Syngress - Deploying Exchange Server 2000 with Act

文件名称: Syngress - Deploying Exchange Server 2000 with Active Directory

所属分类: 网络安全

开发工具:

文件大小: 592kb

下载次数: 0

上传时间: 2019-08-09

提供者: drji*****

下载 (592kb)

不能下载？报告错误

详细说明：Syngress - How to Cheat - Deploying Exchange Server 2000 with Active Directory.pdfHow to cheat Before you Begin Deploying Exchange 2000 can be a very simple or very complex process. The complexity of your deployment will depend on several factors but mostly it will depend on the complexity of your existing messaging environment. If you currently have no messaging system or if your existing messaging system consists of one or two servers running Exchange Server 5.5, then deployment is a fairly simple process However, if your existing messaging system supports 225,000 users across four continents and 500 physical locations with varying levels of network connectivity and reliability, your Exchange 2000 deployment may be a tad more complex One of the unique aspects of upgrading from Windows NT 4.0 and Exchange Server 5.5 to Windows 2000 and Exchange 2000 is that two"directories are being upgraded or consolidated into a single Active Directory. Windows NT 4.0 was only the security subsystem for Exchange Server 5.5 Exchange Server 5.5 has its own directory. Windows NT 4.0 accounts are associated with Exchange Server 5.5 mailboxes, but they are two different directories(if you can call the nt 4.0 Security Account Manager--or SAM-a directory ) Exchange 2000 lost its directory to Windows 2000 Active Directory The Windows 2000 security subsystem is Active Directory, not an NT 4.0 SAM. This means that when you upgrade your windows nt 4.0 sam to Active directory you also will be upgrading your exchange Server 5.5 directory to Active Directory, consolidating the two into a single directory This poses several challenges that must be carefully planned for and tested. Microsoft has provided the tools to manage this process effectively, but it's up to you to make sure the tools are used correctly and in the proper order. This white paper will give you the information you need to upgrade your directories to Active Director Upgrading the directory is only half the story. Everything else needs to be upgraded from Exchange Server 5.5 to Exchange 2000. This includes mailbox servers, connectors, public folder servers and bridgehead servers. Fortunately this process is fairly straightforward. The main challenge here is getting from point a to point B If you have ten Exchange Server 5.5 sites you want to consolidate into three Exchange 2000 routing groups spanning two Administrative Groups, the process becomes more complex and requires more planning. As you can see, the key word here is planning Before we delve into the complexities of upgrading from Exchange Server 5.5 to Exchange 2000 there are some basic deployment strategies that can and should be used during deployment. also if you are not upgrading from a previous version of Exchange but are migrating from a different messaging system such as cc: Mail or Lotus Notes, you will likely deploy exchange 2000 and migrate messaging data from your existing messaging environment to the new Exchange 2000 organization. This type of Exchange deployment, a So-called green field deployment, simply takes an Exchange 2000 design and deploys it across the organization. The term green field is used to symbolize rolling out the product onto a green field of grass that has never been touched. It is something we Exchange administrators dream of. Copyright o 2003 by Syngress Publishing, Inc Deploying Exchange 2000 TOPIC 1: Preparing Active Directory Exchange 2000 makes a considerable number of changes to the Active Directory schema and configuration partition. These changes are made when the first Exchange 2000 server is installed in the Active Directory forest. They are necessary to support the objects and attributes required by Exchange 2000 A single schema and configuration partition exists for every Active Directory forest. The Active Directory schema and configuration partitions are hosted on each and every domain controller in the forest; they can only be modified by members of the Active Directory Schema Administrators group This means that when Exchange server 2000 setup makes changes to the active directory schema and configuration partition, these changes must be replicated throughout the Active Directory forest to each domain controller it also means that an administrator who is a member of the schema administrators Group must install the first Exchange 2000 server This poses a couple of issues The Schema Administrators Group should contain a very limited number of administrators most of whom will likely be centralized at one or two locations within the company Typically, these administrators are not your exchange implementers It is impractical in a large organization to think these members of the Schema Administrators Group are the only administrators in the company who could run Exchange 2000 setup It would be best if many schema modifications could be made early in the deployment of Active Directory, well before Exchange 2000 is deployed, So that the Exchange 2000 schema modifications could be included in the schema during the Active Directory deployment. This would avoid an excessive replication overhead when Exchange 2000 is finally deployed Dont wait until your Exchange deployment plan to perform modifications to your Active Directory Schema. You want to make these changes in the early stages of your Active Directory/Windows 2000 deployment of domain controllers These potential difficulties with Exchange deployment were discovered during the Exchange 2000 beta process. Exchange 2000 setup always installed the product, but also performed special modifications to Active Directory when first run. The answer was to create a setup switch that ran a special Exchange 2000 setup process Using Forestprep This setup switch is named/forestprep Forestprep is run once by a Schema Administrator to prepare your Active Directory for Exchange 2000 by making changes to the Active Directory schema without actuall installing exchange 2000 As seen in the following figure, forestprep makes the necessary changes to the Active Directory schema and establishes the Exchange 2000 organization by making modifications to the Active Directory configuration partition 4 Copyright c 2003 by Syngress Publishing, Inc How to cheat Exchange 2000 Setup schema Modifications Ex dhange 2000 Setu ForestPrep Schema master chema and Contiguration partition modificat ions are Domain l replicated throughout forest Domain 2 Domain 3 Active Directory If your organization will deploy Exchange 2000, but is currently in the planning or deployment phase of your Windows 2000 project, then consider incorporating the Exchange 2000 schema and configuration partition changes into your Active Directory deployment by using forestprep at the early stages of your Active Directory deployment This can be done by having a schema administrator run forestprep in the root domain on the Active Directory domain controller designated as the schema master over a weekend--or whenever the schema and configuration partition changes can be replicated across the organization efficiently and without impacting system performance When running Exchange 2000 setup with the forestprep switch, Exchange 2000 setup will prompt you for the following information Your 25-digit product identification code. This code is located on the exchange 2000 compact disc jewel case An indication that tells whether you are creating a new Exchange 2000 organization or joining an existing Exchange Server 5.5 organization. you must have the service account name and password if joining an existing Exchange Server 5.5 site. You must also have the Exchange version of the Active Directory Connector(ADC)installed in the forest The organization name This should be defined in your exchange 2000 design or functional specification. Choose this name wisely, because it cannot be changed Copyright o 2003 by Syngress Publishing, Inc Deploying Exchange 2000 The active Directory user you want to specify as the initial Exchange 2000 Administrator This account will be granted permission on the exchange 2000 objects and object containers created in the Exchange 2000 portion of the Active Directory configuration partition When you use the forestprep setup switch, ForestPrep is the only choice-as shown below when selecting components ForestPrep Component Selection Microsoft Exchange 2000 Installation wizard nt selecti lect and modify components to fit your custom solutio Click in the left column to specify the appropriate action 凸ci nt name Current ForestPrep Microsoft Exchange 20UU 5.0 匚: Microsoft Exchange Messaging and collaboration Services 6.0 Microsoft Exchange MSMail C icrosoft Exchange Connector for Lotus cc: Mail Microsoft Exchange Connector for Lotus Notes Microsoft Exchange Connector for Novell Groupwise Microsoft Exchange key Management Service Microsoft Exchange System Management Tools 5.0 Microsoft Exchange 5.5 Administrator Microsoft E xchange Chat service Microsoft Exchange Instant Messaging Service Install Path C: \Program Files\Exchsr Change Folder Drve c O ME Requested Current version: E0 Disk Information 3840 MB Remaining B Ne对> Cancel Setup will fail if you are not logged in as an Active Directory user who is a member of the Schema Administrator Group or if Exchange 2000 setup is unable to successfully write changes to the Active Directory schema WARNING Be careful when starting Exchange 2000 setup with the forestprep switch on the command line. If you misspell /forestprep, the standard Exchange 2000 setup will start and allow you to install Exchange 2000 If you run Exchange 2000 setup without first running Exchange 2000 setup with the /forestprep switch, the schema and configuration partition modifications will first be made, then Exchange 2000 will be installed. You do not have to run /forestprep before an Exchange 2000 server can be installed, but it is a best practice and recommended by Microsoft Copyright c 2003 by Syngress Publishing, Inc How to cheat TOPIC 2: Preparing Your Domains Several of the same principles that apply to forestprep also apply to the Active directory domains. An administrator who has domain Administrator permissions for that domain needs to have exchange 2000 setup do several things to each active directory domain Exchange 2000 administrators do not need any special permissions in Active Directory other than those granted them by the Exchange Delegation Wizard from within the Exchange System Manager. This means that you can have a group of Exchange 2000 administrators who can only manage the Exchange 2000 objects and object containers in Active Directory. They dont have to be domain administrators or have any other special permission in the domain. This type of division is preferred by many organizations, but can become an issue during setup when Exchange is first being installed into the Active Directory domain. This is because Exchange 2000 setup performs the following tasks A user account named euser EXStOREe VEnts is created for use with the script event An Exchange Domain Servers domain global group is created; this group contains all computers running Exchange 2000 in the domain An Exchange Enterprise Servers domain local group is created; this group contains all computers running Exchange 2000 in the enterprise Each of these groups is granted permission on objects in the Active Directory domain An administrator who has permissions in the domain can only perform these tasks by running Exchange 2000 setup with the domainprep switch Using Domainprep Domainprep is a command-line switch used during deployment to prepare each active directory domain If there are no exchange implementers in the domain who are members of the domain administrators Group then an administrator who is a member of the Domain Administrators Group can run domainprep to prepare the domain for Exchange 2000 When running Exchange 2000 setup with the domainprep switch, Domain Prep will be the only omponent you can select, as shown in the following figure Copyright o 2003 by Syngress Publishing, Inc ng Exchange 2000 Domain Prep Component selection g Microsoft Exchange 2000 Installation Wizard op elect and modify col to「 custom solution Click in the lel n to specify the iate action fo component n nt name Current Drivea P nft Exchange 200 50 Microsoft each Microsoft Exchange MSMail Connector Microsoft Exchange Connector for Lotus cc: Mail Microsoft Exchange Connector for Lotus Note: Microsoft Exchange Connector for Novell Groupwise Microsoft Exchange Key Management Service Microsoft Exchange System Management Tools 60 Microsoft Exchange 5.5 Administrator Microsoft Exchange Chat Service Microsoft Exchange Instant Messaging Service Install Patl IC: \ Program Files\Exchsryr Change Folder Dive c I MB Requested Curent version: 6.0 Disk Information 3840 MB Remaining Back Nest Cancel Setup will fail if you are not logged in as an Active Directory user who is a member of the Domain Administrators Group when domainprep is being run or when the first Exchange 2000 server is installed into the domain WARNING If you misspell /domainprep when starting Exchange 2000 setup with the domainprep switch on the command line, the standard Exchange 2000 setup will start and allow you to install Exchange 2000 If you run Exchange 2000 setup without first running Exchange 2000 setup with the/domainprep switch, the domain modifications will be made; then exchange 2000 will be installed. It is not necessary to run/domainprep before installing an Exchange 2000 server into the domain, but it is the best practicc and recommended by microsoft Copyright c 2003 by Syngress Publishing, Inc How to cheat TOPIC 3: Deploying Servers Running Exchange 2000 Exchange 2000 servers should be rolled out in a manner that provides the most efficient use of implementation resources and the most complete user experience. You would not want to deploy Exchange 2000 servers populated with user mailboxes across several routing groups, and only then connect those routing groups with connectors using bridgehead servers. A general guideline for deploying Exchange 2000 servers(not relevant when upgrading) includes Establish the Administrative Groups and apply permissions using the Exchange Delegation Wizard, per your Exchange 2000 design using Exchange System Manager Establish the Routing Groups per your Exchange 2000 design using Exchange System Manager Deploy Exchange 2000 bridgehead servers in each routing group per your Exchange 2000 design Connect routing groups with the connectors specified in your Exchange 2000 design Test connectivity Deploy mailbox and public folder servers per your Exchange 2000 design; populate with user mailboxes and public folder data Establishing the First Administrative Group When you install Exchange 2000, setup looks for a list of Administrative Groups that the new server can be installed into. If no Administrative Groups exist, such as when the first server is installed, an Administrative Group is created named First Administrative Group. It's not a very useful name and will likely not be included in your Exchange 2000 Administrative Group design To better control which Administrative Groups exist and which Administrative Groups the Exchange implementers install their servers into, you can establish all your Administrative Groups after forestprep has been run and before you install your first Exchange 2000 server Use these steps 1. Run Exchange 2000 setup with the /forestprep switch to prepare your Active directory forest 2. Run Exchange 2000 setup with the /domainprep switch to prepare your Active Directory domain 3. Run Exchange 2000 setup and only select the Exchange 2000 Management Components 4. Start the Exchange System manager and create all the administrative groups defined in your Exchange 2000 design 5. Install your first Exchange 2000 server and select the Administrative Group the server will be installed into as defined by your Exchange 2000 design or functional specification Incorporating these steps into your Exchange 2000 deployment plan will ensure that you establish the Administrative Groups before Exchange servers are installed. When your assisting Exchange implementers proceed to install their Exchange 2000 servers, they will have a complete drop-down list of Administrative Groups to choose from. There will be no question, when following the instructions provided by your deployment plan, which Administrative Group to install their server into WARNING You cannot move Exchange 2000 servers between Administrative Groups. This means that the Administrative Group selected during setup is the Administrative Group where that server will reside unless reinstalled Copyright o 2003 by Syngress Publishing, Inc Deploying Exchange 2000 Creating Administrative Groups in this way only pertains to new Exchange 2000 organizations. If you install an Exchange 2000 server into an Exchange Server 5. 5 site, the Administrative Groups will be crcated in Active Directory in the same topology as the Exchange Server 5.5 sites. This is because Exchange 2000 treats Administrative Groups like Exchange Server 5.5 sites during coexistence Deploying Exchange Using Terminal Services Windows 2000 Terminal Services is included with Windows 2000. This handy feature allows you to connect to a remote server and establish a session on that server that emulates the remote servers console It's like actually being there Excha In remote locations that willhost an exchange 2000 server, it may be desirable for you to install Exchange 2000, not the local system administrator. Finally we administrators can ensure a remote exchange installation is installed according to our requirements. This is possible using Windows 2000 Terminal Services. The local system administrator prepares the Windows 2000 server, joining the domain and installing Windows 2000 Terminal Services. You, or another Exchange 2000 implementer, then establish a Windows 2000 terminal services session with the remote server and install Exchange 2000 NOTE It is not necessary to use terminal services to manage the Exchange 2000 server. All configuration of the server is contained in the configuration partition of Active Directory and can be accomplished using Exchange System Manager. Deploying exchange on a Windows 2000 Cluster With the advances in Windows 2000 clustering and the ability to support multiple information stores on a single Active/Active Exchange 2000 cluster, the consolidation of several Exchange Server 5.5 servers into one or more large Exchange 2000 clusters with multiple information stores is becoming more popular. As seen below, many economies--including greater availability-can be realized by having fewer large servers An Exchange 2000 Cluster Shared Physical Stor Exchange 2000 Exd ange 2000 Node 2 Virtual sery Copyright c 2003 by Syngress Publishing, Inc

(系统自动生成,下载前可以参看下载内容)