|
|
|
| Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site | ||
|
|
THE MIGRATION OF EXCHANGE 5.5 TO 2003 SERVER
OBJECTIVE: Electronic messaging services within
a company remains a mission critical
application and its implementation is a vital part to the conduct of
everyday business strategies, needs and goals. Within the organization the
business requirements now include the safeguard of electronic content retention
best practices. Therefore, it is important to see to it that a migration
project is undertaken with a lot of care. Read this document carefully to gain
a good understanding of not only the pre-requisites but also the migration
path from mixed to native mode.
The delivery of mail is a challenging task which includes the support of thousand of users within the corporation environment. The new infrastructure must set up procedures to respect compliance, corporate governance and internal regulatory policy enforcement. Affirmatively, business guidelines and principles for the preservation of electronic mail within the corporate body must now be taken into consideration. This requires that companies learn how to standardize their projects to meet not only corporate needs but also judicial demands.
The granularity of server management depends upon a business model that
will sustain the rationalization of all of the mechanics of the migration
project from Exchange 5.5 to Exchange 2003. It is understood that the migration
will introduce many changes upon the business model. It is to be undertaken by
keeping the infrastructure model and design flexible without the impairment of
performance. SETUP
PROCEDURES FOR THE MIGRATION: MANAGING THE MIGRATION:
Verify Current Exchange Organization Roles and
Distributions: Exchange server version Site configuration Site connectors and Directory Replication connectors Internet connectors Unsupported connectors Key Management Services Compatible backup Antivirus and Antispam software Patches E-mail dependent applications Exchange 2000 instant messaging Pre-Requisites
and Precautions before the installation:
PRE-MIGRATION
NORMALIZATION ISSUES: Install service packs (verify Microsoft website
for the latest versions) Normalize
mailboxes (size sum check) Verify
public folders permissions
(permissions will affect the RUS) Migration
Account Rights Ensure the
account(s) used for the migration process are given ‘Service Account Admin’ rights at the Organization, Site and Server
level. Simple-Synchronisation Ensure the Simple-Sync
replication schedule is set to every twelve hours (12 hours) - Exdeploy.hta.
(Deployment tools) Considering ultimate performance:
Network Infrastructure Considerations:
Costs Topology:
Additional Networking Considerations:
Considering Final Networking Objectives:
Domain Prerequisites Considerations: Name Resolution, ADC Staging OU, ADC Staging, Verify trusts issues, Replication topology. ADC,
DcDiag, NetDiag, AD Snapshot, Log Files, Event Viewer Security, Application
and System Logs NB*: Remove
Internet Explorer Enhanced Security. ADC Setup will make extensive use of
Internet files (.html, .hta, etc.). Windows Server 2003 has a feature called
Internet Explorer Enhanced Security that forces a security launched wizard.
Remove this feature from the server for the duration of the ADC and Exchange
setup.
Primary Reports and Log Files verifications:
INSTALLATION CONTROLS: The
Extending of the Active Directory Schema: /Forestprep switch is used to extend the
Active Directory schema.
Preparing
the Windows Server 2003 Domains to Support Exchange Server 2003: /Domainprep It will prepare the domains
that will host Exchange servers or mailbox-enabled users
It will
configure the Recipient Update Service
parameters responsible for keeping Exchange address lists up-to-date and for creating proxy addresses for users based on
recipient policy addressing configuration. NB*: Recipients are Active Directory objects that have messaging
capabilities. The object itself does not receive messages. The messages are not
stored in Active Directory. Instead, they can reside in a mailbox on an
Exchange server, in a public folder, or in another messaging system. How these
objects work: When the proper credentials are sent to the
domain controller for the user object, the contents of the mailbox become
available to the e-mail client like Outlook (in the inbox of the user). It will also
create the Exchange Server 2003 specific
groups (permissions) that allow Exchange services to run without a service
account. Domainprep will create two new
groups: a)
Exchange Domain Servers b)
Exchange Enterprise Servers Utilities to
Run to verify the settings of the Organization: 1)
OrgPrepCheck 2)
OrgCheck 3)
PolCheck OrgPrepCheck: Verifying the Organization Settings
with OrgPrepCheck. To validate
the Forestprep
and Domainprep utilities were
functionally successful. The
OrgPrepCheck utility is found via the Exchange Deployment Tools and is a
recommended way of determining whether it is safe to proceed with the migration
process. OrgCheck: This test is
made to verify that the Setup created the proper Exchange objects in the
Configuration naming context and Domain
naming context. By making sure that
the Exchange Domain Servers group, Exchange Enterprise Servers group, and
Exchange Services group exist. It also will verify that the schema changes
are propagated and that it can find a Global Catalog server in the same site as
the ADC server. PolCheck: This test
queries each domain controller in the domain to determine if the Exchange
Enterprise Servers group has been given the Manage Auditing and Security Logs privileges. If the changes have
not been created it is possible to make use of Active Directory Sites and
Services to force replication to the affected problematic Domains to run
OrgPrepCheck again. Manage the
(ADC) Active Directory Controller: Do not make
use of the ADC that comes on the
Win 2000 or Win 2003 Setup CD. These specific versions of ADC do not map
special attributes required by Exchange
recipients and public folders. If you have already installed the operating
system version of the ADC, remove it before installing the Exchange version. Also,
unlike the Exchange files themselves, you can do the initial installation of the ADC using the Exchange service pack
files. The ADC uses LDAP to query and update servers. The ADC stores
configuration parameters in Active Directory objects called Connection Agreements (CAs). A
CA defines object types for the ADC to copy, the source and target containers
for the objects, a replication schedule, and credentials to use for making
inter-server replication connections between sites. Failed Over Principle: The (ADC) Active Directory Connector has the
capacity to delete objects in both directories, as a pre-migration
rule and precaution the data should be stored. This failed over principle is
important for if things go wrong during the migration an authoritative restore
must be performed with the NTDSUTIL
utility of the Active Directory Database. Fail Over
practices for recovery purposes during the migration: This particular tool is going to provide a fail over practice which is
the standard approach to perform database maintenance of Active Directory -
managing of single master operations -
managing of the metadata in regards to the Domain
Controllers Found in systemroot\System32\ May also perform the restore from Backups CONFIGURING THE ACTIVE DIRECTORY CONNECTOR (ADC): Step 1: Before installing the ADC the Administrator must create or choose a user
account that will be used to run the ADC service and manage the (CA) connection agreements. Step 2: Permissions rights for the (DC) Domain Controller: This account needs to be added to the
Administrators group in the domain if the ADC is installed on a domain
controller. Step 3: Permissions rights for a Member
Server: This account needs to be added to the local Administrators group.
Must standardize the rights on both sides 5.5 Admin and 2003 server by adding
the service accounts from both administrative accounts to gain the proper
credentials (service account Admin group) Step 4: To install the ADC there are two
(2) options ADC Setup from the Auto Run menu, or simply invoke the setup from
the Exchange
Deployment Tools. Figure 1.1: Exchange Deployment Tools
Step 5: Before building the installation of
the (CA) connection agreements the Administrator must configure the Attribute replication, account-matching rules, diagnostic logging properties and replicating directory entries. (Very important) Step 6: Once the ADC is installed with its
account credentials and services it will be time to
configure the connection agreement (CA) and to begin synchronizing the Active Directory and Exchange 5.5 directories. VERIFY THE
CONNECTIVITY WITH ACTIVE DIRECTORY: Run the Exchange 2003 SP1 version of exdeploy.exe with the following
switches to test the ADC configuration. \\%pathname%\exdeploy.exe /t:ADCCheck /p:\\%logpath% /s:<Server Name> ·
Initial
ADC Attribute Copy , ADC-Global-Names Attribute Creation ·
NT Account Migrations -Invalid User Accounts , Do not Enable the Disabled User Objects ·
Multiple
Mailbox Owners (NTDSNoMatch) set an
exclusion standard on the account ·
Active Directory Account Cleanup Wizard ·
ADC and Distribution Lists - Automatic Security Group Upgrades ·
Distribution
List Membership ·
ADC Setup Permissions – ADC Server
Selection – ADC Service Account Selection Synchronisation: The
connection agreements (CA) in the ADC are necessary to synchronize directory
entries between the Exchange 5.5 and Exchange Server 2003 systems. Dispositions: Can be installed on a Member
Server or on the 1st Exchange 2003 Server installed. Implementation of CA: At this
point you can choose to implement one or more (CA) connection agreements within
the organization. It must be done because of the migration process for it will
not sustain issues of fault tolerance or load balancing. For managerial purposes
of the migration installation procedures the best practise is to install a
single ADC with one connection agreement for each Exchange 5.5 site. Site Replication: The 5.5
Exchange Server and the installed ADC must be on the same physical network segment. Permissions: The rights must be Schema Admin and Enterprise Administrator both are required to install the ADC. Installation Process: Allocate at
least two hours for the replication of about 5,000 objects within a single
direction. But, the length of time for replication really varies on the number
of Connection
Agreements that is present and on the recipient containers on the populated
attributes and on the actual directory objects. SYNCHRONIZATION
BY USING THE ADC TOOL: ·
ADC Tools: Simplify the
process of testing prerequisites and installing Connection Agreements. It will
synchronize the active directory forest with the Exchange 5.5 directory during
the migration process. Schema changes will now be fully replicated so that
every domain is properly updated to include the necessary Exchange objects for
the migration. ·
Tool
Settings: This step is to specify the name of the Exchange 5.5 server to use for
data collection and the location for the ADC logs. ·
Data
Collection: This step ultimately will run a suite of utilities
that scans both Active Directory and the legacy Exchange directory service to
find parameters that will be synchronized by the ADC. ·
Connection
Agreement Wizard: This step is used to create Connection Agreements that define the replication endpoints of the
ADC and determine how attributes will be mapped between the endpoints. ·
Final
Checks: To check the Active Directory users to make sure the Exchange attributes
appear in their properties using the Active
Directory Users and Computers. OBJECT DELETION WITH THE ADC: 1)
If you
delete a mailbox-enabled user in Active Directory, the ADC deletes the corresponding mailbox in legacy Exchange. 2)
If you
delete a mail-enabled group or contact in Active Directory, the ADC deletes the corresponding
distribution list or custom recipient in legacy Exchange. 3)
If you
remove the e-mail attributes from users, groups, or contacts in Active
Directory, the ADC deletes the
corresponding mailbox, distribution list, or custom recipient in legacy
Exchange. 4)
If you
delete a mailbox in legacy Exchange,
the ADC strips the email attributes
from the corresponding user object in Active Directory. 5)
If you
delete a distribution list or custom
recipient in legacy Exchange, the ADC
strips the e-mail attributes
from the corresponding group or contact in Active Directory.
SCHEDULING
REPLICATION WITH THE ADC: ·
Ensure that the 5.5 replication connector is set
directly between the remote site and the central site. ·
The replication connector is using the same server in
the central site as the replication bridgehead that the ADC is configured to
replicate changes from the Active Directory. ·
The 5.5 replication schedule set to Always or short
intervals ·
Configuration Connection Agreements: Exchange 5.5
stores server information in a configuration container in the legacy Exchange
directory service. Each Exchange server in a site knows about the other servers
in the site by looking in this Configuration container. The legacy servers in a
site will not know that you installed an Exchange 2003 server until they see
the server’s information in the legacy Configuration container. That’s the job
of the Configuration Connection Agreement, (CA) which is created automatically
by default when you install the first
Exchange 2003 server in the site. ·
Configuration
CA Function: When you install an Exchange 2003 server, Setup
creates objects under the Exchange organization container in Active Directory
that represent the following functions: ü
Site addressing and routing capabilities ü
Site Connectors ü
MTA (Message Transfer Agent) and other transport
protocols ü
Private and public mailbox storage parameters ü
Recipient Policies ü
Site (Administrative Group) configuration parameters ü Encryption and secure messaging parameter
INSTALLING AND CONFIGURING THE CONNECTION AGREEMENTS: Figure: 1.2:
ADC Connector Services  Recommendations:
To be installed after the ForestPrep INSTALLING AND CONFIGURING THE CONNECTION AGREEMENTS: Connection Agreement Properties: ·
Recipient Connection Agreements: The wizard
creates two-way connection agreements, meaning that changes made to either of
the directory service will replicate to the other service (within Active
Directory). ·
Check Connection
Settings: This tab allows you to select the endpoint server for
each side of the Connection Agreement and the credentials used to access the
directory service on that server. Exchange
2003 has a service called the Site
Replication Service. But, SRS listens at TCP port 379 rather than TCP port 389, the standard LDAP port.
RESOURCE
MAILBOX WIZARD MANAGEMENT: It is best
practice to allow the ADC Tools to
create the necessary Connection Agreements (CA) for the migration process. The wizard helps in the creation of the Connection
Agreements required to migrate from Exchange 5.5 properly. It will automatically create a recipient (CA) Connection Agreement and
a public folder (CA) Connection Agreement. This Wizard
will identify users with multiple
mailboxes and fix them in advance for the migration. Figure 1.3:
Resource Mailbox Wizard  This step
will determine if the same user owns multiple mailboxes. It gives you the
possibility to identify the user’s primary mailbox so that other mailboxes can
be designated as resource mailboxes. Click Run
to query the Exchange 5.5 server and collect information about the Exchange
organization. ADC Tools performs a series of four tests that will check for objects and attributes in legacy
Exchange and Active Directory. This will help build XML database files to use later for resource mailbox marking. It
looks for mailboxes that have a similar owner. After, the ADC Tool identifies and marks resource mailboxes using the Resource
Mailbox Wizard. You can use the
bulk edit capabilities to create .csv files for doing the mailbox marking. HOW
CONNECTION AGREEMENTS ARE CONFIGURED: Figure
1.4: Connection Agreement Wizard  Connection
agreements are configured by an Administrator who controls the type of objects
that are replicated between Active Directory and Exchange 5.5. It contains
information on how to handle the deletion and what to do when there is no matching account for the mailbox in the
destination directory. Notice:
To ensure that objects are created, the ADC marks all connection agreements as primary by default. a)
A primary connection agreement has the
capability to create objects in the directory. b)
A secondary connection agreement can only
update the attributes of existing objects. Can
configure: • One way from Windows or from Exchange Can
configure: • Two ways replication of the information this is
synchronized in both directions. This is generally the preferred method for
it keeps the configuration simple Types of Connection Agreements to be
found during the Migration: Exchange System Manager Program: Default It will be created by default by the system when
the first Exchange Server 2003 system has been installed. After the replication
of the configuration information, Exchange 5.5 sites will be visible in the
Exchange System Manager program and they are represented as Administrative
Groups. Exchange Server 2003 systems are also visible in the Exchange 5.5 Administrator
program. Configuration
Connection Agreements :( cannot be created manually) This CA maps
some of the objects in the legacy configuration container with objects in the
Exchange 2003 Organization container in Active Directory. This CA cannot be
created manually. Exchange Setup configures the CA as part of installation of
the very first server in each legacy site. It is used for coexistence between
the Exchange 5.5 and Exchange 2003 servers environments. To transfer
information such as site addressing and
routing information between the various Exchange platforms. Recipient
Connection Agreements: It is
responsible for replicating mailbox,
distribution list, and custom recipient information from the Exchange 5.5
directory to the Active Directory. This CA maps the attributes of Users,
Groups, and Contact objects in Active Directory with Recipient, Distribution
Lists, and Custom Recipient objects in the legacy Exchange directory service
environment. It is also
used to send users, groups, and contacts
from Active Directory to Exchange 5.5. Recipient Connection Agreements it maybe
configured as one-way or two-way connection agreements. It is important to
remember that each connection agreement has its own schedule
Public
Folder Connection Agreements: This CA maps legacy public folders with Public
Folder objects in Active Directory to allow Exchange 2003 to accept e-mail on
behalf of the public folders. It is responsible for replicating mail-enabled public folder information
from and to Exchange 5.5 and the Active Directory. This connection agreement
can only be configured as a two-way connection agreement.
It is best to create the connection agreement for each Exchange 5.5 site in
regards to this connection agreement. Pfmigrate
utility automates replication to allow Exchange mailboxes on the new Exchange
Server 2003 systems to be able to access system and public folders. PFMigrate /S: (Source Server) /T: (Target
Server) /A /N: (Number) /SC How to
Manually Configure Additional Connection Agreements? To configure a Manual Configuration Agreement:
Open the ADC MMC snap-in on the domain controller running the ADC. The
following tabs must be populated: • General • Connections • Schedule • From
Exchange • From
Windows • Deletion • Advanced To configure manually a public folder
connection agreement: It is best
practise to right-click the Active Directory Connector service icon for the
server and select New, Public Folder Connection Agreement. The
following tabs must be populated: • General • Connections • Schedule • From
Exchange • From
Windows After its
creation, the Administrator must force replication immediately; right-click the
connection agreement and select Replicate
Now. Verify the Application Event
Log in Event Viewer for errors during the replication process. Rehoming and Distribution List
Replication: All Contacts, Distribution Lists (DLs) and Mail-enabled Public Folder
Objects are represented in the Exchange 5.5 Directory and are associated with a
specific site. When consolidating a 5.5
site, these objects must be moved (re-homed) to a new site prior to removing
the old site or they will be lost.
Re-homing these objects will ensure that they are not lost when an old
site is removed and that mail flow to them can continue. INSTALLING
AND CONFIGURING THE FIRST EXCHANGE 2003 SERVER: Run the program: Run SetupPrep it will be use to validate
that all prerequisites are now in place
for the installation of the first Exchange Server 2003 in the site. Routing table issues: This
Exchange server will hold many critical
Exchange organizational management and routing
master tables. Installation path: Choose the installation path and ensure that Typical Installation is chosen. The new Exchange site: Enter the name of an Exchange 5.5 Server of
the site the Exchange Server 2003 system will be joining. Permissions: During Exchange setup, the Exchange server’s machine account is added to a Global Security group called Exchange Domain Servers. This group is granted permissions on all Exchange objects to allow the Exchange Server 2003 services to access and update the Active Directory. Two Global Security Groups: a)
Exchange
Domain Servers b)
Exchange
Enterprise Servers group The Exchange Enterprise Servers group contains
the Exchange Domain Servers groups
from all domains in the forest and provides cross-domain access
between all Exchange Server 2003 systems. What has been installed during the
setup of the Exchange 2003server? 1)
Exchange Server 2003 binaries and services
installed 2)
Changes to Active Directory Configuration
container 3)
Exchange Server added to Exchange Domain
Servers security group 4)
Configuration connection agreement created
(for routing) 5)
Recipient Update Service (RUS) created 6)
Site Replication Service (SRS) installed Configuration
connection agreements (ConfigCA) and site replication service (SRS): ConfigCA: The ConfigCA
will be responsible for replicating the configuration information between the
Exchange platforms. The ConfigCA replicates
items such as the Site Addressing Policies and the routing information in the Gateway
Address Routing Table (GWART). Also a new (ADC) connection agreement
is added to the Active Directory
Connector. SITE REPLICATION SERVICES (SRS) Interoperability: It will provide provides
directory interoperability between the Exchange 5.5 and the Exchange 2003
servers. LDAP: SRS service runs using LDAP and is
needed only during the migration period. Synchronisation: SRS service
runs in conjunction with the Active Directory Connector for directory
synchronization. SRS services: One SRS is allowed per
Exchange Server 2003 system. Replication Connectors: The SRS are
created on all servers that house Exchange 5.5 Directory Replication Connectors.
The Directory Replication Connector is replaced by the SRS to perform
Inter-site replication with the remote Exchange 5.5 sites. SRS Default: SRS is automatically
installed and configured at the time of the installation of the Exchange Server
2003 installation. Recipient
Update Service: It is
responsible for updating address lists and email addresses in Active Directory.
The Recipient Update Service is responsible for updating the Enterprise configuration information in Active
Directory (administrative and routing information). Recipient Policies: The
address list and email addresses are configured under this policy. NB*: Recipients are Active Directory objects that have messaging
capabilities. The object itself does not receive messages. The messages are not
stored in Active Directory. Instead, they can reside in a mailbox on an
Exchange server, in a public folder, or in another messaging system. When the proper credentials are sent to the
domain controller for the user object, the contents of the mailbox become
available to the e-mail client like Outlook (in the inbox of the user). Figure 1.7:
Recipient Policies  EXAMPLES OF
TWO METHODS TO MIGRATE THE MAILBOXES: The Move
Mailbox Tool: The Move
Mailbox tool allows the organization to migrate users in sizeable numbers. The
Outlook profiles automatically are updated on the Desktop. Upon log on the
users are redirected to the new Exchange Server 2003 systems within the same
administrative group. During the installation process the Administrator can
choose to either create a failure report if corruption is detected or to skip
corrupted items and continue the mailbox move. Figure 1.8: Microsoft - Methodology for moving
the mailboxes  a)
Swing
Mailbox Server Migration b)
Cross-site
Mailbox Migrations NB* If the move is unsuccessful, the user’s mailbox will still be available on the
source Exchange 5.5 server. It is important to have a failed over design plan
at this point to avoid errors. In moving selected mailboxes to a different server, the duration of the
task will depend upon the size of each of the selected mailbox. Specify the
current mailbox store, the server, and the destination mailbox store. Decide on
the action that you want the utility to take if corrupted messages are found. MoveMailbox
Features: The Mailbox Wizard lets you decide, how it should react if one or more
corrupted messages are detected. If you select Create a failure report,
the mailbox containing corrupted messages will be left untouched, which
basically means it won’t be moved. But if you select Skip corrupted items
and create a failure report the mailbox will be moved, but any corrupted
items detected will be deleted from the mailbox, not only on the destination
server, but on the source server as well. It
is very important to think about failover methods always backup your stores to
media previous to the moves. Figure 1.9:
Exchange Task Wizard to Move Mailboxes  Option 1: The utility can create a failure
report (the report can be found in systemdrive\Documents and
Settings\profile name\My
Documents\Exchange Task Wizard Logs). This first option will not
allow the move of the mailbox. Option 2: The second option is to skip corrupted items and create a failure
report. With this option corrupted
items will be permanently deleted
from the mailbox. These items maybe recuperated from backup storage media. This option gives Advanced Properties such as the possibility to specify the maximum number of corrupted items to skip; when the maximum number of corrupted items is exceeded the mailbox will not be move. It is possible to set a Task Schedule period within which to streamline the move. Figure 1.10:
MoveMailbox options  It is
possible to make use of the bulk mailbox move tool in addition to the Active
Directory Users and Computers MMC snap-in to move Mailboxes. If the user has a
corrupted item the option Skip Corrupted Items can be use. The mailbox can
later be move manually even if it contains corrupted items with Exmerge. It is
possible to plan and schedule to move 100 to 200 mailboxes per day. The Move
Mailbox process can be scheduled to execute right away, 4 mailboxes are
processed at the same time, and this is the
Multithreading feature. Once the Mailboxes move has been completed, you can choose to view a detailed log file of the Move Mailbox operation, this log is saved in XML format and can be found under: Systemdrive\Documents and
Settings\profilename\My Documents\Exchange Task Wizard Logs Figure 1.11:
Migration with Active Directory Users and Computers 
ExMerge (download Exmerge.exe from the site of
Microsoft): This tool
extracts data from mailboxes on one Exchange server and then will merge the
data into mailboxes on another Exchange server. This is a Microsoft utility
that can extract the contents of a user’s mailbox to a personal storage (PST)
file. The .PST file created by ExMerge can be added to a user’s Outlook profile
so the user can access the contents of his old mailbox. The utility
can also import the .PST file to a destination mailbox to another server, site,
or organization. ExMerge can
also be used to move mailbox contents in organization-naming hierarchies.
Exceptionally because of the directory recognition of names (DN) there might be
errors. To avoid such issues every migrated mailbox must have the X.500
protocol (this protocol is an electronic directory of
people in an organization so that it can be part of a global directory
available to anyone in the world with Internet access.). Exmerge gives the
possibility to add the address of the old organization, either manually
or via a third-party tool. Also, Live Meeting scheduling may also be damaged or
lost with this tool. Potentially, moving
mailboxes with Exmerge requires more overhead administrative tasks. NB*: ExMerge can be used in disaster
recovery to archive the contents of the Exchange 5.5 mailbox in case a user
needs access to his old information. Figure 1.12:
Initial window for the ExMerge utility  ExMerge: Merges the following information:
ExMerge does not support the following
features:
One-step Merge process: This process
will copy the data from the source mailbox to a .PST and then merge the data
into the same mailbox on the destination server. The Distinguished Name (DN) of
the mailbox and container path of the source and destination servers must be
the same. Permissions: To do the ExMerge the Administrator must have
Service Account Administrator privileges in Exchange 5.5 at the Organization,
Site, and Configuration container levels. Exchange 5.5 Connectors and Synchronization: Connection
Costs: ·
The best migration path is to build parallel
connectors on Exchange Server 2003 systems. In this way, the Exchange 5.5 connectors can remain
intact and continue to route mail and perform directory synchronization with
the foreign mail system. ·
Configure the Exchange Server 2003 connector with a
higher cost and limited address space to perform controlled tests of mail flow.
The address space can be configured
to match that of the Exchange 5.5 connectors. ·
The Exchange
Server 2003 connector can begin routing all mail to the foreign system. ·
The Exchange 5.5 connectors also provide directory synchronization with foreign
mail systems. ·
Important
Notice: Directory synchronization on the Exchange Server 2003
version of the connector should not be
enabled. Migrating
Site Connectors: The Exchange
5.5 site connectors using RPC are replaced by the Routing Group Connectors in
the Exchange server 2003. Between two Exchange
2003 servers the SMTP protocol is used. Configure the local bridgehead server for the new Exchange Server 2003 connector
server extends it to create a
Routing Group Connector to the remote Exchange 5.5 server. The SMTP connectors use the Domain Name
System (DNS) protocol to deliver
mail across the Internet. However, if you are using this SMTP connector only to link two Exchange routing groups, to
forward the mail you must type the fully-qualified domain name (FQDN) of the
bridgehead server in the other routing group. Points to check for the Configuration Agreements: o
Specifications:
Exchange 5.x servers in other sites must still replicate the legacy
Configuration partition so they can calculate message routing. To help smooth
the transition, an Exchange 2003 server pretends to be a legacy Exchange server
so it can replicate the Configuration container to the other legacy servers.
That’s the job of the SRS (service replication service). o
Public
Folder Connection Agreements: Before the
consolidation process of Exchange 5.5 begins, a patch for the Exchange 5.5
DS/IS (Directory Store Information Consistency) must be installed to ensure
access control lists are updated – The Application of the patch must be done
prior to site consolidation see point 10.18.1 page 79 for more details on the
adjuster. Similarities
between the CAs:
The recipient Update Service places the newly installed Exchange server into
the Exchange Domain Servers group Testing Connection Agreements: Test the
Connection Agreements created by the ADC and see its functionalities and
operations. To find out the results of your test verify the logs files on the
ADC. Notice to see the events that occur as objects replicate back and forth
between legacy Exchange and Active Directory. Tests to
perform to verify functionality: (On VMWare Lab simulations)
Replication Issues:
Changing
Connection Agreement Endpoints: About Port 379 Change the
endpoint of a CA using the Properties window for the Connection Agreement in
the ADC Services console:
MIGRATION
PROJECT COMPLETION CHECKLIST: 1)
ADC is now
installed 2)
Primary
Exchange 2003 server is now installed 3)
Upon
creating a second Exchange Server 2003 in another site you must structure your
routing group connector
Important Notice: To replace
the legacy Site connectors, just install a Routing Group connector between
sites, select the Exchange 2003 as the bridgeheads, verify that messages flow
between those two bridgeheads, and then remove the Site connectors using legacy
Exchange Admin. Identify
Legacy Exchange Services: Important Notice: Before
making use of an Exchange 2003 server to calculate the GWART, transfer all
Internet mail routing to Exchange 2003 servers. When Exchange 2003 calculates
the GWART, it removes the @ sign from the address scope. Legacy Exchange
IMS requires this @ sign to work properly Completing Mailbox Moves: Important Notice: ESM can move four mailboxes at a time, so this portion of the migration should not take long unless you have users with extremely large mailboxes - "Managing Storage and Mailboxes".
FINAL STAGES OF THE INSTALLATION: NATIVE MODE CHECKLIST:
Figure 1.13:
Migration of Mailboxes
Figure 1.14:
Exchange Task Wizard
BEST
PRACTICES FOR NATIVE MODE: 1)
Make use of
the Exchange Deployment Tools for
the entire migration process to streamline the deployment and reduce risk. 2)
During the
migration make use of the Move Mailbox
process whenever possible, and resort to the ExMerge process only if migrating between Exchange organizations. 3)
It is best
to install the Active Directory
Connector on the first Exchange Server in the Site. 4)
It is best
to switch the AD domain to Native Mode in advance of the ADC setup and Exchange
migration, to ensure proper replication
of security groups. 5)
Consolidate sites and servers for
Exchange Server 2003 to significantly reduce the number of servers that will
need to be supported. 6)
It is best
to rely on the ADC Tools to configure the connection
agreements, and modify them only if there is a specific reason. 7)
For backward compatibility issues leave an
Exchange 5.5 Server in place only if it is needed to support connectors that
are unsupported in Exchange Server 2003. SECURITY GROUSP ISSUES
FOR EXCHANGE 2003: Native
Administrative groups containing only Server 2003 servers will be configured
with the PreferredSRS settings please revise KnowledgeBase 315408 for further status on compliance.
Only the preferred SRS will run in these administrative groups.
The Front-end Servers: The
Exchange Server 2003 front-end server grouping consists of servers dedicated to
providing client access to the Exchange mailbox servers via communication
protocols other than direct MAPI access.
For example, this includes access via OWA (HTTP/HTTPs), RPC/HTTP, Server
ActiveSync, POP3 and IMAP. Front-end Exchange server performance is bounded by
CPU, memory, and network resources but is not heavily dependent on storage I/O
since there is very little disk activity required. The Back-End Servers: This
infrastructure requires the highest performance as these servers are hosting
the users’ mailboxes and the user’s concurrent profiles on the Exchange server. Example:
from KnowledgeBase 315408
(see the Microsoft document for more information) Each
SRS runs an instance of KCC
(Knowledge Consistency Checker) Each
SRS must obtain ownership of a
naming context The
SRS will write the DN (distinguish name) of the site or Administrative Group
configuration container unto the SRS own configuration CA (connection
agreement). Now
when the KCC runs on other SRS the site KCC reads the site or Admin Group
configuration (DN) distinguished name from the 1st CA to find out if the Naming
Context has already been claimed. If
the naming context is a pure Exchange 5.5 environment the DN (distinguished
name) is added to: This
container:
If
the naming context is an Exchange 2003 Administrative group the NC (naming
context) is added to. This container:
If
it is a mixed Admin group It
is added to these containers:
Use
the tool: ADSI (Active Directory
Site Interface) to view the Connection Agreements under the ADC Now:
Service pack 2 build allows the Administrator to specify a specific SRS to be
responsible for creating new sites or administrative groups. All unclaimed NC
will be reallocated by the KCC arbitrarily. Reason:
to achieve the timely delivery of the mail these groups should be connected to
the core routing groups. allocate
storage unit to the Recovery Storage Group (RSG). At least 1.5 times the
maximum database size is allocated. Make
use of Jetstress.exe to verify any
performance issues of the disk. This product simulates the Exchange database
log file loads produced by a user. PROTOCOLS
LIST:
PFMIGRATE MIGRATION ISSUES: Rehoming public folders: Check for this particular .dll – scrrun.dll must be present for the
switch to run properly It is possible to replicate public folders to your new server and then
cancel the replication with the old one by using PFMIGRATE: Pfmigrate.wsf /S: /T:
/N: 20 /A /SF (Replicating)
Pfmigrate.wsf /S: /T: /N:20 /R /SF (Deleting)
Note: Public
Folders and also the clusters will be followed through within the production
environment around the 22nd of September within the lab
infrastructure Check that remote sites have been replicated into the Hub
site How to
verify replication between sites: CHKDS is a low-level utility that has the
ability to identify & fix problems in the directory database (dir.edb) which would prevent successful
intra-site or inter-site directory replication. CHKDSRO is a
read-only version of CHKDS however it does not have the ability to make any
changes or fix errors. This should be used first. HOW
IT IS TO BE USED? 1) Stop the Directory Service (or Site Replication Service for chksrs) NOTE: The Directory service
must be stopped before running chkds.exe else an error will occur 2) Open a command prompt and
go to the exchsrvr\bin directory 5) Type: chkdsro -showall >c:\chkds.txt NOTE: This will pipe the
results to the chkds.txt file 3) To correct errors, use CHKDS with a -fixXXX flag Ex: chkds -fixGarbageCollect To correct errors you must run with a -fixXXX flag otherwise
inconsistencies will only be reported. -Showall - Shows all of the output that the tool can produce. It
does not fix anything nor does it list every record in the dir.edb. -Checkpackedpages - A packed page is a JET page that contains a
record that has reached the maximum record size that is permitted by the
underlying JET engine. A packed page occurs in Dir.edb when the sum total
of the object's attribute data that is stored in the data table is larger than
3,784 bytes. This limit is imposed by the 4-kilobyte (KB) page size in Exchange
Server's JET implementation. What to do if a packed page is detected by ChkDS/ChkSRS?
Reference - fix - equivalent to running -fixRefcounts -fixOrphaned -fixGBA
-fixReplicaLinks - fixAllPackedPages - see above for explanation - fixRefcounts - fixes the references in attributes of objects that are
invalid - fixGarbageCollect - This will remove orphans that are created after a
parent object has been garbaged collected since it was actually marked for
deletion while the orphans were not. - fixOrphaned - Orphans are created when you delete a parent object but
not the child. The child is not marked for deletetion. It will attempt
to recreate object within the reference index using the attributes of that
object. - fixGBA - Fixes Address lists that contain invalid objects How to test
Mail: Telnet Spoofing principle Telnet 25 Make use of: helo or ehlo (HELO is standard SMTP, and EHLO is extended) Rcpt to: joe.blow@domain.com User
unknown (etc…) REFERENCE MATERIAL:
http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/default.mspx
http://www.microsoft.com/exchange/downloads/2003.asp
http://support.microsoft.com/newsgroups/?pr=newsgexch2k
http://www.microsoft.com/technet/prodtechnol/exchange/2003/default.mspx
http://www.msexchange.org/tutorials/Improvements_Exchange_2003.html
http://www.computerperformance.co.uk/exchange2003/exchange2003_troubleshooting.htm
http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/default.mspx
|
Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.
Copyright Stephen Bryant 2008
