How To Prepare Active Directory and Domains

How to Prepare Active Directory and Domains
Applies to: Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2008-02-19
This topic explains how to prepare the Active Directory directory service and domains for
installing Microsoft Exchange Server 2007. You must complete this procedure before you
install Exchange 2007 on any servers in your organization.
Note:
If you run the Exchange Server 2007 Setup wizard with an account that has the permissions
required to prepare Active Directory and the domain, the wizard will automatically prepare
Active Directory and the domain.
Before You Begin
Before you prepare Active Directory and your domain for Exchange 2007, confirm the
following:
 The computer on which you perform this procedure has the Microsoft .NET
Framework 2.0 and the Microsoft Command Shell installed.
 Your domains and the domain controllers meet the system requirements in the
"Network and Directory Servers" section of Exchange 2007 System Requirements.
 In each domain in which you will install Exchange 2007, (or will contain mail-enabled
users), you have at least one domain controller that is running Windows Server 2003
Service Pack 1 (SP1).
 If you are running the release to manufacturing (RTM) version of Exchange 2007
Setup.com, in each domain (including child domains) where you have the Exchange
Enterprise Servers and Exchange Domains Servers security groups and therefore
must run Setup /PrepareLegacyExchangePermissions, you must have at least
one domain controller that is running Windows Server 2003 SP1 or a later version.
 If you have any domain controllers that are running Windows 2000 Server and you
are using the Exchange 2007 RTM Setup.com, you must run each of the steps below
with the /DomainController parameter to specify a domain controller that is running
Windows Server 2003 SP1. If you are using Setup.com from Exchange 2007 SP1,
you do not have to specify a domain controller that is running Windows Server 2003
SP1.
 If you are deploying a new Exchange organization, and you are preparing your
Active Directory schema and domains by using a computer running
Windows Server 2008, you must first install the Active Directory management tools
on the Windows Server 2008 computer prior to preparing the schema or domains. To
do this, run the following command:
Copy Code
ServerManagerCmd -i RSAT-ADDS
1
 The computers on which you will install Exchange 2007 meet the system
requirements in the "Hardware" and "Operating System" sections of Exchange 2007
System Requirements.
Note:
You can run this procedure on a computer that has either a 32-bit or a 64-bit processor. For
more information about platform versions, see Exchange Server 2007: Platforms, Editions,
and Versions.
Procedure
To prepare Active Directory and the domain
1. If you have any computers in your organization running Exchange Server 2003 or

Exchange 2000 Server, open a Command Prompt window, and then run one of the
following commands:
o To prepare legacy Exchange permissions in every domain in the forest that
contains the Exchange Enterprise Servers and Exchange Domain Servers
groups, run the following command:
setup /PrepareLegacyExchangePermissions.or setup /pl
o To prepare legacy Exchange permissions in a specific domain, run the
following command:
setup /PrepareLegacyExchangePermissions: < FQDN of domain you
want to prepare > or setup /pl:<FQDN of domain you want to prepare>
Note:
You can skip this step and prepare the legacy Exchange permissions as part of Step 2
or Step 3. The advantages of running each step separately are that you can run each
step with an account that has the minimum permissions required for that step, and
you can verify completion, success, and replication before continuing to the next
step.
2. Note the following:

o To run this command to prepare every domain in the forest, you must be a
member of the Enterprise Admins group. To run this command to prepare a
specific domain, or if the forest has only one domain, you must be delegated
the Exchange Full Administrator role and you must be a member of the
Domain Admins group in the domain that you will prepare.
o If you do not specify a domain, the domain in which you run this command
must be able to contact all domains in the forest. If the server cannot contact
a domain that must have legacy Exchange permissions prepared, it prepares
the domains that it can contact and then returns an error message that it was
unable to contact some domains.
o You can run this command from any 32-bit or 64-bit Windows Server 2003
SP1 server in the forest.
o After you run this command, you must wait for the permissions to replicate
across your Exchange organization before continuing to the next step. If the
permissions have not replicated, the Recipient Update Service on your
Exchange Server 2003 or Exchange 2000 Server computers could fail. The
amount of time that replication takes depends on your Active Directory site
topology.
2
Note:
To track the progress of Active Directory replication, you can use the
Active Directory Replication Monitor tool (replmon.exe), which is installed as
part of the Microsoft Windows Server 2003 Support Tools Setup. By default, it
is located at "%programfiles%\support tools\." Add your domain controllers as
monitored servers so that you can track the progress of replication throughout
the domain.
3. For detailed information about the permissions that are set by this command, see
Preparing Legacy Exchange Permissions.
4. From a Command Prompt window, run the following command:
setup /PrepareSchema or setup /ps
Note:
You can skip this step and prepare the schema as part of Step 3.
Important:
You must not run this command in a forest in which you do not plan to run setup
/PrepareAD. If you do, the forest will be configured incorrectly, and you will not be
able to read some attributes on user objects.
Note:
It is not supported to use LDIFDE to manually import the Exchange 2007 schema
changes. You must use Setup to update the schema.
This command performs the following tasks:
o Connects to the schema master and imports LDAP Data Interchange Format
(LDIF) files to update the schema with Exchange 2007 specific attributes. The
LDIF files are copied to the Temp directory and then are deleted after they
are imported into the schema.
Note:
The Exchange 2007 schema also includes the Exchange 2000 and
Exchange 2003 schema extensions.
o If you have not completed Step 1, setup /PrepareSchema will

automatically perform the PrepareLegacyExchangePermissions step.
Note the following:
o If you want to verify the updates to the schema before the changes are
replicated to other servers in the domain, you must disable outbound
replication on the computer on which you run the command before you run it,
and then enable outbound replication after you have verified that the import
completed successfully.
o To run this command, you must be a member of the Schema Admins group
and the Enterprise Admins group.
3
o You must run this command on either a 32-bit or a 64-bit computer that is in
the same domain and the same Active Directory site as the schema master.
o If you have not completed Step 1, setup /PrepareSchema will automatically
perform the PrepareLegacyExchangePermissions step. To complete the
PrepareLegacyExchangePermissions step, the domain in which you run this
command must be able to contact all domains in the forest. The advantages
of running each step separately are that you can run each step with an
account that has the minimum permissions required for that step, and you
can verify completion, success, and replication before continuing to the next
step.
o If you use the /DomainController parameter with this command, you must
specify the domain controller that is the schema master.
o After you run this command, you should wait for the changes to replicate
across your Exchange organization before continuing to the next step. The
amount of time this takes is dependent upon your Active Directory site
topology.
Note:
part of the Windows Server 2003 Support Tools Setup. By default, it is located
at "%programfiles%\support tools\." Add your domain controllers as
the domain.
For detailed information about the changes to the schema that are made by running
this command, see Active Directory Schema Changes.
5. From a Command Prompt window, run the following command:
setup /PrepareAD [/OrganizationName: <organization name> ] or setup /p

[/on:<organization name>]
This command performs the following tasks:
o If the Microsoft Exchange container does not exist, this command creates it

under CN=Services,CN=Configuration,DC=<root domain>.
o If no Exchange organization container exists under
CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain >,
you must specify an organization name by using the /OrganizationName
parameter. The organization container will be created with the name that you
specify.
The Exchange organization name can contain only the following characters:
A through Z
a through z
0 through 9
Space (not leading or trailing)
Hyphen or dash
The organization name cannot contain more than 64 characters. The
organization name cannot be blank. If the organization name contains spaces,
you must enclose it in quotation marks.
4
o Verifies that the schema has been updated and that the organization is up to
date by checking the objectVersion property in Active Directory. The
objectVersion property is in the CN=<your organization>, CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=<domain> container. The
objectVersion value for the release to manufacturing (RTM) version of
Exchange 2007 is 10666.
o If they do not exist, creates the following containers and objects under
CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configu
ration,DC=<root domain>. These are required for Exchange 2007.
CN=Address Lists Container,CN=<Organization
Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root do
main>
CN=Addressing,CN=<Organization
main>
CN=Administrative Groups,CN=<Organization
main>
CN=Client Access,CN=<Organization
main>
CN=Connections,CN=<Organization
main>
CN=ELC Folders Container,CN=<Organization
main>
CN=ELC Mailbox Policies,CN=<Organization
main>
CN=Global Settings,CN=<Organization
main>
CN=Mobile Mailbox Policies,CN=<Organization
main>
CN=Recipient Policies,CN=<Organization
main>
CN=System Policies,CN=<Organization
main>
CN=Transport Settings,CN=<Organization
main>
CN=UM AutoAttendant,CN=<Organization
main>
CN=UM DialPlan,CN=<Organization
main>
CN=UM IPGateway Container,CN=<Organization
5
main>
CN=UM Mailbox Policies,CN=<Organization
main>
o If it does not exist, this command creates the default Accepted Domains
entry, based on the forest root namespace, under CN=Transport
Settings,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN
=Configuration,DC=<root domain>.
o Assigns specific permissions throughout the configuration partition. For more
information about which permissions are granted, see Exchange 2007 Server
Setup Permissions Reference.
o Imports the Rights.ldf file. This adds the extended rights that are required for
Exchange to install into Active Directory.
o Creates the Microsoft Exchange Security Groups organizational unit (OU) in
the root domain of the forest and assigns specific permissions on this OU. For
more information about which permissions are granted, see Exchange 2007
Server Setup Permissions Reference.
o Creates the following universal security groups (USGs) within the
Microsoft Exchange Security Groups OU:
Exchange Organization Administrators
Exchange Recipient Administrators
Exchange Servers
Exchange View-Only Administrators
Exchange Public Folder Administrators (New in
Exchange Server 2007 Service Pack 1)
ExchangeLegacyInterop
o Adds the new USGs that are within the Microsoft Exchange Security Groups
OU to the otherWellKnownObjects attribute that is stored on the
CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
container.
o This command creates the Exchange 2007 Administrative Group called
Exchange Administrative Group (FYDIBOHF23SPDLT). It also creates the
Exchange 2007 Routing Group called Exchange Routing Group
(DWBGZMFD01QNBJR).
Caution:
Do not move Exchange 2007 servers out of Exchange Administrative Group
(FYDIBOHF23SPDLT) and do not rename Exchange Administrative Group
(FYDIBOHF23SPDLT) by using a low-level directory editor.
Exchange 2007 must use this administrative group for configuration data
storage. We do not support moving Exchange 2007 servers out of
Exchange Administrative Group (FYDIBOHF23SPDLT) or renaming of
Exchange Administrative Group (FYDIBOHF23SPDLT).
Caution:
Do not move Exchange 2007 servers out of Exchange Routing Group
(DWBGZMFD01QNBJR) and do not rename Exchange Routing Group
(DWBGZMFD01QNBJR) by using a low-level directory editor.
Exchange 2007 must use this routing group for communication with earlier
versions of Exchange . We do not support moving Exchange 2007 servers out
of Exchange Routing Group (DWBGZMFD01QNBJR) or renaming of
Exchange Routing Group (DWBGZMFD01QNBJR).
6
o This command creates the Unified Messaging Voice Originator contact in the
Microsoft Exchange System Objects container of the root domain.
o This command prepares the local domain for Exchange 2007. For information
about what tasks are completed to prepare a domain, see Step 4.
Note the following:
o To run this command, you must be a member of the Enterprise Admins

group.
o The computer where you run this command must be able to contact all
domains in the forest on port 389.
o You must run this command on a computer that is in the same domain and
the same Active Directory site as the Schema Master. Setup will make all
configuration changes to the schema master to avoid conflicts because of
replication latency.
o If you have not completed Step 1, setup /PrepareAD will automatically
perform the PrepareLegacyExchangePermissions step. To complete the
PrepareLegacyExchangePermissions step, the domain in which you run this
command must be able to contact all domains in the forest. If you are also a
member of the Schema Admins group, and if you have not completed Step 2,
setup /PrepareAD will automatically perform the PrepareSchema step. The
advantages of running each step separately are that you can run each step
with an account that has the minimum permissions required for that step, and
you can verify completion, success, and replication before continuing to the
next step.
o After you run this command, you should wait for the changes to replicate
across your Exchange organization before continuing to the next step. The
amount of time this takes is dependent upon your Active Directory site
topology.
Note:
part of the Windows Server 2003 Support Tools Setup. By default, it is located
at "%programfiles%\support tools\." Add your domain controllers as
the domain.
o To verify that this step completed successfully, make sure that there is a new
OU in the root domain called Microsoft Exchange Security Groups. This
OU should contain the following new Exchange USGs:
Exchange Organization Administrators
Exchange Recipient Administrators
Exchange View-Only Administrators
Exchange Servers
Exchange Public Folder Administrators (new in Exchange 2007 Service Pack
1)
ExchangeLegacyInterop
Note:
When you install Exchange 2007, Setup will add the Exchange Organization
7
Administrators USG as a member of the local Administrators group on the
computer on which you are installing Exchange. Be aware that the local
Administrators group on a domain controller has different permissions than
the local Administrators group on a member server. If you install
Exchange 2007 on a domain controller, the users who
are Exchange Organization Administrators will have additional Windows
permissions that they do not have if you install Exchange 2007 on a computer
that is not a domain controller.
6. From a Command Prompt window, run one of the following commands:

o Run setup /PrepareDomain or setup /pd to prepare the local domain.
Note that you do not need to run this in the domain where you ran Step 3.
Running setup /PrepareAD prepares the local domain.
o Run setup /PrepareDomain:<FQDN of domain you want to prepare> to
prepare a specific domain.
o Run setup /PrepareAllDomains or setup /pad to prepare all domains in
your organization.
These commands perform the following tasks:
o Sets permissions on the domain container for the Exchange Servers,

Exchange Organization Administrators, Authenticated Users, and
Exchange Mailbox Administrators.
o If this is a new organization, this command creates the Microsoft Exchange
System Objects container in the root domain partition in Active Directory
and sets permissions on this container for the Exchange Servers,
Exchange Organization Administrators, and Authenticated Users. This
container is used to store public folder proxy objects and Exchange-related
system objects, such as the mailbox database's mailbox. For more
information about which permissions are granted, see Exchange 2007 Server
Setup Permissions Reference.
o This command sets the objectVersion property in the Microsoft Exchange
System Objects container under DC=<root domain>. This objectVersion
property contains the version of domain preparation. The version for
Exchange 2007 RTM is 10628.
o Creates a new domain global group in the current domain called
Exchange Install Domain Servers. The command places this group in the
Microsoft Exchange System Objects container. It also adds the Exchange
Install Domain Servers group to the Exchange Servers USG in the root
domain.
Note:
The Exchange Install Domain Servers group is used if you install
Exchange 2007 in a child domain that is an Active Directory site other than the
root domain. The creation of this group allows you to avoid installation errors
if group memberships have not replicated to the child domain.
o Assigns permissions at the domain level for the Exchange Servers universal
security group (USG) and the Exchange Recipient Administrators USG. For
more information about which permissions are granted, see Exchange 2007
Server Setup Permissions Reference.
8
Note the following:
o For domains that are in an Active Directory site other than the root
domain, /PrepareDomain might fail with the following messages:
"PrepareDomain for domain <YourDomain> has partially completed. Because
of the Active Directory site configuration, you must wait at least 15 minutes
for replication to occur, and run PrepareDomain for <YourDomain> again."
"Active Directory operation failed on <YourServer>. This error is not retriable.
Additional information: The specified group type is invalid.
Active Directory response: 00002141: SvcErr: DSID-031A0FC0, problem
5003 (WILL_NOT_PERFORM), data 0
The server cannot handle directory requests."
If you see these messages, wait for or force Active Directory replication
between this domain and the root domain, and then run /PrepareDomain
again.
o To run setup /PrepareAllDomains you must be a member of the Enterprise
Admins group.
o To run setup /PrepareDomain, if the domain that you are preparing existed
before you ran setup /PrepareAD, you must be a member of the Domain
Admins group in the domain. If the domain that you are preparing was
created after you ran setup /PrepareAD, you must be a member of the
Exchange Organization Administrators group, and you must be a member of
the Domain Admins group in the domain.
o You must run this command in every domain in which you will install
Exchange 2007. You must also run this command in every domain that will
contain mail-enabled users, even if the domain does not have Exchange 2007
installed.
To verify that this step completed successfully, confirm the following:
o You have a new global group in the Microsoft Exchange System Objects

container called Exchange Install Domain Servers.
Note:
To view the Microsoft Exchange System Objects container in Active Directory
Users and Computers, on the View menu, click Advanced Features.
o The Exchange Install Domain Servers group is a member of the Exchange

Servers USG in the root domain.
o On each domain controller in a domain in which you will install
Exchange 2007, the Exchange Servers USG has permissions on the Domain
Controller Security Policy\Local Policies\User Rights
Assignment\Manage Auditing and Security Log policy.
http://technet.microsoft.com/en-us/library/bb125224.aspx
9
Active Directory Schema Changes
Applies to: Exchange Server 2007 Topic Last Modified: 2006-09-25
Microsoft® Exchange Server 2007 adds many new attributes and classes to the Active
Directory® directory service schema and makes other modifications to existing classes and
attributes. This topic provides information about the Active Directory schema changes that
occur when you install Microsoft Exchange.
The Active Directory schema changes listed in this document represent only those changes
that are made by Exchange 2007. This topic does not include information about changes
that are made when Microsoft Exchange Server 2003 is installed on a Microsoft
Windows Server 2003 network.
Changes to Existing Class-Schema and Attribute-Schema Classes
Refer to the .ldf files for more information about changes to the Active Directory schema.
The .ldf files are located in the \amd64\Setup\Data\ directory on the setup DVD.
Windows Schema Classes
Table 1 lists changed Active Directory schema classes that are not Exchange-specific.
Table 1 Active Directory Class Schema Changes That Aren't Exchange-Specific
Class Change Attribute/Class

Address-Book-Container add: auxiliaryClass Ms-Exch-Base-Class
Address-Book-Container add: mayContain msExchLastAppliedRecipientFilter
Address-Book-Container add: mayContain msExchRecipientFilterFlags
Address-Book-Container add: mayContain msExchQueryFilter
Address-Book-Container add: mayContain msExchQueryFilterMetadata
Contact add: mayContain msExchMasterAccountHistory
Group add: mayContain msExchMasterAccountHistory
Group add: mayContain msExchServerAdminDelegationBL
Organizational-Person add: mayContain msDS-PhoneticCompanyName
Organizational-Person add: mayContain msDS-PhoneticDepartment
Organizational-Person add: mayContain msDS-PhoneticFirstName
Organizational-Person add: mayContain msDS-PhoneticLastName
Organizational-Person add: mayContain msExchUserCulture
Site add: mayContain msExchTransportSiteFlags
Site add: mayContain msExchVersion
Site-Link add: mayContain msExchCost
Site-Link add: mayContain msExchVersion
Windows Schema Attributes
Table 2 lists changed Active Directory schema attributes that are not Exchange-specific.
10
Table 2 Active Directory Attribute Schema Changes That Aren't Exchange-Specific
Attribute Change Value

Locale-ID replace: isMemberOfPartialAttributeSet True
Address-Home replace: isMemberOfPartialAttributeSet True
ms-DS-Phonetic-Company-Name replace: isMemberOfPartialAttributeSet True
ms-DS-Phonetic-Department replace: isMemberOfPartialAttributeSet True
ms-DS-Phonetic-Display-Name replace: isMemberOfPartialAttributeSet True
ms-DS-Phonetic-First-Name replace: isMemberOfPartialAttributeSet True
ms-DS-Phonetic-Last-Name replace: isMemberOfPartialAttributeSet True
Pwd-Last-Set replace: isMemberOfPartialAttributeSet True
Company replace: searchFlags 17
Department replace: searchFlags 17
Object-Class replace: searchFlags 9
State-Or-Province-Name replace: searchFlags 17
Exchange-Specific Schema Classes
Exchange Server schema classes and attributes may contain the following modifications:
 replace: isMemberOfPartialAttributeSet
 replace: attributeSecurityGuid
 add: mayContain
 add: possSuperiors
 replace: rangeLower
 replace: rangeUpper
 add: auxiliaryClass
 replace:defaultHidingValue
 replace: searchFlags
Indexed Attributes
The following attributes are indexed:
 ms-Exch-Resource-Search-Properties
 ms-Exch-UM-Dtmf-Map
 ms-DS-HAB-Seniority-Index
 ms-Exch-Availability-Foreign-Connector-Type
 ms-Exch-Master-Account-History
 ms-Exch-Recipient-Display-Type
 ms-Exch-Recipient-Type-Details
The following attributes have a nonstandard search mask:
Attribute name Flag value

ms-DS-Phonetic-Company-Name 16
ms-DS-Phonetic-Department 16
11
ms-DS-Phonetic-Display-Name 5
ms-DS-Phonetic-First-Name 5
ms-DS-Phonetic-Last-Name 5
ms-Exch-Resource-Search-Properties 5
Company 17
Department 17
ms-Exch-Extension-Attribute-1 17
Object-Class 9
State-Or-Province-Name 17
ms-Exch-Resource-Search-Properties 17
ms-Exch-UM-Dtmf-Map 17
ms-Exch-Availability-Foreign-Connector-Type 17
ms-Exch-Master-Account-History 17
ms-Exch-Recipient-Display-Type 17
ms-Exch-Recipient-Type-Details 17
Attributes Added to a Partial Attribute Set
Table 2 lists attributes that are added to the global catalog; these attributes will be
populated and maintained by Exchange Management tools. Do not directly modify these
attributes.
Table 2 Attributes Added to the Global Catalog
Address-Home Locale-ID
ms-DS-HAB-Seniority-Index ms-DS-Phonetic-Company-Name
ms-DS-Phonetic-Department ms-DS-Phonetic-Display-Name
ms-DS-Phonetic-First-Name ms-DS-Phonetic-Last-Name
ms-Exch-Assistant-Name ms-Exch-ELC-Expiry-Suspension-End
ms-Exch-ELC-Expiry-Suspension-Start ms-Exch-ELC-Mailbox-Flags
ms-Exch-External-OOF-Options ms-Exch-HAB-Show-In-Departments
ms-Exch-Mailbox-OAB-Virtual-Directories- ms-Exch-Mailbox-Template-Link
12
Link
ms-Exch-Master-Account-History ms-Exch-MDB-Rules-Quota
ms-Exch-Message-Hygiene-SCL-Delete-
ms-Exch-Message-Hygiene-Flags
Threshold
ms-Exch-Message-Hygiene-SCL-Junk- ms-Exch-Message-Hygiene-SCL-Quarantine-
Threshold Threshold
ms-Exch-Message-Hygiene-SCL-Reject-
ms-Exch-Mobile-Allowed-Device-IDs
Threshold
ms-Exch-Mobile-Debug-Logging ms-Exch-Mobile-Mailbox-Flags
ms-Exch-Mobile-Mailbox-Policy-Link ms-Exch-Purported-Search-UI
ms-Exch-Query-Filter ms-Exch-Recipient-Display-Type
ms-Exch-Recipient-Type-Details ms-Exch-Resource-Capacity
ms-Exch-Resource-Display ms-Exch-Resource-Location-Schema
ms-Exch-Resource-Meta-Data ms-Exch-Resource-Property-Schema
ms-Exch-Resource-Search-Properties ms-Exch-Safe-Recipients-Hash
ms-Exch-Safe-Senders-Hash ms-Exch-Telephone-Assistant
ms-Exch-UM-Dtmf-Map ms-Exch-UM-Enabled-Flags
ms-Exch-UM-Fax-Id ms-Exch-UM-List-In-Directory-Search
ms-Exch-UM-Max-Greeting-Duration ms-Exch-UM-Operator-Number
ms-Exch-UM-Pin-Policy-Account-Lockout-
ms-Exch-UM-Pin-Checksum
Failures
ms-Exch-UM-Pin-Policy-Disallow-Common-
ms-Exch-UM-Pin-Policy-Expiry-Days
Patterns
ms-Exch-UM-Pin-Policy-Min-Password-
ms-Exch-UM-Recipient-Dial-Plan-Link
Length
ms-Exch-UM-Server-Writable-Flags ms-Exch-UM-Spoken-Name
ms-Exch-UM-Template-Link ms-Exch-User-Culture
ms-Exch-Version
New Object IDs
The following tables contain the new object identifiers that are used by Exchange 2007 in an
Active Directory forest. Many objects are grouped into ranges. For instance,
1.2.840.113556.1.4.7000.102.50477 - 1.2.840.113556.1.4.7000.102.50481 represents five
objects. A range of objects does not necessarily mean they are related by function.
Table 3 attributeID
1.2.840.113556.1.4.1942 1.2.840.113556.1.4.1943
1.2.840.113556.1.4.1944 1.2.840.113556.1.4.1945
1.2.840.113556.1.4.7000.102.50329 -
1.2.840.113556.1.4.1946
1.2.840.113556.1.4.7000.102.50337
1.2.840.113556.1.4.7000.102.50341 -
1.2.840.113556.1.4.7000.102.50357
1.2.840.113556.1.4.7000.102.50354
1.2.840.113556.1.4.7000.102.50359 1.2.840.113556.1.4.7000.102.50360
1.2.840.113556.1.4.7000.102.50362 - 1.2.840.113556.1.4.7000.102.50402 -
1.2.840.113556.1.4.7000.102.50400 1.2.840.113556.1.4.7000.102.50405
1.2.840.113556.1.4.7000.102.50407 - 1.2.840.113556.1.4.7000.102.50412
13
1.2.840.113556.1.4.7000.102.50410
1.2.840.113556.1.4.7000.102.50415 -
1.2.840.113556.1.4.7000.102.50413
1.2.840.113556.1.4.7000.102.50475
1.2.840.113556.1.4.7000.102.50477 - 1.2.840.113556.1.4.7000.102.50483 -
1.2.840.113556.1.4.7000.102.50481 1.2.840.113556.1.4.7000.102.50527
1.2.840.113556.1.4.7000.102.50529 - 1.2.840.113556.1.4.7000.102.50578 -
1.2.840.113556.1.4.7000.102.50576 1.2.840.113556.1.4.7000.102.50584
1.2.840.113556.1.4.7000.102.50589 - 1.2.840.113556.1.4.7000.102.50606 -
1.2.840.113556.1.4.7000.102.50601 1.2.840.113556.1.4.7000.102.50609
1.2.840.113556.1.4.7000.102.50612 - 1.2.840.113556.1.4.7000.102.50623 -
1.2.840.113556.1.4.7000.102.50621 1.2.840.113556.1.4.7000.102.50629
1.2.840.113556.1.4.7000.102.50632 - 1.2.840.113556.1.4.7000.102.50659 -
1.2.840.113556.1.4.7000.102.50657 1.2.840.113556.1.4.7000.102.50662
1.2.840.113556.1.4.7000.102.50666 - 1.2.840.113556.1.4.7000.102.50685 -
1.2.840.113556.1.4.7000.102.50683 1.2.840.113556.1.4.7000.102.50730
1.2.840.113556.1.4.7000.102.50734 -
1.2.840.113556.1.4.7000.102.50732
1.2.840.113556.1.4.7000.102.50737
1.2.840.113556.1.4.7000.102.50740 - 1.2.840.113556.1.4.7000.102.50752 -
1.2.840.113556.1.4.7000.102.50750 1.2.840.113556.1.4.7000.102.50758
1.2.840.113556.1.4.7000.102.50760 - 1.2.840.113556.1.4.7000.102.50765 -
1.2.840.113556.1.4.7000.102.50763 1.2.840.113556.1.4.7000.102.50808
1.2.840.113556.1.4.7000.102.50811 - 1.2.840.113556.1.4.7000.102.50829 -
1.2.840.113556.1.4.7000.102.50822 1.2.840.113556.1.4.7000.102.50880
1.2.840.113556.1.6.20.1.50355
Table 4 governsID
1.2.840.113556.1.5.7000.62.50047 -
1.2.840.113556.1.2.50049
1.2.840.113556.1.5.7000.62.50048
1.2.840.113556.1.5.7000.62.50051 - 1.2.840.113556.1.5.7000.62.50082 -
1.2.840.113556.1.5.7000.62.50080 1.2.840.113556.1.5.7000.62.50090
1.2.840.113556.1.5.7000.62.50092 - 1.2.840.113556.1.5.7000.62.50095 -
1.2.840.113556.1.5.7000.62.50093 1.2.840.113556.1.5.7000.62.50097
Remarks
None of the attributes are expected to contain more than 1 megabyte (MB) of data. The
schema extensions impact Windows Server 2003. For more information, review the .ldf files.
http://technet.microsoft.com/en-us/library/aa997467.aspx
14
15

How To Prepare Active Directory and Domains - Exchange 2007

Uploaded by

Copyright:

Available Formats

How To Prepare Active Directory and Domains - Exchange 2007

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

How To Prepare Active Directory and Domains - Exchange 2007

Uploaded by

Copyright:

Available Formats

1. If you have any computers in your organization running Exchange Server 2003 or

2. Note the following:

setup /PrepareSchema or setup /ps

This command performs the following tasks:

o If you have not completed Step 1, setup /PrepareSchema will

Note the following:

5. From a Command Prompt window, run the following command:

setup /PrepareAD [/OrganizationName: <organization name> ] or setup /p

This command performs the following tasks:

o If the Microsoft Exchange container does not exist, this command creates it

Note the following:

o To run this command, you must be a member of the Enterprise Admins

6. From a Command Prompt window, run one of the following commands:

These commands perform the following tasks:

o Sets permissions on the domain container for the Exchange Servers,

To verify that this step completed successfully, confirm the following:

o You have a new global group in the Microsoft Exchange System Objects

o The Exchange Install Domain Servers group is a member of the Exchange

Applies to: Exchange Server 2007 Topic Last Modified: 2006-09-25

Changes to Existing Class-Schema and Attribute-Schema Classes

Windows Schema Classes

Table 1 Active Directory Class Schema Changes That Aren't Exchange-Specific

Class Change Attribute/Class

Attribute Change Value

The following attributes are indexed:

The following attributes have a nonstandard search mask:

Attribute name Flag value

Table 2 Attributes Added to the Global Catalog

You might also like