Applies to: Exchange Server 2007 SP3, Exchange Server
2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-11-27
This topic explains how to provision a server and delegate the set up and installation of Exchange.
Provisioning a server allows Exchange to be installed later by using delegated setup. This procedure allows a delegated account to install single Exchange servers in your domain, without being a member of the Exchange Organization Administrators group. You cannot install the first instance of an Exchange server in your domain by using a delegated account. You must install the first Exchange server by using an account that is a member of the Exchange Organization Administrators group and local Administrators group. You can then install subsequent Exchange using a delegated account.
You can use Setup.com /NewProvisionedServer to accomplish this task. The Setup.com /NewProvisionedServer command performs the following tasks:
- It creates the server object within the configuration
partition: CN=Servers,CN=Exchange Administrative Group
(FYDIBOHF23SPDLT),CN=Administrative Groups,CN=<Organization
Name>,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=<Root
Domain>
- It adds the following access control entries to the server
object within the configuration partition for the delegated
account:
- Full Control on the server object and its children
- Deny access control entry for the Send As extended right
- Deny access control entry for the Receive As extended right
- Deny CreateChild and DeleteChild permissions for Exchange
Public Folder Store objects
- Full Control on the server object and its children
Note: |
---|
Public folders are administered at an organizational level, therefore the creation and deletion of public folder stores is restricted to Exchange Organization Administrators. |
- It adds the computer account to the Exchange Servers
group.
- It adds the server as a provisioned server in the Exchange
Management Console.
- The delegated account is added to the membership of the
Exchange Organization View-Only Administrators role.
Running the Setup.com /NewProvisionedServer with the /ServerAdmin:<UserName> parameter provisions the server and creates an Exchange Server Administrator account for that server. The account designated in the /ServerAdmin parameter will have the same rights as an Exchange Server Administrator account that is delegated through the Exchange Management Console.
Note: |
---|
The ServerAdmin parameter only works with setup if you use the /NewProvisionedServer parameter. You cannot use the ServerAdmin parameter to add an Exchange administrator. To add an Exchange administrator, use the Add Exchange Administrator wizard in the Exchange Management Console or the Add-ExchangeAdministrator cmdlet in the Exchange Management Shell. |
For clustered mailbox servers, you must perform additional steps. For more information about how to perform a delegated installation of clustered mailbox servers, see How to Perform a Delegated Setup of a Clustered Mailbox Server.
Before You Begin
To run Setup.com /NewProvisionedServer, the account you use must be delegated the Exchange Organization Administrator role.
For more information about permissions, delegating roles, and the rights that are required to administer Microsoft Exchange Server 2007, see Permission Considerations.
Note: |
---|
A delegated Exchange Server Administrator account does not have permissions to delegate Setup /NewProvisionedServer permissions to another user. |
Procedure
If Exchange Server is installed on the computer where you are provisioning, you can run the Setup.com command with associated arguments from the Run line or in Command Prompt. If the computer that you are running the Setup.com command from does not have Exchange installed, you must insert the Exchange Server 2007 DVD into the computer, and run the Setup.com command from the root directory of the DVD.
To provision the local server
-
Run the following command:
Copy Code Setup.com /NewProvisionedServer
Note: Running this command provisions the local server, but does not delegate a user.
To provision a remote server
-
Run the following command:
Copy Code Setup.com /NewProvisionedServer:ServerName
To provision a server and delegate an Exchange Server Administrator
-
Run the following command:
Copy Code Setup.com /NewProvisionedServer:"ServerName" /ServerAdmin Contoso\User1
You can create an Exchange Server Administrator for this server in the Exchange Management Console. For more information about how to add users to Administrator roles, see How to Add a User or Group to an Administrator Role.
For more information about Exchange permissions, see Permission Considerations.
Important: |
---|
A delegated user cannot uninstall an Exchange server. Uninstalling or removing Exchange servers requires an account that is a member of the Exchange Organization Administrators group and local Administrators group. |
De-Provisioning a Server
Exchange 2007 Setup can also be used to de-provision a server object. This process removes the provisioned server object from the configuration partition.
To de-provision the local server
-
Run the following command:
Copy Code Setup.com /RemoveProvisionedServer:"ServerName"
Note: Running this command provisions the local server, but it does not delegate a user.