Exchange 2000 containers (Fields) not showing up in active directory!!

[James Mullins]

When I open active directory on any of the Windows 2000
domain controllers except the exchange 2000 server I do
not see the exchange fields. Also the exchange 2000 e-mail
addresses are not in the LDAP database. Is there a way to
fix this? I think it might have something to do with the
forest prep on the AD.

 

[Tomasz Onyszko]

When I open active directory on any of the Windows 2000
domain controllers except the exchange 2000 server I do
not see the exchange fields. Also the exchange 2000 e-mail
addresses are not in the LDAP database. Is there a way to
fix this? I think it might have something to do with the
forest prep on the AD.

You are using standard ADU&C snap-in, use this which comes with
Exchange (install exchange admin tools on DC)

 

[Steve]

You could try view advance options from the menu in the Active Directory
users and Computers snap-in

hth
rgds
Steve

 

[Cary Shultz [A.D. MVP]]

Waz up, James?

Sorry! Feeling a little old tonight so I thought....

Anyway, as the others have suggested you are seeing everything correctly. I
am sure that this is a bit limiting. Here is how to resolve this problem in
a bit more detail:

On all of your Domain Controllers you need to drop in the Exchange 2000
Server CD. You are going to do a custom installation and you are going to
install the Exchange Server Manager ( or whatever it is actually called ).

Let that install. It should take but a few moments to do this. Next, and
this is important, install the Exchange 2000 Service Pack level that your
Exchange Server have ( so, if your Exchange Server is at SP3 then install
SP3 on your Domain Controllers ).

Repeat this on all of your Domain Controllers.

You are now done.

When you install SP4 on your Exchange Server ( once it comes out ) then
install it on your Domain Controllers. It is important to keep this at the
same SP level.

Now, to see the Exchange related fields you will need to make sure that you
enable the Advanced View ( which you will need to do each and every time you
open this up ). Also, if you have any shortcuts on your desktop then you
might want to replace the one from the Admin Tools with the one from the
Exchange Server.

Actually, I would ask you why you are doing this on your Domain Controllers
as you really should be doing all of your Admin work from a workstation (
similar to the way you do things in Novell ). However, I will say that I do
this as well. If you also have Terminal Services in Remote Admin Mode then
I would suggest that you log on remotely after you do this and update any
shortcuts that you might have so that you are using the correct ADUC.....

HTH,

Cary

 

[Joe Richards [MVP]]

My recommendation though is to NOT install the exchange tools on your domain
controllers. Install it on your workstations, you shouldn't really be managing
users directly from domain controllers, it is a security best practice to log
directly into servers as little as possible.

 

[Cary Shultz [A.D. MVP]]

Joe,

I agree with you 100% as I mentioned this at the bottom of my post.
However, most people are going to do things on the Domain Controller. So,
he wants to know and we told him.

I am starting to think that there are several suggestion that we should make
at the bottom of each response ( such as install the Support Tools, use an
Admin workstation, etc. ).

Cary

 

[Oli Restorick [MVP]]

Hi Joe

While I agree with you, I think it's also important to mention that it's not
a security best practice to log in as a domain admin on a workstation. I'd
prefer to see people doing all user management from a domain controller than
using a domain admin account outside of a secure server room/datacentre.

Of course, the proper balance is to use the delegation of control wizard to
allow creation of regular accounts and/or using the runas feature to elevate
as required.

Regards

Oli

 

[Joe Richards [MVP]]

Don't need to log on with a domain admin ID. Could use runas or cpau to fire up
esm or ADUC or run scripts in alternate security context. Far more secure than
logging interactively into servers. Also, I would say that delegation of
exchange should be done, there is a chapter in the up and coming Windows Server
2003 Cookbook that has a recipe and recommendations on it.

joe

 

[Oli Restorick [MVP]]

Good point! I'll be interested to see the book.

Cheers

Oli

Don't need to log on with a domain admin ID. Could use runas or cpau to
fire up esm or ADUC or run scripts in alternate security context. Far more
secure than logging interactively into servers. Also, I would say that
delegation of exchange should be done, there is a chapter in the up and
coming Windows Server 2003 Cookbook that has a recipe and recommendations
on it.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net

Hi Joe

While I agree with you, I think it's also important to mention that it's
not a security best practice to log in as a domain admin on a
workstation. I'd prefer to see people doing all user management from a
domain controller than using a domain admin account outside of a secure
server room/datacentre.

Of course, the proper balance is to use the delegation of control wizard
to allow creation of regular accounts and/or using the runas feature to
elevate as required.

Regards

Oli

My recommendation though is to NOT install the exchange tools on your
domain controllers. Install it on your workstations, you shouldn't really
be managing users directly from domain controllers, it is a security best
practice to log directly into servers as little as possible.

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net



Cary Shultz [A.D. MVP] wrote:

Waz up, James?

Sorry! Feeling a little old tonight so I thought....

Anyway, as the others have suggested you are seeing everything
correctly. I
am sure that this is a bit limiting. Here is how to resolve this
problem in
a bit more detail:

On all of your Domain Controllers you need to drop in the Exchange 2000
Server CD. You are going to do a custom installation and you are going
to
install the Exchange Server Manager ( or whatever it is actually
called ).

Let that install. It should take but a few moments to do this. Next,
and
this is important, install the Exchange 2000 Service Pack level that
your
Exchange Server have ( so, if your Exchange Server is at SP3 then
install
SP3 on your Domain Controllers ).

Repeat this on all of your Domain Controllers.

You are now done.

When you install SP4 on your Exchange Server ( once it comes out ) then
install it on your Domain Controllers. It is important to keep this at
the
same SP level.

Now, to see the Exchange related fields you will need to make sure that
you
enable the Advanced View ( which you will need to do each and every time
you
open this up ). Also, if you have any shortcuts on your desktop then
you
might want to replace the one from the Admin Tools with the one from the
Exchange Server.

Actually, I would ask you why you are doing this on your Domain
Controllers
as you really should be doing all of your Admin work from a workstation
(
similar to the way you do things in Novell ). However, I will say that
I do
this as well. If you also have Terminal Services in Remote Admin Mode
then
I would suggest that you log on remotely after you do this and update
any
shortcuts that you might have so that you are using the correct
ADUC.....

HTH,

Cary




When I open active directory on any of the Windows 2000
domain controllers except the exchange 2000 server I do
not see the exchange fields. Also the exchange 2000 e-mail
addresses are not in the LDAP database. Is there a way to
fix this? I think it might have something to do with the
forest prep on the AD.