Active Directory and Exchange 2000 Server

Published: May 21, 2001

Find information about Exchange 2000 Server and Active Directory directory service dependencies and requirements by reviewing the following sections:

• New Exchange 2000 Server Users

• Existing Exchange Server 5.5 Users Planning to Upgrade to Exchange 2000 Server

New Exchange 2000 Server Users

Benefits of Exchange 2000 Server Using Active Directory

The integration of Exchange 2000 Server and Microsoft Windows 2000 reduces costs by providing a single point of administration for all networking and messaging resources. Using Active Directory and the Microsoft Management Console (MMC) reduces the number of administrators needed to run network and messaging systems and simplifies technician and administrator training.

The use of Exchange Server with Windows 2000 Active Directory also makes system planning and deployment easier, since directory structures are already in place for a unified messaging and network infrastructure. There is no need to deploy this infrastructure separately for the messaging system. This results in a cost reduction in planning, hardware, and software costs.

Active Directory Deployment Before Piloting or Deploying Exchange 2000 Server

Because Exchange 2000 Server utilizes Windows 2000 Active Directory, you should plan your deployment of Exchange 2000 Server before or during your Windows 2000 deployment planning. This will simplify any planned move to Windows 2000.

Active Directory does not have to be fully deployed before you are ready to pilot or deploy Exchange 2000 Server. You just need a basic Active Directory infrastructure. However, if you do deploy only a basic Active Directory infrastructure, you will not realize the full benefits of Active Directory—like unified administration, Microsoft IntelliMirror, and policy-based management.

Deploying a basic Active Directory infrastructure to support Exchange 2000 Server includes:

• Populating Active Directory with user-account information.

• Deploying global catalog servers to support Exchange 2000 Server in locating, addressing, and message routing information.

• Deploying Active Directory domain controllers to support login validation against Active Directory.

In a new deployment, you can perform the deployment of server infrastructure to support Active Directory in parallel with the servers running Exchange Server to provide the core messaging system.

Advantages of Active Directory Deployment Prior to Exchange 2000 Server Deployment

The use of Windows 2000 Active Directory with Exchange Server makes system planning easier, since directory structures are already in place for a unified messaging and network infrastructure. There is no need to deploy this infrastructure separately for the messaging system. This results in a cost reduction in planning the Exchange 2000 Server deployment.

Active Directory Advantages for Small Business Server Users

A version of Exchange 2000 Server is included in Microsoft Small Business Server 2000.

This enables companies with fewer than 50 computers to easily install a single server that provides an infrastructure with Windows 2000, Active Directory, Microsoft Internet Security and Acceleration Server (ISA Server), and Exchange Server in one simplified installation.

For companies who do not use Small Business Server, the fact that Exchange 2000 Server is integrated with Active Directory still eases administration and overall management overhead.

Existing Exchange Server 5.5 Users Planning to Upgrade to Exchange 2000 Server

Benefits of Exchange 2000 Server Using Active Directory

The integration of Exchange 2000 Server and Windows 2000 reduces costs by providing a single point of administration for all networking and messaging resources. Using Active Directory and MMC reduces the number of administrators needed to run network and messaging systems and simplifies technician and administrator training.

The integration of Exchange 2000 Server with Active Directory provides important services such as address book information for e-mail clients, directory information for efficient message routing, and an interface for centralized management.

Administrative policies make changing a wide range of objects, such as mailboxes, quick and easy. Customizable administration also makes the IT job easier. Finally, a unified Windows 2000 security model results in only one set of permissions and user accounts for administrators to manage.

The use of Windows 2000 Active Directory with Exchange Server also makes system planning and deployment easier, since directory structures are already in place for a unified messaging and network infrastructure. There is no need to deploy this infrastructure separately for the messaging system, which results in a cost reduction in planning, hardware, and software costs.

Exchange 2000 Server Deployment—Relation to Populating and Deploying Active Directory

Due to Exchange 2000 Server and Windows 2000 Active Directory integration, you should plan your deployment of Exchange 2000 Server before or during your Windows 2000 deployment planning. This will simplify any planned move to Windows 2000.

Exchange 2000 Server is a bridge to Windows 2000—a powerful tool for deploying and populating Active Directory, while still allowing you to use Microsoft Windows NT and Exchange Server 5.5 infrastructure.

You can use Active Directory Connector to populate your Active Directory with the valuable information customers have stored in the Exchange Server 5.5 directory. Then you have ongoing synchronization between Exchange Server 5.5 and Exchange 2000 Server. Over time, networking services, such as file and print validation, are added to these Active Directory accounts, simplifying the upgrade process.

In deploying Windows 2000, and piloting Exchange 2000 Server, you save time, simplify the planning and deployment process, and gain important hands-on experience with Active Directory, while still running Windows NT 5.0 and Exchange Server 5.5 infrastructure. In addition, you upgrade users to Exchange 2000 Server and Windows 2000 at your own pace. Finally, as you upgrade users to Exchange 2000 Server and Windows 2000, you realize the full cost savings of server consolidation and combined network and messaging administration.

Deploying Active Directory and Exchange 2000 Server Infrastructure includes the following steps:

1. Populating Active Directory with user account information using Active Directory Connector.

2. Deploying global catalog servers to support Exchange 2000 Server and Microsoft Outlook 2000 address lookups against Active Directory.

3. Optionally deploying Active Directory servers to validate login requests (if Windows NT 4.0 user accounts are being upgraded to Windows 2000).

4. Deploying servers running Exchange Server to store mail data. These can be either deployed as new servers, or existing Exchange 5.5 servers can be upgraded, as long as they are running Windows 2000 Server and Exchange Server 5.5 with Service Pack 3 (SP3) or later.

Active Directory Deployment Before Piloting or Deploying Exchange 2000 Server (from Exchange Server 5.5)

Since Exchange Server 5.5 and Windows NT 4.0 have been so popular and widely deployed, Exchange 2000 Server was designed to enable you to begin your Exchange 2000 Server deployments without requiring Windows NT 4.0 infrastructure to be upgraded first. Disabled mailbox accounts can be created in Active Directory and existing Windows NT 4.0 user accounts can be retained for logon validation.

Many early adopters of Exchange 2000 Server initially deployed their Active Directory infrastructure parallel to and in support of their Exchange 2000 Server deployments. Later that Active Directory infrastructure became a cornerstone of their company's Active Directory deployment.

If you choose to upgrade Windows NT 4.0 infrastructure after your Exchange 2000 Server deployment has started, you should plan carefully to avoid creating separate Active Directory forests. The benefits provided by Windows 2000, such as unified administration and a single directory are more valuable when organizations deploy a single forest.

Advantages of Active Directory Deployment Prior to Migrating to Exchange 2000 Server

The use of Windows 2000 Active Directory with Exchange Server makes system planning easier, because directory structures are already in place for a unified messaging and network infrastructure. Since there is no need to deploy this infrastructure separately for the messaging system, it also results in a planning cost reduction.

Active Directory—Fully Deployed vs. Fully Populated

Deploying Exchange 2000 Server in a Windows NT 4.0 and Exchange Server 5.5 environment does not require that the Active Directory infrastructure be fully deployed.

However, it's important to note that Exchange 2000 Server users will be going to Active Directory to retrieve address book information. For seamless mail interoperability between Exchange 2000 Server and Exchange Server 5.5, Active Directory needs to be fully populated so that e-mail users wishing to send mail to Exchange Server 5.5 users can find those users in Active Directory.

Active Directory Connector provides a way to fully populate and synchronize the information in Active Directory with the information from the Exchange Server 5.5 directory.

Active Directory and a Mixed Exchange 2000 Server and Exchange Server 5.5 Environment

With Exchange 2000 Server and Outlook 2000, you obtain e-mail address information from Active Directory. For seamless mail interoperability between Exchange 2000 Server and Exchange Server 5.5, Active Directory needs to be fully populated so that e-mail users wishing to send mail to Exchange Server 5.5 users can find them in Active Directory.

Populating Active Directory and the Role of Active Directory Connector

Active Directory Connector is a piece of software that is deployed to populate Active Directory with directory information that previously resided in the Exchange Server 5.5 directory. While customers retain mixed environments of Exchange 2000 Server and Exchange Server 5.5, it's important to keep the information in Active Directory and the Exchange Server 5.5 directory in sync. Active Directory Connector performs this task.

Upgrades of Windows NT 4.0 User Accounts Before Deploying Exchange 2000 Server

Windows NT 4.0 accounts do not need to be upgraded to Active Directory. Disabled mailbox accounts can be created in Active Directory. Existing Windows NT 4.0 user accounts can be retained for logon validation.

Migrating Users from Exchange Server 5.5 to Exchange 2000 Server

Once Active Directory Connector is in place and Active Directory is populated with user information, you have the choice of upgrading an entire Exchange 5.5 server to Exchange 2000 Server or simply moving an individual mailbox onto a new Exchange 2000 server.

Upgrading the Exchange 5.5 server requires the server first be upgraded from Windows NT 4.0 to Windows 2000 and Exchange Server 5.5 Service Pack 3 (SP3), or later, be installed.

Moving Mailboxes to Exchange 2000 Server Rather Than Doing an In-Place Upgrade

Rather than doing an in-place upgrade, moving mailboxes to Exchange 2000 Server would enable you to first test that Exchange 2000 Server is up and running before migrating an entire server. It also allows you to move a mailbox back to an Exchange 5.5 server from the Exchange 2000 server, if you have deployment issues.

Additionally, Exchange 2000 Server provides increased storage flexibility with support for multiple databases. It is expected that many will take advantage of this increased scalability in Exchange 2000 Server and choose to consolidate servers or reallocate mailboxes and storage.

If you plan on doing this, you may prefer to bypass an in-place upgrade as an interim step and instead, move directly to newer hardware and storage systems that facilitate server consolidation.

Recommendations for In-Place Upgrades vs. Moving Mailboxes to Exchange 2000 Server New Hardware

Recommendations for in-place upgrades vs. moving mailboxes to Exchange 2000 servers on new hardware are going to depend on your deployment goals. For single-server deployments, the in-place upgrade will make sense.

However, for larger enterprises with many servers to upgrade, this may not be the case. Larger enterprises will want to deploy a test server well in advance of performing an in-place upgrade. Once the test server is up and running, you may choose to do a combination of mailbox moves and in-place upgrades to support your server consolidation and/or deployment goals.

A Deployed Active Directory Connector, a Fully-Populated Active Directory, and Upgrading a Windows NT 4.0 User Account to an Active Directory Account

If Active Directory Connector has been deployed, user information for the Windows NT 4.0 users already exists in Active Directory in the form of a disabled user account. This disabled account has no security rights in the Active Directory forest and includes all the Exchange Server 5.5 directory information such as e-mail address, office location, and phone number.

When the Windows NT 4.0 account is upgraded to a Windows 2000 Active Directory account, a fully-enabled account in Active Directory is created in addition to the existing Active Directory account. By running the Active Directory Cleanup Wizard you can merge the directory information on the disabled account with the new, security-enabled Active Directory account. The new Active Directory account retains existing security privileges, including rights to access an Exchange Server 5.5 mailbox if the mailbox has not yet been upgraded to Exchange 2000 Server.

Exchange 2000 Server Deployment and Active Directory Forests in a Mixed Environment

Deploying Exchange 2000 Server and Active Directory forests in a mixed environment where an organization needs a single, global messaging system is common scenario. In some cases there may be multiple Windows 2000 forests and even Windows NT 4.0 domains that the Windows 2000 and Exchange 2000 Server deployment teams have little control over.

Since Exchange 2000 Server must exist within an Active Directory forest, select a single forest where Exchange 2000 Server will reside. In this selected Active Directory forest populate Active Directory with Exchange 2000 Server mailboxes for all existing accounts in that forest. Then, for accounts in other forests or Windows NT 4.0 domains, create disabled mailbox accounts in Active Directory and associate them with the corresponding account in the external forest or Windows NT 4.0 domain. This will allow users in other forests or domains to be given access to their mailbox, even though Exchange 2000 Server is installed in a different Active Directory forest.

For More Information

To learn more, check out the following Exchange Server and Active Directory resources:

• Exchange 2000 Server in Six Steps

• Upgrading from Exchange Server 5.5 to Exchange 2000 Server: A Six-Step Case Scenario

• Events and Webcasts: Learn the basic and advanced concepts of Active Directory from experts

Vist the Microsoft Seminar Online site to view the following seminars:

• Deploying Exchange 2000 Server: A Practical Overview for Upgrading Exchange Server 5.5

• Deploying Exchange 2000 Server: Upgrading from Exchange Server 5.5 (Part 2)

• Advanced Active Directory Integration