:: infotechGuyz.com ::
> For the IT community by the IT community

• BlackBerry Server (BES)
• Excel Macro/VBA
• Exchange 2007
• Exchange 2010
• Lync 2010
• Scripting/Command-line
• SQL Server 2008
• SQL Server 2012
• Team Foundation Server
• VMware
• Windows 7
• Windows 8
• Windows Server 2008
• Windows Server 2012

Prepare AD for exchange 2010

AD design and schema for Exchange 2010 is comparable to previous Exchange 2007. The main change in AD for Exchange 2010 is in the institution of Role Based Access Control (RBAC). In Exchange 2007, AD provides ways for you to delegate administrative rights to directory objects by using access control lists (ACLs). RBAC enables you to control, at both as broad or granular, what administrators and end-users can do and cannot do.

In each domain in which you install Exchange 2010, you must have at least one domain controller running any of the following:
• Windows Server 2003 Standard Edition with Service Pack 1 (SP1) or later (32-bit or 64-bit)
• Windows Server 2003 Enterprise Edition with SP1 or later (32-bit or 64-bit)
• Windows Server 2008 Standard or Enterprise (32-bit or 64-bit)
• Windows Server 2008 R2 Standard or Enterprise

Run following commands from Exchange setup CD to prepare AD for Exchange 2010
1) To prepare legacy Exchange permissions in every domain in the forest that contains the Exchange Enterprise Servers and Exchange Domain Servers groups, run the following command.
setup /PrepareLegacyExchangePermissions or setup /pl
2) From a Command Prompt window, run the following command.
setup /PrepareSchema
3) From a Command Prompt window, run the following command.
setup /PrepareAD [/OrganizationName: <organization name> ]
4) From a Command Prompt window, run one of the following commands:
Run setup /PrepareDomain

Exchange 2010 is a site-aware and It can determine their own AD site membership and the AD site membership of other servers by querying AD. Because the AD site membership is a server object attribute, Exchange doesn't have to query the Domain Name System (DNS) to resolve a server address to a subnet linked with an AD site. Stamping the AD site attribute on an Exchange server object also enables AD site membership to be given to a server that isn't a domain member, such as a subscribed Edge Transport server.

The Exchange 2010 roles use AD site membership information as follows:
• Mail submission The Mailbox server role uses AD site membership information to determine which HUBs are located in the same AD site as the Mailbox servers with the same server version. The Mailbox server submits messages for routing and transport to a HUB that has the same AD site membership and the same server version as the Mailbox server.

• Mail delivery The HUB performs recipient resolution and queries AD to match an e-mail address to a recipient account. The recipient account information includes the fully qualified domain name (FQDN) of the user's Mailbox server. The HUB queries AD to determine the AD site of the user's Mailbox server. If the Mailbox server is in the same site as the HUB, it will deliver the message to that Mailbox server. Otherwise, it will relay the message to another HUB in the same site as the target Mailbox server for delivery.

• Message routing Exchange 2010 HUBs retrieve information from AD to determine how mail should be routed inside the organization. When a message is submitted to the MS Exchange Transport service, the categorizer uses the header information in the message to query AD for information about where the message must be delivered. If the recipient's mailbox is located on a Mailbox server in the same AD site as the HUB and the version of the Mailbox server matches the HUB, the message is delivered directly to that mailbox. If the recipient's mailbox is located on a Mailbox server that has a different server version than the HUB, the message is relayed to a HUB in the site that matches the version of the Mailbox server. If the recipient's mailbox is located on a Mailbox server in a different AD site, the message is relayed to a HUB in that site and then delivered to the Mailbox server.

• UM message submission The UM server role uses AD site membership information to determine which HUBs are located in the same AD site as the UM server. The UM server submits messages for routing to a HUB within the same AD site. The HUB performs recipient resolution and queries AD to match a telephone number, or another UM property, to a recipient account. After the recipient resolution completes, the HUB will deliver the message to the target mailbox in the same way as a regular e-mail message.

• Client connections to CAS When the CAS receives a user connection request, it queries AD to determine which Mailbox server is hosting the user's mailbox. The CAS then retrieves the AD site membership of that Mailbox server. If the CAS that received the initial user connection isn't located in the same site as the user's Mailbox server, the connection is redirected to a CAS in the same site as the Mailbox server.

• Public folder referrals AD site membership and IP site link information is used to prioritize the list of servers used for public folder referrals. Users are directed first to the default public folder database for their mailbox database. If a replica of the public folder being accessed doesn't exist in the default public folder database, the Mailbox store where the default public folder database resides will provide a prioritized referral list of Mailbox servers that hold a replica to the client. Public folder databases in the same AD site as the default public folder database are listed first, and additional referral locations are prioritized based on AD site proximity. AD site proximity is determined by aggregating the costs of the IP site links between the AD site where the default public folder database resides and the AD sites where public folder replicas exist. The list of referrals is prioritized from lowest cost to highest cost. The connecting client will try each referral in the list until a connection is made or all attempts fail.