Preparing your Active Directory for Exchange 2007

When implementing Microsoft Exchange Server 2003 in your Active Directory you had to perform an setup /ForestPrep and setup /DomainPrep. With Microsoft Exchange Server 2007 things get a little more complicating since you now have to perform four steps:

  • setup /PrepareLegacyExchangePermissions
  • setup /PrepareSchema
  • setup /PrepareAD
  • setup /PrepareDomain or setup /PrepareAllDomains

The last two steps bear a certain resemblance with the ForestPrep and DomainPrep command, where the first two are definitely new. Here’s what they do:


The setup /PrepareLegacyExchangePermissions command must be run if you have any servers running Microsoft Exchange Server 2003 or Microsoft Exchange 2000 Server and you must run it logged in as a member of the Enterprise Admins group.

Essentially, you must run the setup /PrepareLegacyExchangePermissions command so that the Exchange 2003 or Exchange 2000 Recipient Update Service functions correctly after you update the Active Directory schema for Exchange 2007, because of the new Exchange-Information property set. Here‘s a detailed description of the changes made by setup /PrepareLegacyExchangePermissions.

If you’re about to run the PrepareSchema step you might skip this step, because the setup /PrepareSchema command can do it for you. If you add a new domain to your forest and you want to install Exchange Server 2003 or Exchange 2000 Server in this domain, or if users in this domain will log on to mailboxes on Exchange Server 2003 or Exchange 2000 Server servers in other domains, you must run setup /PrepareLegacyExchangePermissions again after you run Exchange Server 2003 or Exchange 2000 Server DomainPrep.


The setup /PrepareSchema command performs the Schema Updates needed by Microsoft Exchange Server 2007. Here‘s a list of all the changes made by this command in a vanilla Active Directory schema. Of course you can extract more information from the ldf files that are used by the setup program. You must run at is a member of the Enterprise Admins and as a member of the Schema Admins group and you must run this command on a computer that is in the same domain and the same Active Directory site as the schema master.


The setup /PrepareAD command configures global Exchange objects in Active Directory, creates the Exchange Universal Security Groups (Exchange Organization Administrators, Exchange Recipient Administrators, Exchange View-Only Administrators, Exchange Servers and Exchange2003Interop) in the root domain, and prepares the current domain.

You have to be a member of the Enterprise Admins group to successfully perform this command. If you have existing Exchange Server 2003 servers you also have to be a member of the Exchange Organization Administrators group.

If you haven’t performed the PrepareSchema step the PrepareAD command can make these changes. When your also performing the PrepareAD command with an account that is a member of the Schema Admins group is can perform the PrepareLegacyExchangePermissions command as well.


The setup /PrepareDomain, setup /PrepareDomain:Domainname and setup /PrepareAllDomains commands all prepare domains other than the domain where your Schema Master is located. The difference between the commands is the scope in which they operate. You have to be a member of the Enterprise Admins group or you must be a member of the Domain Admins group in any domain that you will prepare.


The system requirements for Microsoft Exchange Server 2007 prohibit you from performing an in-place upgrade of existing Exchange servers. There is also no direct upgrade path to it for servers running Microsoft Exchange Server 5.5 or Microsoft Windows Small Business Server 2000. Companies with Microsoft Exchange 2000 Server on Microsoft Windows 2000 Domain Controllers face an overcomplicated migration scenario.

There are four steps to prepare your Active Directory for Microsoft Exchange Server 2007. In a simple Active Directory configuration (where you only have one domain in one forest) you only have to perform the setup /PrepareAD command and perform it with an account that is member of the Enterprise Admins and the Schema Admins group. (assuming members of the Enterprise Admins group are also members of the Domain Admins group, which is default)

Categorised as: Microsoft, Windows Upgrade

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.