Basics of installing Exchange 2003
We are a small company with ten users and want to install exchange server 2003 with OWA. We installed a new windows 2003 server already. Can someone describe the process step by step of installing Exchange including what we need to do in order to have our emails redirected from our current host (earthlink) to our new exchange server? I know we need to change our MX record to point to our public ip address which then redirects to our internal ip address of the exchange server. The public ip address will be setup on a CISCO router hosted and maintained by CBeyond.
Thank you.
January 20th, 2007 5:39pm
here are the steps in short;
1. Install Active Directory (kb 324753) - note, you should never use your public fqdn for your internal domain. it is recomended to use company name.local or .domain)
2. In the tcp/ip properties of the server change the primary dns ip from 127.0.0.1 to the ip of the new domain controller & restart the server
3. Log in to domain controller, Create new Reverse lookup DNS zone for your internal ip subnet and configure aforwarder for all other domains(kb 323445),
4. Copy the Administrator account in Active Directory Users & Computers to create an Exchange Service Account, set the password to never expire and cannot be changed
5. Log into the server as the Exchange Service Account
6. Run Forest Prep > {path to install files}\setup\i386\setup.exe /forestprep
7. Run Domain Prep > {path to install files}\setup\i386\setup.exe /domainprep
8. Install pre-requisites, Add/Remove Windows Components > ASP.NET, IIS, SMTP, NNTP should all be installed
9. Run the Setup process, do a typical installation
10. Move the Databases and logs to the desired locations (kb 821915)
11. Correct your Deafult Recipient Policy in ESM (kb 285136) & create an SMTP connector to route mail using DNS. (kb 265293) DO NOT ENABLE THE RELAY CHECK BOX
12. Create all your user accounts on the domain and mailboxes.
13. Create a NAT rule on your Firewall / router which maps your MX record IP to your Internal Exchange Server IP.allow ports 25 & 80
14. Join all workstations to the domain, setup outlook profiles for the users to use MS Exchange Server, You should now be able to send/receive email quite fine. To access webmail your users can navigate to http://mx_record_name/exchange then log in using their windows user name and password.
Hope this is helpful.
Free Windows Admin Tool Kit Click here and download it now
January 21st, 2007 2:29pm
Thanks for an excellent reply! Very informative!
I will follow your steps this week.
Let me know tell you what's happened so far.
There is one existing Windows 2003 server with one primary domain with AD. They named it domain.com (domain is their company name)! Will that be a problem?
Also, the server does not have a static ip address. It is DHCP and uses a CISCO router from CBeyond.I installed windows 2003 server on a new Dell this weekend but not AD. I assumed it would be done by default.
When I tried to use dcdiag I get errors regarding the DNS... can't communicate with schema or primary domain, etc.
forestprep can't even launch because of DNS errors too. We used DNS ip addresses taken from the other server.What should it be?
Whats the best way to determine the exact name of the primary domain? I've seen it listed differently in separate areas.Sometimes longer, sometimes shorter.
I tried using dcpromo on the new server but again fails due to dns
January 21st, 2007 11:14pm
The Paisano wrote:
Thanks for an excellent reply! Very informative!
I will follow your steps this week.
Its a Pleasure, there are so many people out there who try these vanilla implementations without finding out the basics and then wonder why their setup never works properly, truth is, its actually very simple to do it once n do it right.
The Paisano wrote:
Let me know tell you what's happened so far.
There is one existing Windows 2003 server with one primary domain with AD. They named it domain.com (domain is their company name)! Will that be a problem?
This is not a huge problem, in my experience 9/10 domains work fine with this config. The main issue here though (in simple terms) is that DNS see's your internal domain as the public one and can get confused. i.e. it cannot differentiate between the public and private domains. Shouldn't be a problem if you have a small network with not many hosted services but can be on larger networks which host & publish many applications / services.
If I were you, and this was a pretty new config, I would run the DCpromo tool to demote the domain controller and then run the tool again to promote it with an internal domain name. This may not be viable in your case and should it not be don't let it worry you too much. It can still work as is.
The Paisano wrote:
Also, the server does not have a static ip address. It is DHCP and uses a CISCO router from CBeyond.I installed windows 2003 server on a new Dell this weekend but not AD. I assumed it would be done by default.
When I tried to use dcdiag I get errors regarding the DNS... can't communicate with schema or primary domain, etc.
OK this is a HUGE problem, firstly ALL servers should have a static IP address, you cannot afford to have them changing ip's randomly its going to pose a problem to clients trying to connect to them. You MUST assign an IP to the server, and specify itself as the primary DNS. Additionally your DHCP scope needs to be modified so it hands out the internal DNS servers IP address or your clients are going to have trouble logging into the domain and accessing resources.
I am not surprised you cannot communicate with the Domain, you are most likely pointed to the public DNS, which is does not hold the correct records for the internal services/hosts such as your DC / AD.
My guess is it also takes a long time for clients who are domain members to log in to the network?
IT IS IMPORTANT TO THE FUNCTIONING OF ACTIVE DIRECTORY THAT ALL OBJECTS ON THE INTERNAL NETWORK REGISTER WITH THE INTERNAL DNS, IT IS WHERE ALL SERVICE RECORDS AND NAME RECORDS ARE HELD FOR THE DOMAIN AND ALSO WHERE ALL NAME RESOLUTION TAKES PLACE. In short, without a properly working internal DNS authority, your domain will never work properly.
A good working insternal DNS server should be able to resolve Internal FQ domain name to IP's of Name Servers, IP addresses to Server Names, server netbios names and fqdns names to ip as well as be able to resolve public domain names to ip addresses (note not the reverse in this case - this is done using forwarders & considered non-authoritative)
You can test DNS on the local machine using the nslookup tool.
If your internal DNS cannot furnish you with quick authoritative responses to the above tests STOP, look for DNS config white papers and methodically troubleshoot & reconfigure your DNS server until its in a healthy state before continuing. I cannot stress the IMPORTANCE of a working dns server.
The Paisano wrote:
forestprep can't even launch because of DNS errors too. We used DNS ip addresses taken from the other server.What should it be?
The DHCP server should be set to hand out the addresses of the internal DNS servers.
The Paisano wrote:
Whats the best way to determine the exact name of the primary domain? I've seen it listed differently in separate areas.Sometimes longer, sometimes shorter.
I tried using dcpromo on the new server but again fails due to dns
The domain name is completely private and upto the person/company who it belongs to. I personally like to use something like Company.Local, Company.private, Company.internal, company.domain, or domain.local but then its upto you at the end of the day.
I think if you manage to fix DNS on the first DC, this shouldnt be too hard, just assign a static IP to the server with itself as the prefered DNS, create a reverse lookup zone for your internal IP Range and set the forwarders to point to the public DNS then restart the server, you should end up with less problems- you can then assign another static IP to your exchange server using the DC as its DNS and run the appropriate tools, note: this server should be a member of the domain with the exchange service account explicitly added to the local admins at minimum.
You can then also change your DHCP scope to use the internal DNS server as primary for all dynamic addresses.
One more thing for you to consider, it is not really recomended (no matter how small the deployment) to have only 1 DC on a network. There are many reasons for this but the primary is in case of disaster. You may want to consider making the exchange server and additional DC and secondary DNS for your domain. This should just be a case of installing DNS on the server and running DCPROMO provided you have your dns on your first domain controller working fine.
Once it has been promoted you could run your forestprep and domain preps, then exchange setup, configure your default recipient policy and connector.
Good luck. Let me know how you get on.
Free Windows Admin Tool Kit Click here and download it now
January 22nd, 2007 6:18am
Thanks Johan for all your assistance! We truly appreciated you taking the time to walk us thru all of our issues via chat for hours over the course of a couple of days!
Your expertise was invaluable! You not only helped us but educated and trained us at the same time!
Thanks again so much!
Pai
January 29th, 2007 6:33pm