Troubleshooter: Running Domainprep on the Root Domain

We're preparing to deploy Exchange Server 2003. Our Active Directory (AD) design has a root domain, which won't contain any Exchange servers or user mailboxes, and one child domain. Do we need to run Exchange Setup with the /domainprep switch in the root domain?

In most cases, the answer is yes, you must run Setup with the /domainprep switch so that the Exchange DSAccess service will work properly. DSAccess needs the ability to contact domain controllers (DCs) in every domain in your organization, although it might not ever take advantage of that ability. Therefore, the DC must have a system ACL (SACL) entry that grants permissions on the DC. These SACL entries are stamped by means of the Recipient Update Service (RUS). Microsoft recommends that you have one RUS instance in each forest's root domain, plus one RUS in each domain that hosts users or Exchange servers. If there's no RUS in the root domain, DSAccess can't talk to any Global Catalog (GC) servers in the root domain, and that's exactly where many administrators put all their GC servers. However, if you're sure that you'll never have any user objects in the root domain, you have at least one GC server in a domain on which you will run Domainprep, and that domain also contains a RUS instance, then you don't need to run Domainprep on the root domain.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.