Sponsors

Sunday, 22 May 2016

Prepare Active Directory and domains for Exchange Server 2016


Before we install Microsoft Exchange Server 2016, we need to prepare Active Directory forest and its domains. This step is required so that exchange 2016 can store information about your user’s mailboxes and the configuration of Exchange servers.

There are a couple of ways we can prepare Active Directory for Exchange.
  • The first option is to let the Exchange 2016 Setup wizard do it during setup. This approach is more suitable if we are doing small deployment and there are no separate teams to manage the servers.
  • The Second option is what as described in below detailed procedure.

NOTE: The account we use to perform these steps will need to be a member of both the Schema Admins and Enterprise Admins security groups.
 

Extend the Active Directory schema:

Before we extend your schema:

  • The account you're logged in must be a member of the Schema Admins and Enterprise Admins security groups.
  • The computer where you'll run the command to extend the schema needs to be in the same Active Directory domain and site as the schema master.
  • If you use the DomainController parameter, make sure to use the name of the domain controller that's the schema master.
  • The only way to extend the schema for Exchange is to use use Exchange 2016 Setup wizard or the process we are discussing in this article. Other ways of extending the schema are not supported.

Steps to extend Schema:
  1. Open a Windows Command Prompt window and navigate to the Exchange installation files location.
  2. Run the following command to extend the schema. 
  3. Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
 
NOTE: Once schema is extended, wait for Active Directory to replicate the changes to all domain controllers. We can check replication status using the Repadmin tool.

Prepare Active Directory:

Once Schema extension is completed successfully, we can move to next step to prepare AD. In this process, Exchange will create containers, objects, and other items in Active Directory that will be used to store information.

The collection of all of the Exchange containers, objects, attributes, and so on, is called the Exchange organization.

Before we prepare Active Directory for Exchange:
  • The account you're logged in as needs to be a member of the Enterprise Admins security group.
  • The computer where we'll run the command needs to be in the same Active Directory domain and site as the schema master. It'll also need to contact all of the domains in the forest on TCP port 389.
  • Wait until Active Directory has replicated the changes made in step 1 to all of your domain controllers before you do this step.
Exchange Organization Name:

We need to provide name for the Exchange organization during this step. This name is used internally by Exchange. The name of the company where Exchange is being installed is often used for the organization name. We can name it anything we want, provided that we follow below conditions:
 
  • Organization Name cannot be blank. 
  • Any uppercase or lowercase letters from A to Z.
  • Numbers 0 to 9.
  • Spaces. However not at the beginning or end of the name. 
  • Hyphen or dash in the name. 
  • The name can be up to 64 characters. 
  • The name can't be changed after its set.
Steps to Prepare AD:
  1. Open a Windows Command Prompt window and navigate to Exchange installation files location.
  2. Run the following command. 
  3. Setup.exe /PrepareAD /OrganizationName:"Organization name" /IAcceptExchangeServerLicenseTerms 



Once AD preparation is completed, wait for Active Directory to replicate the changes to all domain controllers. We can use Repadmin to check the replication status.

Prepare Active Directory domains

The final step to prepare AD for Exchange is to prepare each of the Active Directory domains where Exchange will be installed. 
 
We can skip this step if we have just one domain as previous step of PrepareAD already prepared the domain for us.

This step creates additional containers and security groups, and sets permissions so that Exchange can access them.

If we have multiple domains in your Active Directory forest, we have a couple of choices in how we can prepare them as listed below. 
  1. /PrepareAllDomains
  2. /PrepareDomain

PrepareAllDomains:

This parameter will prepare every domain for Exchange in Active Directory forest. Steps to
Open a Windows Command Prompt window and go to where you downloaded the Exchange installation files.
Run the following command:

Setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms
 
PrepareDomain:

With this parameter we need to include the fully qualified domain name (FQDN) of the domain we want to prepare.

NOTE: We need to prepare every domain where an Exchange server will be installed. We will also need to prepare any domain that'll contain mail-enabled users, even if those domains do not contain any Exchange servers.

Steps to prepare individual domains:

1. Open windows Command Prompt window & navigate to Exchange installation files location.

2. Run the following command with the FQDN of the domain we want to prepare. We don't have to include the FQDN if we are preparing the domain where we are executing the command.

3. Setup.exe /PrepareDomain:<FQDN of the domain to prepare> /IAcceptExchangeServerLicenseTerms

4. Repeat the steps for each Active Directory domain where we will install an Exchange server or where mail-enabled users will be located.

How to verify installation:
 
We can use a tool called Active Directory Service Interfaces Editor (ADSI Edit). ADSI Edit is included as part of the Active Directory Domain Services Tools feature in Windows Server 2012 R2 and Windows Server 2012. 
 
Check the values of below parameters are matching to the values in Exchange 2016 AD versions.
  • In the Schema naming context, verify rangeUpper property on ms-Exch-Schema-Verision-Pt. 
  • In the Configuration naming context, verify objectVersion property in the CN=<your organization>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<domain> 
  • In the Default naming context, verify objectVersion property in the Microsoft Exchange System Objects container under DC=<root domain> 
  • We can also check the Exchange setup log to verify that Active Directory preparation has completed successfully. 
  • We won't be able to use the Get-ExchangeServer cmdlet mentioned until we have completed the installation of at least one Mailbox server role in an Active Directory site.


No comments:

Post a Comment

Popular Posts This Week