How to Create and Configure the Exchange Virtual Server Organizational Unit

This topic explains how to create and configure the Exchange Virtual Server OU for the purposes of hardening an Exchange Cluster.

Before You Begin

It is highly recommended that you read Running Exchange Server 2003 Clusters in a Security-Hardened Environment before implementing this procedure.

Procedure

To create and configure the Exchange Virtual Server OU

1. In Active Directory Users and Computers, click View, and then click Advanced Features.

2. Connect to a domain controller that resides in the same Active Directory site as the Exchange clusters that you will be updating. Right-click Active Directory Users and Computers <domain_name>, click Connect to Domain Controller, type the name of the appropriate domain controller, and then click OK.

3. Right-click Member Servers, point to New, and then click Organizational Unit.

4. In New Object - Organizational Unit, type Exchange Virtual Servers, and then click OK.

5. Right-click the Exchange Virtual Servers OU, and then click Properties.

6. In Exchange Virtual Servers Properties, on the Group Policy tab, select the Block Inheritance policy check box. In addition, under Group Policy Object Links, verify that there are no GPOs listed, and then click OK. If there are GPOs listed, select them, click Delete, and then click OK.

7. In Exchange Virtual Servers Properties, on the Security tab, click Advanced.

8. In Advanced Security Settings for Exchange Virtual Servers, on the Permissions tab, click Add.

9. In Select User, Computer, or Group, select the name of the cluster service accounts, and then click OK.

10. In Permission Entry for Exchange Virtual Servers, in the Apply onto list, select This object and all child objects. Under Permissions set the Full Control permission to Allow, and then click OK.