A DAG is set up in the Exchange Server organization. The next step is to…
Prepare Active Directory and domains for Exchange Server
You want to prepare Active Directory (AD) schema and domains for Exchange Server. Before you prepare Active Directory and domains for Exchange, install Exchange Server prerequisites. After that, you can install Exchange Server in the organization.
Table of contents
Information
Before you start, sign in to the Windows Server that will be the Exchange Server, and go through these steps:
- Install the latest Windows Updates
- Restart after installing Windows Updates
- Join the server to the domain
Download Exchange Server
Before you can prepare AD for Exchange Server, you need to download the Exchange Server ISO. Go to the following page to get a list of the latest Exchange Server CUs. The page will show the Exchange Server build numbers and release dates. Find the Exchange Server version that you like to install. Next, download and save the ISO image.
In our example, we will install Exchange Server 2016. At the moment of writing, the latest version for Exchange Server 2016 is Exchange Server 2016 CU16. The release date is March 17, 2020. The build number is 15.1.1979.3.
Which Exchange Server CU should you install?
We recommend downloading and installing the latest version of Exchange Server. Each CU is a complete installation of Exchange that includes updates and changes from all previous CUs. You don’t need to install any previous CUs or Exchange Server RTM first.
Prerequisites extending the Active Directory
Before extending the Active Directory schema, the following needs to be installed on the Exchange Server:
- .NET Framework must be installed
- The RSAT-ADDS feature must be installed
- Account needs to be added to the Schema Admins and Enterprise Admins security groups
Install .NET Framework
.NET Framework is already installed if you have followed Install Exchange Server prerequisites. If you didn’t, find the correct .NET Framework version on the Exchange Server supportability matrix. Go to the download page of .NET Framework and download the appropriate version.
In our example, we have to install .NET Framework 4.8. If the download finishes, right-click the file and choose run as administrator. Install the .NET Framework on the Exchange Server. Restart when the installation completes.
Note: You can extend the Active Directory Schema from the domain controller or any other server in the organization. The feature RSAT-ADDS is already installed on the domain controller. If you want to prepare the schema on the Domain Controller, you only need to install the .NET Framework. Some organizations have different teams because of different administrative responsibilities in the environment.
Install RSAT-ADDS feature
RSAT-ADDS feature is already installed if you have followed Install Exchange Server prerequisites. Suppose you didn’t install the RSAT-ADDS feature. Run PowerShell as administrator. Run the Install-WindowsFeature cmdlet, including the RSAT-ADDS feature.
Install-WindowsFeature RSAT-ADDSThe below output appears.
Success Restart Needed Exit Code Feature Result
------- -------------- --------- --------------
True No Success {Remote Server Administration Tools, Activ...Schema Admins and Enterprise Admins security groups
Before you can extend the schema, your account needs to be a member of the Schema Admins and Enterprise Admins security groups. Open Active Directory and add both groups to your account if it’s not set already. These are high privilege groups. We recommend removing your account from the groups when you’re done with this task.
Note: If you’ve just added yourself to these groups, you’ll need to log out and back into the server for the new group membership to take effect.
Prepare Active Directory Schema
The first step in getting your organization ready for Exchange Server is to extend the Active Directory schema. Exchange stores a lot of information in Active Directory, but before it can do that, it needs to add/update classes and attributes.
In File Explorer, right-click on the Exchange Server CU ISO image file and select Mount. It will mount the ISO image to a drive. For example, the E:\ drive. The E:\ drive contains the Exchange installation files. Make sure to mount the Exchange ISO image before proceeding to the next step.
Run Command Prompt as administrator. Run the following command to extend/prepare the schema for Exchange Server.
E:\Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /PrepareSchemaYou will see the COMPLETED messages in the output. The extend/prepare schema for Exchange Server went successfully.
Microsoft Exchange Server 2016 Cumulative Update 16 Unattended Setup
Copying Files...
File copy complete. Setup will now collect additional information needed for installation.
Performing Microsoft Exchange Server Prerequisite Check
Prerequisite Analysis COMPLETED
Configuring Microsoft Exchange Server
Extending Active Directory schema COMPLETED
The Exchange Server setup operation completed successfully.Prepare Active Directory
After the Active Directory schema has been extended, you can prepare other parts of Active Directory for Exchange Server. During this step, Exchange will create containers, objects, and other items in Active Directory to store information. The collection of the Exchange containers, objects, attributes, and so on is called the Exchange organization.
If you followed the article, you are already a member of the Schema Admins and Enterprise Admins security groups. Open Active Directory and add both groups to your account if it’s not set already. These are high privilege groups. We recommend you to remove your account from the groups when you’re done with this task.
Note: If you’ve just added yourself to these groups, you’ll need to log out and back into the Server for the new group membership to take effect.
If you do not already have an Exchange organization, you’ll need to provide a name for the organization.
Note: You need to select a name for the Exchange organization. The organization name is used internally by Exchange. It isn’t typically seen by users and doesn’t affect the functionality of Exchange. Also, it doesn’t determine what you can use for email addresses. The organization name can’t contain more than 64 characters and can’t be blank. Valid characters are A to Z, a to z, 0 to 9, hyphen or dash (-), and space, but leading or trailing spaces aren’t allowed. You can’t change the organization name after it’s set.
Run Command Prompt as administrator. Run the following command to prepare Active Directory for Exchange Server.
E:\Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /PrepareAD /OrganizationName:"EXOIP"The below output appears.
Microsoft Exchange Server 2016 Cumulative Update 16 Unattended Setup
Copying Files...
File copy complete. Setup will now collect additional information needed for installation.
Performing Microsoft Exchange Server Prerequisite Check
Prerequisite Analysis 100%
Setup will prepare the organization for Exchange Server 2016 by using 'Setup /PrepareAD'. No Exchange Server 2013 roles
have been detected in this topology. After this operation, you will not be able to install any Exchange Server 2013
roles.
For more information, visit: https://learn.microsoft.com/Exchange/plan-and-deploy/deployment-ref/readiness-checks?view=exchserver-2016
Setup will prepare the organization for Exchange Server 2016 by using 'Setup /PrepareAD'. No Exchange Server 2010 roles
have been detected in this topology. After this operation, you will not be able to install any Exchange Server 2010
roles.
For more information, visit: https://learn.microsoft.com/Exchange/plan-and-deploy/deployment-ref/readiness-checks?view=exchserver-2016
Configuring Microsoft Exchange Server
Organization Preparation COMPLETED
The Exchange Server setup operation completed successfully.If you’re installing Exchange Server into an existing Exchange organization, you do not need to specify the organization name.
Run Command Prompt as administrator. Run the following command to prepare Active Directory for Exchange Server.
E:\Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /PrepareADPrepare Active Directory domains
The final step to get Active Directory ready for Exchange is to prepare each of the Active Directory domains where Exchange will be installed. This step creates additional containers, security groups and sets permissions so that Exchange can access them.
If you have more than one domain, you can run the following command in Command Prompt to prepare all the domains for Exchange Server.
Note: If you have only one domain, you can skip this step because the /PrepareAD command in the previous step has already prepared the domain for you.
E:\Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /PrepareAllDomainsThe below output appears.
Microsoft Exchange Server 2016 Cumulative Update 16 Unattended Setup
Copying Files...
File copy complete. Setup will now collect additional information needed for installation.
Performing Microsoft Exchange Server Prerequisite Check
Prerequisite Analysis COMPLETED
Configuring Microsoft Exchange Server
Prepare Domain Progress COMPLETED
The Exchange Server setup operation completed successfully.Check Exchange Active Directory versions
After you prepare AD for Exchange Server, you like to check if the Active Directory is updated. Run PowerShell as administrator. Make sure that you set the Execution Policy to Unrestricted. If you don’t, the script will not run.
Set-ExecutionPolicy Unrestricted -ForceDownload the script Get-ADversions.ps1 and run it. For more information, read the article check Exchange Schema version with PowerShell. You can also run the following commands one by one.
# Exchange Schema Version
$sc = (Get-ADRootDSE).SchemaNamingContext
$ob = "CN=ms-Exch-Schema-Version-Pt," + $sc
Write-Output "RangeUpper: $((Get-ADObject $ob -pr rangeUpper).rangeUpper)"
# Exchange Object Version (domain)
$dc = (Get-ADRootDSE).DefaultNamingContext
$ob = "CN=Microsoft Exchange System Objects," + $dc
Write-Output "ObjectVersion (Default): $((Get-ADObject $ob -pr objectVersion).objectVersion)"
# Exchange Object Version (forest)
$cc = (Get-ADRootDSE).ConfigurationNamingContext
$fl = "(objectClass=msExchOrganizationContainer)"
Write-Output "ObjectVersion (Configuration): $((Get-ADObject -LDAPFilter $fl -SearchBase $cc -pr objectVersion).objectVersion)"How to confirm the Exchange Active Directory versions? Visit the page Exchange schema versions to get a list of the object versions.
That’s it!
Conclusion
You learned how to prepare Active Directory (AD) and domains for Exchange Server. Go through the steps as shown and ensure that you set up everything before you proceed further. The next step is to install Exchange Server in the organization.
Did you enjoy this article? If so, you may like Disable Windows Firewall with PowerShell. Don’t forget to follow us and share this article.
What Others Are Reading
This is also worth nothing. 😉
https://learn.microsoft.com/en-us/exchange/troubleshoot/administration/error-when-running-setup-prepareschema
Hello Ali,
thanks for your courses, they are very helpful.
I have a question about a new subdomain.
If we have an existing Exchange-Organization and we want to add a new subdomain to an existing domain.
Should we perform :
1-prepare ad schema ?
2-prepare ad domain ?
3-prepare all domain ?
I just created a new subdomain from EAC but I can not create a new mailbox from new created subdomain. I am getting following error :
“The call to Microsoft Exchange Active Directory Topology service on server ‘TopologyClientTcpEndpoint (localhost)’ returned an error. Error details No suitable domain controller was found in domain ‘new.subdomain.com'”
Thank you for your advices.
Emre
I’m from ancient times when Exch version was 2003. I was not aware that they complicate so much than before any deployment it is required AD preparation in order to AD version fit the installation setup 🙂
Thank you for this eXcellent article !
Hello all,
I have a similar question to Firat. We’re upgrading from Ex2010 to Ex2016. AD already has all of the containers but what happens to the existing 2010 attributes, folders, permissions etc…? I’m not quite sure what happens with the existing structure.
They both can exist without affecting the current AD exchange groups?
Everything will stay in place. You can safely prepare Active Directory and domains for Exchange Server 2016 in an Exchange Server 2010 organization.
Hi,Exchange Server 2019 CU11 or 2016 CU22 or later is changed, Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /PrepareSchema
That’s correct.
I updated the switch in the article.
More information about this change is covered in the articles:
– Cumulative Update 22 for Exchange Server 2016
– Cumulative Update 11 for Exchange Server 2019
Hello Ali,
Thanks for sharing this valuable information, I learn a lot from your essays. I would like to ask one question. To get informed of the following 3 questions is very important for me. If you can answer the following questions, I will be happy. T
1- If I already have an Exchange organization, is it still required to apply /PrepareAD? (I am asking if it specifies the organization name)
2- If I already have an Exchange organization, is it still required to apply /PrepareAllDomains?
3- If I already have an Exchange organization with lower versions of Domain Controllers which support new Exchange Server Installation, is it still required to apply /PrepareSchema?
Hi Fırat,
You’re welcome.
That depends. Sometimes you don’t have to run the commands, and sometimes you have. You can check the current Exchange Schema version and compare it with the Exchange Server version you install (new installation or CU upgrade). This way, you can tell if you need to run the commands or not.
If you’re still unsure, just run the commands. It will not hurt. Another way is to run the Exchange Setup wizard, and it will do it all for you.
More information: Check Exchange Schema version with PowerShell
Great post
Kind regards,
Harrell