logging in or signing up 001 - Preparing for Exchange Installatio lifemusictech Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 196 Category: Science & Tech.. License: All Rights Reserved Like it (0) Dislike it (0) Added: August 24, 2009 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Slide 1: Preparing the Infrastructure for Exchange Installation Slide 2: Preparing the Infrastructure for Exchange Installation Before installing the Exchange Server 2007, you need to make certain modifications and extensions to the Active Directory and your network environment. Slide 3: Preparing Active Directory Before you install Exchange Server 2007, the following requirements should be met. They are: - Slide 4: Server Requirements 64-bit processor / 32-bit Processor (Only for Testing Purpose) Windows Server 2003 Edition or later [64-bit / 32-bit (Only for Testing Purpose)] Processor Operating System Slide 5: Network Requirements Domain Controllers (Windows Server 2003 or later, x86 / x64) We have a Domain Controller by name DC-01.lifemusictech.local and its in the domain lifemusictech. Slide 7: Network Requirements DNS server We have a DNS server by name DC-01.lifemusictech.local for the domain lifemusictech.local Slide 9: Network Requirements Schema Master We have a Schema Master (FSMO) role by name DC-01.lifemusictech.local and its in the domain lifemusictech. Slide 11: Network Requirements GC (Global Catalog) servers deployed in each site in which Exchange is deployed. We have a Global Catalog(GC) server by name DC-01.lifemusictech.local and its in the domain lifemusictech. Slide 13: Network Requirements All servers should be patched with the most recent updates The domain controller DC-01.lifemusictech.local is patched with the most recent updates. Slide 15: Setting Domain and Forest Functional Levels To get the most out of Exchange Server 2007, it is necessary to set the functional levels of the host Windows Active Directory Environment to the highest level possible. All domains in the forest where you are planning to install Exchange Server 2007 must be set to the Windows 2000 Domain Functional Level or higher. Slide 17: Setting Domain and Forest Functional Levels To get the most out of Exchange Server 2007, it is necessary to set the functional levels of the host Windows Active Directory Environment to the highest level possible. All domains in the forest where you are planning to install Exchange Server 2007 must be set to the Windows 2000 Domain Functional Level or higher. By default, the domain functional level of lifemusictech.local is in Windows 2000 Mixed. As it should be Windows 2000 Native or higher, we will set it Windows Server 2003 to get the most out of Exchange Server 2007. Slide 19: Extending the Active Directory Schema As Exchange Server 2007 uses new objects that are not defined in Active Directory Schema, it is necessary to add these new objects to the Active Directory Schema by extending the schema before installing Exchange Server 2007 in your organization. LIFEMUSICTECH DC-01.lifemusictech.local Active Directory Domain Controller Slide 20: Setting Legacy Permissions This command should be run before performing the normal schema and domain preparation if your environment has an existing Exchange 2000 or Exchange 2003 Server present. Setup /PrepareLegacyExchangePermissions Running this command will update existing Exchange settings and permissions in preparation for the modifications made by deploying Exchange Server 2007. DC-01.lifemusictech.local Active Directory Domain Controller LIFEMUSICTECH Slide 21: To run this command, you must be a member of the Enterprise Admins group. Setting Legacy Permissions Slide 22: This command needs to run from the root directory of the Exchange Server 2007 installation media. Setting Legacy Permissions Slide 23: Running this command will prepare all the domains in the forest. DC-01.lifemusictech.local Active Directory Domain Controller LIFEMUSICTECH Server-01.hp.local Active Directory Domain Controller Domain HP Domain LIFEMUSICTECH Setting Legacy Permissions We have 2 domains in here. They are: - hp.local lifemusictech.local Slide 24: It is possible to run this command against a single domain rather than all domains in the forest. If this is done, the user running this command must specify the fully qualified domain name of the domain and the user should also be the member of the Exchange Organization Administrators group and Domain Admins group in the domain to be prepared. Setting Legacy Permissions For example, if Kiran D wishes to prepare a child domain in the lifemusictech.local forest called child.lifemusictech.local and if he has the appropriate permissions the he can run the command: Setup /PrepareLegacyExchangePermissions:child.lifemusictech.local Slide 25: If the entire forest is not prepared and preparation is preformed on a domain-by-domain basis, it will be necessary to run this command in all domains where Exchange 2000 and Exchange 2003 servers have been deployed, prior to performing any other steps in the Exchange Server 2007 deployment process. Setting Legacy Permissions Setup /PrepareLegacyExchangePermissions:child.lifemusictech.local DC-01.lifemusictech.local Active Directory Domain Controller Server-01.hp.local Active Directory Domain Controller Domain HP Domain LIFEMUSICTECH LIFEMUSICTECH Slide 26: Preparing the Active Directory Schema from the command Line The Active Directory schema is extended by running the following command: Setup /PrepareSchema Before running this command, you must ensure that the .NET Framework v2.0 and Windows PowerShell are installed. Slide 28: This command must be run in the same site and domain as the computer that holds the Schema Master (FSMO) role. Preparing the Active Directory Schema from the command Line Setup /PrepareSchema This command will be run from Exserver.lifemusictech.local (Exchange Server) of the lifemusictech.local domain as that Exserver is in the same site that holds the Schema Master (FSMO) role. Slide 30: The user who runs this command should be a member of both the Schema Admins and the Enterprise Admins groups. Preparing the Active Directory Schema from the command Line Administrator is the user who ran this command and he is a member of both the Schema Admins and the Enterprise Admins groups, also the member of local administrators group. Slide 32: If there are earlier versions of Exchange like Exchange 2000 or Exchange 2003 server in your organization then there is no need to run the Setup /PrepareLegacyExchangePermissions command as Setup /PrepareSchema will also run Setup /PrepareLegacyExchangePermissions command against the forest before extending the schema. Preparing the Active Directory Schema from the command Line DC-01.lifemusictech.local Active Directory Domain Controller LIFEMUSICTECH Slide 33: Domain Preparation Each domain that will host an Exchange server 2007 computer needs to be prepared using the Setup /PrepareAD command. You need to include the organization name while running the command for the first time. For example, for lifemusictech.local domain the organization name is lifemusictech. So the command will become Setup /PrepareAD /OrganizationName:lifemusictech Slide 35: Domain Preparation The user who runs this command must be a member of the Enterprise Administrators group. If there is an existing Exchange Server 2003 organization, the user running the command need to be a member of Enterprise Administrators group also an Exchange Full Administrator. Slide 36: Running this command will do the following: Configure Global Exchange Objects in Active Directory Create Exchange Universal Security Groups in the root domain Set permissions on Exchange Configuration Objects Prepare the current domain Domain Preparation Setup /PrepareAD Slide 37: Verifying Preparations You can verify that the schema extension and domain preparation tasks have been completed correctly by examining Active Directory Users and Computers in the forest root domain. If you examine Active Directory Users and Computers in the forest root domain, you will notice a new container called Microsoft Exchange Security Groups. Within that container are five new universal security groups will the following names: Exchange Organization Administrators Exchange Recipient Administrators Exchange Servers Exchange View-Only Administrators ExchangeLegacyInterop Slide 38: If you run Exchange Server 2007 setup normally with a windows account that has all the appropriate permissions the schema and domain preparations steps occur automatically. Given this, it is recommended to go manually through the command-line preparation steps as it gives you a finer degree of control over the Exchange Server 2007 deployment process. Slide 39: Local Server Role Requirements After Schema and Domain preparation, it is time to ensure that the location where you will place Exchange Server 2007. Exchange Server 2007 should be placed in an Active Directory Site where there is a Global Catalog server (Windows Server 2003 SP1 or SP2). Global Catalog servers can be installed only on computers that are already domain controllers and DC-01.lifemusictech.local is indeed a domain controller. Alright, we have placed our Exchange Server 2007 (Exserver) in Active Directory Site where DC-01.lifemusictech.local is a Global Catalog server. Slide 40: Make an existing domain controller a Global Catalog server Slide 41: Configuring Exchange Administrator Roles After schema and domain preparations, several new groups will be added to a new OU in the root domain of the forest. These groups are universal in scope, meaning that user accounts from any domains in the forest can be added to them. Slide 42: Exchange Recipient Administrators Members of this group have complete access to all Exchange properties and objects within the organization. Exchange View-Only Administrators Members of this group have read-only access to the Exchange Organization tree and read-only access to those domain controllers that host Exchange Recipient objects. This role is mainly used for auditing purposes. Exchange Server Administrator This role is different from other assigned roles because its scope is limited to a particular computer or computers running Exchange Server 2007. A user assigned with the Exchange Server Administrator role for a specific Exchange Server 2007 cannot perform Exchange Server Administrator tasks on any other Exchange Server 2007 computer within the organization. Slide 43: In addition, new security groups apply to computers in the Exchange Organization. Computer accounts that are added to these groups have the following properties: Exchange Servers All computers with Exchange Server 2007 installed are members of this group. Members of this group can manage the Exchange Information store, mail queues, and mail interchange. Exchange2003Interop This group is for Exchange 2000 Server and Exchange Server 2003 bridgehead servers. It allows routing group connections between Exchange Server 2007 and earlier versions of Exchange. Exchange Install Domain Servers This security group is located in the Microsoft Exchange System Objects container, which is visible only if the Advanced Feature View option is enabled in Active Directory Users and Computers. This group contains all domain controllers with Exchange installed. Slide 44: Link State and Coexistence with Previous Version of Exchange If there is an existing Exchange Organization with the previous installation of Exchange 2000 or 2003 servers then the existing Exchange environment must be prepared before deploying Exchange Server 2007. DC-01.lifemusictech.local Active Directory Domain Controller LIFEMUSICTECH Slide 45: The preparation involves either migrating data off of existing servers and retiring them or ensuring that these servers have the most recent service packs and updates applied. Link State and Coexistence with Previous Version of Exchange Exchange Server 2007 Slide 46: Exchange Server 2007 can be introduced to the organization under the following conditions: No Exchange Server 5.5 server is present in the forest. Link State and Coexistence with Previous Version of Exchange Slide 47: It is not possible to directly upgrade a computer running earlier version of Exchange Server to Exchange Server 2007. Link State and Coexistence with Previous Version of Exchange But it is possible to migrate all the mailboxes off an earlier version of Exchange to Exchange Server 2007, perform a complete server rebuild, install Exchange Server 2007, and then migrate the mailboxes back, but a direct migration is impossible. Exchange Server 2003 Exchange Server 2000 Exchange Server V5.5 Exchange Server 2007 Exchange Server 2007 Exchange Server 2007 Exchange Server 2003 Exchange Server 2000 Exchange Server V5.5 Exchange Server 2007 Exchange Server 2007 Exchange Server 2007 Slide 48: All Exchange Server 2003 servers in the forest have Exchange Server 2003 Service Pack 2 or higher applied. All Exchange Server 2000 servers in the forest have Exchange 2000 server SP3 and the SP3 update rollup (KB870540) installed. Link State and Coexistence with Previous Version of Exchange Service Pack 2 Service Pack 3 Service Pack 3 KB870540 Slide 49: To disable link state in an existing Exchange Server 2003 organization, it is necessary to edit the registry on all Exchange 2000 and 2003 Servers in the organization. Set the registry key In the event that two or more routing groups exist in an Exchange Server 2003 deployment in which you wish to deploy Exchange Server 2007, it will be necessary to disable link state if not routing loops will occur. Link state is used to route traffic in large Exchange Server 2003 deployments. Exchange Server 2007 does not propagate link state routing updates. Link State and Coexistence with Previous Version of Exchange HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RESvc\Parameters\SuppressStateChanges and to set its DWORD value to 1. Slide 50: Preparing the Servers for Exchange Installation Once the network infrastructure is prepared for the deployment of Exchange Server 2007, it is necessary to prepare the computer that will host Exchange Server 2007. It is necessary to have all the components and extra software installed prior to installing Exchange Server 2007. If not then the setup will fail. DC-01.lifemusictech.local Active Directory Domain Controller LIFEMUSICTECH Slide 51: Exchange 2007 Hardware Requirements 200 MB of free disk space on the system volume. The hardware requirements needed for the computer that will host Exchange Server 2007 are: - 64-bit processor (EM64T or AMD64). Will not work in Itanium processor (IA64). 2GB of RAM plus 5MB of RAM per mailbox. 1.2GB of disk space on the volume on which Exchange is installed. 500 MB per unified messaging language pack that is to be installed. Exchange Server Slide 52: Windows Server 2003 64-bit (Standard or Enterprise) Windows Server 2003 R2 64-bit (Standard or Enterprise) Volumes that should be in NTFS format are: - System Volume Volume that store Exchange program files, storage group files, transaction log files, database files, and all other Exchange files. Microsoft .NET framework v2.0 Microsoft Windows PowerShell MMC 3.0 Update for Windows Server 2003 x64 edition (KB904639) Update for Windows Server 2003 x64 edition (KB918980) Exchange 2007 Software Requirements (If you plan to use single-copy cluster or cluster continuous replication is used) Windows Server 2003 64-bit Enterprise Edition Windows Server 2003 R2 64-bit Enterprise Edition. Operating System Slide 53: As Exchange Server 2007 comes in different roles, these roles also need different types of software requirements. They are: - Exchange Server Slide 54: MailBox Server Role If the computer on which you are going to install Exchange Server 2007 will be assigned the Mailbox Server role, it will be necessary to install the following Internet Information Services (IIS) 6.0 components prior to installation: COM+ Access IIS (Internet Information Services) World Wide Web Service MailBox Server Slide 55: If the computer on which you are going to install Exchange Server 2007 will be assigned the Client Access Server role, it will be necessary to install the following components prior to installation: Client Access Server Role World Wide Web Service Remote Procedure Call (RPC) over HTTP Proxy ASP.NET v2.0 Client Access Server Slide 56: If the computer on which you are going to install Exchange Server 2007 will be assigned the Unified Messaging Server role, it will be necessary to install the following components prior to installation: Microsoft Windows Media Encoder Microsoft Windows Media Audio Video Codec Microsoft Core XML Services (MSXML) v6.0 Unified Messaging Server Unified Message Server Role Slide 57: The Hub Transport Server role does not need any extra components to be installed other than those listed in the minimum software requirements list above. Hub Transport Server Role Hub Transport Server Slide 58: Edge Transport Server Role Edge Transport Servers require that ADAM (Active Directory Application Mode) be installed. Edge Transport Server Slide 59: Exchange Server 2007 on Domain Controllers It is always recommended not to install the Exchange Server on a domain controller rather it should be installed on a member server or standalone server. Exchange Server Active Directory Domain Controller DC-01.lifemusictech.local Member / Standalone SERVER Slide 60: Network Configuration A computer that is going to host Exchange Server 2007 needs to have a static IP address and the appropriate records created in DNS to support the exchange of mail. Exchange Server For a mail server to send and receive mail, a MX record must exist within the DNS zone that it will answer mail for. For example, for the host EXserver.lifemusictech.local to receive mail for the lifemusictech.local DNS zone, an MX record must be configured in the lifemusictech.local DNS zone that points to a EXserver.lifemusictech.local. Slide 61: You can determine which MX records exist for a DNS zone by using the nslookup command from the command prompt. The command that you enter to test the MX records for a DNS zone is: nslookup –querytype=MX <dns.zone> Network Configuration Each MX record can be assigned a priority, with the default priority being 10. The higher that assigned number, the lower its priority. Priorities are used in mail transport, with a connection attempted to the highest-priority mail server first and then connections attempted to lower-priority mail servers if that initial connection fails. Slide 62: Security Configuration Wizard The Security Configuration Wizard (SCW) is a tool that can be used to limit the number of services and open ports to only those that are required to run the server’s function. So, we can configure the server to run only run the services and ports that are required for Exchange Server. Slide 63: The SCW is a component that can be installed by using the Add / Remove Windows Components item in Add / Remove Programs. Security Configuration Wizard Slide 64: To access the Exchange Server 2007 SCW templates, you need to have Exchange Server 2007 installed as these are not available in the default installation of this application. Security Configuration Wizard Slide 65: Once you have installed the Security Configuration Wizard on a computer that hosts an Exchange Server 2007 role, you need to manually register the Exchange Server 2007 Security Configuration Wizard templates by running the following command. scwcmd register /kbname:Ex2007KB /kbfile:“C:\programfiles%\Microsoft\Exchange Server\scripts\Exchange2007.xml" Security Configuration Wizard Slide 66: We are going to create a security policy for Client Access role, Hub Transport role and Mailbox Server role of the Exchange Server (EXserver.lifemusictech.local) Security Configuration Wizard Slide 67: The Exchange Best Practices Analyzer The Exchange Best Practices Analyzer is a tool used to assist in tuning in Exchange installation, diagnosing command misconfiguration issues. When you run this tool, it gives you a detailed report with a list of recommendations that can be made to the environment to achieve greater performance, scalability and uptime. The Exchange Best Practices Analyzer tool is located in the Toolbox of the Exchange Management Console. This tool is only available only after you install Exchange Server 2007. Slide 68: The Exchange Best Practices Analyzer Slide 69: The Exchange Best Practice Analyzer can be configured to perform the following scans: The Exchange Best Practices Analyzer Health Check Permission Check Connectivity Test Baseline Exchange 2007 readiness check Slide 70: Health Check The Exchange Best Practices Analyzer This check examines the Exchange environment for errors, warnings, and configuration settings that differ from the default. Slide 71: Permission Check The Exchange Best Practices Analyzer This check examines the Exchange administrative groups and the permissions assigned to Exchange servers and reports on critical issues and settings that deviate from the installation defaults. Slide 72: This check tests network connectivity. It is often used to verify that firewall configuration is not affecting Exchange. The Exchange Best Practices Analyzer Connectivity Test Slide 73: This scan reports on all settings that differ from a user-configured baseline. The Exchange Best Practices Analyzer Baseline Slide 74: Used to prior to an Exchange deployment, this check will highlight issues in the network infrastructure that may cause deployment problems. The Exchange Best Practices Analyzer Exchange 2007 readiness check Slide 75: Multiple Volumes Although it is possible to install Exchange on the same volume as the Windows Server 2003 Operating System, there are benefits of having multiple disks and multiple volumes and having RAID array for the disks and volumes. In most situations, you would want to place mailbox data on volumes that are redundant. In the event that a disk failure occurs on the Exchange Server 2007 computer, data hosted on a redundant volume can be quickly recovered. The choice of which method of redundancy to use is determined by the costs involved. Small to medium-sized business are generally able to implement only RAID 1 on their mail servers, whereas large businesses can afford to by the equipment necessary to implement RAID 1+0 or 0+1. You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
001 - Preparing for Exchange Installatio lifemusictech Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 196 Category: Science & Tech.. License: All Rights Reserved Like it (0) Dislike it (0) Added: August 24, 2009 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Slide 1: Preparing the Infrastructure for Exchange Installation Slide 2: Preparing the Infrastructure for Exchange Installation Before installing the Exchange Server 2007, you need to make certain modifications and extensions to the Active Directory and your network environment. Slide 3: Preparing Active Directory Before you install Exchange Server 2007, the following requirements should be met. They are: - Slide 4: Server Requirements 64-bit processor / 32-bit Processor (Only for Testing Purpose) Windows Server 2003 Edition or later [64-bit / 32-bit (Only for Testing Purpose)] Processor Operating System Slide 5: Network Requirements Domain Controllers (Windows Server 2003 or later, x86 / x64) We have a Domain Controller by name DC-01.lifemusictech.local and its in the domain lifemusictech. Slide 7: Network Requirements DNS server We have a DNS server by name DC-01.lifemusictech.local for the domain lifemusictech.local Slide 9: Network Requirements Schema Master We have a Schema Master (FSMO) role by name DC-01.lifemusictech.local and its in the domain lifemusictech. Slide 11: Network Requirements GC (Global Catalog) servers deployed in each site in which Exchange is deployed. We have a Global Catalog(GC) server by name DC-01.lifemusictech.local and its in the domain lifemusictech. Slide 13: Network Requirements All servers should be patched with the most recent updates The domain controller DC-01.lifemusictech.local is patched with the most recent updates. Slide 15: Setting Domain and Forest Functional Levels To get the most out of Exchange Server 2007, it is necessary to set the functional levels of the host Windows Active Directory Environment to the highest level possible. All domains in the forest where you are planning to install Exchange Server 2007 must be set to the Windows 2000 Domain Functional Level or higher. Slide 17: Setting Domain and Forest Functional Levels To get the most out of Exchange Server 2007, it is necessary to set the functional levels of the host Windows Active Directory Environment to the highest level possible. All domains in the forest where you are planning to install Exchange Server 2007 must be set to the Windows 2000 Domain Functional Level or higher. By default, the domain functional level of lifemusictech.local is in Windows 2000 Mixed. As it should be Windows 2000 Native or higher, we will set it Windows Server 2003 to get the most out of Exchange Server 2007. Slide 19: Extending the Active Directory Schema As Exchange Server 2007 uses new objects that are not defined in Active Directory Schema, it is necessary to add these new objects to the Active Directory Schema by extending the schema before installing Exchange Server 2007 in your organization. LIFEMUSICTECH DC-01.lifemusictech.local Active Directory Domain Controller Slide 20: Setting Legacy Permissions This command should be run before performing the normal schema and domain preparation if your environment has an existing Exchange 2000 or Exchange 2003 Server present. Setup /PrepareLegacyExchangePermissions Running this command will update existing Exchange settings and permissions in preparation for the modifications made by deploying Exchange Server 2007. DC-01.lifemusictech.local Active Directory Domain Controller LIFEMUSICTECH Slide 21: To run this command, you must be a member of the Enterprise Admins group. Setting Legacy Permissions Slide 22: This command needs to run from the root directory of the Exchange Server 2007 installation media. Setting Legacy Permissions Slide 23: Running this command will prepare all the domains in the forest. DC-01.lifemusictech.local Active Directory Domain Controller LIFEMUSICTECH Server-01.hp.local Active Directory Domain Controller Domain HP Domain LIFEMUSICTECH Setting Legacy Permissions We have 2 domains in here. They are: - hp.local lifemusictech.local Slide 24: It is possible to run this command against a single domain rather than all domains in the forest. If this is done, the user running this command must specify the fully qualified domain name of the domain and the user should also be the member of the Exchange Organization Administrators group and Domain Admins group in the domain to be prepared. Setting Legacy Permissions For example, if Kiran D wishes to prepare a child domain in the lifemusictech.local forest called child.lifemusictech.local and if he has the appropriate permissions the he can run the command: Setup /PrepareLegacyExchangePermissions:child.lifemusictech.local Slide 25: If the entire forest is not prepared and preparation is preformed on a domain-by-domain basis, it will be necessary to run this command in all domains where Exchange 2000 and Exchange 2003 servers have been deployed, prior to performing any other steps in the Exchange Server 2007 deployment process. Setting Legacy Permissions Setup /PrepareLegacyExchangePermissions:child.lifemusictech.local DC-01.lifemusictech.local Active Directory Domain Controller Server-01.hp.local Active Directory Domain Controller Domain HP Domain LIFEMUSICTECH LIFEMUSICTECH Slide 26: Preparing the Active Directory Schema from the command Line The Active Directory schema is extended by running the following command: Setup /PrepareSchema Before running this command, you must ensure that the .NET Framework v2.0 and Windows PowerShell are installed. Slide 28: This command must be run in the same site and domain as the computer that holds the Schema Master (FSMO) role. Preparing the Active Directory Schema from the command Line Setup /PrepareSchema This command will be run from Exserver.lifemusictech.local (Exchange Server) of the lifemusictech.local domain as that Exserver is in the same site that holds the Schema Master (FSMO) role. Slide 30: The user who runs this command should be a member of both the Schema Admins and the Enterprise Admins groups. Preparing the Active Directory Schema from the command Line Administrator is the user who ran this command and he is a member of both the Schema Admins and the Enterprise Admins groups, also the member of local administrators group. Slide 32: If there are earlier versions of Exchange like Exchange 2000 or Exchange 2003 server in your organization then there is no need to run the Setup /PrepareLegacyExchangePermissions command as Setup /PrepareSchema will also run Setup /PrepareLegacyExchangePermissions command against the forest before extending the schema. Preparing the Active Directory Schema from the command Line DC-01.lifemusictech.local Active Directory Domain Controller LIFEMUSICTECH Slide 33: Domain Preparation Each domain that will host an Exchange server 2007 computer needs to be prepared using the Setup /PrepareAD command. You need to include the organization name while running the command for the first time. For example, for lifemusictech.local domain the organization name is lifemusictech. So the command will become Setup /PrepareAD /OrganizationName:lifemusictech Slide 35: Domain Preparation The user who runs this command must be a member of the Enterprise Administrators group. If there is an existing Exchange Server 2003 organization, the user running the command need to be a member of Enterprise Administrators group also an Exchange Full Administrator. Slide 36: Running this command will do the following: Configure Global Exchange Objects in Active Directory Create Exchange Universal Security Groups in the root domain Set permissions on Exchange Configuration Objects Prepare the current domain Domain Preparation Setup /PrepareAD Slide 37: Verifying Preparations You can verify that the schema extension and domain preparation tasks have been completed correctly by examining Active Directory Users and Computers in the forest root domain. If you examine Active Directory Users and Computers in the forest root domain, you will notice a new container called Microsoft Exchange Security Groups. Within that container are five new universal security groups will the following names: Exchange Organization Administrators Exchange Recipient Administrators Exchange Servers Exchange View-Only Administrators ExchangeLegacyInterop Slide 38: If you run Exchange Server 2007 setup normally with a windows account that has all the appropriate permissions the schema and domain preparations steps occur automatically. Given this, it is recommended to go manually through the command-line preparation steps as it gives you a finer degree of control over the Exchange Server 2007 deployment process. Slide 39: Local Server Role Requirements After Schema and Domain preparation, it is time to ensure that the location where you will place Exchange Server 2007. Exchange Server 2007 should be placed in an Active Directory Site where there is a Global Catalog server (Windows Server 2003 SP1 or SP2). Global Catalog servers can be installed only on computers that are already domain controllers and DC-01.lifemusictech.local is indeed a domain controller. Alright, we have placed our Exchange Server 2007 (Exserver) in Active Directory Site where DC-01.lifemusictech.local is a Global Catalog server. Slide 40: Make an existing domain controller a Global Catalog server Slide 41: Configuring Exchange Administrator Roles After schema and domain preparations, several new groups will be added to a new OU in the root domain of the forest. These groups are universal in scope, meaning that user accounts from any domains in the forest can be added to them. Slide 42: Exchange Recipient Administrators Members of this group have complete access to all Exchange properties and objects within the organization. Exchange View-Only Administrators Members of this group have read-only access to the Exchange Organization tree and read-only access to those domain controllers that host Exchange Recipient objects. This role is mainly used for auditing purposes. Exchange Server Administrator This role is different from other assigned roles because its scope is limited to a particular computer or computers running Exchange Server 2007. A user assigned with the Exchange Server Administrator role for a specific Exchange Server 2007 cannot perform Exchange Server Administrator tasks on any other Exchange Server 2007 computer within the organization. Slide 43: In addition, new security groups apply to computers in the Exchange Organization. Computer accounts that are added to these groups have the following properties: Exchange Servers All computers with Exchange Server 2007 installed are members of this group. Members of this group can manage the Exchange Information store, mail queues, and mail interchange. Exchange2003Interop This group is for Exchange 2000 Server and Exchange Server 2003 bridgehead servers. It allows routing group connections between Exchange Server 2007 and earlier versions of Exchange. Exchange Install Domain Servers This security group is located in the Microsoft Exchange System Objects container, which is visible only if the Advanced Feature View option is enabled in Active Directory Users and Computers. This group contains all domain controllers with Exchange installed. Slide 44: Link State and Coexistence with Previous Version of Exchange If there is an existing Exchange Organization with the previous installation of Exchange 2000 or 2003 servers then the existing Exchange environment must be prepared before deploying Exchange Server 2007. DC-01.lifemusictech.local Active Directory Domain Controller LIFEMUSICTECH Slide 45: The preparation involves either migrating data off of existing servers and retiring them or ensuring that these servers have the most recent service packs and updates applied. Link State and Coexistence with Previous Version of Exchange Exchange Server 2007 Slide 46: Exchange Server 2007 can be introduced to the organization under the following conditions: No Exchange Server 5.5 server is present in the forest. Link State and Coexistence with Previous Version of Exchange Slide 47: It is not possible to directly upgrade a computer running earlier version of Exchange Server to Exchange Server 2007. Link State and Coexistence with Previous Version of Exchange But it is possible to migrate all the mailboxes off an earlier version of Exchange to Exchange Server 2007, perform a complete server rebuild, install Exchange Server 2007, and then migrate the mailboxes back, but a direct migration is impossible. Exchange Server 2003 Exchange Server 2000 Exchange Server V5.5 Exchange Server 2007 Exchange Server 2007 Exchange Server 2007 Exchange Server 2003 Exchange Server 2000 Exchange Server V5.5 Exchange Server 2007 Exchange Server 2007 Exchange Server 2007 Slide 48: All Exchange Server 2003 servers in the forest have Exchange Server 2003 Service Pack 2 or higher applied. All Exchange Server 2000 servers in the forest have Exchange 2000 server SP3 and the SP3 update rollup (KB870540) installed. Link State and Coexistence with Previous Version of Exchange Service Pack 2 Service Pack 3 Service Pack 3 KB870540 Slide 49: To disable link state in an existing Exchange Server 2003 organization, it is necessary to edit the registry on all Exchange 2000 and 2003 Servers in the organization. Set the registry key In the event that two or more routing groups exist in an Exchange Server 2003 deployment in which you wish to deploy Exchange Server 2007, it will be necessary to disable link state if not routing loops will occur. Link state is used to route traffic in large Exchange Server 2003 deployments. Exchange Server 2007 does not propagate link state routing updates. Link State and Coexistence with Previous Version of Exchange HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RESvc\Parameters\SuppressStateChanges and to set its DWORD value to 1. Slide 50: Preparing the Servers for Exchange Installation Once the network infrastructure is prepared for the deployment of Exchange Server 2007, it is necessary to prepare the computer that will host Exchange Server 2007. It is necessary to have all the components and extra software installed prior to installing Exchange Server 2007. If not then the setup will fail. DC-01.lifemusictech.local Active Directory Domain Controller LIFEMUSICTECH Slide 51: Exchange 2007 Hardware Requirements 200 MB of free disk space on the system volume. The hardware requirements needed for the computer that will host Exchange Server 2007 are: - 64-bit processor (EM64T or AMD64). Will not work in Itanium processor (IA64). 2GB of RAM plus 5MB of RAM per mailbox. 1.2GB of disk space on the volume on which Exchange is installed. 500 MB per unified messaging language pack that is to be installed. Exchange Server Slide 52: Windows Server 2003 64-bit (Standard or Enterprise) Windows Server 2003 R2 64-bit (Standard or Enterprise) Volumes that should be in NTFS format are: - System Volume Volume that store Exchange program files, storage group files, transaction log files, database files, and all other Exchange files. Microsoft .NET framework v2.0 Microsoft Windows PowerShell MMC 3.0 Update for Windows Server 2003 x64 edition (KB904639) Update for Windows Server 2003 x64 edition (KB918980) Exchange 2007 Software Requirements (If you plan to use single-copy cluster or cluster continuous replication is used) Windows Server 2003 64-bit Enterprise Edition Windows Server 2003 R2 64-bit Enterprise Edition. Operating System Slide 53: As Exchange Server 2007 comes in different roles, these roles also need different types of software requirements. They are: - Exchange Server Slide 54: MailBox Server Role If the computer on which you are going to install Exchange Server 2007 will be assigned the Mailbox Server role, it will be necessary to install the following Internet Information Services (IIS) 6.0 components prior to installation: COM+ Access IIS (Internet Information Services) World Wide Web Service MailBox Server Slide 55: If the computer on which you are going to install Exchange Server 2007 will be assigned the Client Access Server role, it will be necessary to install the following components prior to installation: Client Access Server Role World Wide Web Service Remote Procedure Call (RPC) over HTTP Proxy ASP.NET v2.0 Client Access Server Slide 56: If the computer on which you are going to install Exchange Server 2007 will be assigned the Unified Messaging Server role, it will be necessary to install the following components prior to installation: Microsoft Windows Media Encoder Microsoft Windows Media Audio Video Codec Microsoft Core XML Services (MSXML) v6.0 Unified Messaging Server Unified Message Server Role Slide 57: The Hub Transport Server role does not need any extra components to be installed other than those listed in the minimum software requirements list above. Hub Transport Server Role Hub Transport Server Slide 58: Edge Transport Server Role Edge Transport Servers require that ADAM (Active Directory Application Mode) be installed. Edge Transport Server Slide 59: Exchange Server 2007 on Domain Controllers It is always recommended not to install the Exchange Server on a domain controller rather it should be installed on a member server or standalone server. Exchange Server Active Directory Domain Controller DC-01.lifemusictech.local Member / Standalone SERVER Slide 60: Network Configuration A computer that is going to host Exchange Server 2007 needs to have a static IP address and the appropriate records created in DNS to support the exchange of mail. Exchange Server For a mail server to send and receive mail, a MX record must exist within the DNS zone that it will answer mail for. For example, for the host EXserver.lifemusictech.local to receive mail for the lifemusictech.local DNS zone, an MX record must be configured in the lifemusictech.local DNS zone that points to a EXserver.lifemusictech.local. Slide 61: You can determine which MX records exist for a DNS zone by using the nslookup command from the command prompt. The command that you enter to test the MX records for a DNS zone is: nslookup –querytype=MX <dns.zone> Network Configuration Each MX record can be assigned a priority, with the default priority being 10. The higher that assigned number, the lower its priority. Priorities are used in mail transport, with a connection attempted to the highest-priority mail server first and then connections attempted to lower-priority mail servers if that initial connection fails. Slide 62: Security Configuration Wizard The Security Configuration Wizard (SCW) is a tool that can be used to limit the number of services and open ports to only those that are required to run the server’s function. So, we can configure the server to run only run the services and ports that are required for Exchange Server. Slide 63: The SCW is a component that can be installed by using the Add / Remove Windows Components item in Add / Remove Programs. Security Configuration Wizard Slide 64: To access the Exchange Server 2007 SCW templates, you need to have Exchange Server 2007 installed as these are not available in the default installation of this application. Security Configuration Wizard Slide 65: Once you have installed the Security Configuration Wizard on a computer that hosts an Exchange Server 2007 role, you need to manually register the Exchange Server 2007 Security Configuration Wizard templates by running the following command. scwcmd register /kbname:Ex2007KB /kbfile:“C:\programfiles%\Microsoft\Exchange Server\scripts\Exchange2007.xml" Security Configuration Wizard Slide 66: We are going to create a security policy for Client Access role, Hub Transport role and Mailbox Server role of the Exchange Server (EXserver.lifemusictech.local) Security Configuration Wizard Slide 67: The Exchange Best Practices Analyzer The Exchange Best Practices Analyzer is a tool used to assist in tuning in Exchange installation, diagnosing command misconfiguration issues. When you run this tool, it gives you a detailed report with a list of recommendations that can be made to the environment to achieve greater performance, scalability and uptime. The Exchange Best Practices Analyzer tool is located in the Toolbox of the Exchange Management Console. This tool is only available only after you install Exchange Server 2007. Slide 68: The Exchange Best Practices Analyzer Slide 69: The Exchange Best Practice Analyzer can be configured to perform the following scans: The Exchange Best Practices Analyzer Health Check Permission Check Connectivity Test Baseline Exchange 2007 readiness check Slide 70: Health Check The Exchange Best Practices Analyzer This check examines the Exchange environment for errors, warnings, and configuration settings that differ from the default. Slide 71: Permission Check The Exchange Best Practices Analyzer This check examines the Exchange administrative groups and the permissions assigned to Exchange servers and reports on critical issues and settings that deviate from the installation defaults. Slide 72: This check tests network connectivity. It is often used to verify that firewall configuration is not affecting Exchange. The Exchange Best Practices Analyzer Connectivity Test Slide 73: This scan reports on all settings that differ from a user-configured baseline. The Exchange Best Practices Analyzer Baseline Slide 74: Used to prior to an Exchange deployment, this check will highlight issues in the network infrastructure that may cause deployment problems. The Exchange Best Practices Analyzer Exchange 2007 readiness check Slide 75: Multiple Volumes Although it is possible to install Exchange on the same volume as the Windows Server 2003 Operating System, there are benefits of having multiple disks and multiple volumes and having RAID array for the disks and volumes. In most situations, you would want to place mailbox data on volumes that are redundant. In the event that a disk failure occurs on the Exchange Server 2007 computer, data hosted on a redundant volume can be quickly recovered. The choice of which method of redundancy to use is determined by the costs involved. Small to medium-sized business are generally able to implement only RAID 1 on their mail servers, whereas large businesses can afford to by the equipment necessary to implement RAID 1+0 or 0+1.