Gerod Serafin's WebLog

Helping to keep large organizations' e-mail running

Preparing your AD for Exchange 2007 SP1

Preparing your AD for Exchange 2007 SP1

  • Comments 2
  • Likes

There are a number of switches that can be used for getting the Active Directory ready for the installation of Exchange 2007.  The switches for preparing the AD can be found at http://technet.microsoft.com/en-us/library/bb125224.aspx

As you can see they are:

/PrepareLegacyExchangePermissions or /pl

/PrepareSchema or /ps

/PrepareAD or /p

/PrepareDomain or /pd

/PrepareAllDomains or /pad

Why would you care about all of these switches?

Well if your Exchange organization is in simple and only has one AD site, Domain, and Forest and your account is a member of the Schema Admins group and the Enterprise Admin group, and has the Exchange Full Administrator role assigned to it, then you may not need to know the switches.  But if you have multiple domains, administrators and sites, then knowing the switches may be helpful for you.

/PrepareLegacyExchangePermissions

When would I run /PrepareLegacyExchangePermissions?

This is a necessity if you are currently running Exchange 2003 or 2000.  With Exchange 2007 there is a new role called “Exchange Recipient Administrators”.  Accounts that have this role can now modify Exchange attributes on user accounts.  The Recipient Update Service in Exchange 2000/2003 however runs under the Exchange localSystem account that the server and we need to give the right amount of permissions to those accounts in order for the RUS to be able to still do its job.  Since the Exchange 200X servers run under an account that is a member of the Exchange Enterprise Servers group we make the modifications there.  That is the reason for this switch. 

What are the permissions necessary to run this?

The account running this must have Enterprise Admins permissions so that it can contact every domain in the Forest.  It makes the modifications forest wide.

If you run /PrepareAD or /PrepareSchema we do all of the actions included in /PrepareLegacyExchangePermissions so it may not be necessary to run /PrepareLegacyExchangePermissions in some cases.

/PrepareSchema

What does /PrepareSchema do?

This command will import the schema changes for Exchange 2007, 2003, and 2000.  Manually importing the ldf files is not supported and this has to be done via setup.  This will also do the actions included in /PrepareLegacyExchangePermissions.  If you run /PrepareAD the actions in /PrepareSchema are done as well.

/PrepareAD

What does /PrepareAD do?

This is the big one.  This is the one switch that does all of the steps so far described and more.  This one also creates containers in the AD, verifies schema updates, assigns needed permissions, creates Security Groups, the FYDIBOHF23SPDLT Administrative Group, the DWBGZMFD01QNBJR Routing Group, and prepares the local domain (/PrepareDomain).

What permissions are needed to run /PrepareAD?

You must run this as the member of the Enterprise Admins Group.

Where should this be run?

It must be run from a machine that is in the same Domain and Site as the Schema Master.  That machine must also have LDAP access (port 389) to all domains in the forest. 

/PrepareDomain and /PrepareAllDomains

What does /PrepareDomain and /PrepareAllDomains do?

Do you remember what /DomainPrep did in Exchange 2003?  This is very similar to what that did in that it handles the things that need to be done at the Domain level.  This includes granting permissions, creating containers, and creating Groups.  This needs to be done in each domain that will host Exchange servers or mail-enabled objects.  Domain Admins will need to run this in each of those domains.  If you are running this as Enterprise Admin however, you can run the /PrepareAllDomains and do all of the domains in one shot.

Ok, that is a lot of information.  Can you give me a quick rundown of what I need to do?

Sure.  Do you have a single forest, domain, site?  OK, run the setup from the GUI and you should be fine.  Do you have multiple Domains?  Ok, then run /PrepareAD for the forest and /PrepareDomain for any other domains (or /PrepareAllDomains).

Sources:

White Paper: Preparing Active Directory for Exchange 2007

http://technet.microsoft.com/en-us/library/bb288907.aspx

Preparing Legacy Exchange Permissions

http://technet.microsoft.com/en-us/library/aa997914.aspx

How to Prepare Active Directory and Domains

http://technet.microsoft.com/en-us/library/bb125224.aspx

Comments
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment