Exchange Server 2007 and the Active Directory, Part 2

Reading Time: 6 minutes

Microsoft Exchange Server 2007 is bound to shake up the Active Directory world as we know it. After my first post on the soon to come Exchange Server and the Active Directory I've been playing around for 2 months with it and attended a couple of seminars on the subject.

Now we know that there probably won't be any more beta or release candidate versions of Microsoft Exchange Server 2007 we can basically line out the feature set and how it interacts with the product we've come to love and cherish as the Active Directory.

In this part I'll look at the ways of administering your Exchange servers, the ways you can migrate from previous versions to Microsoft Exchange server 2007 and the steps you have to perform to prepare your Active Directory for Microsoft Exchange Server 2007.


Administering Exchange Server 2007

In part 1 we saw that a lot of Exchange related administration tasks were moved from the Active Directory Users and Computers MMC Snap-In (dsa.msc) to the new and improved Exchange System Manager and Powershell. (The last step in every Exchange related wizard even shows you the performed Powershell command and the result it gave back)

The Microsoft Exchange Team Blog has a great post by Evan Dodds that shows you how to perform the following tasks:

  • Creating a new mailbox;
  • Modifying properties on a mailbox;
  • Configuring 'Exchange features' on a mailbox;
  • Moving a mailbox;
  • Checking for or changing email addresses on a mailbox or mail-enabled object.

That's right! In Microsoft Exchange Server 2007 you will be performing these tasks in the new Microsoft Exchange Management Console. In my opinion the screenshots that accompany the post show an interface that resembles the tabs within an Active Directory Users and Computers MMC snap-in (dsa.msc) on a box that has the Microsoft Exchange System Manager installed, so your learning curve won't be a very steep one.

If you appreciate virtual labs Microsoft has one on this subject ready for you to explore!

The big benefit however comes when Microsoft Exchange Server 2007 gets implemented in a large environment where the persons in the IT department have different roles and responsibilities. Microsoft Exchange Server 2007 more easily lets you make Exchange-only administrators. If you want to take it one step further it even enables you to make these kind of task pads (which we know from delegating control in our Active Directories) for people you suspect might be able to do 'smart things'…


Migrating to Exchange Server 2007

There are a couple of complicating issues that you have to take into account when you migrate from older platforms and older versions of Microsoft Exchange to Microsoft Exchange Server 2007:

  • The Domain Controller that is the Schema Master must be running Microsoft Windows Server 2003 SP1 or above;
  • You must have at least one global catalog server in every Active Directory directory service site where you plan to install Exchange 2007; (These global catalog servers must be running Windows Server 2003 SP1 or above)
  • For all domains in the Active Directory forest where you will install Exchange 2007 or that will host Exchange 2007 recipients, the Active Directory domain functional level must be Windows 2000 Server native or higher;
  • The minimum forest functional level for each forest with Exchange must be Windows Server 2003;
  • Your existing Exchange organization must be running in native mode;
  • The production server where you want to install Microsoft Exchange Server 2007 on, must be equipped with a x64 architecture-based processor that supports Intel Extended Memory 64 Technology (Intel EM64T) or supports the AMD64 platform; (Intel Itanium IA64 processors are not supported)

These system requirements reveal a couple of conclusions:

  • You can't perform an in-place upgrade of a Microsoft Exchange 2000 Server or Microsoft Exchange Server 2003 to Microsoft Exchange server 2007;
  • You can't directly migrate from Microsoft Exchange 5.5 Server to Microsoft Exchange Server 2007; (your Exchange organization can't be native, you'll first have to upgrade to Microsoft Windows 2000 and Microsoft Exchange Server 2000 or above)
  • You can't directly migrate a Microsoft Windows Small Business Server 2000 to a Microsoft Windows Server with Microsoft Exchange Server 2007; (Small Business Server doesn't allow FSMO roles to be transferred, you'll have to upgrade to Microsoft Windows Small Business Server 2003, Microsoft Windows Small Business Server 2003 R2 or migrate to a combination of Microsoft Windows Server 2003 and Microsoft Exchange Server 2003 first)

This is also covered on Microsoft TechNet's section on Microsoft Exchange Server 2007 and illustrated with a table of migration scenarios:

This is when it hit me: companies have been implementing Microsoft Windows 2000 Server based Domain Controllers with Microsoft Exchange 2000 Server right on top of it for years. Calculations showed your customer it was cheaper to use one Microsoft Windows 2000 Server with Microsoft Exchange 2000 than Microsoft Windows 2000 Small Business Server  since they had more than 30 users or devices, right? These will be hard to migrate:

  • You can't migrate directly since you can't raise your forest functional level when still using a Microsoft Windows 2000 Domain Controller. I recommend you not to demote the Windows-based Domain Controller either after you installed your new (Windows Server 2003) Domain Controller. The issues you'll be facing are more than just a hand full…
  • You can't migrate directly since you can't upgrade to Microsoft Windows Server 2003. Microsoft Exchange Server 2000 only runs on Microsoft Windows 2000 Servers, remember.


Preparing your Active Directory

When implementing Microsoft Exchange Server 2003 in your Active Directory you had to perform an setup /ForestPrep and setup /DomainPrep. With Microsoft Exchange Server 2007 things get a little more complicating since you now have to perform four steps:

  • setup /PrepareLegacyExchangePermissions
  • setup /PrepareSchema
  • setup /PrepareAD
  • setup /PrepareDomain or setup /PrepareAllDomains

The last two steps bear a certain resemblance with the ForestPrep and DomainPrep command, where the first two are definitely new. Here's what they do:


The setup /PrepareLegacyExchangePermissions command must be run if you have any servers running Microsoft Exchange Server 2003 or Microsoft Exchange 2000 Server and you must run it logged in as a member of the Enterprise Admins group.

Essentially, you must run the setup /PrepareLegacyExchangePermissions command so that the Exchange 2003 or Exchange 2000 Recipient Update Service functions correctly after you update the Active Directory schema for Exchange 2007, because of the new Exchange-Information property set. Here's a detailed description of the changes made by setup /PrepareLegacyExchangePermissions.

If you're about to run the PrepareSchema step you might skip this step, because the setup /PrepareSchema command can do it for you. If you add a new domain to your forest and you want to install Exchange Server 2003 or Exchange 2000 Server in this domain, or if users in this domain will log on to mailboxes on Exchange Server 2003 or Exchange 2000 Server servers in other domains, you must run setup /PrepareLegacyExchangePermissions again after you run Exchange Server 2003 or Exchange 2000 Server DomainPrep.


The setup /PrepareSchema command performs the Schema Updates needed by Microsoft Exchange Server 2007. Here's a list of all the changes made by this command in a vanilla Active Directory schema. Of course you can extract more information from the ldf files that are used by the setup program. You must run at is a member of the Enterprise Admins and as a member of the Schema Admins group and you must run this command on a computer that is in the same domain and the same Active Directory site as the schema master.


The setup /PrepareAD command configures global Exchange objects in Active Directory, creates the Exchange Universal Security Groups (Exchange Organization Administrators, Exchange Recipient Administrators, Exchange View-Only Administrators, Exchange Servers and Exchange2003Interop) in the root domain, and prepares the current domain.

You have to be a member of the Enterprise Admins group to successfully perform this command. If you have existing Exchange Server 2003 servers you also have to be a member of the Exchange Organization Administrators group.

If you haven't performed the PrepareSchema step the PrepareAD command can make these changes. When your also performing the PrepareAD command with an account that is a member of the Schema Admins group is can perform the PrepareLegacyExchangePermissions command as well.


The setup /PrepareDomain, setup /PrepareDomain:Domainname and setup /PrepareAllDomains commands all prepare domains other than the domain where your Schema Master is located. The difference between the commands is the scope in which they operate. You have to be a member of the Enterprise Admins group or you must be a member of the Domain Admins group in any domain that you will prepare.



The system requirements for Microsoft Exchange Server 2007 prohibit you from performing an in-place upgrade of existing Exchange servers. There is also no direct upgrade path to it for servers running Microsoft Exchange Server 5.5 or Microsoft Windows Small Business Server 2000. Companies with Microsoft Exchange 2000 Server on Microsoft Windows 2000 Domain Controllers face an overcomplicated migration scenario.

There are four steps to prepare your Active Directory for Microsoft Exchange Server 2007. In a simple Active Directory configuration (where you only have one domain in one forest) you only have to perform the setup /PrepareAD command and perform it with an account that is member of the Enterprise Admins and the Schema Admins group. (assuming members of the Enterprise Admins group are also members of the Domain Admins group, which is default)

Interesting links to visit

A First Look at the New Exchange 2007 System Management Console
The new Exchange 2007 Management Console overview
Exchange Server 2007 recipient management one-liners
Microsoft Exchange Server 2007 Home on Microsoft TechNet
Upgrading to Microsoft Exchange 2007
Microsoft Exchange Server 2007 System Requirements
Microsoft Exchange Server 2007 Active Directory Schema Updates
How to Run Exchange Server 2003 ForestPrep
How to Run Exchange Server 2003 DomainPrep
Exchange Server 2003 and Domain Controllers – A Summary

Disclaimer Beta Software

The information on this webpage applies to software from Microsoft that was in testing phase but utilizable by experienced users by the time the webpage was written. This software has not been released for sale, distribution or usage for the general public. The information on this webpage and the beta software are provided "as is" without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.