Applies to: Exchange Server 2013
Topic Last Modified: 2013-02-25
Before you install Microsoft Exchange Server 2013 on any servers in your organization, you must prepare Active Directory and domains.
What do you need to know before you begin?
- Estimated time to complete: 10-15 minutes (not including Active
Directory replication) or more, depending on organization size and
number of child domains
- The computers on which you plan to install Exchange 2013 must
meet the system requirements. For details, see Exchange 2013 System
Requirements.
- Your domains and the domain controllers must meet the system
requirements in "Network and directory servers" in Exchange 2013 System
Requirements.
- For multiple domain organizations running the following
/Prepare* commands, we recommend the following:
- Run the commands from an Active Directory site that has an
Active Directory server from every domain.
- Run the first server role installation from an Active Directory
site with a writeable global catalog server from every domain.
- Verify that replication of objects from the preceding actions
is completed on the global catalog server in the Active Directory
site before installing the first Exchange 2013 server to that
site.
- Run the commands from an Active Directory site that has an
Active Directory server from every domain.
- If you run the Exchange 2013 Setup wizard with an account that
has the permissions required (Schema Admins, Domain Admins, and
Enterprise Admins) to prepare Active Directory and the domain, the
wizard automatically prepares Active Directory and the domain. For
more information, see Install Exchange 2013
Using the Setup Wizard. However, you must first install the
Active Directory management tools on the computer prior to
preparing the schema or domains. To do this, see the Active Directory
preparation section in Exchange 2013
Prerequisites.
- You must specify the /IAcceptExchangeServerLicenseTerms
parameter when you run setup.exe to accept the Exchange 2013
license terms.
- For information about keyboard shortcuts that may apply to the
procedures in this topic, see Keyboard Shortcuts in
the Exchange Admin Center.
Tip: |
---|
Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection |
Prepare Active Directory and domains
To track the progress of Active Directory replication, you can use the repadmin tool (repadmin.exe), which is installed as part of the Windows Server 2012 and Windows Server 2008 R2 Active Directory Domain Services Tools (RSAT-ADDS) feature. For more information about how to use repadmin, see Repadmin.
- From a Command Prompt window, run the following command.
setup /PrepareSchema or setup /ps
Note: You can skip this step and prepare the schema as part of Step 2. Important: If you have multiple forests in your organization, make sure that you run your forest preparation from the correct Exchange forest. Setup preparation makes configuration changes to your forest, and it could configure a non-Exchange forest incorrectly. Note: It isn't supported to use the LDIF Directory Exchange tool (LDIFDE) to manually import the Exchange 2013 schema changes. You must use Setup to update the schema.
- Connects to the schema master and imports LDAP Data Interchange
Format (LDIF) files to update the schema with Exchange 2013
specific attributes. The LDIF files are copied to the Temp
directory and then deleted after they are imported into the
schema.
- Sets the schema version (ms-Exch-Schema-Verision-Pt) to
15137.
- To run this command, you must be a member of the Schema Admins
group and the Enterprise Admins group.
- You must run this command on a 64-bit computer in the same
domain and in the same Active Directory site as the schema
master.
- If you use the /DomainController parameter with this
command, you must specify the domain controller that is the schema
master.
- After you run this command, you should wait for the changes to
replicate across your Exchange organization before continuing to
the next step. The amount of time this takes is dependent upon your
Active Directory site topology.
- For more information, see Exchange 2013 Active
Directory Schema Changes.
- Connects to the schema master and imports LDAP Data Interchange
Format (LDIF) files to update the schema with Exchange 2013
specific attributes. The LDIF files are copied to the Temp
directory and then deleted after they are imported into the
schema.
- From a Command Prompt window, run the following command.
setup /PrepareAD [/OrganizationName: <organization name> ] or setup /p [/on:<organization name>]
This command performs the following tasks:
- If the Microsoft Exchange container doesn't exist, this command
creates it under
CN=Services,CN=Configuration,DC=<root domain>.
- If no Exchange organization container exists under CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=<root domain
>, you must specify an organization name using the
/OrganizationName parameter. The organization container will
be created with the name that you specify.
The Exchange organization name can contain only the following characters:
A through Z
a through z
0 through 9
Space (not leading or trailing)
Hyphen or dash
The organization name can't contain more than 64 characters. The organization name can't be blank. If the organization name contains spaces, you must enclose the name in quotation marks (").
- Verifies that the schema has been updated and that the
organization is up to date by checking the objectVersion
property in Active Directory. The objectVersion property is
in the CN=<your organization>,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=<domain>
container. The objectVersion value for Exchange 2013 is
15449.
- Sets the msExchProductId of the Exchange organization
object to 15.00.0516.032. The msExchProductId property is in
the CN=<your organization>,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=<domain>
container.
- If the containers don't exist, creates the following containers
and objects under
CN=<Organization Name>,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=<root domain>,
which are required for Exchange 2013:
CN=Address Lists Container,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=AddressBook Mailbox Policies,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=Addressing,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=Administrative Groups,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=Approval Applications,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=Auth Configuration,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=Client Access,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=Connections,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=ELC Folders Container,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=ELC Mailbox Policies,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=ExchangeAssistance,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=Global Settings,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=Hybrid Configuration,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=Mobile Mailbox Policies,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=Monitoring Settings,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=OWA Mailbox Policies,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=Provisioning Policy Container,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=RBAC,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=Recipient Policies,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=Remote Accounts Policies Container,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=Retention Policies Container,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=Retention Policy Tag Container,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=ServiceEndpoints,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=System Policies,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=Team Mailbox Provisioning Policies,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=Transport Settings,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=UM AutoAttendant,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=UM DialPlan,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=UM IPGateway,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=UM Mailbox Policies,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
CN=Workload Management Settings,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
- If it doesn't exist, creates the default Accepted Domains
entry, based on the forest root namespace, under CN=Transport
Settings,CN=<Organization Name>,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=<root domain>.
- Assigns specific permissions throughout the configuration
partition.
- Imports the Rights.ldf file. This adds the extended rights
required for Exchange to install into Active Directory.
- Creates the Microsoft Exchange Security Groups
organizational unit (OU) in the root domain of the forest and
assigns specific permissions on this OU.
- Creates the following management role groups within the
Microsoft Exchange Security Groups OU:
Compliance Management
Delegated Setup
Discovery Management
Help Desk
Hygiene Management
Organization Management
Public Folder Management
Recipient Management
Records Management
Server Management
UM Management
View-Only Organization Management
- Adds the new universal security groups (USGs) that are within
the Microsoft Exchange Security Groups OU to the
otherWellKnownObjects attribute stored on the CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=<root domain>
container.
- Creates the Unified Messaging Voice Originator contact in the
Microsoft Exchange System Objects container of the root domain.
- Prepares the local domain for Exchange 2013. For information
about what tasks are completed to prepare a domain, see
Step 3.
- To run this command, you must be a member of the Enterprise
Admins group.
- The computer where you run this command must be able to contact
all domains in the forest on port 389.
- You must run this command on a computer in the same domain and
in the same Active Directory site as the schema master. Setup will
make all configuration changes to the schema master to avoid
conflicts because of replication latency.
- After you run this command, you should wait for the changes to
replicate across your Exchange organization before continuing to
the next step. The amount of time this takes is dependent upon your
Active Directory site topology.
- To verify that this step completed successfully, make sure that
there is a new OU in the root domain called Microsoft Exchange
Security Groups. This OU should contain the following new
Exchange USGs:
Compliance Management
Delegated Setup
Discovery Management
Exchange Servers
Exchange Trusted Subsystem
Exchange Windows Permissions
ExchangeLegacyInterop
Help Desk
Hygiene Management
Organization Management
Public Folder Management
Recipient Management
Records Management
Server Management
UM Management
View-Only Organization Management
- If the Microsoft Exchange container doesn't exist, this command
creates it under
CN=Services,CN=Configuration,DC=<root domain>.
- From a Command Prompt window, run one of the following
commands:
- Run setup /PrepareDomain or setup /pd to prepare
the local domain. You don't need to run this in the domain where
you ran Step 2. Running setup /PrepareAD prepares the
local domain.
- Run setup /PrepareDomain:<FQDN of domain you want
to prepare> to prepare a specific domain.
- Run setup /PrepareAllDomains or setup /pad to
prepare all domains in your organization.
- If this is a new organization, creates the Microsoft Exchange
System Objects container in the root domain partition in Active
Directory and sets permissions on this container for the Exchange
Servers, Exchange Organization Administrators, and Authenticated
Users groups. This container is used to store public folder proxy
objects and Exchange-related system objects, such as the mailbox
database's mailbox.
- Sets the objectVersion property in the Microsoft
Exchange System Objects container under DC=<root
domain>. This objectVersion property contains the
version of domain preparation. The version for Exchange 2013 is
13236.
- Creates a domain global group in the current domain called
Exchange Install Domain Servers. The command places this group in
the Microsoft Exchange System Objects container. It also adds the
Exchange Install Domain Servers group to the Exchange Servers USG
in the root domain.
Note: The Exchange Install Domain Servers group is used if you install Exchange 2013 in a child domain that is an Active Directory site other than the root domain. The creation of this group allows you to avoid installation errors if group memberships haven't replicated to the child domain. - Assigns permissions at the domain level for the Exchange
Servers USG and the Organization Management USG.
- To run setup /PrepareAllDomains, you must be a member of
the Enterprise Admins group.
- To run setup /PrepareDomain, if the domain that you're
preparing existed before you ran setup /PrepareAD, you must
be a member of the Domain Admins group in the domain. If the domain
that you're preparing was created after you ran setup
/PrepareAD, you must be a member of the Exchange Organization
Administrators group, and you must be a member of the Domain Admins
group in the domain.
- For domains in an Active Directory site other than the root
domain, /PrepareDomain might fail with the following
messages:
"PrepareDomain for domain <YourDomain> has partially completed. Because of the Active Directory site configuration, you must wait at least 15 minutes for replication to occur, and run PrepareDomain for <YourDomain> again."
"Active Directory operation failed on <YourServer>. This error is not retriable. Additional information: The specified group type is invalid.
Active Directory response: 00002141: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0
The server cannot handle directory requests."
If you see these messages, wait for or force Active Directory replication between this domain and the root domain, and then run /PrepareDomain again.
- You must run this command in every domain in which you will
install Exchange 2013. You must also run this command in every
domain that will contain mail-enabled users, even if the domain
doesn't have Exchange 2013 installed.
- You have a new global group in the Microsoft Exchange
System Objects container called Exchange Install Domain Servers.
(To view the Microsoft Exchange System Objects container in
Active Directory Users and Computers, on the View menu,
click Advanced Features.)
- The Exchange Install Domain Servers group is a member of the
Exchange Servers USG in the root domain.
- On each domain controller in a domain in which you will install
Exchange 2013, the Exchange Servers USG has permissions on the
Domain Controller Security Policy\Local Policies\User Rights
Assignment\Manage Auditing and Security Log policy.
- Run setup /PrepareDomain or setup /pd to prepare
the local domain. You don't need to run this in the domain where
you ran Step 2. Running setup /PrepareAD prepares the
local domain.
How do you know this worked?
Do the following to verify that Active Directory has been successfully prepared:
- In the Configuration naming context, verify that the
msExchProductId property in the CN=<your
organization>,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=<domain>
container is set to 15.00.516.032.
Note: If the msExchProductId property is set to 15.00.516.032, Active Directory has been successfully prepared. You don’t need to check any of remaining values in this list. The information below is for information purposes only and for those who separate the PrepareSchema and PrepareAD steps. - In the Schema naming context, verify that the
rangeUpper property on ms-Exch-Schema-Verision-Pt is
set to 15137.
- In the Configuration naming context, verify that the
objectVersion property in the CN=<your
organization>,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=<domain>
container is set to 15449.
- In the Default naming context, verify that the
objectVersion property in the Microsoft Exchange System
Objects container under DC=<root domain is set to
13236.
You can also check the Exchange setup log to verify that Active Directory preparation has completed successfully. For more information, see Verify an Exchange 2013 Installation.
Note: |
---|
You won't be able to use the Get-ExchangeServer cmdlet mentioned in the Verify an Exchange 2013 Installation topic until you've completed the installation of at least one Mailbox server role and one Client Access server role in an Active Directory site. |