Syngress - How To Cheat at Deploying Exchange Server 2000 with Active Directory (2003).pdf
(
591 KB
)
Pobierz
How to Cheat at Being a Windows 2000 System Administrator
How to Cheat…
How to Cheat at Deploying
Exchange Server 2000 with
Active Directory
Copyright 2003 by Syngress Publishing,
all rights reserved
This special Syngress e-book is designed to provide quick,
step-by-step help to anybody trying to wrestle with Deploying
Exchange Server
BEFORE YOU BEGIN ................................................................................................................3
TOPIC 1: PREPARING ACTIVE DIRECTORY..................................................................... 4
U
SING
F
ORESTPREP
...................................................................................................................... 4
TOPIC 2: PREPARING YOUR DOMAINS.............................................................................. 7
U
SING
D
OMAINPREP
.................................................................................................................... 7
TOPIC 3: DEPLOYING SERVERS RUNNING EXCHANGE 2000...................................... 9
E
STABLISHING THE
F
IRST
A
DMINISTRATIVE
G
ROUP
.................................................................... 9
D
EPLOYING
E
XCHANGE
U
SING
T
ERMINAL
S
ERVICES
................................................................ 10
D
EPLOYING
E
XCHANGE ON A
W
INDOWS
2000 C
LUSTER
........................................................... 10
TOPIC 4: UNATTENDED INSTALLATION......................................................................... 12
TOPIC 5: DEPLOYING EXCHANGE SYSTEM MANAGER............................................. 13
TOPIC 6: UPGRADING FROM PREVIOUS VERSIONS OF EXCHANGE ..................... 14
TOPIC 7: UPGRADING THE DIRECTORIES TO ACTIVE DIRECTORY..................... 15
TOPIC 8: WHEN TO CONSOLIDATE BEFORE DEPLOYING........................................ 19
TOPIC 9: TOOLS USED TO UPGRADE THE WINDOWS NT 4.0 SAM .......................... 20
U
SING THE
A
CTIVE
D
IRECTORY
M
IGRATION
T
OOL
................................................................... 20
TOPIC 10: TOOLS USED TO UPGRADE THE EXCHANGE SERVER 5.5 DIRECTORY
....................................................................................................................................................... 22
U
SING THE
A
CTIVE
D
IRECTORY
C
ONNECTOR
............................................................................ 22
User Connection Agreements ............................................................................................... 23
Public Folder Connection Agreements................................................................................. 26
Configuration Connection Agreements................................................................................. 26
S
ITE
R
EPLICATION
S
ERVICE
....................................................................................................... 26
U
SING THE
A
CTIVE
D
IRECTORY
A
CCOUNT
C
LEANUP
W
IZARD
.................................................. 27
D
IRECTORY
U
PGRADE
S
CENARIOS
............................................................................................. 28
Using the In-Place Upgrade Method.................................................................................... 28
Copyright © 2003 by Syngress Publishing, Inc.
1
Deploying Exchange 2000
Upgrade Using ADMT then ADC ......................................................................................... 29
ADC then In-Place Upgrade then ADClean ......................................................................... 30
Upgrade Using ADC then ADMT then ADClean ................................................................. 33
TOPIC 11: DIRECTORY UPGRADE CONSIDERATIONS ................................................ 36
W
HEN TO
R
EQUIRE A
N
ATIVE
M
ODE
D
OMAIN
........................................................................... 36
H
OW TO
S
UCCESSFULLY
U
SE
U
NIVERSAL
G
ROUPS
.................................................................... 37
TOPIC 12: UPGRADING THE MESSAGING ENVIRONMENT ....................................... 38
TOPIC 13: PERFORMING AN IN-PLACE UPGRADE ....................................................... 39
TOPIC 14: PERFORMING A MOVE-MAILBOX UPGRADE............................................ 40
U
SING THE
L
EAPFROG
M
ETHOD
................................................................................................. 40
TOPIC 15: MOVING TO A NEW ORGANIZATION........................................................... 42
U
SING THE
E
XCHANGE
M
AILBOX
M
IGRATION
P
ROGRAM
.......................................................... 42
U
PGRADING
S
UPPORTING
S
ERVERS
........................................................................................... 42
U
PGRADING
C
ONNECTOR
S
ERVERS
........................................................................................... 42
U
PGRADING
C
LIENT
A
CCESS
U
SING
F
RONT
-
END
S
ERVERS
........................................................ 42
TOPC 16: TESTING YOUR SCENARIO ............................................................................... 44
2
Copyright © 2003 by Syngress Publishing, Inc.
How to Cheat…
Before you Begin
Deploying Exchange 2000 can be a very simple or very complex process. The complexity of your
deployment will depend on several factors—but mostly it will depend on the complexity of your existing
messaging environment. If you currently have no messaging system or if your existing messaging system
consists of one or two servers running Exchange Server 5.5, then deployment is a fairly simple process.
However, if your existing messaging system supports 225,000 users across four continents and 500
physical locations with varying levels of network connectivity and reliability, your Exchange 2000
deployment may be a tad more complex.
One of the unique aspects of upgrading from Windows NT 4.0 and Exchange Server 5.5 to
Windows 2000 and Exchange 2000 is that two “directories” are being upgraded or consolidated into a
single Active Directory. Windows NT 4.0 was only the security subsystem for Exchange Server 5.5.
Exchange Server 5.5 has its own directory. Windows NT 4.0 accounts are associated with Exchange
Server 5.5 mailboxes, but they are two different directories (if you can call the NT 4.0 Security Account
Manager—or SAM—a directory). Exchange 2000 lost its directory to Windows 2000 Active Directory.
The Windows 2000 security subsystem is Active Directory, not an NT 4.0 SAM. This means that when
you upgrade your Windows NT 4.0 SAM to Active Directory you also will be upgrading your Exchange
Server 5.5 directory to Active Directory, consolidating the two into a single directory.
This poses several challenges that must be carefully planned for and tested. Microsoft has
provided the tools to manage this process effectively, but it’s up to you to make sure the tools are used
correctly and in the proper order. This white paper will give you the information you need to upgrade
your directories to Active Directory.
Upgrading the directory is only half the story. Everything else needs to be upgraded from
Exchange Server 5.5 to Exchange 2000. This includes mailbox servers, connectors, public folder servers,
and bridgehead servers. Fortunately this process is fairly straightforward. The main challenge here is
getting from point A to point B. If you have ten Exchange Server 5.5 sites you want to consolidate into
three Exchange 2000 routing groups spanning two Administrative Groups, the process becomes more
complex and requires more planning. As you can see, the key word here is
planning
.
Before we delve into the complexities of upgrading from Exchange Server 5.5 to Exchange 2000,
there are some basic deployment strategies that can and should be used during deployment. Also, if you
are not upgrading from a previous version of Exchange but are migrating from a different messaging
system such as cc:Mail or Lotus Notes, you will likely deploy Exchange 2000 and migrate messaging
data from your existing messaging environment to the new Exchange 2000 organization. This type of
Exchange deployment, a so-called green field deployment, simply takes an Exchange 2000 design and
deploys it across the organization. The term
green field
is used to symbolize rolling out the product onto a
green field of grass that has never been touched. It is something we Exchange administrators dream of.
Copyright © 2003 by Syngress Publishing, Inc.
3
Deploying Exchange 2000
TOPIC 1: Preparing Active Directory
Exchange 2000 makes a considerable number of changes to the Active Directory schema and
configuration partition. These changes are made when the first Exchange 2000 server is installed in the
Active Directory forest. They are necessary to support the objects and attributes required by Exchange
2000.
A single schema and configuration partition exists for every Active Directory forest. The Active
Directory schema and configuration partitions are hosted on each and every domain controller in the
forest; they can only be modified by members of the Active Directory Schema Administrators Group.
This means that when Exchange Server 2000 setup makes changes to the Active Directory schema and
configuration partition, these changes must be replicated throughout the Active Directory forest to each
domain controller. It also means that an administrator who is a member of the Schema Administrators
Group must install the first Exchange 2000 server.
This poses a couple of issues:
• The Schema Administrators Group should contain a very limited number of administrators,
most of whom will likely be centralized at one or two locations within the company.
Typically, these administrators are not your Exchange implementers. It is impractical in a
large organization to think these members of the Schema Administrators Group are the only
administrators in the company who could run Exchange 2000 setup.
• It would be best if many schema modifications could be made early in the deployment of
Active Directory, well before Exchange 2000 is deployed, so that the Exchange 2000 schema
modifications could be included in the schema during the Active Directory deployment. This
would avoid an excessive replication overhead when Exchange 2000 is finally deployed.
• Don’t wait until your Exchange deployment plan to perform modifications to your Active
Directory Schema. You want to make these changes in the early stages of your Active
Directory/Windows 2000 deployment of domain controllers.
These potential difficulties with Exchange deployment were discovered during the Exchange
2000 beta process. Exchange 2000 setup always installed the product, but also performed special
modifications to Active Directory when first run. The answer was to create a setup switch that ran a
special Exchange 2000 setup process.
Using Forestprep
This setup switch is named /forestprep. Forestprep is run once by a Schema Administrator to prepare your
Active Directory for Exchange 2000 by making changes to the Active Directory schema without actually
installing Exchange 2000.
As seen in the following figure, forestprep makes the necessary changes to the Active Directory
schema and establishes the Exchange 2000 organization by making modifications to the Active Directory
configuration partition.
4
Copyright © 2003 by Syngress Publishing, Inc.
How to Cheat…
Exchange 2000 Setup Schema Modifications
If your organization will deploy Exchange 2000, but is currently in the planning or deployment
phase of your Windows 2000 project, then consider incorporating the Exchange 2000 schema and
configuration partition changes into your Active Directory deployment by using forestprep at the early
stages of your Active Directory deployment.
This can be done by having a Schema Administrator run forestprep in the root domain on the
Active Directory domain controller designated as the Schema Master over a weekend—or whenever the
schema and configuration partition changes can be replicated across the organization efficiently and
without impacting system performance.
When running Exchange 2000 setup with the forestprep switch, Exchange 2000 setup will prompt
you for the following information:
• Your 25-digit product identification code. This code is located on the Exchange 2000
compact disc jewel case.
• An indication that tells whether you are creating a new Exchange 2000 organization or
joining an existing Exchange Server 5.5 organization. You must have the service account
name and password if joining an existing Exchange Server 5.5 site. You must also have the
Exchange version of the Active Directory Connector (ADC) installed in the forest.
• The organization name. This should be defined in your Exchange 2000 design or functional
specification. Choose this name wisely, because it cannot be changed.
Copyright © 2003 by Syngress Publishing, Inc.
5
Plik z chomika:
darekisap
Inne pliki z tego folderu:
Syngress - Building Multi Protocol Label Switching Networks (2003).chm
(20098 KB)
Syngress - Cell Phones And Wireless Service Plans (2002).pdf
(4269 KB)
Syngress - CheckPoint Next Generation Security (2002).pdf
(8714 KB)
Syngress - C# for Java Programmers (2002).pdf
(7306 KB)
Syngress - Cisco Security Specialist's Guide to PIX Firewall (2002).pdf
(11031 KB)
Inne foldery tego chomika:
156 database ebooks
Ajax
Apache & Tomcat
Apress
ASP.NET
Zgłoś jeśli
naruszono regulamin