Don't start Installation before you consider Exchange 2000's effect on your Win2K domain
One of the biggest mistakes I see in Microsoft Exchange 2000 Server deployments is a migration plan that fails to take into account Exchange's interaction with Windows 2000. The most successful implementations of both Exchange 2000 and Win2K occur when you understand and plan for the products' mutual requirements.
You probably know by now that Exchange 2000 is completely dependent on Win2K Active Directory (AD) and extends the AD schema during installation. The extent of these schema updates—and the steps you must take to implement them—depend on whether you plan to migrate to Exchange 2000 from Exchange Server 5.5, or whether you're starting your Exchange 2000 organization from scratch. However, you might not realize that the use of permissions in Exchange 2000 is different from Exchange 5.5. Also, Exchange 2000 relies on several other Win2K components, such as File Replication Service (FRS), DNS, and Microsoft IIS.
If you're gearing up for Exchange 2000, you first need to review the Win2K components that will affect (or be affected by) your Exchange deployment. The information in this two-part series will help you develop a complete and successful Exchange 2000, Exchange 2000 Service Pack 1 (SP1), or Exchange 2000 SP2 migration plan. Knowing how Win2K interacts with Exchange (and, by extension, with other Microsoft server products) can also be useful when you're planning a Win2K rollout. (For an overview of the interaction between Exchange 2000 and Win2K, see Dung Hoang Khac, "6 Steps to Prepare Win2K for Exchange 2000," http://www.exchangeadmin.com, InstantDoc ID 20018.)
Updates, Replication, and Setup
The AD schema defines the directory's structure, including classes and attributes for each type of object (e.g., a user account). The basic Win2K AD schema doesn't incorporate Exchange-specific attributes such as the name of the storage group (SG) in which a user's mailbox resides, a user's legacy Exchange 5.5 distinguished name (DN), or any attributes that Exchange needs to maintain configuration details about servers or routing and administrative topologies. These attributes must be added to the AD schema and replicated around the AD forest before you can install any Exchange 2000 servers.
AD, however, isn't the sole replication agent in a Win2K environment. Microsoft hasn't yet incorporated into AD many of the components that the OS uses (e.g., system security policies). Instead, Win2K uses FRS to replicate such objects to domain controllers (DCs) throughout a domain.
The ADC
The Active Directory Connector (ADC) synchronizes data between the Exchange 5.5 Directory Service (DS) and AD—populating AD with data about the mailboxes, accounts, and groups in the DS. Two versions of the ADC—one on the Win2K Server CD-ROM and one on the Exchange 2000 CD-ROM—are available. The Exchange 2000 version, which is the most recent, deals with Exchange 2000 and introduces required attributes such as those for server configurations and topologies.
After you install the ADC, you need to establish one or more connection agreements (CAs) to tell it where to extract information from the DS and where to put it in AD. (You must use an Exchange 5.5 SP3 or later server as the DS synchronization partner; these versions facilitate Lightweight Directory Access Protocol—LDAP—based replication.) This step can be complicated and time consuming. For example, creating a CA to take mailbox information from the default recipients container in an Exchange 5.5 site and put that information in an organizational unit (OU) in AD is fairly straightforward, but such a simple scenario exists only for small Exchange organizations. When you need to deal with multiple recipients containers, multiple sites, different types of objects (e.g., mailboxes, custom recipients, distribution lists—DLs), and the desire for more complex mapping, creating the necessary CAs becomes more challenging. (For detailed information about the ADC and related planning considerations, see Kieran McCorry, "Real-Life ADC Deployment, Part 1," May 2001, and "Real-Life ADC Deployment, Part 2," June 2001.)
To install the ADC, you must be a member of the Enterprise Admins and Schema Admins security groups. Because you don't want to give a lot of people permission to modify the schema, I suggest you limit membership in the Schema Admins group as much as possible. If you don't want your Exchange administrators to be members of Schema Admins, a schema administrator can run the ADC Setup program with the /schemaonly command-line switch to perform only the schema upgrade. After the schema changes have propagated around the forest, an Exchange administrator can rerun the ADC Setup program to complete the installation.
Previous
Register
