How to Provision Exchange 2007 Server and Delegate Setup
Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3
This topic explains how to provision a server and delegate the set up and installation of Exchange.
Provisioning a server allows Exchange to be installed later by using delegated setup. This procedure allows a delegated account to install single Exchange servers in your domain, without being a member of the Exchange Organization Administrators group. You cannot install the first instance of an Exchange server in your domain by using a delegated account. You must install the first Exchange server by using an account that is a member of the Exchange Organization Administrators group and local Administrators group. You can then install subsequent Exchange using a delegated account.
You can use Setup.com /NewProvisionedServer to accomplish this task. The Setup.com /NewProvisionedServer command performs the following tasks:
It creates the server object within the configuration partition: CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<Root Domain>
It adds the following access control entries to the server object within the configuration partition for the delegated account:
Full Control on the server object and its children
Deny access control entry for the Send As extended right
Deny access control entry for the Receive As extended right
Deny CreateChild and DeleteChild permissions for Exchange Public Folder Store objects
Note
Public folders are administered at an organizational level, therefore the creation and deletion of public folder stores is restricted to Exchange Organization Administrators.
It adds the computer account to the Exchange Servers group.
It adds the server as a provisioned server in the Exchange Management Console.
The delegated account is added to the membership of the Exchange Organization View-Only Administrators role.
Running the Setup.com /NewProvisionedServer with the /ServerAdmin:<UserName> parameter provisions the server and creates an Exchange Server Administrator account for that server. The account designated in the /ServerAdmin parameter will have the same rights as an Exchange Server Administrator account that is delegated through the Exchange Management Console.
Note
The ServerAdmin parameter only works with setup if you use the /NewProvisionedServer parameter. You cannot use the ServerAdmin parameter to add an Exchange administrator. To add an Exchange administrator, use the Add Exchange Administrator wizard in the Exchange Management Console or the Add-ExchangeAdministrator cmdlet in the Exchange Management Shell.
For clustered mailbox servers, you must perform additional steps. For more information about how to perform a delegated installation of clustered mailbox servers, see How to Perform a Delegated Setup of a Clustered Mailbox Server.
Before You Begin
To run Setup.com /NewProvisionedServer, the account you use must be delegated the Exchange Organization Administrator role.
For more information about permissions, delegating roles, and the rights that are required to administer Microsoft Exchange Server 2007, see Permission Considerations.
Note
A delegated Exchange Server Administrator account does not have permissions to delegate Setup /NewProvisionedServer permissions to another user.
Procedure
If Exchange Server is installed on the computer where you are provisioning, you can run the Setup.com command with associated arguments from the Run line or in Command Prompt. If the computer that you are running the Setup.com command from does not have Exchange installed, you must insert the Exchange Server 2007 DVD into the computer, and run the Setup.com command from the root directory of the DVD.
To provision the local server
Run the following command:
Setup.com /NewProvisionedServerNote
Running this command provisions the local server, but does not delegate a user.
To provision a remote server
Run the following command:
Setup.com /NewProvisionedServer:ServerName
To provision a server and delegate an Exchange Server Administrator
Run the following command:
Setup.com /NewProvisionedServer:"ServerName" /ServerAdmin Contoso\User1
You can create an Exchange Server Administrator for this server in the Exchange Management Console. For more information about how to add users to Administrator roles, see How to Add a User or Group to an Administrator Role.
For more information about Exchange permissions, see Permission Considerations.
Important
A delegated user cannot uninstall an Exchange server. Uninstalling or removing Exchange servers requires an account that is a member of the Exchange Organization Administrators group and local Administrators group.
De-Provisioning a Server
Exchange 2007 Setup can also be used to de-provision a server object. This process removes the provisioned server object from the configuration partition.
To de-provision the local server
Run the following command:
Setup.com /RemoveProvisionedServer:"ServerName"Note
Running this command provisions the local server, but it does not delegate a user.