Force Exchange groups and OU to be created in the child domain
After running setup /PrepareAD on a child domain controller (with Schema role) the Container “Microsoft Exchange Security Group”
is created in our Place Holder domain. How can we force the Exchange 2007 or 2010 setup to create these groups and OU in the child domain? We want our PlaceHolder domain to be clean as possible.
Regards,
Jean-Philippe
July 28th, 2010 11:26pm
I Dont think you can change that. Not sure why you would want to regardless. The empty root domain concept is rather outdated and not something many would implement now if given the choice as it doesnt offer much benefit.
Regardless, I am not aware of any supported way to change that.
Free Windows Admin Tool Kit Click here and download it now
July 28th, 2010 11:34pm
Hi AndyD_
On the site below I found an article where it state that it is possible by change “the otherWellKnownObjects attribute during the setup /p. The big question related
to this information is, what are the exact steps?
And fyi: we introduced the place holder for two reasons. Protect our schema and having the ability to create another domain next to the production.domain.local.
http://technet.microsoft.com/en-us/library/bb310792(EXCHG.80).aspx
Regards,
Jean-Philippe
July 28th, 2010 11:49pm
My interpretation of that is that you can just move them to another OU after the fact. During Setup /p , they are automatically registered in a known location so that Exchange will always be able to find them. The paragraph is just
explaining WHY you can move them, not describing a procedure.
The full text: "By default, these security groups are located in the root domain in the Microsoft Exchange Security Groups organizational unit. They can be moved to different organizational units and also to other domains in the forest. Moving the groups
in the forest is supported because these groups have two unique properties: a well-known GUID and a distinguished name that can change. By using these two properties and adding them to the forest’s
otherWellKnownObjects attribute during the Setup /PrepareAD task, Exchange can find the security group anywhere in the forest. The directory service will handle updating the distinguished name (DN) of the object when
it is moved. In this manner, Exchange does not require a fixed location in the directory."
See
http://www.msexperts.org/blogs/cam/archive/2007/10/22/otherwellknownobjects-the-family-relatives-you-do-actually-want-to-know.aspx
As for whether you can move them to another DOMAIN, well that's unclear. (Wouldn't they have their own groups?)
Free Windows Admin Tool Kit Click here and download it now
July 29th, 2010 2:25am