Extend the Active Directory schema capabilities in Exchange Server 2007

Marc Grote

Microsoft Active Directory uses a Schema to present the classes, attributes, and objects used to display what you can see in the Active Directory Users and Computers Snap-In GUI. This schema is part of the schema in Active Directory and the schema part will be replicated through all Active Directory domain controllers in Forest.

Because the Active Directory schema changes are very important to the state of the Active Directory environment, there are only members of the enterprise administrator and schema administrators group - Schema Administrators and Enterprise Administrator. has the right to expand and manage Active Directory schema.

Request

Since Exchange Server 2007 is a 64-bit application, you cannot install Exchange Server 2007 on a 32-bit server, but it is possible to use the 32-bit version of Exchange 2007 for extending the Active Directory schema. You can extend the Active Directory schema with a trial version of Exchange Server 2007 on a 32bit Windows 2003 computer. You should use the Active Directory Schema Master for schema expansion for Exchange Server 2007 because of the secondary traffic of it.

Prerequisites for Exchange Server 2007

Whether or not Exchange Server 2007 installation is successful depends a lot on prerequisites. You need the following updates before installing Exchange Server 2007:

1. Windows PowerShell 1.0 installation package for Windows Server 2003 (KB926139)
2. Microsoft .NET Framework Version 2.0
3. .NET Framework Update for .NET Framework Version 2.0
4. Microsoft Management Console (MMC) 3.0 if Windows Server 2003 R2 is not used

Expand the Active Directory schema

If the user will install Exchange Server 2007 as a member of the schema and enterprise administrators group, installing Exchange will automatically expand the Active Directory schema and you do not have to run Active Directory extension manually. . This procedure is not too strange in large environments, where Active Directory and Exchange Management are severely separated.

For that reason, the Active Directory administrator of Windows Server 2003 - a member of the enterprise administration group and schema can extend the Active Directory schema without installing Exchange Server 2007.

Exchange Server 2003 uses the Setup / Forestprep switch to extend Windows' Active Directory schema, but Exchange Server 2007 uses a new tool to extend the Active Directory schema called SETUP.COM, this schema has. Can be used with many different parameters. It is one of the parameters that you need to extend the Active Directory schema .

Setup.com / prepareschema

This installation parameter is meant to add schema attributes to the Active Directory schema, which will be used by Exchange Server 2007 and its subsystems. This installation parameter is used in conjunction with the Setup.com / PrepareLegacyExchangePermissions parameter , if Exchange Server 2007 is installed in an existing Exchange Server 2003 environment.

Install and inherit Exchange terms

These installation parameters help prepare Exchange Server 2003 to be capable of working between Exchange Server 2003 and Exchange Server 2007. It requires enterprise administrator rights and will be executed as part of the switch. / PrepareSchema switch. You can refer to this installation information at http://technet.microsoft.com/en-us/library/bb125224.aspx. You only have to do this if it is a new Exchange Server installation.

Open schema files

Using Exchange Server 2007 installation is like Exchange Server 2003, there are many Schema extension files in LDF (Lightweight Directory Exchange) format. During the schema expansion process, these files will be imported into Active Directory. Exchange Server 2007 will use a lot of schema extension files, you can see them below.

Figure 1: Schema extension files

The image below shows an example of the schema definition file. The file you will see here is called Schema0.ldf. This file and other files will be imported during Exchange Server 2007 installation or manual execution of Setup.com / prepareschema .

Figure 2: Observing the file details Schema0.ldf

Use ADSIEDIT to observe all schema extensions during Exchange Server 2007 installation

You can use ADSIEDIT to view all schema entries in the Schema section of Active Directory. ADSIEDIT is one of the Windows Server 2003 support tools that can be found on the Windows Server 2003 installation CD.

Figure 3: Active Directory Schema section after extending the schema

Setup.com / preparedomain

If you have other domains that prefer to install the Exchange 2007 Server, execute the following command:

setup.com / PrepareAD

Property sets in Exchange Server 2007

You can use attribute sets in Exchange Server 2007 for attribute grouping to enable access control for specific object attributes. Property sets use an Access Control Entry (ACE) instead of an ACE for each individual attribute.

Exchange Server 2007 creates two new attribute sets for itself and does not use existing Active Directory attribute sets. During the process of extending Active Directory Schema, Exchange Server 2007 performs the following actions:

1. Expand the Active Directory schema with new features and classes
2. Create attribute sets for Exchange Server 2007, Exchange Information and Exchange Personal Information.
3. Add the appropriate properties to the Exchange Information and Exchange Personal Information property sets.

Schema extensions of Exchange Server 2007 SP1

Exchange Server 2007 SP1 has a lot of Schema extensions added:

1. ms-Exch-Foreign-Forest-Public-Folder-Admin-USG-Sid,
2. ms-Exch-Internal-NLB-Bypass-Host-Name,
3. ms-Exch-Mobile-Additional-Flags,
4. ms-Exch-Mobile-Allow-Bluetooth,
5. ms-Exch-Mobile-Allow-SMIME-Encryption-Algorithm-Negotiation,
6. ms-Exch-Mobile-Approved-Application-List,
7. ms-Exch-Mobile-Max-Calendar-Age-Filter,
8. ms-Exch-Mobile-Max-Email-Age-Filter,
9. ms-Exch-Mobile-Max-Email-Body-Truncation-Size,
10. ms-Exch-Mobile-Max-Email-HTML-Body-Truncation-Size,
11. ms-Exch-Mobile-Min-Device-Password-Complex-Characters,
12. ms-Exch-Mobile-Require-Encryption-SMIME-Algorithm,
13. ms-Exch-Mobile-Require-Signed-SMIME-Algorithm,
14. ms-Exch-Mobile-Unapproved-In-ROM-Application-List,
15. ms-Exch-Standby-Copy-Machines,

Note :
There will be more changes in Schema during Exchange Server 2007 SP1 installation, but we do not list all changes in this article. If you are interested in what changes will appear, read the English content section of this article.

Verify schema extensions of Exchange Server 2007 SP1

You can verify the Active Directory schema extensions with ADSIEDIT, one of the Windows 200x support tools.

Navigate to:

CN = ms-Exch-Schema-Version-Pt, CN = Schema, CN = Configuration, DC = DN-of-forest-root-domaincontroller

In the Attribute Editor tab, locate the 'rangeUpper' attribute. If Exchange 2007 Service Pack 1 Beta 2 has been extended, the value will be 11116. If you are using Exchange 2007 RTM version, the value should be 10637. For Exchange 2003, the value should be 6870 and Exchange 2000 is 4397.

Figure 4: Display schema expansion version

Conclude

In this article, I have shown you how to extend Exchange Server 2007's Microsoft Active Directory schema and why Active Directory schema extensions are necessary. We also introduced how to add schema changes to Exchange Server 2007 SP1.