
Importing new Exchange-specific extended Active Directory rights and assigning the necessary permissions in Active Directory
Creating the Microsoft Exchange System Objects container in the forest root domain
Preparing the forest root domain for Exchange Server 2010
To run the forest preparation, you must be logged on
with a user who is a member of the Enterprise Admins group. Further,
you should run the forest preparation process from a server that is in
the same Active Directory site and domain that holds the schema master
flexible single master of operations (FSMO) role. The setup /PrepareAD option is used to prepare the Active Directory.
You have two options when running /PrepareAD;
the option you choose will depend on whether you have an existing
Exchange organization. For example, to prepare a forest that has never
supported any version of Exchange Server and to use the organization
name SomoritaSurfboards, you would run the following command from the
Exchange 2010 setup folder:
Setup /PrepareAD /OrganizationName:SomoritaSurfboards
|
In previous versions of Exchange Server, choosing
the right organization name was often a source of great anxiety. With
Exchange 5.5 and earlier, when you built an Exchange site, if you did
not pick the right organization name, you could not replicate that
site's global address list to the rest of the organization.
Even with Exchange 2000/2003, the organization name
was visible at the top of the global address list and within the
Exchange System Manager administrative console. And once the
organization name is set, it cannot be changed. Fears of acquisitions,
mergers, and company name changes still drive people to be concerned
about this name.
Although we still recommend naming your organization
something descriptive, the actual name is not as important because it
is not going to be seen by the end users and is rarely (if ever) seen
by the administrators. You can always set the organization name to
something generic like ExchangeOrganization if you want something that
would not be affected by a reorganization.
When you pick an organization name, use a name that
is 64 characters or less and uses only valid Active Directory
characters for a container name. We recommend you stick to the basics:
A–Z a–z 0–9 Spaces and hyphens
|
However, if the forest already supports a previous version of Exchange Server, the /OrganizationName option is not necessary. You can simply run this command:
Setup /PrepareAD
When the /PrepareAD process runs, it will check to see if the /PrepareLegacyExchangePermissions or /PrepareSchema
steps need to be run. If so, Setup will check to see if you have the
necessary permissions to run them, and Setup will run these steps as
well. However, if the other steps are necessary and you do not have the
necessary permissions, you will see an error and Setup will fail.
4. Preparing Additional Domains
If you have only a single domain in your Active Directory forest, the Setup option /PrepareAD will prepare that domain and you will be ready to proceed with your first Exchange server installation.
However, if you have additional domains in your
Active Directory forest, you may have to prepare these additional
domains if they are going to contain mail-enabled recipients or if they
will contain Exchange servers. To prepare these domains, use the /PrepareDomain or /PrepareAllDomains Setup options. Some of the things this process does include the following:
Assigning to the domain container various
permissions to the Authenticated Users and Exchange universal security
groups that are necessary for viewing recipient information and
performing recipient management tasks.
Creating
a Microsoft Exchange System Objects container in the root of the
domain; this container holds mail-enabled recipient information for
organization objects such as Exchange databases.
To prepare a single domain, you must be logged on as
a member of that domain's Domain Admins group, and there should be a
domain controller for that domain in the same site as the server from
which you are running Setup. The domain controller should be running a
minimum of Windows Server 2003 SP2. To prepare a domain called eu.somorita.local, type this command:
Setup /PrepareDomain:eu.somorita.local
If you have a user account that is a member of the
Enterprise Admins group, you can run this command and prepare all
domains in the entire forest:
Setup /PrepareAllDomains
