Creating the virtual machine is straight forward, however there's a little trick with the windows 2003 machines. The integration setup can only be run with windows 2003 SP2, and without integration setup, we can't get any mouse interaction on the server.
So the idea is to copy the service pack 2 file onto the server and installed it with only keyboard interaction.
1. Create a new virtual machine. (Add in a legacy Network Device)
2. Install the VM with windows 2003 server.
3. Use keyboard (TAB, Shift-TAB, Spacebar, etc..) to navigate thru the setup wizard.
4. Once installation completes, use keyboard to navigate to network connection.
OR
you can use netsh command to key in an IP address for the server.
5. The reason we are using "Legacy network device" is because before Integration Setup is ran, the server will not recognize the normal network device. So configure "Legacy Network" connection with an IP and do a file transfer to copy the Service Pack 2 file over.
6. Run the service pack 2 file, restart as required.
7. Run the Integration Setup, restart as required.
Now the server is ready to be used as normal.
Wednesday, September 23, 2009
Tuesday, September 22, 2009
Forest Trust + Dedicated Exchange Forest
Need to setup a trust relationship between 2 AD forest. The requirement are as below :
1. TM5 Q2 environment has its own AD environment, but does not have exchange.
2. DEV-AHB has its own AD environment including 2 exchange servers.
3. AmIdentity is going to do a UAT test on TM5 Q2, which requires users to be created in TM5 Q2 environment, users will have mailboxes created.
4. Exchange could not be installed in TM5 Q2 environment, due to licensing issue.
5. Suggestion is to create a trust realtionship between TM5 Q2 and DEV-AHB, and let users in TM5 Q2 to be able to utilize the exchange in DEV-AHB.
I have never done this before, so it's actually very challenging. The trusting part could be easy, but the exchange part might require some skills.
1. TM5 Q2 hasn't been /ADPREP yet, so users will not have exchange properties.
2. TM5 Q2 has a different time zone due to business requirement. Building a trust between these 2 environment might sync time on the servers.
So, before actually doing it on the real environment, i'm now building a virtual server with a AD forest. And i'm gonna build a trust with this server to DEV-AHB. And try to see whether new users can be created with mailbox on them.
================================
So after some research and testing. Here are the findings:
To allow an AD forest's user to utilise the Exchange resource in another AD forest. There will be a few requirements.
1. Exchange Forest need to trust Account Forest.
2. A mailbox-enabled disabled account need to be created in Exchange Forest for every user in Account forest who require a mailbox.
3. If you are using exchange 2007, there is an linked mailbox function where you can go thru a wizard and provision the users.
4. If you are using exchange 2003 or below, you will have to manually go thru the creation of accounts and disabling them and assigning the neccessary rights.
Using a Dedicated Exchange Forest
Using Multiple Forests with Exchange
How to Deploy Exchange 2007 in a Cross-Forest Topology
Deploying an Exchange 2007 Resource Forest (Part 1)
Understanding and using the External Associated Account in Windows Server 2003 and Exchange 2003
=============================================
Now, the steps to manual provision Associated External Accounts in exchange 2003, 2000.
Forest A (with exchange), Forest B (User account forest), Forest A Trust Forest B
1. Create a User in ForestA, with mailbox enabled.
2. Disable ForestA\User.
3. Create a User in ForestB. ForestB\User
4. Under ForestA\User properties, under "Securities", add ForestB\User into the ACL and allow "Send As"
5. Under ForestA\User Properties, under "Exchange Advanced" > "Mailbox Rights", add ForestB\User into the ACL and allow "Read Permission", "Full Mailbox Access" and "Associated External Account"
6. Verified by logging on to OWA using ForestB\User credentials.
7. The email address for this account will be the email address as seen under ForestA\User email address.
1. TM5 Q2 environment has its own AD environment, but does not have exchange.
2. DEV-AHB has its own AD environment including 2 exchange servers.
3. AmIdentity is going to do a UAT test on TM5 Q2, which requires users to be created in TM5 Q2 environment, users will have mailboxes created.
4. Exchange could not be installed in TM5 Q2 environment, due to licensing issue.
5. Suggestion is to create a trust realtionship between TM5 Q2 and DEV-AHB, and let users in TM5 Q2 to be able to utilize the exchange in DEV-AHB.
I have never done this before, so it's actually very challenging. The trusting part could be easy, but the exchange part might require some skills.
1. TM5 Q2 hasn't been /ADPREP yet, so users will not have exchange properties.
2. TM5 Q2 has a different time zone due to business requirement. Building a trust between these 2 environment might sync time on the servers.
So, before actually doing it on the real environment, i'm now building a virtual server with a AD forest. And i'm gonna build a trust with this server to DEV-AHB. And try to see whether new users can be created with mailbox on them.
================================
So after some research and testing. Here are the findings:
To allow an AD forest's user to utilise the Exchange resource in another AD forest. There will be a few requirements.
1. Exchange Forest need to trust Account Forest.
2. A mailbox-enabled disabled account need to be created in Exchange Forest for every user in Account forest who require a mailbox.
3. If you are using exchange 2007, there is an linked mailbox function where you can go thru a wizard and provision the users.
4. If you are using exchange 2003 or below, you will have to manually go thru the creation of accounts and disabling them and assigning the neccessary rights.
Using a Dedicated Exchange Forest
Using Multiple Forests with Exchange
How to Deploy Exchange 2007 in a Cross-Forest Topology
Deploying an Exchange 2007 Resource Forest (Part 1)
Understanding and using the External Associated Account in Windows Server 2003 and Exchange 2003
=============================================
Now, the steps to manual provision Associated External Accounts in exchange 2003, 2000.
Forest A (with exchange), Forest B (User account forest), Forest A Trust Forest B
1. Create a User in ForestA, with mailbox enabled.
2. Disable ForestA\User.
3. Create a User in ForestB. ForestB\User
4. Under ForestA\User properties, under "Securities", add ForestB\User into the ACL and allow "Send As"
5. Under ForestA\User Properties, under "Exchange Advanced" > "Mailbox Rights", add ForestB\User into the ACL and allow "Read Permission", "Full Mailbox Access" and "Associated External Account"
6. Verified by logging on to OWA using ForestB\User credentials.
7. The email address for this account will be the email address as seen under ForestA\User email address.
Subscribe to:
Posts (Atom)