Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site
Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Shannal L. Thomas
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links

 

 
  The Migration of Exchange 5.5 to 2003 Server
THE MIGRATION OF EXCHANGE 5.5 TO 2003 SERVER

 

OBJECTIVE:

 

Electronic messaging services within a company remains a mission critical application and its implementation is a vital part to the conduct of everyday business strategies, needs and goals. Within the organization the business requirements now include the safeguard of electronic content retention best practices. Therefore, it is important to see to it that a migration project is undertaken with a lot of care. Read this document carefully to gain a good understanding of not only the pre-requisites but also the migration path from mixed to native mode.  

The delivery of mail is a challenging task which includes the support of thousand of users within the corporation environment. The new infrastructure must set up procedures to respect compliance, corporate governance and internal regulatory policy enforcement.  Affirmatively, business guidelines and principles for the preservation of electronic mail within the corporate body must now be taken into consideration. This requires that companies learn how to standardize their projects to meet not only corporate needs but also judicial demands.

The granularity of server management depends upon a business model that will sustain the rationalization of all of the mechanics of the migration project from Exchange 5.5 to Exchange 2003. It is understood that the migration will introduce many changes upon the business model. It is to be undertaken by keeping the infrastructure model and design flexible without the impairment of performance.

 

 

SETUP PROCEDURES FOR THE MIGRATION:

 

MANAGING THE MIGRATION:

  • Domain controller location. You’ll need at least one Domain Controller in each office that has an Exchange 2003 server
  • Global Catalog server location. Need at least one Global Catalog server in each office that has an Exchange 2003 server. This can also act as the local Domain Controller. The simplest way to accomplish this is to make all branch office DCs into GCs. Microsoft recommends a minimum of one GC server for every four Exchange processors, not servers.
  • DNS configuration. Make certain that DNSLint shows no errors, other recommended tool KILLADCGN.EXE to verify chkds Checkdisk and chkdsro (CheckReplicationOrphan objects in AD); 
  • Active Directory Native Mode. Important Notice: The Active Directory domain containing the Exchange servers must be in Native Mode so that you can use Universal Security Groups for e-mail distribution.
  • Replication or authentication problems. Verify Event Viewer to have no errors from directory service replication, KCC topology calculations, or authentication errors originating from domain controller accounts. You can use the EventCombMT utility (download from Microsoft). EventCombMT is part of the Account Lockout and Management and Lockout
  • Domain Prerequisites Considerations : Name Resolution, ADC Staging OU, ADC Staging, Verify trusts issues, Replication topology

 

Verify Current Exchange Organization Roles and Distributions:

 

Exchange server version

Site configuration

Site connectors and Directory Replication connectors

Internet connectors

Unsupported connectors

Key Management Services

Compatible backup

Antivirus and Antispam software

Patches

E-mail dependent applications

Exchange 2000 instant messaging

 

Pre-Requisites and Precautions before the installation:

 

  • Security patches (ISDS for Exchange) 
  • In order to preserve Exchange 5.5 Public Folder Access Control Lists (ACLs) after mailboxes or distribution lists are moved between sites the Administrator will need to install an Exchange 5.5 DS/IS hotfix (http://support.microsoft.com/?kbid=836489) on every Exchange 5.5 Public Folder server prior to moving mailboxes or DLs between sites. 
  • The Consistency Adjuster must be run for each server in each site.
  • Windows service packs (SP4.0 for Exchange 5.5 while Exchange 2003 is on SP2.0 this information must be revised on the website of Microsoft for the latest updates)
  • Considerations - Mobile Information Server (MIS) --To preserve functionality for existing mobile users during the Exchange 2003 deployment, keep at least one MIS 5.5 servers running as you migrate to Exchange 2003.
  • Instant Messaging (IM) and Chat --This functionality has been replaced by Live Communication Server (LCS) in Exchange 2003.

 

  • CcMail connector -- If you are running ccMail (mainly for Lotus Mail Agents) in the organization along with Exchange, it’s time for a final transition upon the migration path to Exchange 2003.
  • Backup, Antivirus, and Antispam software compatibility issues and third party software issues

 

  • ADC upgrades considerations - You must upgrade the ADC servers to Exchange 2003 ADC prior to introducing any Exchange 2003 servers into the organization. The ADC upgrade modifies the schema, so make sure that the Schema Master is available.
  • Front-end/back-end upgrades. - If you have an existing deployment such as for example, Exchange 2000 that uses a distributed architecture, upgrade the front-end servers first and then upgrade the backend servers.

 

 

PRE-MIGRATION NORMALIZATION ISSUES:

 

Install service packs (verify Microsoft website for the latest versions)

Normalize mailboxes (size sum check)

Verify public folders permissions (permissions will affect the RUS)

Migration Account Rights Ensure the account(s) used for the migration process are given ‘Service Account Admin’ rights at the Organization, Site and Server level.

Simple-Synchronisation Ensure the Simple-Sync replication schedule is set to every twelve hours (12 hours) - Exdeploy.hta. (Deployment tools)

 

 

Considering ultimate performance:

  • Domain Upgrade
  • Upgrade the current PDC to Windows Server 2003.
  • Install additional Windows Server 2003 domain controllers
  • Shift the domain and forest to Windows Server 2003 functional level

 

Network Infrastructure Considerations:

  • Traffic patterns
  • Outages
  • Remote users
  • Routing groups

 

Costs Topology:

  • Server software
  • Client Access Licenses (CALs)
  • Additional personnel
  • Training
  • Client software

 

Additional Networking Considerations:

  • Directory service connection failures
  • Inability to access public folders
  • Inability to replicate public folders with legacy Exchange
  • Incompatible historical backups
  • Hardware failures
  • Software compatibility failures

 

 

Considering Final Networking Objectives:

  • No service interruptions
  • Single mailbox-enabled account for each user
  • Retain existing mailbox and public folder permissions.
  • Fastest possible introduction of new features
  • Maximize existing hardware

 

Domain Prerequisites Considerations:  Name Resolution, ADC Staging OU, ADC Staging, Verify trusts issues, Replication topology. ADC, DcDiag, NetDiag, AD Snapshot, Log Files, Event Viewer Security, Application and System Logs

NB*: Remove Internet Explorer Enhanced Security. ADC Setup will make extensive use of Internet files (.html, .hta, etc.). Windows Server 2003 has a feature called Internet Explorer Enhanced Security that forces a security launched wizard. Remove this feature from the server for the duration of the ADC and Exchange setup.

  1. Launch Control Panel.
  2. Open the Add/Remove Programs applet.
  3. Click Add/Remove Windows Components
  4. Uncheck the Internet Explorer Enhanced Security Configuration option
  5. Click Next to accept the change.

 

Primary Reports and Log Files verifications:

  • DSConfigSum. This test reports the total number of sites and the number of servers in each site.
  • DSObjectSum. This utility reports the total number of public folders, distribution lists, distribution lists with hidden membership, and custom recipients.
  • UserCount. This test reports the total number of recipients (users) in the organization, broken down by site.
  • VerCheck. This test verifies that you have the right Exchange version and service pack level on your Exchange servers.  
  • NB*:  The main log file for the deployment is Exdeploy.log. It shows the result of each test performed by DSScopeScan.

 

 

INSTALLATION CONTROLS:

 

 

The Extending of the Active Directory Schema:

 

/Forestprep switch is used to extend the Active Directory schema.

  • Will modify the Active Directory Schema to include new attributes and classes used by Exchange 2003 and also installs the top-level objects for a placeholder organization tree in the Configuration Naming Context in the Active Directory forest.

 

 

Preparing the Windows Server 2003 Domains to Support Exchange Server 2003:

 

/Domainprep It will prepare the domains that will host Exchange servers or mailbox-enabled users

  • This creates objects in the Active Directory domain that represent Exchange service accounts, public folders, and groups that represent Exchange servers in the domain and the enterprise.

 

It will configure the Recipient Update Service parameters responsible for keeping Exchange address lists up-to-date and for creating proxy addresses for users based on recipient policy addressing configuration.

 

NB*: Recipients are Active Directory objects that have messaging capabilities. The object itself does not receive messages. The messages are not stored in Active Directory. Instead, they can reside in a mailbox on an Exchange server, in a public folder, or in another messaging system.

 

How these objects work:

When the proper credentials are sent to the domain controller for the user object, the contents of the mailbox become available to the e-mail client like Outlook (in the inbox of the user).

 

It will also create the Exchange Server 2003 specific groups (permissions) that allow Exchange services to run without a service account.

 

Domainprep will create two new groups:

 

a)       Exchange Domain Servers

b)       Exchange Enterprise Servers

 

 

Utilities to Run to verify the settings of the Organization:

 

1)       OrgPrepCheck

2)       OrgCheck

3)       PolCheck

 

OrgPrepCheck: Verifying the Organization Settings with OrgPrepCheck. To validate the  Forestprep and Domainprep utilities were functionally successful. The OrgPrepCheck utility is found via the Exchange Deployment Tools and is a recommended way of determining whether it is safe to proceed with the migration process.

OrgCheck: This test is made to verify that the Setup created the proper Exchange objects in the Configuration naming context and Domain naming context. By making sure that the Exchange Domain Servers group, Exchange Enterprise Servers group, and Exchange Services group exist. It also will verify that the schema changes are propagated and that it can find a Global Catalog server in the same site as the ADC server.

PolCheck: This test queries each domain controller in the domain to determine if the Exchange Enterprise Servers group has been given the Manage Auditing and Security Logs privileges. If the changes have not been created it is possible to make use of Active Directory Sites and Services to force replication to the affected problematic Domains to run OrgPrepCheck again.

 

Manage the (ADC) Active Directory Controller:

Do not make use of the ADC that comes on the Win 2000 or Win 2003 Setup CD. These specific versions of ADC do not map special attributes required by Exchange recipients and public folders. If you have already installed the operating system version of the ADC, remove it before installing the Exchange version. Also, unlike the Exchange files themselves, you can do the initial installation of the ADC using the Exchange service pack files. The ADC uses LDAP to query and update servers. The ADC stores configuration parameters in Active Directory objects called Connection Agreements (CAs). A CA defines object types for the ADC to copy, the source and target containers for the objects, a replication schedule, and credentials to use for making inter-server replication connections between sites.

 

Failed Over Principle: The (ADC) Active Directory Connector has the capacity to delete objects in both directories, as a pre-migration rule and precaution the data should be stored. This failed over principle is important for if things go wrong during the migration an authoritative restore must be performed with the NTDSUTIL utility of the Active Directory Database.

 

Fail Over practices for recovery purposes during the migration:

This particular tool is going to provide a fail over practice which is the standard approach to perform database maintenance of Active Directory

-         managing of single master operations

-         managing of the metadata in regards to the Domain Controllers

             Found in systemroot\System32\

May also perform the restore from Backups

 

CONFIGURING THE ACTIVE DIRECTORY CONNECTOR (ADC):

Step 1: Before installing the ADC the Administrator must create or choose a user account that will be used to run the ADC service and manage the (CA) connection agreements.

Step 2: Permissions rights for the (DC) Domain Controller: This account needs to be added to the Administrators group in the domain if the ADC is installed on a domain controller.

 

Step 3: Permissions rights for a Member Server: This account needs to be added to the local Administrators group. Must standardize the rights on both sides 5.5 Admin and 2003 server by adding the service accounts from both administrative accounts to gain the proper credentials (service account Admin group)

 

Step 4: To install the ADC there are two (2) options ADC Setup from the Auto Run menu, or simply invoke the setup from the Exchange Deployment Tools.

 

 

Figure 1.1: Exchange Deployment Tools

 

 

Step 5: Before building the installation of the (CA) connection agreements the Administrator must configure the Attribute replication, account-matching rules, diagnostic logging properties and replicating directory entries. (Very important)

 

Step 6: Once the ADC is installed with its account credentials and services it will be time to configure the connection agreement (CA) and to begin synchronizing the Active Directory and Exchange 5.5 directories. 

 

VERIFY THE CONNECTIVITY WITH  ACTIVE DIRECTORY:

 

Run the Exchange 2003 SP1 version of exdeploy.exe with the following switches to test the ADC configuration.

           

            \\%pathname%\exdeploy.exe /t:ADCCheck /p:\\%logpath% /s:<Server Name>

 

·       Initial ADC Attribute Copy , ADC-Global-Names Attribute Creation

·       NT Account Migrations -Invalid User Accounts , Do not Enable the Disabled User Objects

·       Multiple Mailbox Owners (NTDSNoMatch) set an exclusion standard on the account

·       Active Directory Account Cleanup Wizard

·       ADC and Distribution Lists  - Automatic Security Group Upgrades

·       Distribution List Membership

·       ADC Setup Permissions – ADC Server Selection – ADC Service Account Selection

Synchronisation: The connection agreements (CA) in the ADC are necessary to synchronize directory entries between the Exchange 5.5 and Exchange Server 2003 systems.

 

Dispositions: Can be installed on a Member Server or on the 1st Exchange 2003 Server installed.

 

Implementation of CA: At this point you can choose to implement one or more (CA) connection agreements within the organization. It must be done because of the migration process for it will not sustain issues of fault tolerance or load balancing. For managerial purposes of the migration installation procedures the best practise is to install a single ADC with one connection agreement for each Exchange 5.5 site.

 

Site Replication: The 5.5 Exchange Server and the installed ADC must be on the same physical network segment.

 

Permissions: The rights must be Schema Admin and Enterprise Administrator both are required to install the ADC.

 

Installation Process: Allocate at least two hours for the replication of about 5,000 objects within a single direction. But, the length of time for replication really varies on the number of

Connection Agreements that is present and on the recipient containers on the populated attributes and on the actual directory objects.

 

SYNCHRONIZATION BY USING THE  ADC TOOL:

·       ADC Tools: Simplify the process of testing prerequisites and installing Connection Agreements. It will synchronize the active directory forest with the Exchange 5.5 directory during the migration process. Schema changes will now be fully replicated so that every domain is properly updated to include the necessary Exchange objects for the migration.

·       Tool Settings: This step is to specify the name of the Exchange 5.5 server to use for data collection and the location for the ADC logs.

·       Data Collection: This step ultimately will run a suite of utilities that scans both Active Directory and the legacy Exchange directory service to find parameters that will be synchronized by the ADC.

·       Connection Agreement Wizard: This step is used to create Connection Agreements that define the replication endpoints of the ADC and determine how attributes will be mapped between the endpoints.

·       Final Checks: To check the Active Directory users to make sure the Exchange attributes appear in their properties using the Active Directory Users and Computers.

OBJECT DELETION WITH THE ADC:

1)       If you delete a mailbox-enabled user in Active Directory, the ADC deletes the corresponding mailbox in legacy Exchange.

2)       If you delete a mail-enabled group or contact in Active Directory, the ADC deletes the corresponding distribution list or custom recipient in legacy Exchange.