Q. Which domains in a forest with Microsoft Exchange Server 2007 installed require a Windows 2003 SP1 domain controller (DC)?

A. There is confusion in this area. The Exchange 2007 installation process changes a schema so permission problems will stop the Recipient Update Service from working unless any domain running an earlier Exchange version--or with mailbox-enabled users--must run the /PREPARELEGACYEXCHANGEPERMISSIONS action.

You need a Windows 2003 SP1 DC in every domain where Exchange 2000 or 2003 /DOMAINPREP operates so that you can run the /PREPARELEGACYEXCHANGEPERMISSIONS step. Don’t just add a virtual Windows 2003 SP1 DC to the domain to meet the Exchange 2007 installation needs, because changes are made that only Windows 2003 SP1 DCs can understand. If you remove the DC after the changes are made, Exchange will cease functioning. Read about the topic at technet.microsoft.com/en-us/library/bb426946.aspx.

An Exchange 2007 installation checks only child domains for Exchange domain servers and Exchange enterprise server security groups. Previous versions checked all domains in a forest for a Windows 2003 SP1 DC. If a domain has the security groups, the domain was prepared for Exchange 2000 or 2003. If the two security groups aren’t found, the Windows 2003 SP1 DC requirement is ignored. See the Microsoft Team Blog at msexchangeteam.com/archive/2007/11/01/447411.aspx for more information.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.