《MS UC 2013 -系列》博文:
1) 以TechNet Library为技术资料原型。
2) 以0-《统一沟通-微软-实战》为基础。
3) 以1-《统一沟通-微软-技巧》为参照。
4) 以整个测试过程中图片为样板,再次标准化了操作流程,你看多了就会知道。
5) 不论你喜欢与不喜欢?
6) 不论你说啥!
7) 它都出现了!...它也将在你想不到的时间消失,因为有更好计划在实施中。
8) 目的:为了让大家更容易看懂TechNet Library,更容易看懂微软!
Prepare Active Directory and Domains
This topic has not yet been rated - Rate this topic
[This is pre-release documentation and subject to change in future releases.]
Applies to:
Exchange Server 2013 Preview
Topic Last Modified:
2012-07-11
Before you install Microsoft Exchange Server 2013 Preview on any servers in your organization, you must prepare Active Directory and domains.
What do you need to know before you begin?
- Estimated time to complete: 10-15 minutes (not including Active Directory replication) or more, depending on organization size and number of child domains
- The computers on which you plan to install Exchange 2013 Preview must meet the system requirements. For details, see Exchange 2013 System Requirements.
- Your domains and the domain controllers must meet the system requirements in "Network and directory servers" in Exchange 2013 System Requirements.
- In each domain in which you install Exchange 2013 Preview, you must have at least one domain controller running any of the following:
- Windows Server 2012
- Windows Server 2008 Standard or Enterprise (32-bit or 64-bit)
- Windows Server 2008 R2 Standard or Enterprise
- For multiple domain organizations running the following /Prepare* commands, we recommend the following:
- Run the /Prepare* commands from an Active Directory site with an Active Directory server from every domain.
- Run the first server role installation from an Active Directory site with a writeable global catalog server from every domain.
- Verify that replication of objects from the preceding actions is completed on the global catalog server in the Active Directory site before installing the first Exchange 2013 Preview server to that site.
- If you run the Exchange 2013 Preview Setup wizard with an account that has the permissions required (Schema Admins, Domain Admins, and Enterprise Admins) to prepare Active Directory and the domain, the wizard automatically prepares Active Directory and the domain. For more information, see Install Exchange 2013 Using the Setup Wizard. However, you must first install the Active Directory management tools on the computer prior to preparing the schema or domains. To do this, run one of the following commands.
- On Windows Server 2008 R2 SP1 computers, run the following command in a Windows PowerShell session:
Copy
Add-WindowsFeature RSAT-ADDS
- On Windows Server 2012 computers, run the following command in a Windows PowerShell session:
Copy
Install-WindowsFeature RSAT-ADDS
- You must specify the /IAcceptExchangeServerLicenseTerms parameter when you run setup.exe to accept the Exchange 2013 Preview license terms.
- For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard Shortcuts in Exchange 2013.
Prepare Active Directory and domains
To track the progress of Active Directory replication, you can use the repadmin tool (repadmin.exe), which is installed as part of the Windows Server 2012 and Windows Server 2008 R2 Active Directory Domain Services Tools (RSAT-ADDS) feature. For more information about how to use repadmin, see Repadmin .
1. From a Command Prompt window, run the following command.
Windows PowerShell
版权所有 (C) 2012 Microsoft Corporation。保留所有权利。
PS C:\Users\administrator.UC-CN> CD "E:\Tool\Microsoft Exchange Server 2013 Preview\Exchange-x64"
setup /PrepareSchema or
setup /ps
.\setup /PrepareSchema /IacceptExchangeServerLicenseTerms
Note:
|
You can skip this step and prepare the schema as part of Step 2.
|
Important:
|
If you have multiple forests in your organization, make sure that you run your forest preparation from the correct Exchange forest. Setup preparation makes configuration changes to your forest, and it could configure a non-Exchange forest incorrectly.
|
2.
Note:
|
It isn't supported to use the LDIF Directory Exchange tool (LDIFDE) to manually import the Exchange 2013 Preview schema changes. You must use Setup to update the schema.
|
This command performs the following tasks:
o Connects to the schema master and imports LDAP Data Interchange Format (LDIF) files to update the schema with Exchange 2013 Preview specific attributes. The LDIF files are copied to the Temp directory and then deleted after they are imported into the schema.
o Sets the schema version (
ms-Exch-Schema-Verision-Pt) to 15132.
Note the following:
o To run this command, you must be a member of the Schema Admins group and the Enterprise Admins group.
o You must run this command on a 64-bit computer in the same domain and in the same Active Directory site as the schema master.
o If you use the
/DomainController parameter with this command, you must specify the domain controller that is the schema master.
2. After you run this command, you should wait for the changes to replicate across your Exchange organization before continuing to the next step. The amount of time this takes is dependent upon your Active Directory site topology. From a Command Prompt window, run the following command.
第 1步,重启后,再执行如下操作:
Windows PowerShell
版权所有 (C) 2012 Microsoft Corporation。保留所有权利。
PS C:\Users\administrator.UC-CN> CD "E:\Tool\Microsoft Exchange Server 2013 Preview\Exchange-x64"
setup /PrepareAD [/OrganizationName:
<organization name>
] or
setup /p [/on:<
organization name
>]
.\setup /PrepareAD
/OrganizationName:Ex2013 /IacceptExchangeServerLicenseTerms
This command performs the following tasks:
o If the Microsoft Exchange container doesn't exist, this command creates it under CN=Services,CN=Configuration,DC=<
root domain>.
o If no Exchange organization container exists under CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain >, you must specify an organization name using the
/OrganizationName parameter. The organization container will be created with the name that you specify.
The Exchange organization name can contain only the following characters:
A through Z
a through z
0 through 9
Space (not leading or trailing)
Hyphen or dash
The organization name can't contain more than 64 characters. The organization name can't be blank. If the organization name contains spaces, you must enclose the name in quotation marks (").
o Verifies that the schema has been updated and that the organization is up to date by checking the
objectVersion property in Active Directory. The
objectVersion property is in the CN=<
your organization>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
domain> container. The
objectVersion value for Exchange 2013 Preview is 15448.
o If the containers don't exist, creates the following containers and objects under CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>, which are required for Exchange 2013 Preview:
CN=Address Lists Container,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=AddressBook Mailbox Policies,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=Addressing,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=Administrative Groups,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=Approval Applications,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=Auth Configuration,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=Client Access,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=Connections,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=ELC Folders Container,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=ELC Mailbox Policies,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=ExchangeAssistance,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=Global Settings,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=Hybrid Configuration,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=Mobile Mailbox Policies,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=Monitoring Settings,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=OWA Mailbox Policies,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=Provisioning Policy Container,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=RBAC,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=Recipient Policies,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=Remote Accounts Policies Container,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=Retention Policies Container,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=Retention Policy Tag Container,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=ServiceEndpoints,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=System Policies,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=Team Mailbox Provisioning Policies,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=Transport Settings,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=UM AutoAttendant,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=UM DialPlan,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=UM IPGateway,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=UM Mailbox Policies,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
CN=Workload Management Settings,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>
o If it doesn't exist, creates the default Accepted Domains entry, based on the forest root namespace, under CN=Transport Settings,CN=<
Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain>.
o Assigns specific permissions throughout the configuration partition.
o Imports the Rights.ldf file. This adds the extended rights required for Exchange to install into Active Directory.
o Creates the Microsoft Exchange Security Groups organizational unit (OU) in the root domain of the forest and assigns specific permissions on this OU.
o Creates the following management role groups within the Microsoft Exchange Security Groups OU:
Compliance Management
Delegated Setup
Discovery Management
Help Desk
Hygiene Management
Organization Management
Public Folder Management
Recipient Management
Records Management
Server Management
UM Management
View-Only Organization Management
o Adds the new universal security groups (USGs) that are within the Microsoft Exchange Security Groups OU to the
otherWellKnownObjects attribute stored on the CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<
root domain> container.
o Creates the Unified Messaging Voice Originator contact in the Microsoft Exchange System Objects container of the root domain.
o Prepares the local domain for Exchange 2013 Preview. For information about what tasks are completed to prepare a domain, see Step 3.
Note the following:
o To run this command, you must be a member of the Enterprise Admins group.
o The computer where you run this command must be able to contact all domains in the forest on port 389.
o You must run this command on a computer in the same domain and in the same Active Directory site as the schema master. Setup will make all configuration changes to the schema master to avoid conflicts because of replication latency.
o After you run this command, you should wait for the changes to replicate across your Exchange organization before continuing to the next step. The amount of time this takes is dependent upon your Active Directory site topology.
o To verify that this step completed successfully, make sure that there is a new OU in the root domain called
Microsoft Exchange Security Groups. This OU should contain the following new Exchange USGs:
Compliance Management
Delegated Setup
Discovery Management
Exchange Servers
Exchange Trusted Subsystem
Exchange Windows Permissions
ExchangeLegacyInterop
Help Desk
Hygiene Management
Organization Management
Public Folder Management
Recipient Management
Records Management
Server Management
UM Management
View-Only Organization Management
3. From a Command Prompt window, run one of the following commands:
o Run
setup /PrepareDomain or
setup /pd to prepare the local domain. You don't need to run this in the domain where you ran Step 2. Running
setup /PrepareAD prepares the local domain.
o Run
setup /PrepareDomain:
<FQDN of domain you want to prepare> to prepare a specific domain.
o Run
setup /PrepareAllDomains or
setup /pad to prepare all domains in your organization.
第2步,重启后,再执行如下操作:
PS C:\Users\administrator.UC-CN> CD "E:\Tool\Microsoft Exchange Server 2013 Preview\Exchange-x64"
.\setup
/PrepareDomain:Cloud.com /IacceptExchangeServerLicenseTerms
PS C:\Users\administrator.UC-CN> CD "E:\Tool\Microsoft Exchange Server 2013 Preview\Exchange-x64"
.\setup
/PrepareAllDomains /IacceptExchangeServerLicenseTerms
These commands perform the following tasks:
o If this is a new organization, creates the Microsoft Exchange System Objects container in the root domain partition in Active Directory and sets permissions on this container for the Exchange Servers, Exchange Organization Administrators, and Authenticated Users groups. This container is used to store public folder proxy objects and Exchange-related system objects, such as the mailbox database's mailbox.
o Sets the
objectVersion property in the Microsoft Exchange System Objects container under DC=<
root domain>. This
objectVersion property contains the version of domain preparation. The version for Exchange 2013 Preview is 13236.
o Creates a domain global group in the current domain called Exchange Install Domain Servers. The command places this group in the Microsoft Exchange System Objects container. It also adds the Exchange Install Domain Servers group to the Exchange Servers USG in the root domain.
Note:
|
The Exchange Install Domain Servers group is used if you install Exchange 2013 Preview in a child domain that is an Active Directory site other than the root domain. The creation of this group allows you to avoid installation errors if group memberships haven't replicated to the child domain.
|
o Assigns permissions at the domain level for the Exchange Servers USG and the Organization Management USG.
Note the following:
o To run
setup /PrepareAllDomains, you must be a member of the Enterprise Admins group.
o To run
setup /PrepareDomain, if the domain that you're preparing existed before you ran
setup /PrepareAD, you must be a member of the Domain Admins group in the domain. If the domain that you're preparing was created after you ran
setup /PrepareAD, you must be a member of the Exchange Organization Administrators group, and you must be a member of the Domain Admins group in the domain.
o For domains in an Active Directory site other than the root domain,
/PrepareDomain might fail with the following messages:
"PrepareDomain for domain <
YourDomain> has partially completed. Because of the Active Directory site configuration, you must wait at least 15 minutes for replication to occur, and run PrepareDomain for <
YourDomain> again."
"Active Directory operation failed on <
YourServer>. This error is not retriable. Additional information: The specified group type is invalid.
Active Directory response: 00002141: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0
The server cannot handle directory requests."
If you see these messages, wait for or force Active Directory replication between this domain and the root domain, and then run
/PrepareDomain again.
o You must run this command in every domain in which you will install Exchange 2013 Preview. You must also run this command in every domain that will contain mail-enabled users, even if the domain doesn't have Exchange 2013 Preview installed.
To verify that this step completed successfully, confirm the following:
o You have a new global group in the Microsoft Exchange System Objects container called Exchange Install Domain Servers. (To view the Microsoft Exchange System Objects container in Active Directory Users and Computers, on the
View menu, click
Advanced Features.)
o The Exchange Install Domain Servers group is a member of the Exchange Servers USG in the root domain.
o On each domain controller in a domain in which you will install Exchange 2013 Preview, the Exchange Servers USG has permissions on the Domain Controller Security Policy\Local Policies\User Rights Assignment\Manage Auditing and Security Log policy.
How do you know this worked?
Do the following to verify that Active Directory has been successfully prepared:
- In the Schema naming context, verify that the rangeUpper property on ms-Exch-Schema-Verision-Pt is set to 15132.
- In the Configuration naming context, verify that the objectVersion property in the CN=<your organization>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<domain> container is set to 15448.
- In the Default naming context, verify that the objectVersion property in the Microsoft Exchange System Objects container under DC=<root domain is set to 13236.
You can also check the Exchange setup log to verify that Active Directory preparation has completed successfully. For more information, see Verify an Exchange 2013 Installation .
Note:
|
You won't be able to use the
Get-ExchangeServer cmdlet mentioned in the Verify an Exchange 2013 Installation topic until you've completed the installation of at least one Mailbox server role and one Client Access server role in an Active Directory site.
|
o For more information, see Exchange Server Changes to the Active Directory Schema .