3660_plan for impact of exchange on ad directory services
TRANSCRIPT
Design and Manage an
Exchange Infrastructure: Plan for Impact of Exchange on AD
Directory Services
Plan for impact of Exchange on AD directory services
This objective may include but is not limited to:
– Evaluate impact of schema changes required for Exchange
– Prepare domains for Exchange
– Plan around Active Directory site topology
– Plan the number of domain controllers
– Plan placement of Global Catalog (GC)
– Determine DNS changes required for Exchange
•Company: Paraiso Brokerage – Firm handling private investment banking with
locations in Sao Paulo and Rio de Janeiro Brazil
•Problem: – They are looking to acquire a new firm that
has AD but no existing Exchange environment and they need to know what the impact will be and what the AD configuration will involve
•Goal: – Assess the existing infrastructure and design
the AD elements prior to deployment
Scenario: Brazillian Brokerage
Exchange stores all of its configuration and recipient information in Active Directory
Queries are constantly made back to AD when an Exchange server needs configuration or recipient information so you can see how essential it is for AD to be available
Exchange is an AD site-aware application and prefers to communicate with AD servers in the same site
– Upon start, Exchange binds to a random DC and GC in its own site
– You can use the Get-ExchangeServer cmdlet to discover which DC and GC and use the Set-ExchangeServer cmdlet to configure a static list it should bind to
Exchange 2013 and Active Directory
There are schema configuration changes with Exchange 2013 (as with every release of Exchange since 2000)
To prepare AD you first need to prepare the Schema (which can be done when installed your first Exchange server in your environment or through PowerShell prior to the installation)
setup /PrepareSchema (or setup /ps) /IAcceptExchangeServerLicenseTerms Optional: /DomainController
You must be a member of the Schema Admins and Enterprise Admins group to run the command and it has to be run in the same domain and site as the AD schema master
Active Directory Schema Changes
You should talk to your AD management team before implementing a schema update (if one exists)
You should also test the update in a lab first
Backup your AD before you apply the schema updates
You can test for schema extension conflicts by using the ADSchemaExtensionConflictAnalyzer.ps1
Impact of Schema Changes
You can skip the Schema prep and jump right to /PrepareAD if your policy allows for it
/PrepareAD (/p) will create the Exchange container (if one doesn’t exist) and will configure all the organization information within including role groups
Exp:
Setup /PrepareAD /OrganizationName <name>
Active Directory: /PrepareAD
To prepare local domains you can run the /PrepareDomain (/pd) or to prepare all domains you can run /PrepareAllDomans (/pad)
Creates the Microsoft Exchange System Objects in the root domain partition
To run /PrepareDomain you must be a Domain Admins group in the domain
To run /PrepareAllDomains you must be a member of the Enterprise Admins group
Active Directory: /PrepareDomain
Global Catalog Servers: You must have at least one GC server (for high availability you should have two)
Domain Controllers: You must have at least one writeable DC server (for high availability you should have two)
Forest Functionality: Server 2003 or higher
DNS Support: Contiguous, Noncontiguous, Single Label and Disjointed
IPv6: IPv6 is fully supported (but IPv4 must remain installed, although you can disable it)
Active Directory Infrastructure
Design and Deployment Strategy
2 Domain Controllers:
DC, GC and AD Integrated DNS Services
Two Edge Transport Servers Internet
BEx01
BEx02
BEx03
DAG
Witness
JBOD Array
Hardware LB
Split DNS allows you to configure different IP addresses for the same host name (aka split horizon or split brain DNS)
Using split DNS can help you reduce the number of host names you have to manage and reduces the number of SAN names required for your SSL certificates
– Example: End users uses owa.company.com both internally and externally
Note: Microsoft recommends split DNS but it isn’t mandatory
DNS Suggestions
They have a clearer understanding of AD design and deployment concerns
They don’t see the need to break things down and will use the two commands:
/PrepareAD and /PrepareAllDomains
They will also ensure they have at least 2 GCs in each site (they currently have multiple DCs but aren’t sure if they have multiple GCs)
Scenario: Paraiso Brokerage
Additional Research
•Exchange 2013 Active Directory Schema Changes
• http://technet.microsoft.com/en-us/library/bb738144(v=exchg.150).aspx
•Testing for Active Directory Schema Extension Conflicts
• http://technet.microsoft.com/en-us/library/testing-for-active-directory-schema-extension-conflicts(WS.10).aspx
•Deploying Exchange 2013 (petenetlive.com)
• http://www.petenetlive.com/KB/Article/0000730.htm#EX10