Join Mike Pfeiffer for an in-depth discussion in this video Prepare Active Directory, part of Exchange Server 2010: Designing and Implementing.
- View Offline
- There are basically two things that need to be done before you install Exchange 2010 into your environment. You need to prepare active directory to first extend the schema and add classes and attributes to your active directory environment and then some security groups need to be added as well. Let's take a look first at the schema partition. I'm going to go into the Administrative Tools, into ADSI Edit, and in here I'm going to right click and connect to the schema partition. So this is a partition that's replicated through every domain controller in the forest.
And this is the one that needs to be updated for Exchange 2010. So notice there's all kinds of attributes out here. If I scroll way down I'll notice that I've got a bunch of Exchange attributes. This is because I'm already running Exchange 2003 in this environment. So new attributes for Exchange that have been added to improve the functionality or increase the functionality or do new things in 2010 will be added to this schema partition and that gets replicated out. So that's where you will see this information here. And there's also ways to check the current version of the schema if you scroll even further, all the way down here there's an attribute called EXCH or MSEXCH schema version PT.
And if you look at the properties of that, there's a value in here called range upper. Right now mine is 6870. This will be a different version depending on what version of Exchange you're currently running. So this is a way for you to kind of first check the existing version, run the preparation tools, come back later and ensure that this value has indeed been increased. And we'll take a look at that as we go forward. For now I'm going to get out of this.
And I'm going to open up a command prompt. So before I do the preparation I want to figure out which server is currently running the schema master roll. So I going to run Netdom query FSMO. This will go at the active directory and figure out all the FSMO roll holders. Notice that my schema master is DC1. I want to make note of this because when I extend the schema I want to be in the same active directory site as DC1 and I also want to be on a workstation running a 64-bit version of the operating system.
So I could run it in this case from DC1 or I could run it from this Windows 7 box because those requirements were meet. Before I get started with that, I need the Exchange media. What you can do is just go out to the internet and search for the latest version of Exchange 2010's service pack. So if you look for Exchange 2010 and SP1 download and you download these bits here, that's all you need to deploy the current version of Exchange. So you don't have to worry about getting the media kit or downloading anything from MSDN.
You can use the latest service pack to deploy Exchange, but notice it's a rather large download. I've already gone out and downloaded this and I extracted it on a folder on my C-drive called E2010SP1. So in here I've got all the tools I need to actually perform the install. Setup dot com is the tool that performs the active directory preparation. Before I run this tool though, there's one important thing that I want to do and that's disable outbound replication on DC1.
It's very rare, but there's a possibility for some kind of problem to take place while you're extending the schema. Since the schema is replicated to every server or every domain controller in the forest this is a high replication event, meaning that if I start changing stuff in the schema we're going to start shotgunning that out to every domain controller in the forest. So I want to turn that off on DC1, I want to extend the schema, make sure that works, then I can come back and re-enable that outbound replication. So I'll need the rep admin tool for this and you'll want to run rep admin slash options, specify the domain controller that's currently hosting the schema master roll.
And then the syntax here is the plus disable underscore outbound underscore rebel. What you should get back is something like this where it says new DSA options is GC disabled outbound rebel. That means that at this point we can safely extend the schema without any issues of replication or corrupting that schema on any other servers. I'm going to clear this screen here and switch into the E 2010 folder and that's where my setup dot com tool is. So there are several options for running this tool.
If you're running this with the help switch, this will tell you there's an install help. There's also prepare topology help, that's the one we're really interested in hearing. So let's run that so you can see the syntax. There's several options here. So well do help slash prepare topology. And maximize this so you can see it a little better. There's a few things things that need to happen when you run the preparation. So first, the Exchange legacy permissions need to be run if you're in a 2003 environment. Of course the schema needs to be prepared and extended, and the prepared domain actually takes care of creating those Exchange security groups for you.
Now the cool thing is I can accomplish all of this by just running this one switch parameter. So I could run setup dot com with the prepare AD switch, that will take care of all three of these options for me. That's what I'm going to do now. So I'm going to clear the screen. I'm going to setup dot com slash prepare AD. Since I have an existing Exchange installation this is all that I would need to do, but if I was doing a Greenfield deployment which means I've never had Exchange before, I would need to specify an organization name here using this syntax.
In here you would just specify something simple like mail or exchange. This doesn't have to be anything that matches your environment, no one will ever sees this. It's just something under the covers. I don't need to do that, I've already got my Exchange environment so I'm just going to run setup dot com slash prepare AD. This typically will take about 10 to 15 minutes in your environment. It will go through and do several prerequisite checks but should continue on and let you know when it's finished. So the preparation process is now completed.
Notice that the first phase passed. Second phase passed. If you actually read this message, this is important. After you've run this preparation process, you can no longer add Exchange 2007 or 2003 to the environment. So if you need to have those running around for some legacy application you want to have those in place prior to installing Exchange 2010. Also the organization preparation was completed successfully. That's the main one we're really looking for here to come back clean. So if there were any problems we would have seen errors in this output.
We're good to go now. What I'm going to do is clear the screen and I'm going to re-enable outbound replication from DC1. So do rep admin slash options DC1, and I'll use a minus this time and I'll say disable underscore outbound underscore rebel. So outbound replication is turned back on. I'm going to go back in ADSI edit, check out my schema partition and make sure my schema version has been increased.
I'm going to scroll way down here. So I scrolled way down here to this MS Exchange schema version PT attribute and I'm going to look at the properties of it. I'm looking for the range upper value. You can see that now this has been increased to 14726, which represents Exchange 2010 SP1. So from here I could check this on each domain controller in the forest, so I could connect to the schema partition on DC2.
Notice here, I'm just looking at the schema partition on DC1. If I had multiple sites, I'd want to replicate active directory and make sure that all the domain controllers are on the same page before I install Exchange 2010. I'm going to close this out. I could go into active directory sites and services to enable or force replication. I can also do it using rep admin and this is usually a little bit more consistent in terms of actually working. So typically I use rep admin from the command line. So rep admin slash sync all.
Specify the domain controller you want to push the configuration from. So I'm going to take the configuration from DC1 and force that out to all the servers in the forest using these three switch options. What will happen is DC2 in this environment will be updated with a new schema information and then I'll be ready to install Exchange 2010.