Design and Manage an

Exchange Infrastructure: Plan for Impact of Exchange on AD

Directory Services

Plan for impact of Exchange on AD directory services

This objective may include but is not limited to:

– Evaluate impact of schema changes required for Exchange

– Prepare domains for Exchange

– Plan around Active Directory site topology

– Plan the number of domain controllers

– Plan placement of Global Catalog (GC)

– Determine DNS changes required for Exchange

•Company: Paraiso Brokerage – Firm handling private investment banking with

locations in Sao Paulo and Rio de Janeiro Brazil

•Problem: – They are looking to acquire a new firm that

has AD but no existing Exchange environment and they need to know what the impact will be and what the AD configuration will involve

•Goal: – Assess the existing infrastructure and design

the AD elements prior to deployment

Scenario: Brazillian Brokerage

Exchange stores all of its configuration and recipient information in Active Directory

Queries are constantly made back to AD when an Exchange server needs configuration or recipient information so you can see how essential it is for AD to be available

Exchange is an AD site-aware application and prefers to communicate with AD servers in the same site

– Upon start, Exchange binds to a random DC and GC in its own site

– You can use the Get-ExchangeServer cmdlet to discover which DC and GC and use the Set-ExchangeServer cmdlet to configure a static list it should bind to

Exchange 2013 and Active Directory

There are schema configuration changes with Exchange 2013 (as with every release of Exchange since 2000)

To prepare AD you first need to prepare the Schema (which can be done when installed your first Exchange server in your environment or through PowerShell prior to the installation)

setup /PrepareSchema (or setup /ps) /IAcceptExchangeServerLicenseTerms Optional: /DomainController

You must be a member of the Schema Admins and Enterprise Admins group to run the command and it has to be run in the same domain and site as the AD schema master

Active Directory Schema Changes

You should talk to your AD management team before implementing a schema update (if one exists)

You should also test the update in a lab first

Backup your AD before you apply the schema updates

You can test for schema extension conflicts by using the ADSchemaExtensionConflictAnalyzer.ps1

Impact of Schema Changes

You can skip the Schema prep and jump right to /PrepareAD if your policy allows for it

/PrepareAD (/p) will create the Exchange container (if one doesn’t exist) and will configure all the organization information within including role groups

Exp:

Setup /PrepareAD /OrganizationName <name>

Active Directory: /PrepareAD

To prepare local domains you can run the /PrepareDomain (/pd) or to prepare all domains you can run /PrepareAllDomans (/pad)

Creates the Microsoft Exchange System Objects in the root domain partition

To run /PrepareDomain you must be a Domain Admins group in the domain

To run /PrepareAllDomains you must be a member of the Enterprise Admins group

Active Directory: /PrepareDomain

Global Catalog Servers: You must have at least one GC server (for high availability you should have two)

Domain Controllers: You must have at least one writeable DC server (for high availability you should have two)

Forest Functionality: Server 2003 or higher

DNS Support: Contiguous, Noncontiguous, Single Label and Disjointed

IPv6: IPv6 is fully supported (but IPv4 must remain installed, although you can disable it)

Active Directory Infrastructure

Design and Deployment Strategy

2 Domain Controllers:

DC, GC and AD Integrated DNS Services

Two Edge Transport Servers Internet

BEx01

BEx02

BEx03

DAG

Witness

JBOD Array

Hardware LB

Split DNS allows you to configure different IP addresses for the same host name (aka split horizon or split brain DNS)

Using split DNS can help you reduce the number of host names you have to manage and reduces the number of SAN names required for your SSL certificates

– Example: End users uses owa.company.com both internally and externally

Note: Microsoft recommends split DNS but it isn’t mandatory

DNS Suggestions

They have a clearer understanding of AD design and deployment concerns

They don’t see the need to break things down and will use the two commands:

/PrepareAD and /PrepareAllDomains

They will also ensure they have at least 2 GCs in each site (they currently have multiple DCs but aren’t sure if they have multiple GCs)

Scenario: Paraiso Brokerage

Additional Research

•Exchange 2013 Active Directory Schema Changes

• http://technet.microsoft.com/en-us/library/bb738144(v=exchg.150).aspx

•Testing for Active Directory Schema Extension Conflicts

• http://technet.microsoft.com/en-us/library/testing-for-active-directory-schema-extension-conflicts(WS.10).aspx

•Deploying Exchange 2013 (petenetlive.com)

• http://www.petenetlive.com/KB/Article/0000730.htm#EX10