Installing Exchange Server 2010 in an Exchange Server 2003 environment (part 1) - Upgrading the Active Directory

1/20/2011 11:23:04 AM
Before installing the first Exchange Server 2010 server into an existing Exchange Server 2003 environment, a number of prerequisites have to be met:
  • All domains in the existing Active Directory forest containing Exchange Recipients have to be running in native mode.

  • The Active Directory forest has to be running on a Windows Server 2003 forest functionality level.

  • Each site in Active Directory should have at least one Domain Controller, and the Global Catalog server needs to be on a Windows Server 2003 SP2 level. Although not required, it is recommended to have 64-bit type Domain Controllers and Global Catalog Servers for best performance.

  • The Schema Master of the Active Directory needs to be a Windows Server 2003 SP2 or Windows Server 2008 server. This can be either a 64-bit or an 32-bit server.

  • All Exchange 2003 servers must have Service Pack 2 installed.

In addition to that, the server where Exchange Server will be installed also needs to meet the following prerequisites:

  • The server needs to be a 64-bit computer.

  • Windows Server 2008 SP2 or Windows Server 2008 R2 64-bit needs to be installed.

  • Internet Information Server needs to be installed.

  • Windows Remote Management (WinRM) 2.0 needs to be installed.

  • PowerShell 2.0 needs to be installed.

  • .NET Framework 3.5 SP1 needs to be installed.

Depending on the version of Windows 2008 you're using (i.e. Service Pack 2 or R2), a number of hotfixes will also need to be installed. I would strongly recommend that you bring your server up to date with the latest hotfixes from Microsoft Update, preferably before you perform this installation.

To make the process of installing prerequisites as painless as possible, the Exchange Server product group has created a series of XML files that can be used to automatically install Internet Information Server on your computer, together with the other prerequisites for Exchange Server 2010. These files are located on your installation media in the "scripts" directory.

To install the Internet Information Server (and other prerequisites) in a configuration needed to support, for example, an Exchange Server 2010 Client Access Server, you can use the "Exchange-CAS.xml" file with the following command:

If you are using Windows Server 2008 R2, you will get a warning about ServermanagerCmd.exe being deprecated under Windows Server 2008 R2, but it still works fine – go ahead and run it.

Figure 1. Use ServerManagerCmd.exe to install Internet Information Server.

1 Exchange Server 2010 order of installation

Although Exchange Server 2010 can be installed into an existing Exchange Server 2003 environment – in the same forest and the same domain – there are some issues with compatibility, and you have to take the installation order of the Exchange Server 2010 servers into account.

  • First – Exchange Server 2010 Client Access Server. The Client Access Server can work with an Exchange Server 2003 Mailbox Server as well as an Exchange Server 2010 Mailbox Server.

  • Second – Exchange Server 2010 Hub Transport Server. Between the Hub Transport Server and the Exchange 2003 (front-end) server, a so called "Interop Routing Group Connector" will be created to enable SMTP messages to be sent back and forth between the two environments.

  • Third – Exchange Server 2010 Mailbox Server role. After you've installed the Mailbox Server role and established a proper Public Folder replication between Exchange Server 2003 and Exchange Server 2010, you can start moving mailboxes to the new Mailbox Server.

  • The Exchange Server 2010 Edge Transport Server role can be installed at any time during the upgrade, but the Edge Transport Server features are only fully available when the Exchange Server Hub Transport Server is installed.


An in-place upgrade to Exchange Server 2010 is NOT supported in any scenario!

2 Installing Exchange Server 2010

Although you will need to install each of the Exchange Server 2010 server roles in a specific order, these roles can of course be combined on one machine.

Installing Exchange Server 2010 into an existing Exchange Server 2003 environment is pretty straightforward. The process can be broken down into the following easy steps:

  • Exchange Server readiness check (as part of the Best Practices Analyzer).

  • Upgrading the Active Directory Schema.

  • Upgrading the Exchange organization.

  • Upgrading the Active Directory domain.

  • Installing the first Exchange Server 2010 server.

When you start the GUI setup application of Exchange Server 2010 (setup.exe), all these steps will be performed automatically in the correct order. I'll go through them in more detail here because you can use the command-line version of setup if you want to fully control the options and execution of the setup program.


The first step, running the Exchange Server Best Practices Analyzer readiness check, was not available during the beta timeframe of Exchange Server 2010. It will be made available in a future release.

2.1 Upgrading the Active Directory

The first step in changing your configuration for Exchange Server 2010 is upgrading the Active Directory schema to the Exchange Server 2010 level. You can achieve this by opening a command prompt on the Active Directory schema master from the Exchange Server 2007 installation media, and running the following commands:

The first command, with /PrepareLegacyExchangePermissions, grants new permissions to ensure that the Recipient Update Service in Exchange Server 2003 continues to run correctly after the schema change to Exchange Server 2010 (which is performed in the next step). The /PrepareLegacyExchangePermissions must be performed before the actual upgrade of the Schema, which is what the second command does.

If you want to change the Schema on a computer that's not the Schema Master, you have to make sure that the LDIFDE application is available on that computer. You can install this by opening a command prompt and entering the following:

You can check what version your schema is, or check if the upgrade was successful, using a tool like ADSIEDIT or LDP.EXE and checking the CN=ms-Exch-Schema-Version-Pt object in the Active Directory schema. After the schema change, its "rangeUpper" property should have the value 14529 (or higher, as this value is for Beta1 of Exchange Server 2010 and will change with later versions). Just so you know, the property can have the following values:

ValueCorresponding Exchange version
6870Exchange Server 2003 RTM
6936Exchange Server 2003 service pack 2
10628Exchange Server 2007
11116Exchange Server 2007 service pack 1
14622Exchange Server 2007 service pack 2
14622Exchange Server 2010

Figure 2. Check the schema version. This schema is on the Exchange Server 2010 level.


If you have multiple domain controllers in your Exchange Server environment, you'll have to wait for the Domain Controller replication to finish before you continue to the next step.

After upgrading the Schema, the current Exchange Server 2003 organization can be upgraded to support Exchange Server 2010. To do this, run the following command from the Exchange Server 2010 installation media:

This simple command automatically configures the global Exchange objects in Active Directory (residing in the Active Directory Configuration container), creates the Exchange Universal Security Groups in the root of the domain, and prepares the current domain for Exchange Server 2010.

It also creates the Exchange 2010 Administrative Group called "Exchange Administrative Group (FYDIBOHF23SPDLT)" and Exchange 2010 Routing Group called "Exchange Routing Group (DWBGZMFD01QNBJR)" if they didn't already exist.

Figure 3. Exchange Universal Security Groups created during the /PrepareAD option.

To verify that this step completed successfully, make sure that there is a new organizational unit (OU) in the root domain called Microsoft Exchange Security GroupsFigure 3. and that this container contains the groups shown in

After running the setup.com application with the /PrepareAD switch, the newly created Administrative Group will show up in the Exchange Server 2003 System Manager, as you can see in Figure 4.

Figure 4. The Exchange Server 2010 Administrative Groups shows up after running setup.com /PrepareAD.

The last step in preparing your environment for the implementation of Exchange Server 2010 is to prepare the Active Directory domain (or domains) for Exchange Server 2010. The domain is prepared by running the following command from the Exchange Server 2010 installation media:

When you have multiple domains holding Exchange Recipients in your Active Directory forest, and you want to prepare all domains in one step you can replace the /PrepareDomain with /PrepareAllDomains.

This sets the necessary permissions on the Exchange Server container in Active Directory, as well as for the Exchange Servers, the Exchange Administrators and Authenticated Users. It also creates a new Global Group called "Exchange domain servers" in the domain where the command is run. This Global Group is only used for installing Exchange Server 2010 servers in a child domain, in a site other than the root domain. The setup program uses this to avoid installation issues when the Domain Controllers haven't yet fully replicated all the updated information.

After performing these easy steps, the Active Directory and Exchange Server environment is fully prepared for the installation of the first Exchange Server 2010 server!

  •  Exchange Server 2010 Coexistence : Coexistence with Exchange Server 2003
  •  Sharepoint 2007: Personal Sites and Personal Details (Available Only in MOSS)
  •  Exchange Server 2007: Administrate Transport Settings - Implement Email Address Policies
  •  Exchange Server 2007: Administrate Transport Settings - Work with Accepted Domains
  •  Exchange Server 2007: Recover a Non-Mailbox Role
  •  Installing Microsoft SharePoint Server 2010
  •  Examining SharePoint Installation Prerequisites
  •  Examining Real-World SharePoint 2010 Deployments
  •  Installing Exchange Server 2010 : Post-setup configuration (part 2) - Add a certificate to the Client Access Server role
  •  Installing Exchange Server 2010 : Post-setup configuration (part 1)
  •  Exchange Server 2007: Design and Deploy Disaster Recovery Settings - Use Dial-Tone Restores
  •  Exchange Server 2007: Design and Deploy Disaster Recovery Settings - Work with Recovery Storage Groups
  •  Exchange Server 2007: Design and Deploy Disaster Recovery Settings - Implement Database Portability
  •  Sharepoint 2007: Specify Your Colleagues
  •  Sharepoint 2007: Modify the Links in the SharePoint Sites Web Part
  •  Sharepoint 2007: Get Started with Your Personal Site
  •  Sharepoint 2007: Create a Personal Site
  •  Exchange Server 2007 : Backup and Recover Data (part 2) - Backup and Recovery with Server 2008
  •  Exchange Server 2007 : Backup and Recover Data (part 1) - Backup and Recovery with Server 2003
  •  Exchange Server 2007 : Design and Deploy Disaster Recovery Settings - Recover Deleted Items and Mailboxes
    Top 10
    The State Of Smartphones
    SQL Server 2008 Command-Line Utilities : The sqlservr Command-Line Utility
    Windows 7 : Working with the Windows Firewall (part 3) - Configuring Advanced Firewall Security & Troubleshooting Advanced Firewall Problems
    Understand Security Improvements in Windows Server 2008
    How to buy: SSDs for 2012
    Understanding Microsoft Exchange Server 2010
    Network Programming with Windows Sockets : A Thread-Safe DLL for Socket Messages
    Hashing Algorithms: Extending the .NET Framework (part 1)
    iTunes Entertainment Weekly - Music
    Mouse Events in Silverlight
    Most View
    Algorithms for Compiler Design: PROPERTIES OF REGULAR SETS
    SharePoint 2010 : Operations Management with the SharePoint Central Administration Tool (part 2) - Administering System Setting Tasks in SPCA
    .NET Compact Framework : Drawing Text
    Strip HTML of Tags
    Windows 7 : Exploring and Searching Your Computer - Exploring Your Documents
    Mobile Application Security : WebOS Security - Code Security
    Mobile Application Security : SymbianOS Security - Code Security
    Angry Bird Space - They are back (Part 2)
    Windows 7 : Troubleshooting Problems with Windows Media Center
    Using Brushesin XAML
    Advanced ASP.NET : Component-Based Programming - Properties and State
    SQL Server 2008 : Monitoring Your Server - Monitoring Your CPU
    Introducing Windows Phone 7 Photo Features (part 1) - Using a Chooser to Take Photos
    Introducing IIS 7
    Programming with DirectX : Additional Texture Mapping - Image Filters
    CSS for Mobile Browsers : CSS Techniques
    iPhone Application Development : Using Advanced Interface Objects and Views - User Input and Output
    Exchange Server 2010 : Backup and Disaster Recovery Planning
    Working with the Automated Help System
    Managing User Account Control and Elevation Prompts