Active Directory Connector Requirements

What are the requirements for installing the Exchange 2000 Active Directory Connector on a Windows 2000 computer?

MSKB 253286 has the following information:

To successfully install the Active Directory Connector (ADC) and configure a Connection Agreement, you must be able to log on to Windows 2000 Server with an account that carries distinctive credentials. The permissions that are required to perform various tasks are described in the "More Information" section of this article.

Initial ADC Installation

When you first install an ADC in a Windows 2000 forest, the ADC Setup program extends the Active Directory schema with the Exchange 2000 schema extensions. To do this, the account that you are running Setup from must belong to a member of the Schema Administrators group or otherwise have permissions to extend the schema.

Additionally, ADC Setup creates objects in the Active Directory Configuration container. This requires that the account running Setup belong to the Enterprise Administrators group. This permission is a prerequisite of the ADC installation process and Setup cannot succeed without it.

Finally, ADC Setup creates two security groups in the local domain called "Exchange Services". This requires that the account you are running Setup from belongs to a member of the Domain Administrators Group or otherwise has permissions to create objects in the Users container. If this group is inadvertently deleted, a reinstallation of the ADC over the existing installation will recreate this group without adverse effects to Exchange or the AD.

Subsequent Installations of the ADC

  • Subsequent installations of the ADC in the same forest do not require Schema Administrator permissions.

  • Subsequent installations do require either Domain Administrator permissions or other specific permissions that allow you to create new objects under the Sites and Services containers in the configuration naming context.

  • Additional installations in the same domain do not require the creation of either the Exchange Services or the Exchange Administrators groups. However, the first ADC installation into any other Windows 2000 Server domain requires the creation of these groups and subsequently the proper permissions to do so.

Additionally, ADC Setup creates objects in the Active Directory Configuration container. This requires that the account running Setup belong to the Enterprise Administrators group. This permission is a prerequisite of the ADC installation process and Setup cannot succeed without it.

Links

XADM: ADC Installation Requirements – 253286link out ico