Exchange 2007 SP1 Setup Domain Controller Requirements

  • Article

OK.  I've heard lots of complaints about Exchange 2007 and the fact that when you run setup, the pre-requisite checks will fail if you have multiple domains in your forest, and one of those domains doesn't have a Windows 2003 SP1+ domain controller.  That's fair enough.  Some of those child domains may not have an existing Exchange server, or may not even host exchange-enabled objects.

As many of you know, we changed the behavior of setup for Sp1, however the documentation still is being misinterpreted.  The new pre-requisite check will now check child domains during the /preparelegacyexchangepermissions portion of setup, and will look for the "Exchange Domain Servers" group.  If it finds that group present, then that domain must contain a Windows 2003 Sp1+ DC.  If you are in this situation, you have 2 options.  If you don't have any Exchange objects in that child domain, AND YOU ARE SURE OF THIS, then you can remove the Exchange Domain Servers group from that domain.  When you then run setup again, that domain will be skipped from the pre-requisite check.

See https://msexchangeteam.com/archive/2007/11/01/447411.aspx for more details around this.

Alright, so now you know about the SP1 install requirements, and when a Windows 2003 Sp1+ DC is required.  The next question is, can I temporarily install a Windows 2003 SP1+ DC in a child domain that I am not ready to upgrade to Windows 2003 yet?  The answer is that this is not a good idea.  In fact, I'd go one step further and say that this will create huge problems.  Let's talk about why.

Exchange 2000/2003 stores exchange-related information in the Personal and Public property sets.  These property sets contain both Active Directory information (such as Street Address, phone number) AND Exchange information (msExchHomeServerName, proxyaddresses).  It was decided that it would be a good thing to have Exchange store it's attributes in a separate Exchange-specific property set, so Exchange 2007 creates two new property sets, Exchange Information and Exchange Personal Information.  When /preparelegacyexchangepermissions is run, part of it's operation is to move the existing Exchange attributes into the new Exchange property sets.

See https://technet.microsoft.com/en-us/library/bb310768.aspx for more information about these property sets.

So what's the problem?  The problem is that these new Exchange property sets can only get replicated between Windows 2003 Sp1+ Domain Controllers.  If you introduce a temporary Windows 2003 Sp1 Domain Controller in a child domain just so you can run setup to install the first Exchange 2007 server, then you later remove it, the other Windows 2000 Domain Controllers in that domain do not know about the new Exchange property sets.  Since the Exchange attributes have already been moved to the new property sets, you can see how this could be disastrous for your company.  Imagine having mailboxes in a child domain and the domain controllers in that domain no longer have any knowledge of any Exchange attributes.  Not Good.

The moral of the story here is to make sure that you understand the pre-requisites and don't shoot yourself in the foot by trying to work around the setup requirements.