>> Prepare Active Directory for Exchange 2007 (Part 1)
>> Prepare Active Directory for Exchange 2007 (Part 2)
In this section we will continue the steps of preparing the remaining Active Directory, starting with the process of preparing the Active Directory schema.
Prepare Active Directory schema
Like other Exchange versions, like Exchange 200 and Exchange 2003, Exchange 2007 also requires updating the Active Directory schema to operate. Therefore we will have to ensure that the account used in this process must be a member of the Schema Admins group. In addition, this account must also be a member of the Enterprise Admins group to successfully complete the schema update process.
We need to plan before updating because in a security environment it is possible that members of these groups will not receive any notifications. Finally, note that we will have access to Active Directory's Domain Controller using the master schema to implement this process because we will make some changes to the Active Directory schema. Specifically, the process of preparing the schema from a server must be performed in the same Active Directory site and domain as a process of the master schema. If you do not do so, the Organization Checks section of the schema update process will fail with the following error message:
'Setup needs to contact the schema Active Directory master but the computer này không phải trong cùng một tên của cơ sở dữ liệu với thư mục nhân (DC = domain, DC = com).
Đang Setup bị lỗi trong khi xử lý các thư mục của trường dữ liệu: organization-level Exchange các người dùng không được tạo, và đặt không thể tạo chúng vì máy tính cục bộ không phải là cùng tên và site như là thư mục của cơ sở dữ liệu và site như là thư mục của cơ sở dữ liệu và site như là thư mục không. Run setup with the / prepareAD parameter on a computer in the domain {domain} and site {site name}, and wait for replication to complete. '
(The installation process needs to connect to the master Active Directory schema but this computer is not in the same Active Directory domain as the master schema (DC = domain, DC = com).
The installation process generates an error while confirming the Active Directory status: Exchange system-level objects have not been created, and the installation process cannot create them because the local computer is not in the same domain and page with master schema. Please install with the parameter / prepareAD on a computer in domain {domain} and page {page name}, then wait for the replication process to complete.)
In the previous two sections, we have prepared to prepare Legacy Permission with setup / PrepareLegacyExchangePermissions command (or you can enter this command as setup / pl ) when used in conjunction with Exchange 2003. However, if for some For some reason you haven't used this command yet and plan to use Exchange 2007 with other Exchange versions, remember that this command will be executed as part of the schema update process.
In this article we have set out to assume that we are using it in conjunction with Exchange 2003, so we need to point out that the update process of Exchange 2007 also includes applied schema updates. for Exchange 200 and Exchange 2003.
To prepare this schema with Exchange updates, we will use the following command:
setup / PrepareSchema (or enter the setup / ps command)In the example, we will run the setup / ps command on the original Domain Controller named AD-ROOT . You will then see the information displayed indicating the update process was successful as shown in Figure 1.
Figure 1: Updating the schema successfully.
The update process will take a few minutes. If you want to check if this process is running, you can access the Temp folder of the user account while the update process is executing Extending Active Directory schema (extending the Active Directory schema). ). By default, the Temp directory location will be % USERPROFILE% Local SettingsTemp .
Figure 2: Content of Temp folder when update process is in progress.
In Figure 2 you can see 3 temporary files in the Temp folder. Which should be concerned about ldif.log file. This file will contain the contents of one of the specific LDIF files from the Exchange 2007 source files and the LDIF file being imported at that time. If you look at the contents of the Temp folder during the schema update process, you will see this ldif.log file changes the capacity from 0KB to about 3KB because other LDIF files have been processed. Figure 3 shows the contents of the ldif.log file at any point in the schema update process.
Figure 3: Contents of the ldif.log file.
Duplicate Active Directory
It is best to check whether the Active Directory has made changes to the system when we have made some changes in the steps. To check if the schema update process has been applied to Domain Controllers, use ADSIEdit to check the value of rangeUpper on the ms-Exch-Schema-Version-Pt attribute when connecting to a Specific Domain Controller. This attribute is used to monitor the version of the Active Directory schema that has been installed, and because the rangeUpper value for Exchange 2007 SP1 is 11116 , this is the value we need to pay attention to.
Note: This value will be different on Exchange 2007 Service Pack versions.
If you have Windows Support Tools installed (integrated ADSIEdit), please do the following to confirm that the Domain Controller has been installed with this value:
1. Run ADSIEdit.msc .
2. In the left pane of the main ADSIEdit window, expand the Schema object and then select the object directly below the Schema.
3. In the right panel, specify the attribute CN = ms-Exch-Schema-Version-Pt , then right-click this property and select Properties .
If you have Windows Support Tools installed (integrated ADSIEdit), please do the following to confirm that the Domain Controller has been installed with this value:
1. Run ADSIEdit.msc .
2. In the left pane of the main ADSIEdit window, expand the Schema object and then select the object directly below the Schema.
3. In the right panel, specify the attribute CN = ms-Exch-Schema-Version-Pt , then right-click this property and select Properties .
4. In the Properties dialog box, scroll down to the properties list and rangeUpper . Check if the Value column shows 11116 (Figure 4).
Figure 4: Value of rangeUpper.
Another tool that provides Windows Support Tools is very useful for checking the Active Directory replication process, Active Directory Replication Monitor ( replmon.exe ). Use this tool as follows:
1. Run Replmon.exe .
Figure 5: Replmon's main window.
2. In the left pane, right click on Monitored Servers and select Add Monitored Server . Then the Add Monitored Server wizard will appear.
3. In this wizard, select the related option to add a Domain Controller by name or search for a specific domain.
4. In the Add Server to Monitor window, there is a note that Enter the name of the server to monitor explicitly (enter the name of the server to be managed clearly) so we must enter the name Fully Qualified Domain Name of a The domain controller needs monitoring (Figure 6).
3. In this wizard, select the related option to add a Domain Controller by name or search for a specific domain.
4. In the Add Server to Monitor window, there is a note that Enter the name of the server to monitor explicitly (enter the name of the server to be managed clearly) so we must enter the name Fully Qualified Domain Name of a The domain controller needs monitoring (Figure 6).
Figure 6: Adding a specific server.
After clicking the Finish button, we will return to the main Replmon window, but this time a connection has been established to the selected Domain Controller. Repeat this process with other Domain Controllers if necessary.
Figure 7: Replmon with managed servers.
We can now check the replication process of multiple containers by expanding them and checking the information displayed in the right panel. For example, Figure 8 shows that the replication process failed before the update process was successful.
Figure 8: The failure and success of the replication process.
As we know, the Exchange installation process creates Log files in Active Directory preparation tasks (part 1). If you check the folder C: ExchangeSetupLogs while performing the steps in Part 2, you will see that the Active Directory schema update process also creates a PowerShell script called Install-ExchangeOrganization- {DATE} - {TIME} .ps1 . Checking the content of the processes that created PowerShell scripts can help us better understand the Exchange installation process so you should not ignore this information.
Conclude
In this third part we have done a very significant part of the Active Directory preparation process, which is to prepare the schema. In the next section we will do some other important things in the Active Directory preparation process.
Conclude
In this third part we have done a very significant part of the Active Directory preparation process, which is to prepare the schema. In the next section we will do some other important things in the Active Directory preparation process.