When preparing Exchange 2007 in an Exchange 2003 or older environment certain commands must to ran to get the environment ready for Exchange 2007. In larger environments where the AD group and Exchange groups are segmented beware that having an administrator outside the Exchange team run Setup /p will add their account to the Exchange Org admin and an Exchange full administrator. You can safely remove the account used to run setup /p just beware the account will be added to these groups and will have full access to your Exchange environment.
From http://technet.microsoft.com/en-us/library/bb125224.aspx
To run this command to prepare every domain in the forest, you must be a member of the Enterprise Admins group. To run this command to prepare a specific domain, or if the forest has only one domain, you must be delegated the Exchange Full Administrator role and you must be a member of the Domain Admins group in the domain that you will prepare.
Setup /PrepareAD : To run this command, you must be a member of the Enterprise Admins group. If you have Exchange Server 2003 servers in your organization, you must be an Exchange Full Administrator to run this command. You must run this command on a computer that is in the same domain and the same Active Directory site as the Schema Master.
Here is a lab layout of what will happen when a Non-Exchange admin runs setup /p.
Accounts
- chcrand – Exchange Administrator
- Fran – AD administrator
1. Exchange permissions in a E2k3 environment
2. AD accounts
3. Member of for Fran
4. Run Exchange setup /pl
5. Fran’s account was not added
![clip_image002[1]](http://cbfive.com/blog/image.axd?picture=clip_image002%5B1%5D_thumb.jpg "clip_image002[1]")
6. Ran Setup /ps
7. Fran’s account was not added
![clip_image002[2]](http://cbfive.com/blog/image.axd?picture=clip_image002%5B2%5D_thumb.jpg "clip_image002[2]")
8. Ran Setup /p
9. Fran’s account was added
10. He was also set to the Exchange Org admin for E2K7
11. I removed is account in Exchange 2003 and switch out his account for chcrand in Orgs admin for E2k7. I was able to get inbound mail, send outbound mail, get internal mail, logon to OWA, logon to Outlook.
12. I ran an ExBPA and no issue related to me removing Fran’s account was generated.
13. I rebooted the Exchange servers and was still able to, get inbound mail, send outbound mail, get internal mail, logon to OWA, logon to Outlook.
14. I was also able to install Exchange 2007 with my chcrand account
Subscribe