Should Exchange 2013 force an Active Directory upgrade?

One of the interesting debates at the Exchange Q&A session at TEC 2012 was the question whether the upcoming release of Exchange 2013 should force companies who want to deploy the new software to upgrade their Active Directory infrastructure to a level higher than Windows 2003. Specifically, the proposal was that the deployment of Exchange 2013 within an organization should first require the Active Directory forest to run at Windows 2008 functional level on Windows 2008 R2 servers.

I should be clear that Microsoft has not put this requirement on the table and that I have seen no formal press release or other communication from Microsoft that even hints that they might move along this path. However, private conversations with a number of Microsoft engineers reveal a certain frustration that so many customers operate Active Directory based on outdated software running on old hardware. After all, Windows 2003 is now pretty elderly and is rapidly approaching the point when it becomes unsupported. Lots of people run Windows 2003 domain controllers and global catalog servers on old 32-bit servers whose best days have long disappeared in the rear view mirror.

Exchange was the first major Microsoft application to take advantage of Active Directory with the release of Exchange 2000 in 1999. This wasn’t altogether surprising because the first generation of Exchange was based on an X.500-based (loosely based in the eyes of some) Directory Service that looked, felt, behaved, and generally responded very similarly to Active Directory. The advent of a fully-fledged enterprise-quality Active Directory was good for Exchange because it could drop its own Directory Service and take advantage of a directory that was much more tightly integrated into Windows. The situation has persisted to this day.

The transition from Windows NT to Windows 2000 was slowed a tad by the need to plan for Active Directory. We learned a lot in those early days and soon became accustomed to dealing with forests and domains. Best practice slowly evolved after a few hiccups (such as the assumption that the domain is a security boundary) and the fears that administrators had about operations such as schema upgrades faded with time and familiarity.

Aside from the introduction of the Read-Only Domain Controller (RODC), which isn’t supported by Exchange, not much seems to have happened to Active Directory in terms of new functionality or dramatic new capabilities since. Or so it seems on the surface. And perhaps it’s because Active Directory is so familiar (like a comfortable old shoe) that we’ve forgotten that it’s important to keep it fresh and updated to meet the needs of new applications and new operational imperatives, such as need for increased automation.

I can’t quite work out why people would want to keep on running Windows 2003 domain controllers and global catalogs. Hopefully these are 64-bit systems rather than the antiquated 32-bit servers that Windows 2003 began upon, but even so, the facts are that Windows 2003 is old and needs to be removed from corporate computing environments. Moving to a more modern platform (my recommendation is to use Windows 2008 R2) provides Active Directory with a new lease of life with an operating system that is maintained and more secure than its predecessor. It also allows Active Directory’s functional level to be upgraded to take advantage of new features such as the recycle bin (something that should probably have been part of Active Directory from day 1 anyway).

Overall, I think that it would be a good thing if Microsoft declared that the deployment of Exchange 2013 required a modern Active Directory infrastructure. Let’s face it, you can expect that Exchange 2013 will require a schema upgrade to accommodate new features. Every other version of Exchange since Exchange 2000 has extended the schema so there’s no reason to suspect that the new version will break the habit of a lifetime now, so it’s probably a good opportunity to take a hard look at Active Directory and figure out how to improve and enhance your deployment at the same time.

Putting Windows 2003 functional level into Active Directory’s wastebasket will help Exchange too because it will reduce the complexity and amount of testing scenarios that the setup and deployment team has to go through. And if they’re relieved of the need to test deployment on outdated Active Directory infrastructures, the engineers should be able to use their time more gainfully to test new Exchange 2013 features.

I accept that some companies might have a problem if Microsoft requires Windows 2008 functional level as a prerequisite for Exchange 2013. So be it. Given the track record of every other major release of Exchange, I sincerely doubt that there will be a rush to deploy Exchange 2013 soon after general availability, so there’s plenty of time for those companies who have an issue (maybe there’s an application that depends on Windows 2003 or some form of now outdated authentication scheme that’s no longer supported) to sort things out and bring their infrastructure up to scratch.

The debate at TEC on this topic was spirited. At the end of the day, a large majority of the companies who were present saw no issue with Exchange 2013 forcing those who are stuck with old Active Directories to do the right thing and upgrade. You know it makes sense.

Follow Tony’s ramblings @12Knocksinna


About Tony Redmond

Lead author for the Office 365 for IT Pros eBook and writer about all aspects of the Office 365 ecosystem.
This entry was posted in Active Directory, Email, Exchange and tagged , , , , . Bookmark the permalink.

15 Responses to Should Exchange 2013 force an Active Directory upgrade?

  1. Pingback: EHLO ! | Exchange 2013 and Active Directory

  2. At these moment even I think going with win2k3 as minimum for function level would be a bad idea.

    I guess at least compaines who were/wants to be upgraded from 2k3-08(AD) shouldn’t have any issues keeping 2k8 funtional level as pre-requisite for 2013 deployments/migrations/coexistence 🙂

  3. You keep referring to upcoming Exchange version as Exchange 2013, this is the first time I’ve heard of that name! Am I missing something or are you guessing?

  4. Vivek Sahu says:

    I don’t see the good decision to launch Exch 2013 with minimum functional level 2008, for a small organization its easy to increase functional level but it is going to be a tough job for big companies specially some applications run with support of Win2003.

    • The very reason for keeping 2008 as pre-requisite I was guessing because of the Windows 2003 life cycle and its supportability

    • Dave Stork says:

      Those large companies with a dependence on a 2003 domain/forest functional level (DFL/FFL), probably will not transition that soon to Exchange “2013”. Furthermore, Server 2003 can operate within a 2008 (R2) domain as a member server. So only applications dependent on 2003 DFL/FFL are a possible showstopper.

      But being prevented to raise xFL does not just impact a possible Exchange 2013, other _current_ functionality (ABE and SYSVOL replication with DFS-R for instance) require a higher FL than 2003. So this part of the discussion is not limited to Exchange.

      Although I would expect a requirement for at least 2008 FFL for Exchange 2013 (to push companies forward and in order to ignore legacy environment), I don’t see any direct technical benefit for Exchange 2013. When upgrading to 2008R2, Exchange could take advantage of the AD Recycle Bin for instance (restore disconnected mailboxes with AD account from management tools). Although Windows Server 2012 (and a new FFL) is around the corner, I wonder whether Microsoft would go there as a requirement.

  5. Pingback: Should Exchange 2013 force an Active Directory upgrade? - The Microsoft Enterprise Blog

  6. Pingback: Should Active Directory ugrade be required in Exchange 15?

  7. Pingback: Forcing an Active Directory update with Exchange 2013 might not be such a good idea - The Microsoft Enterprise Blog

  8. Ivan says:

    It should, definitely.

    Forcing companies to upgrade to at least Windows Server 2008/2008 R2 domain controllers will improve overall security at the general level + a lot of better and new features for companies to use.

  9. Pingback: In which I dispute Tony Redmond re Windows Phone upgrades | Paul's Down-Home Page

    • As with all things to do with Apple hardware, Paul has some good comments to make. But I think he is still dead wrong about what Microsoft has just done to their consumers. If you’re trying to create a new ecosystem around Windows Phone, don’t you think that you’d want to create a sense to loyalty to the brand? With their current course, Microsoft has essentially said to consumers that they are liable to be screwed after they buy and use Windows Phone hardware. And while I agree that Terry Myerson took a very good decision to move to 64-bit only hardware for Exchange 2007, that doesn’t get away from the fact that Microsoft has made a fundamental error with Windows Phone 8.0, at least in the eyes of this user. And maybe others, as per

      – Tony

  10. Microsoft may come up with a requirement (or not) here that plays into its hands as a Cloud (Office365) provider. Placing a higher AD requirement may send a message to some that if you cannot get around to upgrading your AD, perhaps ‘just come over to our cloud solution – it’s much easier’.
    In fact, with such encouragement organizations may just start putting their old infrastructure into the archives and move on to the cloud rather than going through the pain of a large AD transition.

  11. Am glad 🙂 MS indirectly forcing to have Windows 2008 AD to roll out AD 2K3 as per Network and directory servers pre-requisite(WDC/GC=2008)

Leave a Reply to Tony Redmond ("Thoughts of an Idle Mind") Cancel reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.