Exchange Server 2003 – Active Directory Modifications
2011-01-21 Updated
2011-01-15 Initial Post
I know Exchange Server 2003 is old by now, but the client I work for still uses it, so I had set up my own test environment at home. I've worked with Exchange since 5.5, so it's not new to me. I'm also certified on Exchange Server 2007, so I'm up-to-date on the current versions.
I'm posting these screenshots and notes up here for reference. These show some of the AD modifications that are made when Exchange is installed/AD prepared. Exchange Server 2007 and 2010 basically modify AD the same way, so this is good to know. Here's a good article on what ForestPrep and DomainPrep do to AD. Note that in Exchange Server 2007 and 2010, ForesPrep and DomainPrep are no longer used, and PrepareSchema and PrepareAD are used instead.
Since so much Exchange configuration data is stored in AD, this allows you to recover a failed Exchange server by pulling down its Exchange configuration data on a replacement server using special Exchange setup switches. For 2003, the switch is /DisasterRecovery and for 2007 it's /M:RecoverServer.
^ Figure 01. The Microsoft Exchange System Objects container (it's a container, not an OU) is created and contains system mailboxes for all Exchange servers.
^ Figure 02. The Exchange Enterprise Servers domain local group is created to contain all the Exchange Domain Servers groups from each domain (that's if you have Exchange servers in multiple domains, which is not common). Note: I only have a single domain forest.
^ Figure 03. For each domain that has Exchange servers, the Exchange Domain Servers group in that domain contains all the domain's Exchange servers. Note: I only have a single domain forest and currently one clustered Exchange server, which is why you only see the two server nodes in this group.
^ Figure 04. This is not an area where you'll most likely ever need to go to, but the Services container in Active Directory Sites and Services (ADS&S) contains objects in the Exchange organization. It almost looks like what you'd see in Exchange System Manager (ESM), but you'll notice that the properties of the Exchange objects, such as the storage group object shown, don't have any real Exchange settings.
^ Figure 05. The same view from ESM. You can see in the area of the right arrow that ESM exposes more settings for the storage group. And in the area of the left arrow, you see that the mailbox stores can be expanded further, which is not the case in the view from ADS&S where the mailbox store is on the right pane as a leaf object that cannot be further expanded.
^ Figure 06. This is the view from ADSI Edit looking at the forest's Configuration partition/naming context. Since all domains in a forest share the same Configuration partition, this is one of the reasons (if not THE reason) that there can only be one Exchange org per AD forest.
This is really where Exchange stores its configuration data. ADS&S and ESM are just other interfaces to the data here and they don't expose all the attributes/settings shown here. As you can see, it doesn't look as pretty as ESM, but you can edit all the AD-stored Exchange settings from here. I specifically mentioned "AD-stored Exchange settings" because some Exchange settings, such as mailbox permissions, are stored in the mailbox object within the Exchange database.
You can see that the storage group's "transaction log location" is actually an attribute named "msExchESEParamLogFilePath" and it shows the same exact value as seen in ESM. In the circled area, you'll notice that the mailbox stores are leaf objects, but if you look at their properties, you'd see a bunch of settings similar to the storage group's. This is pretty much the lowest level in AD that you'd go to if you ever need to make changes to Exchange that cannot be done via the other GUI tools.
One case where you'd need to use ADSI Edit instead of ESM is mentioned in this MS KB. ESM only allows a mailbox store's size limit property to be between 0 and 2097151 (2 GB). You must use ADSI Edit to enter a value above 2097151. This same limitation also applies to individual user mailbox size limits in Active Directory Users and Computers (ADUC).
