Understanding the Different Combinations of Exchange and Windows Server

The different supported combinations of Exchange and Windows Server are listed here:

  • Exchange Server 5.5 is supported on the following Windows versions:
    • Windows NT 4 Server.
    • Windows 2000 Server.
    • Can only replicate data to Active Directory and from Active Directory through the Active Directory Connector (ADC).
      • Exchange 2000 Server is supported on the following Windows versions:
        • Windows 2000 Server with Service Pack 1 or higher.
        • Reliant on Active Directory.
        • Can be installed on a member server or on domain controller.
      • Exchange Server 2003 is supported on the following Windows versions:Planning an Exchange Server 2003 Infrastructure
        • Windows Server 2003.
        • Windows 2000 Server with Service Pack 3 or higher.
        • Reliant on Active Directory.
        • Can be installed on a member server or on domain controller.

      There are also a number of Exchange Server 2003 features that are not supported when Exchange Server 2003 is installed on Windows 2000 Server:

      • IPSec support to secure front-end and back-end clusters.
      • Cross-forest Kerberos authentication.
      • IIS 6 enhanced security features.
      • HTTP access from Outlook 2003.
      • SharePoint Portal Server Web Parts.
      • Volume Shadow Copy feature.
      • Real-time collaboration.

      The following Exchange Server 2003 features are only supported when Windows Server 2003 Enterprise Edition is being used:

      • 8 node clusters.
      • 8 way PIII Xeon Processors.
      • Supports 8-way P4 XeonMP Processors.
      • Mount point support.

      Planning for Exchange Server 2003 Implementation

      When planning for an Exchange Server 2003 implementation, it is recommended that you create an Exchange Server 2003 design document that encompasses the following aspects of the Exchange Server 2003 implementation:

      • Company objectives.
      • Document the existing Exchange design.
      • Determine Exchange Mailbox server placement.
      • Determine front-end servers.
      • Determine Bridgehead servers.
      • Determine Global Catalog placement.
      • Determine the number of Exchange Organizations.
      • Determine the number of Administrative Groups.
      • Determine the number of Storage Groups.
      • Determine the number of Routing Groups.
      • Determine whether to use Mixed Mode or Native Mode.
      • Determine the following for each server:
        • Role of each server.
        • Recovery requirements.
        • Redundancy requirements
      • Determine Recipient policies.
      • Determine the virus protection strategy.
      • Determine the administrative model.
      • Determine Recipient policies.
      • Determine System policies.
      • Determine the Exchange monitoring strategy.
      • Determine the Exchange backup strategy.
      • Determine the Exchange recovery strategy.

      You should consider building an Exchange test environment, which should include the following:

      • Creation of Exchange Server 2003 in the testing lab.
      • Testing of your Exchange design.
      • Testing of Exchange failover and recovery.
      • Testing of email operations.
      • Testing of email features.

      When dealing with complex multiple domain environments, the factors listed below should be considered:

      • Security groups should be created for each existing administrative role. The appropriate members should be added to these security groups.
      • Consider setting up a deployment team that includes messaging administrators and Active Directory administrators. It is recommended that one administrator have permissions for Windows Server and Exchange Server 2003.
      • The existing Active Directory design should be examined for any weaknesses before you install Exchange.
      • Before installing Exchange Server 2003, attempt to combine the domains into fewer Windows domains

      As a component of your planning phase, you have to determine whether any third-party applications are going to be added to improve on your Exchange implementation:

      • Antivirus scanning.
      • Spam filtering.
      • Fax software.
      • Backup.

      Exchange Server 2003 Hardware Requirements

      The minimum hardware requirements for installing Exchange Server 2003 are listed here:

      • Processor – Pentium 133.
      • Operating system – Windows 2000 Server with Service Pack 3.
      • Memory – 256 MB RAM.
      • Disk space – 200 MB on system drive.
      • Disk space – 500 MB on partition being used for Exchange installation.
      • File system requirements: Exchange Server 2003 must be installed on a NTFS partition. This includes the following partitions and files:
        • System partition.
        • Partition being used for the following:
          • Exchange database files.
          • Exchange transaction logs.
          • Exchange binaries.
          • All other Exchange files.
      • Drive – CD-ROM drive.
      • Display – VGA at least.

      The hardware requirements recommended for a cluster server configuration are detailed below:

      • A central hard disk system that is common to the nodes in the cluster.
      • A local hard disk on each node for the operating system and any additional program files.
      • Dedicated LAN link between the cluster nodes.
      • TCP/IP support between the cluster and clients.

      The recommended hardware requirements for installing Exchange Server 2003 are listed here:

      • Processor for Exchange Server 2003 Standard Edition – Pentium III 500.
      • Processor for Exchange Server 2003 Enterprise Edition – Pentium III 733.
      • Operating system – Windows Server 2003.
      • Memory – 512 MB RAM.
      • Disk space – 200 MB on system drive.
      • Disk space – 500 MB on partition being used for Exchange installation.
      • File system requirements: Exchange Server 2003 must be installed on a NTFS partition. This includes the following partitions and files:
        • System partition.
        • Partition being used for the following:
          • Exchange database files.
          • Exchange transaction logs.
          • Exchange binaries.
          • All other Exchange files.

      Use separate physical disks for the Exchange binaries, Exchange database files, and Exchange transaction logs.

      • Drive – CD-ROM drive.
      • Display – SVGA at least.

      Windows Services and Components Required for Exchange Server 2003

      Because of Windows and Exchange integration, there are a number of Windows Server 2003 components and services that have to be installed and enabled before you can install Exchange Server 2003.

      These Windows services are:

      • Simple Mail Transfer Protocol (SMTP) service.
      • Network News Transfer Protocol (NNTP) service.
      • World Wide Web service.
      • Microsoft ASP.NET.
      • Microsoft .NET Framework.

      In order to install your first Exchange 2003 server, the Active Directory infrastructure and DNS has to be running, and running correctly and efficiently, that is, with no errors. Exdeploy can be utilized to move through all the necessary pre-installation health checks before you run the Exchange Server 2003 Setup program.

      Impact of Windows on the Exchange Server 2003 Installation

      Since Windows forms the basic infrastructure for an Exchange Server 2003 installation, there are a number of factors which have to be considered before you proceed with your Exchange Server 2003 installation. These factors are:

      • Global Catalog placement: The Global Catalog server has to be available for the recipient’s address to be resolved when messages are addressed by users. The Global Catalog maintains the address list which a user utilizes to address a message.
      • When planning Global Catalog placement, consider the following recommendations:

      • For each Active Directory site that has an Exchange 2003 server, you should minimally have one Global Catalog server.
      • For large Active Directory sites, you should have at least two Global Catalog servers to provide redundancy.
      • For single Active Directory domain models, you should consider making all your domain controllers Global Catalog servers.
      • For performance optimization, place the Global Catalog server close to the clients so that fast address list access is assured.
      • To reduce the overhead realized with having Global Catalog servers in each Active Directory site, ensure that the design of your Active Directory site is sound and optimized.
      • You can utilize the Active Directory Replication Monitor (ReplMon) utility to assist you with determining how many Global Catalogs are required in the Active Directory forest.
      • Windows Mixed or Native Mode: With mixed mode, mailboxes cannot be moved between various administrative groups. Servers from the same administrative group reside in a routing group. Native mode should be utilized when you are not utilizing any prior Exchange Server versions. With native mode, routing groups can include servers from many administrative groups. None of the prior limitations of the previous versions of Exchange are applicable in native mode. It is impossible to switch from native mode to mixed mode.
      • Group type utilized: Group type could become a major planning and design issue if you are running multi-domain Windows 2000 Active Directory environments or Windows 2003 Active Directory environments.
      • A few important changes made with regard to groups are listed here:
        • The distribution lists which was utilized by the Exchange 5.5 version has been replaced by Windows 2000 groups in Exchange Server 2003.
        • The distribution lists utilized by the Exchange 5.5 version has been replaced by distribution groups in Active Directory.
        • A Windows 2000 or Windows 2003 distribution group is identical to the Exchange 5.5 version distribution list, other than it not being assigned permissions on an access control list.

      A few important factors on how group types affect visibility are listed here. Visibility refers to the ability of users being able to view the domain membership of a group:

        • Domain Local group: Domain membership does not appear in the Global Catalog. This means that the users in a domain can only view membership of domain local groups from their own specific domain. While they can view the group entry in the Global Address List (GAL) for domain local groups from different domains, they cannot view membership details.
        • Global group: Domain membership does not appear in the Global Catalog. This means that the users in a domain can only view membership of global groups from their own specific domain. While they can viw the group entry in the Global Address List (GAL) for global groups from different domains, they cannot view membership details.
        • Universal group: Domain membership appears in the Global Catalog. This basically means that users are able to view membership of the group, irrespective of the location of the group.

      You need to define security groups so that you can assign permissions for Exchange resources, calendars and public folders. A security group is a collection of users who have the same permissions to resources, and the same rights to perform certain system tasks. These are the groups to which you assign permissions so that its members can access resources. Security groups therefore remove the need for an Administrator to individually assign permissions to users. Users that need to perform certain tasks can be grouped in a security group, and then assigned the necessary permissions to perform these tasks. Each user that is a member of the group would have the same permissions. In addition to this, any e-mail sent to a security group is received by each member of that particular group.

      The different group scopes make it possible for groups to be used differently to assign permissions for accessing resources. The scope of a group defines the place in the network where the group will be used or is valid. This is the degree to which the group will be able to reach across a domain, domain tree, or forest. The group scope also determines what users can be included as group members.

      With domain local group, the functional level set for the domain determines which members can be included in the domain local group.

        • Windows 2000 Mixed: User accounts, computer accounts, and global groups from any domain can be added as group members.
        • Windows 2000 Native / Windows Server 2003: User accounts, computer accounts, global groups, and universal groups from any domain can be added as group members. You can also add other domain local groups from the same domain as group members.

      With Global groups, the domain functional level set for the domain determines which members can be included in the global group.

        • Windows 2000 Mixed: Only user accounts and computer accounts from the domain in which the group was created, can be added as group members.
        • Windows 2000 Native / Windows Server 2003: User accounts, computer accounts, and other global groups from the domain in which the group was created, can be added as group members.

      With Universal groups; user accounts, computer accounts, global groups, and other universal groups, from any domain in the Active Directory domain tree or forest can be defined as members. This basically means that you can add members from any domain in the forest to a Universal group. Universal groups are not available when domains are functioning in the Windows 2000 Mixed domain functional level.

      • Extending the Active Directory schema: One of the first steps that you need to perform for an Exchange Server 2003 deployment is to extend or update the Active Directory schema. The Active Directory schema defines what types of objects can be stored in Active Directory. It also defines what the attributes of these objects are. The schema is defined by two types of schema objects or metadata. Schema class objects define the objects that can be created and stored in Active Directory. The schema attributes store information on the schema class object when you create a new class. Schema attribute objects provide information on object classes. The attributes of an object is also called the object’s properties.

      A few other elements associated with the Active Directory schema are:

        • Class Derivations define the way for forming new objec classes using existing object classes.
        • Schema Rules: The Active Directory directory service implements a set of rules into the Active Directory schema that control the manner in which classes and attributes are utilized, and what values classes and attributes can include. Schema rules are organized into Structure Rules, Syntax Rules, and Content Rules.
        • Structure Rules: The structure rule in Active Directory is that an object class can have only specific classes directly on top of it. These specific classes are called Possible Superiors.Structure rules prevent you from placing an object class in an inappropriate container.
        • Syntax Rules define the types of values and ranges allowed for attributes.
        • Content Rules dictate what attributes can be associated with a particular class.

      Before proceeding with extending the Active Directory schema, consider the points listed below:

      To find the server configured as the Schema Master,

        • You have to extend the Active Directory schema on the server assuming the Schema Master Flexible Single Master Operations (FSMOs role.
          1. Open the Active Directory Schema MMC snap-in.
          2. Right-click the Active Directory Schema.
          3. Select Operations Master to view the Schema Master server.
        • To extend the schema, the service account being used must meet the following requirements:
          1. Member of the Schema Admins group.
          2. Member of the Enterprise Admins group.
        • Bear in mind that when you extend the Active Directory schema, a full replication occurs for the following Active Directory components:
          1. Active Directory domain databases.
          2. Global catalog information.

      To extend the Active Directory schema, you will need to run ForestPrep. ForestPrep extends or updates the Active Directory schema so that the necessary Exchange 2003 classes and attributes are added.

      • Preparation of the Active Directory domain: Before you install Exchange Server 2003, you have to prepare the Windows 2000 domain or Windows Server 2003 domain that will be used to host the Exchange 2003 servers. The account which you utilize to prepare you domains by running DomainPrep, must be a member of the Domain Admins group in the specific domain. DomainPrep creates the necessary Active Directory groups and permissions that Exchange Server 2003 will change.

      DomainPrep must be run in each of these domains:

      • Forest root domain.
      • In each domain which will host Exchange Server 2003.
      • In each domain that will host Exchange mailbox-enabled objects. Whether the domain hosts an Exchange Server 2003 server is irrelevant.

      The changes made to the domain when DomainPrep is run are listed here:

      • The global security group, Exchange Domain Servers, is created.
      • The domain local security group, Enterprise Exchange Servers, is created.
      • The Exchange Domain Servers group is added to the Enterprise Exchange Servers group.
      • For the domain controller being used for the Recipient Update Service, the necessary permissions are assigned.

      Before you start to install Exchange Server 2003, verify that the following installation preparations have occurred:

      • Use the Services applet to verify that IIS, NNTP, SMTP, and the WWW services are installed and running.
      • Verify that the forest was prepared, that the Active Directory schema was extended.
      • Verify that the domain was prepared.
      • Check all relevant log files for any detected errors.

      Exchange Server 2003 Service Account Requirements

      It is recommended that the srvice account which you plan to use to install Exchange Server 2003 be a dedicated service account.

      For auditing purposes, this would enable you to more quickly determine what activities are being performed by Exchange services.

      To install Exchange Server 2003, the following permissions are needed:

      • To initially run ForestPrep in a forest to update/extend the Active Directory schema – Member of the Schema Admins group and Enterprise Admins group.
      • To run ForestPrep in a forest after the initial instance – Exchange Administrator permissions at the Exchange organization level.
      • To run DomainPrep to prepare for Exchange Server 2003 installation – Member of the Domain Admins group in the specific domain.
      • To install the initial server in the domain – Exchange Administrator permissions at the Exchange organization level.
      • To install any additional servers in the domain – Exchange Administrator permissions at the administrative group level. The machine account must be included in the Exchange Domain Servers group.
      • To install a server with Site Replication Service (SRS) – Exchange Administrator permissions at the Exchange organization level.

      Determining which Exchange 2003 Version to use

      The different versions of Exchange 2003 are:

      • Exchange 2003 Standard Edition: This version of Exchange 2003 is suited for a small organization. It also works well as a utility server in a large environment and as a bridgehead server for an Exchange organization. The Exchange 2003 Standard Edition provides the basic message server version of the software, and supports one mailbox database of up to 16GB. Exchange 2003 Standard Edition includes support for Web access, support for mobile access, and support for server recovery functionality.
      • Exchange 2003 Enterprise Edition: This version of Exchange 2003 is ideal for organizations that need more than a single 16GB Exchange messaging database, and for organizations that need to use the advanced capabilities and features of Exchange. Exchange 2003 Enterprise Edition can support a maximum of 20 Exchange messaging databases per server.

      The features not supported in the Standard version of Exchange Server 2003 are noted here:

      • Only a single database is supported.
      • The database cannot be over 16GB in size.
      • The existence of multiple databases and storage groups are not supported.
      • Clustering is not supported.
      • X.400 Connectors for remote site connectivity is not supported.

      Determining whether to use Multiple Exchange Databases and Storage Groups

      A storage group in Exchange pertains to the logical grouping of Exchange databases that have common logs.

      Exchange Server 2003 provides the following features with regard to Exchange databases:

      • You can create multiple Exchange databases on a single server.
      • You can Exchange databases bigger than 16GB.

      A single Exchange Server 2003 Enterprise version can support the following:

      • Up to 4 storage groups per server.
      • A storage group can host up to 5 databases.

      A few advantages of implementing multiple Exchange databases are listed here:

      • Having multiple smaller Exchangedatabases results in a reduction in the time needed to perform database restores.
      • You can distribute user processing load over multiple databases. This results in a reduction in the loss of user mail connectivity.
      • You can define and configure different storage limits for each database.
      • You can define and create a recovery storage group to which entire Exchange databases can be restored.

      Best Practices for Exchange Server 2003 Design

      A few best practices for Exchange Server 2003 design are lited here:

      • Exchange Server 2003 should be installed on Windows Server 2003.
      • A dedicated service account should be used to install Exchange Server 2003.
      • You should maintain a simple Active Directory design.
      • Consider decreasing the number of Active Directory sites to decrease the number of Exchange servers that need to be installed.
      • Use DNS on your Active Directory domain controllers.
      • Where simplicity is an important factor, use an external Active Directory DNS namespace.
      • Where security is an important factor, use an internal Active Directory DNS namespace.
      • Use separate physical disks for the following:
        • Exchange binaries.
        • Exchange database files.
        • Exchange transaction logs.
      • You should have a local copy of the Global Catalog near to the Exchange servers.
      • Include a backup and recovery strategy in your Exchange Server design.
      • Include an antivirus strategy in your Exchange Server design.
      • Ensure that you keep the Windows operating system and Exchange updated with regard to installation of the latest released service packs and hotfixes.
      • Supported client access methods should be matched to the proper Exchange technology.

      How to create an Exchange Server 2003 Service Account

      1. Click Start, Administrative Tools, and then click Active Directory Users And Computers to open the Active Directory Users And Computers console.
      2. In the console tree, expand the domain.
      3. Right-click the Users container and select New, and then User from the shortcut menu.
      4. When the New Object – User dialog box opens, enter the necessary information.
      5. Enter the logon name for the account in the User Logon Name field, and select the domain to which the account should be associated with.
      6. Click Next.
      7. Proceed to set the password of the service account in the Password and Confirm Password fields, and enable any applicable options available in the dialog box for the new service account.
      8. Ensure that you select the Password Never Expires option. This option is generally enabled for accounts utilized by Windows services or programs.
      9. Click Next.
      10. Click Finish.
      11. Right-click the service account that you created, and select Properties from the shortcut menu.
      12. The service account Properties dialog box opens.
      13. Click the Member Of tab.
      14. Click Add.
      15. Proceed to add the service account to the groups listed here:
        • Schema Admins group
        • Enterprise Admins group
        • Domain Admins group
      16. Click OK.
      17. Click OK in the Properties Dialog box of the service account.

      How to install the Windows services for Exchange Server 2003 implementation

      To install the SMTP service,

      1. Click Start, Control Panel, and click Add/Remove Programs.
      2. Click Add/Remove Windows Components in the Add Or Remove Programs dialog box.
      3. The Windows Components Wizard starts.
      4. Click Application Server in the Windows Components dialog box, and then click the Details button.
      5. The Application Server dialog box appears next.
      6. Click Internet Information Services (IIS) and then select the Details button.
      7. Click the SMTP Service checkbox.
      8. Click OK.

      To install the NNTP service,

      1. Click Start, Control Panel, and click Add/Remove Programs.
      2. Click Add/Remove Windows Components in the Add Or Remove Programs dialog box.
      3. The Windows Components Wizard starts.
      4. Click Application Server in the Windows Components dialog box, and then click the Details button.
      5. The Application Server dialog box appears next.
      6. Click Internet Information Services (IIS) and then select the Detailsbutton.
      7. Click the NNTP Service checkbox.
      8. Click OK.

      To install the World Wide Web service and ASP,

      1. Click Start, Control Panel, and click Add/Remove Programs.
      2. Click Add/Remove Windows Components in the Add Or Remove Programs dialog box.
      3. The Windows Components Wizard starts.
      4. Click Application Server in the Windows Components dialog box, and then click the Details button.
      5. Click the ASP.NET checkbox.
      6. Click OK.
      7. Click Internet Information Services (IIS) and then select the Details button.
      8. Click the World Wide Web Service checkbox.
      9. Click OK.

      To enable ASP,

      1. Click Start, Administrative Tools, and then click Internet Information Services (IIS) Manager to open the Internet Information Services console.
      2. In the console tree, select Web Service Extensions.
      3. Select ASP.
      4. Click Allow to enable ASP.

      How to run ForestPrep

      1. Using an account that belongs to the Schema Admins group and Enterprise Admins group, access the Windows Server 2003 server.
      2. Place the Exchange Server 2003 installation CD in the CD-ROM drive.
      3. Click Start, and then Run to access the Run command-line.
      4. Execute D:setupi386setup.exe/forestprep, where D is the drive letter for the CD-ROM drive.
      5. The Exchange Installation Wizard starts.
      6. Click Next on the Exchange Installation Wizard Welcome screen.
      7. Read and accept the End User License Agreement. Click Next.
      8. The Component Selection page is displayed
      9. Ensure that ForestPrep is selected.
      10. Provide the installation path, if necessary. Click Next.
      11. Provide the account information for the account being used to install Exchange Server 2003, and then click Next.
      12. After the ForestPrep process has run, a message dialog box is displayed, indicating that the process has been completed.
      13. Click Finish to end the Exchange Installation Wizard.

      How to run DomainPrep

      1. Using an account that belongs to the Domain Admins group, access the Windows Server 2003 server.
      2. Place the Exchange Server 2003 installation CD in the CD-ROM drive.
      3. Click Start, and then Run to access the Run command-line.
      4. Execute D:setupi386setup.exe/domainprep, where D is the drive letter for the CD-ROM drive.
      5. The Exchange Installation Wizard starts.
      6. Click Next on the Exchange Installation Wizard Welcome screen.
      7. Read and accept the End User License Agreement. Click Next.
      8. When the Component Selection page is displayed, ensure that DomainPrep is selected.
      9. Provide the installation path, if necessary. Click Next.
      10. Provide the account information for the account being used to install Exchange Server 2003, and then click Next.
      11. After the DomainPrep process has run, a message dialog box is displayed, indicating that the process has been completed.
      12. Click Finish to end the Exchange Installation Wizard.