After running setup /PrepareAD on a child domain controller (with Schema role) the Container “Microsoft Exchange Security Group” is created in our Place Holder domain. How can we force the Exchange 2007 or 2010 setup to create these groups and OU in the child domain? We want our PlaceHolder domain to be clean as possible. Regards, Jean-Philippe

I Dont think you can change that. Not sure why you would want to regardless. The empty root domain concept is rather outdated and not something many would implement now if given the choice as it doesnt offer much benefit. Regardless, I am not aware of any supported way to change that.

Hi AndyD_ On the site below I found an article where it state that it is possible by change “the otherWellKnownObjects attribute during the setup /p. The big question related to this information is, what are the exact steps? And fyi: we introduced the place holder for two reasons. Protect our schema and having the ability to create another domain next to the production.domain.local. http://technet.microsoft.com/en-us/library/bb310792(EXCHG.80).aspx Regards, Jean-Philippe

My interpretation of that is that you can just move them to another OU after the fact. During Setup /p , they are automatically registered in a known location so that Exchange will always be able to find them. The paragraph is just explaining WHY you can move them, not describing a procedure. The full text: "By default, these security groups are located in the root domain in the Microsoft Exchange Security Groups organizational unit. They can be moved to different organizational units and also to other domains in the forest. Moving the groups in the forest is supported because these groups have two unique properties: a well-known GUID and a distinguished name that can change. By using these two properties and adding them to the forest’s otherWellKnownObjects attribute during the Setup /PrepareAD task, Exchange can find the security group anywhere in the forest. The directory service will handle updating the distinguished name (DN) of the object when it is moved. In this manner, Exchange does not require a fixed location in the directory." See http://www.msexperts.org/blogs/cam/archive/2007/10/22/otherwellknownobjects-the-family-relatives-you-do-actually-want-to-know.aspx As for whether you can move them to another DOMAIN, well that's unclear. (Wouldn't they have their own groups?)