Why Run Setup /PrepareLegacyExchangePermissions ?
In short for Recipient update service (RUS) to function properly, you will need to run this switch prior to preparing schema. This should be run in a domain where domainprep was run. Exchange 2007 has introduced new property sets, these property sets can be control by recipient administrators only (new role introduced in exchange 2007). In order to give permission to RUS, you will need to run this switch. More detail explanation could be found at
What /Preparead does in general?
Checks schema is updated
Assign specific permission throughout configuration container
Creates OU by name Microsoft Exchange Security group in the root domain and creates following Universal security group within it
1. Exchange recipient Administrators
2. Exchange Organization Administrators
3. Exchange Servers
4. Exchange view-only Administrators
5. Exchange public folder Administrators (New in SP1)
6. Exchange legacy interop.
7. Creates routing group and administrative group with name of the server in bracket random identifier.
8. And this command also prepares local, in means you don’t need to run preparedomain in this domain again
What /Preparedomain does in general?
Assigns permissions to 3, 2, authenticated users and mailbox administrators on domain containers
If this is new organization Exchange system object container is created and authenticated user, 2, 3 are granted permissions on it
Creates a group Exchange install domain Servers. In Exchange system object container and add as member of 3
Assigns permissions to 1 and 3 at domain level
