Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2011-07-19

Microsoft Exchange Server 2010 uses Active Directory to store and share directory information with Microsoft Windows.

Active Directory forest design for Exchange 2010 is similar to Exchange 2007. The main change in Active Directory for Exchange 2010 is in the introduction of Role Based Access Control (RBAC). In Exchange 2007, Active Directory provides ways for you to delegate administrative authority to directory objects by using access control lists (ACLs). In Exchange 2010, you don't need to modify and manage ACLs. RBAC enables you to control, at both broad and granular levels, what administrators and end-users can do. For more information about RBAC, see Understanding Role Based Access Control.

Active Directory and a New Exchange 2010 Organization

For more information about planning for Active Directory in a new Exchange 2010 organization, see the following topics:

Active Directory and Legacy Exchange Organizations

For More Information

For comprehensive Active Directory deployment information, see the Windows Server 2003 Deployment Guide.

For more information about Active Directory forest design for your Exchange organization, see Guidance on Active Directory design for Exchange Server 2007 at the Exchange Team Blog.

The content of each blog and its URL are subject to change without notice. The content within each blog is provided "AS IS" with no warranties, and confers no rights. Use of included script samples or code is subject to the terms specified in the Microsoft Terms of Use.