The Road to Exchange 2010: Active Directory and Exchange Part 1

*** edit: updated 28/9/2009 with corrections of some errors/typo’s and added compatibility matrices

In my post The Road to Exchange 2010: Migration paths I’ve discussed about the different possible migration transition paths to Exchange Server 2010. Primarily which Exchange version can be installed on which version of Windows Server and which co-existing Exchange versions are possible. In this post I will discuss the Active Directory (AD) requirements for previous versions and the upcoming version of Exchange Server.

Since Exchange 2000 this version has relied heavily on Active Directory. Those of you who have worked with Exchange 5.5 or earlier can certainly testify to that fact. The relationship between Active Directory also becomes apparent when transitioning to or co-existing with another version of Exchange. It is very possible that you first have to upgrade one or all of your Domain Controllers (DC) and Global Catalogs (GC), before you even can update your AD Schema. Or perhaps you have an old version of Exchange but still want to upgrade you DC’s to the latest version of Windows. Is this even possible?

What do you need to know of your AD environment, if you want to transition? I will sum this up below and although Exchange 2000 cannot co-exist with Exchange 2010, I will still take that older version into account. It’s interesting to note that I couldn’t find many reliable and explicit sources stating which version of Exchange from 2000 and higher, are supported by newer versions of Windows and Active Directory. I’ve tried to gather all this information in this post, used links are at the end of the post.

With all migrations, you will have to know the current status of your infrastructure. For Exchange the following questions are the most important ones:

  • What is your current Exchange mode (Native/Mixed)?
  • Which version or versions of Windows are your Domain Controllers?
  • On which version of Windows is your Schema Master placed?
  • On which version or versions of Windows is your Global Catalog placed?
  • What is your current Domain Functional Level?
  • What is your current Forest Functional Level?

Why do we need to know this?

Exchange Mode

The first question points to a left-over from Exchange 5.5, which needed Mixed mode to co-exist with 2000 and 2003. Most organizations can safely upgrade this mode, which is a pre requirement of Exchange 2007 and 2010 when co-existing with or transitioning from an older version of Exchange (respectively 2000/2003 and 2003 only). It’s been a while since I’ve seen 5.5 in production so I expect little real life impact, but still something that has to be done.

You can check and change the mode in Exchange System Manager, select the organization, click Properties, go to the General tab and under Operations Mode the current status is shown. Click Change Mode to change it (duh!).

Domain Controllers

With Exchange 2000/2003 and Windows 2000/2003 there was no question about it. It didn’t matter which OS your domain controller was, it just worked. But then came Windows 2008 and even later Windows 2008 R2, both with Read Only Domain Controllers (RODC) and Read Only Global Catalogs (ROGC). Oh, and lest not forget the Schema Master role…

Will Exchange 2000 work with a Windows 2008 DC? Short answer: No. This means that if you exclusively have Windows 2008 DC’s you can’t run Exchange 2000. This also means that before upgrading all of your Domain Controllers to 2008 or 2008 R2, you will have to upgrade your Exchange server(s) first. However, Exchange 2000 (with SP3) can co-exist with 2008 DC’s. For each AD Site with Exchange 2000 you will have to have a 2000/2003 DC to which the Directory Service Access is hard linked.

What about Exchange 2003? As from Service Pack 2, Exchange 2003 can interact with Windows 2008 Domain Controllers. Even when all domain controllers in the forest are 2008 and if there are Read-Only DC’s and GC’s present. It will ignore them as long as there are writeable DC’s and GC’s present and when it can detect them automatically. So don’t hard link them to read-only servers!

Exchange 2007 can work with Windows 2000 DC’s, only not exclusively. There has to be at least one Windows 2003 SP1 DC in every domain where Exchange 2007 will be installed. Although Exchange 2007 cannot be installed on Windows 2008, it can interact with 2008 DC’s.

The upcoming Exchange 2010 is a bit more demanding than Exchange 2007, it cannot be used in an environment with Windows 2000 domain controllers.

For a visual representation:

Exchange and DC

The green v in a cell means that Exchange can communicate with a domain exclusively with whose versions or mixed with other versions that have a green v. A red x indicates that it cannot communicate when this version is present within the site, domain or forest. The yellow – represents that it cannot communicate with that version, but it can operate as long as the minimum Domain Controller version requirement has been met (within a site or domain).

Schema Master

The Schema Master is one of the Flexible Single Master Operation (FSMO) roles in Active Directory. This DC is the only one which can update the directory schema, which in turn defines possible objects and its attributes. In each AD Forest there is only one Schema Master. As far as I know, Exchange 2007 was the first version which explicitly demanded that the Schema Master was on a Windows Server 2003 with Service Pack 1 or higher. Exchange 2010 will have this same pre requirement.

How do you find out which Domain Controller holds this FSMO role? Well, there are several ways but the most easy one is with DCDIAG. If it’s necessary to transfer it, I mostly use the Active Directory Schema MMC Snap-in.

Note this: If your Schema Master is running Windows 2003 SP1 (or SP2), your Active Directory can support Exchange 2000, 2003, 2007 and 2010 if we disregard any other requirements. That is a useful fact to know when transitioning.

Will Exchange still be able to run when you have a Windows 2008 Schema Master?  The Schema Master role is always placed on a Domain Controllers. As Exchange 2000 cannot directly interact with 2008 DC’s, we can logically conclude that Exchange 2000 will not work with a Windows 2008 Schema Master.

And Exchange 2003? Exchange 2003 can work in a forest exclusively with Windows 2008 DC’s, so it will have a Windows 2008 Schema Master and the deduced answer would be yes! The requirements for Exchange 2007 and 2010 explicitly state that they support Windows 2008 DC’s, and with that also an 2008 Schema Master.

And visually represented, that gives us:

Exchange and Schema

 

This concludes part 1. In part 2 of this post, I will continue with the different requirements for the Global Catalog, Domain and Forest Functional level. In part 3 I will also discuss the requirements and limitations of Windows 2008 R2 servers in combination with Exchange.

 

*** edit: updated 28/9/2009 with corrections of some errors/typo’s and added compatibility matrices

 

Further Reading

XADM: When to Change an Exchange Organization to Native Mode

Description of mixed mode and native mode in Exchange 2000 Server and in Exchange Server 2003

Considerations when you upgrade to Exchange Server 2003

How To Find Servers That Hold Flexible Single Master Operations Roles

Transfer the schema master role

Exchange Server and Windows Server 2008

Exchange 2007 System Requirements

One comment

  • http://

    We currently have a pretty straightforward Windows 2003 Domain environment (running Native): Win Svr 2003 SP2 Domain Controllers (DC), 2003 Exchange Server (Exch Svr) on Win Svr 2003 SP2, with XP workstations SP2 & SP3, all running Outlook 2003.

    We have finally been approved to get all new hardware and software. So, we will be replacing our old equipment/OS with Windows Server 2008 r2 DCs, 2010 Exch Svr, and Windows 7 workstations.

    Although we have been able to find guides to individual components (i.e. Migrating to Windows 7 from XP, Migrating DCs to 2008, Migrating Exch Svr to 2010), what is the best practice in terms of what should be done first. The order in which we should migrate or deploy, in other words.

    Do we migrate Exch Svr, the DCs and then the clients? Or do we deploy the Windows 7 workstations first into the current 2003 domain and Exchange environment, then migrate the servers.

    We don’t really have any issues in any specific areas, per se.

    Any info would be greatly appreciated. Thanks!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *