Understanding the Active Directory Requirements for Exchange Server 2010


Welcome back! This is the third part of the 6 part series of Installing Exchange server. This topic deals with the Active Directory requirements for Exchange Server 2010 installation. The first and second posts can be found from the links given.

An Active Directory (AD) infrastructure running on Windows Server 2003 or Windows Server 2008 must be in place before an organization can deploy Exchange Server 2010. Exchange server depends on the Active Directory to function successfully.

Some of the AD factors that should be considered when deploying Exchange Server 2010 are:

Global Catalog Server Placement

As it has always been from Exchange Server 2000 to Exchange Server 2003, Exchange Server 2010 also requires a global catalog infrastructure to function. The global catalog maintains an index of the Active Directory database for objects within its domain. Additionally, it stores partial copies of data for all other domains within a forest.

Exchange Server relies on global catalog servers to resolve email addresses within the organization.

Active Directory Sites and Services

The Exchange Server 2010 servers utilize Active Directory site membership as follows:

Hub Transport Servers — They gather information from Active Directory to determine mail routing inside the organization. When a message hits the Microsoft Exchange Transport service, the Hub Transport server resolves the recipient’s information and queries Active Directory to match an email address to the recipient’s account.

From this, the AD site associated with mailbox server is determined and then the message is routed by Hub Transport server if in the same site or routed to another Hub transport server associated with the site.

Client Access Servers — When a client access server receives a connection request from a user, it contacts AD to determine which mailbox server houses the user’s mailbox and which site that server belongs to. If the mailbox server is in a different site, the connection is redirected to a client access server in the same site as the mailbox server.

Mailbox Servers — They query Active Directory to determine which Hub Transport servers are located in their site. Messages are submitted to local Hub Transport servers for routing and transport.

Unified Messaging Servers — Utilize Active Directory site membership information to determine what Hub Transport servers are located in the same site as the UM server. Messages for routing and transport are delivered to a Hub Transport server in the same site as the UM server.

Forest and Domain Functional Levels

With new iterations of Windows Server operating systems and Exchange servers, new features are introduced. Some of the new features that are available in Exchange server 2010 require you to upgrade the Active Directory infrastructure.

To install Exchange Server 2010, the Active Directory Forest functional level should be Windows 2003 or higher. Windows 2000 Native and Windows Server 2003 Interim modes are NOT supported.

The Active Directory Domain Functional level should also be Windows Server 2003 or higher. Windows 2000 Mixed, Windows 2000 Native, and Windows Server 2003 Interim modes are NOT supported.

Flexible Single Master Operations Roles

FSMO roles can be either “forestwide” or “domainwide.” The forestwide roles consist of the Schema Master and the Domain Naming Master. The domainwide roles consist of the Relative ID (RID) Master, the Primary Domain Controller (PDC) Emulator, and the Infrastructure Master. Each role plays an important role in an Active Directory infrastructure.

When designing the FSMO role placement of an Active Directory environment, the following best practices should be considered:

  • The Schema Master and Domain Naming Master should be placed on the same domain controller in the root or placeholder domain. This server can (and should) also be configured as a global catalog server.
  • Place the RID and PDC emulator roles on the same domain controller.
  • As a general rule, the infrastructure master should be deployed on a domain controller that is NOT also a global catalog server. This domain controller should have a direct connection to a GC server, preferably in the same Active Directory site.

That should do for now, but however, I will be installing only one domain controller in the later article and all the FSMO roles will reside on the same server. This is not the best practice, since this is only for demonstration purposes, it should not be a problem.

Lets move on to deploying an Active Directory domain and install our first Domain controller here.


About Author

I am Adil Arif, working as a Senior Technical Support Engineer at Rubrik as well as an independent blogger and founder of Enterprise Daddy. In my current role, I am supporting infrastructure related to Windows and VMware datacenters.

Leave A Reply