Forum Discussion
Exchange CU14 changes in AD
Hi all, We see that Microsoft has released its latest CU that is CU14, our Org s getting updated from CU13 to CU14, the prereq here is, we will have to run the PrepareAD in order to proceed with the...
With the schema extended, the next step is to add all of the containers, objects, attributes, and other items that Exchange uses to store information in Active Directory. Most of the changes made in this step are applied to the entire Active Directory forest. A smaller set of changes are made only to the local Active Directory domain where the /PrepareAD command was run (or where the first Exchange server was installed using the Exchange Setup wizard).
Prepare Active Directory containers, objects, and other items
https://learn.microsoft.com/en-us/exchange/plan-and-deploy/active-directory/ad-changes?view=exchserver-2019/?WT.mc_id=M365-MVP-5002523
Prepare Active Directory containers, objects, and other items
https://learn.microsoft.com/en-us/exchange/plan-and-deploy/active-directory/ad-changes?view=exchserver-2019/?WT.mc_id=M365-MVP-5002523
AnnTaeYoun
That is what our team is exactly looking, on what pieces of containers, objects, attributes is getting added here or getting changed or getting updated.
That is what our team is exactly looking, on what pieces of containers, objects, attributes is getting added here or getting changed or getting updated.
- The primary reason for running the /PrepareAD command is to prepare Active Directory (AD) for Exchange Server deployment.
Therefore, if there are no updates to the schema, there will be no changes to additional objects through /PrepareAD.
The following links provide details on schema changes.
https://learn.microsoft.com/en-us/exchange/plan-and-deploy/active-directory/ad-schema-changes?view=exchserver-2019/?WT.mc_id=M365-MVP-5002523AnnTaeYoun
From what i understand, when we install Exchange, the first thing what Exchange does is it will create a list of containers and objects in AD, that got us thinking about the below listed questions:
What all AD Objects, groups, containers will be touched/modified which needs Enterprise Admin Rights beyond the "FullAccess" rights which we already have on the Exchange Org container
We noticed that the Setup file was trying to access "Audit Security Privilege" on the Domain Controllers, why and what changes it's trying to make in CU14
Any other changes, where /PrepareAD will touch the objects out of the Exchange Org container, if yes please share those, and what changes/modifications it's going to make to them and why- To add, this CU is doing some global updates which will require an Enterprise Admin account, we saw some Audit Security Policy logs in our DCs and hence this is touching something outside the Exchange container of which the Exchange accounts do not have permissions to do the job.