Exchange 2007 Infrastructure Preparation

Exchange 2007 uses Active Directory for authentication, storing configuration data, recipient addressing, and message routing. Active Directory has three partitions (also referred to as naming contexts). Each partition holds different kinds of Exchange data.

Component	Description
Schema	The schema defines the rules for how objects are created (classes) and the properties and bounds for object properties (attributes). Installing Exchange 2007 extends (modifies) the Active Directory schema by adding the following: Classes to create Exchange-specific objects, such as agents and connectors. Attributes to configure the Exchange-specific objects as well as additional attributes for existing objects such as users and groups. Each domain controller and global catalog server in the forest holds a replica of the schema.
Configuration partition	The configuration partition stores data that includes information that includes AD site configuration, Exchange global settings, transport settings, and mailbox policies. Configuration information specific to Exchange is stored in a subfolder under the configuration partition's Services container. It includes the following: Address lists Address and display templates Client access settings Connectors Global settings E-mail address policies System policies Transport settings Each domain controller and global catalog server in the forest holds a replica of the configuration partition.
Domain partition	The domain partition holds all data for individual users, contacts, and mailboxes. As Exchange runs, it stores and modifies data in the domain. The domain partition stores the largest amount of information in a typical deployment. Each domain controller holds a replica of the domain partition for the domain for which it is authoritative while each global catalog server in the forest holds a subset of the information in every domain partition in the forest.

Before installing Exchange, make sure your Active Directory structure meets the following requirements:

• The domain controller that is the Schema Master must be running Windows Server 2003 SP1 (or later).
• In each site where Exchange Server 2007 will be installed, there must be at least one global catalog server running Windows Server 2003 SP1 (or later).
• In each domain where Exchange Server 2007 will be installed, there must be at least one domain controller that is running Windows Server 2003 SP1 (or later).
• For all domains in the Active Directory forest where Exchange 2007 is installed or where Exchange 2007 recipients exist, Active Directory must be in Windows 2000 native mode or higher. To place the domain in Windows native mode, you must remove any NT4 domain controllers.
• If the organization includes a previous version of Exchange, you cannot have any Exchange 5.5 servers, and the organization must be running in native mode.

Preparing and installing Exchange makes the following changes in Active Directory:

• Modifies permissions of existing Exchange 2000 or Exchange 2003 environments.
• Extends the schema to add Exchange classes and attributes.
• Creates the Exchange organization.
• Creates Exchange-specific objects and groups.
• Assigns permissions to groups used by Exchange.

Running the Setup wizard during the Exchange server installation makes all of the necessary Active Directory modifications as long as the account you use has the proper permissions. However, in large organizations, administrators with permissions to install Exchange servers typically do not have the permissions necessary to modify the schema or domain configuration. For the most granular control over the Active Directory preparation process, and to delegate these tasks to other administrators, run the Exchange server Setup.com program (with specific switches) in the following order, waiting for the changes to be propagated through Active Directory before proceeding to the next step:

1. If you have an existing Exchange 2000 or 2003 configuration, run Setup /PrepareLegacyExchangePermissions (or Setup /pl) to modify the existing Exchange 2000 or Exchange 2003 permissions.
   
    
   • If you are a member of the Enterprise Admins group, all domains will be modified.
   • To run this command for a single domain, include the domain name in the command. You must be delegated the Exchange Full Administrator role and you must be a member of the Domain Admins group.
   • Run the command on a Windows Server 2003 SP1 (or higher) server that can contact all other domains in the forest. 
   
   
2. Run Setup /PrepareSchema (or Setup /ps) to extend the schema.
   
   
   
   • You must be a member of the Schema Admins and Enterprise Admins group to perform this step.
   • Run the command on a computer in the same site as the Schema Master. 
    
3. Run Setup /PrepareAD /OrganizationName: Name (or Setup /p /on: Name) to create the organization, create global Exchange objects, and prepare the local domain. If the Exchange organization already exists, omit the /on switch.
   
   
   • You must be a member of the Enterprise Admins group to perform this step.
   • Run the command on a computer in the same domain and site as the Schema Master and that can contact all domains in the forest over port 389. 
    
4. Prepare each additional domain where you will have Exchange 2007 servers or recipients. Use one of the following methods to prepare additional domains:
   
   
   • Run Setup /PrepareDomain (or Setup /pd) on each additional domain. You do not need to run this on the domain where you ran /PrepareAD.
     
     
     • You must be a member of the Domain Admins group in the domain to perform this command if the domain that you are preparing existed before you ran Setup /PrepareAD.
     • You must be a member of the Exchange Organization Administrators group and the Domain Admins group in the domain if it was created after you ran Setup /PrepareAD.
   • Run Setup /PrepareAllDomains (or Setup /pad) to prepare every domain in the forest. You must be a member of the Enterprise Admins group to run this command.

Note: The computer that is used to run Setup must have the Microsoft .NET, Framework 2.0, and the Microsoft Command Shell installed.
Perhaps the biggest consideration in deciding how to prepare Active Directory is the permissions required to perform each specific task. The following table summarizes the permissions required for each:

Option	Required Permissions
/PrepareLegacyExchangePermissions	Enterprise Admins group membership to modify all domains. Delegated the Exchange Full Administrator role and Domain Admins group membership to modify a single domain.
/PrepareSchema	Schema Admins and Enterprise Admins group memberships.
/PrepareAD	Enterprise Admins group membership if the schema is already prepared. Schema Admins and Enterprise Admins group membership if the schema has not yet been prepared. In addition, you must be an Exchange Full Administrator if there are existing Exchange 2003 servers.
/PrepareDomain	Domain Admins group membership if the domain existed before you ran /PrepareAD. Exchange Organization Administrators group membership and Domain Admins group membership if the domain was created after you ran /PrepareAD.
/PrepareAllDomains	Enterprise Admins group membership.

When you use Setup to prepare Active Directory for Exchange server installation, be aware of the following special cases:

• If you run the Setup wizard with appropriate permissions, the following actions are performed: legacy permissions are modified, the schema is extended, the organization is created, and the local domain is prepared. This is the most efficient way to do the preparation and the installation if you have all of the necessary permissions.
• Running /PrepareAD modifies legacy permissions and extends the schema if those steps have not yet been performed (as long as you are a member of the Schema Admins and Enterprise Admins groups).
• Running /PrepareSchema modifies legacy permissions if that step has not yet been performed.
• Running /PrepareAllDomains is the most efficient way to prepare domains for Exchange installation, but requires membership in the Enterprise Admins group.
• Because you can only create a single organization in a forest, you must create a second forest to accommodate two organizations. Run Setup /PrepareAD /on in each domain to create the organizations.
• All domains with Exchange 2007 servers or recipients must be prepared. Domains are prepared for Exchange if you have run /PrepareAD or /PrepareDomain in the domain, or if you run /PrepareAllDomains.

In addition to preparing Active Directory, you must have a good DNS infrastructure prior to Exchange installation. Exchange Server 2007 uses DNS for the following:

• An Exchange server contacts DNS to get service locator records (SRV) to locate Active Directory domain controllers.
• An Exchange server contacts DNS servers to retrieve MX (mailbox) records and to locate SMTP domains. Edge Transport servers must be configured as follows:
  
  
  • The internal interface must be configured to resolve internal addresses.
  • The external interface must be configured to resolve Internet or public DNS names.
• An Exchange server uses DNS to resolve hosts names, especially when locating hosts on the Internet.

By Unknown with No comments