When you install Microsoft Exchange 2000 Server, two hidden processes occur that an Exchange administrator needs to know about. The two processes are ForestPrep and DomainPrep. However, in certain circumstances, you can run these processes independently of Exchange 2000 setup. This week, I discuss these procedures and why they're a crucial part of deploying Exchange 2000.
Microsoft broke out these two Exchange 2000 setup operations because of Exchange 2000's reliance on Windows 2000 Active Directory (AD). Installing an Exchange 2000 server into AD requires certain permissions; however, many organizations that roll out AD infrastructures don't want Exchange administrators to have full AD permissions. ForestPrep and DomainPrep let members of the Win2K AD Enterprise Admins group and Schema Admins group prepare AD for Exchange 2000 installation, so that the enterprise doesn't need to grant high-level permissions to every Exchange administrator.
The ForestPrep process (SETUP /forestprep) performs the Exchange 2000 setup tasks that require Enterprise Admins and Schema Admins permissions. The utility makes changes in AD's Configuration naming context (NC). ForestPrep extends your AD schema to include Exchange-specific information contained in 12 schema files on the Exchange 2000 CD-ROM. ForestPrep also creates objects in AD and gives permissions on those objects to the account designated as the Exchange 2000 administrator. This administrator will have the necessary permissions to install the first Exchange 2000 server in your organization. ForestPrep also creates the Exchange organization name and object in AD. You need to run ForestPrep only once per Win2K forest. With ForestPrep, a member of the AD Enterprise Admins group or Schema Admins group can run the process on behalf of the Exchange administrator and provide the Exchange administrator with an AD account that has only the necessary permissions.
The DomainPrep process (SETUP /domainprep) performs the Exchange setup tasks that require Domain Admin permissions within a specific domain of which Exchange 2000 will be a member. A member of the Domain Admin group must run DomainPrep. DomainPrep creates the groups and permissions necessary for Exchange servers to read and modify user attributes. DomainPrep also creates the Public Folder proxy container in AD. Although ForestPrep works in the forestwide configuration container, the Public Folder object—Microsoft Exchange System Objects—exists outside this container. DomainPrep creates this object on a per-domain basis, under the domain container. You need to run DomainPrep once in each domain that contains an Exchange 2000 server and in each domain that hosts Exchange users.
If your environment has only a few servers and administrators for Win2K AD and Exchange 2000, you might not need ForestPrep and DomainPrep; the Exchange 2000 setup program will automatically perform these tasks if the installer has the required permissions. However, in more complex environments, where administrative roles and tasks are separate, these two setup switches provide a process for Exchange administrators and Enterprise Admins to prepare the Win2K AD for Exchange 2000 without running setup.