How to Install Exchange 2010 on Windows Server 2008 R2

In most projects, we set up a brand new Windows Server 2012 R2-installation, purely for Azure AD Connect and its underlying Azure AD Connect.

For some reasons, however, you might install Azure AD Connect on Windows Server 2008, Windows Server 2008 R2 or Windows Server 2012.

Note:
Installing Azure AD Connect is not supported on Small Business Server, Windows Server Essentials or Windows Web Server.

Reasons may include:

• Unavailability of licenses
• Incompatible hardware or hardware virtualization platform
• Incompatible software packages, services and/or drivers
• Incompatible processes
• Unavailability of knowledge

… but I'm sure you, or your customers, can find many other reasons to stick with Windows Server 2008, Windows Server 2008 R2 or Windows Server 2012.

This isn't a problem.

Note:
I would recommend against installing Azure AD Connect on Windows Server 2008, since Azure AD Connect does not support password synchronization on this specific version of Windows Server.

Reboots for installing prerequisites

You'll need to reboot the Windows Server 2008, Windows Server 2008 R2 and/or Windows Server 2012 installation(s) on which you install Azure AD Connect or one of its components (for installing .Net Framework 4.5.1), whereas installing Azure AD Connect on Windows Server 2012 R2 requires no reboots:

Number of reboots needed
Windows Server 2008	4
Windows Server 2008 R2	1
Windows Server 2012	1
Windows Server 2012 R2	–

Note:
The above list does not include reboots for installing the latest Service Pack, when needed.

This makes installing Azure AD Connect side to side with other critical infrastructure components on Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 far from ideal.

Active Directory requirements

Forest Functional Level

Regardless of the Windows Server version you use, any Active Directory domain in any Active Directory forest you synchronize objects to or from, must have at least the Windows Server 2003 Forest Functional Level (FFL).

Domain Controllers

If you want to enjoy the password write-back feature, all the Domain Controllers in these domains must be running Windows Server 2008, or up.

Domain membership

If you intend to use Azure AD Connect with the Express Settings, the Windows Server on which you want to install Azure AD Connect needs to be domain-joined.

When you customize the settings, the Windows Server on which you want to install Azure AD Connect does not need to be domain-joined. You will pick the Active Directory domain and/or forest during the setup and can add and delete additional Active Directory domains and/or forests when you run the Azure AD Connect Wizard subsequently.

Networking requirements

The Windows Server on which you plan to install Azure AD Connect needs to have a direct internet connection to Microsofts Azure datacenters.

Note:
Do not place the Azure AD Connect implementation behind a proxy server, like a McAfee Web Gateway, that (deep) inspects the traffic or any other Deep Content Inspection-capable device. If you use a product like that, please allow for an exception to the policy for Azure AD Connects traffic.

Azure AD Connect uses TCP port 443 for its connection to Microsoft Azure. It also uses TCP port 80 for certificate revocation checking.

Best Practices for installing Azure AD Connect

Active Directory PowerShell Module

While this is not strictly a prerequisite for installing Azure AD Connect, I recommend you install the Active Directory Module for Windows PowerShell. Like any other Azure AD Connect implementation on Windows Server 2012 R2, you'll need the Active Directory Module when you configure advanced settings, so make sure you have them installed and ready to go before.

Windows Server 2008

The Active Directory PowerShell Module is not available for Windows Server 2008.

Note:
This means you can't use the advanced configuration functions in Azure AD Connects ADSyncPrep.psm1 PowerShell Module, since that requires the Active Directory PowerShell Module.

Windows Server 2008 R2

On Windows Server 2008 R2 use the following Windows PowerShell one-liner to install the module:

Add-WindowsFeature RSAT-ADDS-Tools

Windows Server 2012

On Windows Server 2012 and Windows Server 2012 R2 use the following Windows PowerShell one-liner to install the module:

Install-WindowsFeature RSAT-ADDS-Tools

Prerequisites for installing Azure AD Connect

Additional prerequisites for Windows Server 2008-only

	Windows Server 2008
	Windows Server 2008 R2
	Windows Server 2012
	Windows Server 2012 R2

For Windows Server 2008 we need to download and install these prerequisites for the Azure AD Connect prerequisites. Install these packages first in the following order before you continue and download and install the other packages:

1. Download either the .Net Framework 3.5 with Service Pack 1 web installer (2,8 MB, but requires an internet connection on the Windows Server, you intend to use for Azure AD Connect to download 30 MB) or the .Net Framework 3.5 with Service Pack 1 offline installer (232 MB). Install it.
2. Download the Windows Management Framework Core Package (Windows PowerShell 2.0 and WinRM 2.0 KB968930) from the Microsoft Download Center. Install it, because you need it as a prerequisite to version 3.0 of the Windows Management Framework.
3. Reboot afterwards.
4. Download the Windows Graphics, Imaging, and XPS Library (KB971512) and install it.
5. Reboot afterwards.

.Net Framework 4.5.1

Azure AD Connect uses .Net Framework 4. Azure AD Connect from version 1.0.494.0501, released in May 2015 requires .Net Framework 4.5.1 or up.

The .Net Framework 4.5.1 (Offline installer) is ideal for these types of deployments.
Although it is almost 70 MBs in size, you can use it to deploy .Net Framework to Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 without them needing an internet connection.

Install it on each Windows (Server) installation on which you intend to use Azure AD Connect and/or any of its components (like ADSyncPrep.psm1 ). Then reboot.

Note:
Strangely, on Windows Server 2008 you don't have to reboot after the installation of .Net Framework 4.5.1…

Make sure you have Windows Update configured for these installations, since security updates are regularly issued for the .Net Framework and you don't want to get stuck with an insecure version of the .Net Framework on your Azure AD Connect infrastructure.

Windows PowerShell 3.0

Azure AD Connect uses PowerShell 3.0 under the hood, so you will need to install the Windows Management Framework before you can successfully install Azure AD Connect.

Windows Server 2008

First, download and install the "Extended Protection for Authentication" patch (KB968389). Restart afterwards.

Then download the Windows Management Framework 3.0 here.
This is the latest version of the Windows Management Framework that is available for Windows Server 2008. The only file you need on the x64 version of Windows Server 2008 is Windows6.0-KB2506146-x64.msu (14,4 MB). Install it. Reboot afterwards.

Windows Server 2008 R2

You can download Windows Management Framework 4.0 here.
On Windows Server 2008 R2, the only file you need is Windows6.1-KB2819745-x64-MultiPkg.msu. (18,5 MB)

Windows Server 2012

You can download Windows Management Framework 4.0 here.

On Windows Server 2012, use Windows8-RT-KB2799888-x64.msu.

Install it on each Windows (Server) installation on which you intend to use Azure AD Connect and/or any of its components (like ADSyncPrep.psm1 ). Reboot afterwards.

Installing Azure AD Connect

After you've taken care of the proper information security measures (anti-malware, backup, etc.) it's time to download and run the installer for Azure AD Connect.

This is as straightforward as can be on all supported version of Windows Server, although you might end up with an aborted installation when you don't comply with the prerequisites: Azure AD Connect does not offer links to the prerequisites, does not automatically install them, but simply quits.

Concluding

You can install Azure AD Connect on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 and/or on Windows Server 2012 R2.

Plan for the additional steps on the down-level Windows Server versions to avoid arguing with a project manager. It's slightly more work, especially on Windows Server 2008.

However, installing Azure AD Connect on Windows Server 2008 might not be the brightest idea, because you will significantly limit the usefulness of the Azure AD Connect and, thus, your Hybrid Identity implementation.

Further reading

Prerequisites for Azure Active Directory Connect (Azure AD Connect)
Integrating your on-premises identities with Azure Active Directory
Azure AD Connect: Version Release History
Installing Windows PowerShell

How to Install Exchange 2010 on Windows Server 2008 R2

Source: https://dirteam.com/sander/2015/12/01/installing-azure-ad-connect-on-windows-server-2008-2008-r2-and-2012/

Share this post