Exchange Server

Active Directory Connector Requirements

What are the requirements for installing the Exchange 2000 Active Directory Connector on a Windows 2000 computer?

MSKB 253286 has the following information:

Sponsored Content

Maximize Value from Microsoft Defender

In this ebook, you’ll learn why Red Canary’s platform and expertise bring you the highest possible value from your Microsoft Defender for Endpoint investment, deployment, or migration.

To successfully install the Active Directory Connector (ADC) and configure a Connection Agreement, you must be able to log on to Windows 2000 Server with an account that carries distinctive credentials. The permissions that are required to perform various tasks are described in the "More Information" section of this article.

Initial ADC Installation

When you first install an ADC in a Windows 2000 forest, the ADC Setup program extends the Active Directory schema with the Exchange 2000 schema extensions. To do this, the account that you are running Setup from must belong to a member of the Schema Administrators group or otherwise have permissions to extend the schema.

Additionally, ADC Setup creates objects in the Active Directory Configuration container. This requires that the account running Setup belong to the Enterprise Administrators group. This permission is a prerequisite of the ADC installation process and Setup cannot succeed without it.

Finally, ADC Setup creates two security groups in the local domain called "Exchange Services". This requires that the account you are running Setup from belongs to a member of the Domain Administrators Group or otherwise has permissions to create objects in the Users container. If this group is inadvertently deleted, a reinstallation of the ADC over the existing installation will recreate this group without adverse effects to Exchange or the AD.

Subsequent Installations of the ADC

  • Subsequent installations of the ADC in the same forest do not require Schema Administrator permissions.

  • Subsequent installations do require either Domain Administrator permissions or other specific permissions that allow you to create new objects under the Sites and Services containers in the configuration naming context.

  • Additional installations in the same domain do not require the creation of either the Exchange Services or the Exchange Administrators groups. However, the first ADC installation into any other Windows 2000 Server domain requires the creation of these groups and subsequently the proper permissions to do so.

Additionally, ADC Setup creates objects in the Active Directory Configuration container. This requires that the account running Setup belong to the Enterprise Administrators group. This permission is a prerequisite of the ADC installation process and Setup cannot succeed without it.

Links

XADM: ADC Installation Requirements – 253286

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: