Tuesday, 22 September 2015

Install Exchange 2013 CU10 in a child domain - Part 1

In this post, I'll demonstrate how to install the first Exchange 2013 server on Server 2012 R2 in a child domain. This will be the first Exchange server in the forest.

Introduction

First, we'll look at the AD logical structure which is already in place. We start off with the AD forest contoso.com. The root domain is contoso.com and two child domains are uk.contoso.com and us.contoso.com. Below is a screenshot of the AD Domains and Trusts snap in.



We're using Server 2012 R2 on all domain controllers. The forest functional level and all domain functional levels are Server 2012 R2. To install Exchange 2013, you need at least a forest functional level of Server 2003 and a Schema master running Server 2003 SP2.

The list of domain controllers is below:



The physical topology is as below:



We will be installing a multi-role Exchange 2013 CU10 server in the uk.contoso.com domain.

Preparation of Active Directory - Overview

Exchange stores all configuration in AD and the AD schema needs to be extended to support these new features and objects. Once done, AD needs to be prepared for Exchange and then the required domains need preparation. The steps are below:

1) Prepare Schema
2) Prepare Active Directory
3) Prepare Active Directory Domains

We'll take each one in turn and go through the required steps.

Prepare Schema

The first step in installing Exchange is to prepare Active Directory which means we will be extending the AD schema to support new features. More information about the schema changes can be found here. Make sure you take a backup of your domain controllers before making these changes to AD.

To prepare the schema, select a computer that is in the same AD site and domain as the Schema master. If you are unsure which domain controller is the schema master, use the command: 

netdom query fsmo




Here we can see that contdc01.contoso.com is the Schema master so we'll select this server to be the machine we use to extend the AD schema and prepare AD. 

Below are the steps required to install the pre-requisites on the machine that will be used to prepare AD then to prepare AD.

1)  Install .Net 4.5.2 from here. Accept the license terms and click install:








Restart the computer when prompted.

2) If you are not using Server 2012 R2 then you also need to install the Windows Management Framework 4.0. In our case we are using Server 2012 R2 so this is not required.

3) If you don't already have the AD tools installed on the computer, you also need to install them. Do this by running the command in an elevated PowerShell window: 

Install-WindowsFeature RSAT-ADDS






4) Ensure that the account you are logged in as on the machine you'll use to prepare AD is a member of the Schema Admins and Enterprise Admins groups in AD. Note that if you are logged in and you add yourself to the required groups, you'll need to log off and on again. Also, beware that AD replication may take time if you've modified your group membership on a domain controller in a different site. The command below which will show you which groups you are currently a member of:

whoami /groups


5) Download Exchange 2013 CU10 from here. The Cumulative Update includes the entire Exchange package. There is no need to install Exchange then install the CU. 



6) Once downloaded, double click to extract Exchange. 


Select a location to extract the files to. In this demo, we're extracting to C:\temp\Exchange2013-x64-cu10.





7) Extend Active Directory schema by running the below command from the directory where you extracted the files to. in our case this is C:\temp\Exchange2013-x64-cu10

Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms



Check that all steps have completed as above before moving on to preparing AD. Also, give AD time to replicate the schema changes throughout the forest. The time this takes will depend on your replication topology, site topology and the size of your forest. 

8) To confirm that the Schema has been updated on all domain controllers, run the below script by modifying the list of domain controllers then pasting into your PowerShell window:


$DomainControllers = "contusdc01.us.contoso.com","contukdc01.uk.contoso.com","contdc01.contoso.com","contdc02.contoso.com"



$DomainControllers | % {

Write-Host $_ -ForegroundColor Green
Write-Host "Range Upper:" 


$query = "LDAP://" + $_ + "/cn=ms-Exch-Schema-Version-Pt,cn=schema,cn=configuration,dc=contoso,dc=com"

([ADSI]$query).RangeUpper

}


This will output the rangeUpper value of the ms-Exch-Schema-Version-Pt container in the Schema naming context which Exchange has created. For CU10, this should be 15312.

Below we can see that all domain controllers have the correct value for rangeUpper which means that the schema has been replicated:



Prepare Active Directory

The next step involves preparing AD. You need to be a member of the Enterprise Admins group for this step.

Select a computer which is in the same domain and site as the schema master and which can connect to all the domains in the forest on port 389. In our case, we'll continue using contdc01. 

1) Select a name for the Exchange organization. This name is not seen by end users but ensure that you meet the below requirements:


  • You can use any uppercase or lowercase letters from A to Z.
  • You can use numbers 0 to 9.
  • The name can contain spaces as long as they're not at the beginning or end of the name.
  • You can use a hyphen or dash in the name.
  • The name can be up to 64 characters but can't be blank.
  • The name can't be changed after it's set.
We'll use the organization name Contoso.

2) Run the below command to prepare AD. This command is to be run on a single line. Ensure that you replace Contoso with your organization name.



Setup.exe /PrepareAD /OrganizationName:"Contoso" /IAcceptExchangeServerLicenseTerms




Ensure that you allow time for AD to replicate these changes. You should see a new Organizational Unit in AD in the root domain:



Prepare Active Directory Domains

Now that we have extended the schema and prepared the forest, we need to prepare each domain that will have mail enabled users or Exchange installed. Again, you need to be a member of the Enterprise Administrators group for this task but you also need to be a member of the Domain Admins group in the domain you are preparing.

The account you will be using for this step needs to be a member of the below groups:

1) Enterprise Admins
2) Domain Admins in the domain you will be preparing
3) Organization Management

This will cover you for all required permissions should the domain have been created before or after PrepareAD was run. 

Here we have the option of preparing all domains in the forest or only domains that we specify. 

To prepare all domains, run the below command (note the /PrepareAllDomains switch):

Setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms

In our case, we only want to prepare the uk.contoso.com domain so we need to run the below command. Ensure that you replace uk.contoso.com with your domain name.

Setup.exe /PrepareDomain:uk.contoso.com /IAcceptExchangeServerLicenseTerms



Your AD preparation is now complete.

Conclusion

We've now configured AD for Exchange. The schema has been extended to support the Exchange configuration and new objects and the required domains have been prepared for an Exchange installation. 

In part 2, I'll demonstrate how to install Exchange in the child domain. 

1 comment:

  1. Thank you for the information. You have a very good article. I found it informative and useful. Keep up the good work and God bless!

    www.gofastek.com

    ReplyDelete