Exchange 2003 Migration Roadmap

Safely find your way to Exchange 5.5 to Exchange 2003.

Bill: My company is ready to move from Exchange 5.5 to Exchange 2000 or Exchange 2003. We have Windows 2000 with Exchange 5.5 and OWA on one front-end server and Exchange 5.5 on Windows NT 4.0 Service Pack 6a on another. The NT server is a BDC but the domain runs Windows 2000 with Active Directory. I have seen documentation (see KnowledgeBase article 822179, "Overview of Operating System and Active Directory Requirements for Exchange Server 2003" at
) that indicates Exchange 2003 is only supported in Active Directory environments with Windows 2000 and/or 2003 domain controllers and global catalog servers. Even though I still have an NT BDC, my Active Directory environment complies with requirements.

Can I safely introduce a new Exchange 2003 server into the Exchange 5.5 site? If yes, should I install Exchange 2003 on Windows Server 2000 or 2003? The goal is to use the Exchange Server Deployment tools to migrate Exchange 5.5 Mailboxes and Public Folders.

George: Just as a summary, you have a mixed-mode Windows 2000 domain with Exchange 5.5 servers running on Windows 2000 and NT 4.0 servers. In this configuration, you can introduce new Exchange 2000 or Exchange 2003 servers, with this caveat: You can't create Universal groups in a mixed-mode domain. In a multi-domain forest, using Global groups for e-mail distribution can cause incomplete group membership expansion. It sounds like you only have one Active Directory domain, but you never know what the future holds, so you need to plan for a mode shift as soon as possible in the Exchange migration.

I recommend jumping directly to Exchange 2003, as it has all the latest fixes and code updates and represents a more mature messaging platform. Exchange Server 2003 also automates many of the processes required to migrate account information and permissions from legacy mailboxes and public folders. Your OWA users will really like the new interface and additional features in Exchange 2003 OWA. Also, if you want to use a front-end/back-end architecture for OWA, you only need to buy Exchange Server 2003 Standard Edition for the front-end server—that's a significant savings.

I also recommend upgrading to Windows Server 2003 to get the security improvements, the reliability enhancements in IIS 6.0 and the improved handling for group membership changes. That being said, you can run Exchange 2003 servers in a Windows 2000 domain and you can even run Exchange 2003 on Windows 2000 servers (SP3 or higher) but since you're going to spend quite a bit of time on this migration, why not get to the most current platforms?

Get Help from Bill

Got a Windows or Exchange question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to Bill at; the best questions get answered in this column.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message but submit the requested information for verification purposes.)

You can't upgrade an Exchange server directly from Exchange 5.5 to Exchange 2003. [Note: The preceding sentence originally contained a typographical error. The sentence has been corrected.—Editor] You'll need to introduce a new Exchange server. Here's a brief roadmap. I'm going to assume that you upgrade to Windows Server 2003, as well.

Upgrade the Forest to
Windows 2003

You can upgrade the current Windows 2000 domain controller if you have confidence in your configuration control, or you can introduce a new server to get a pristine installation of Windows Server 2003 with all the new security enhancements. You sound as if you only have a single Windows 2000 domain controller, so adding a second Active Directory domain controller would be a good move. You can then upgrade the PDC Emulator to Windows Server 2003 or demote it, wipe the drives, install Windows Server 2003 and promote it to be the second domain controller. Don't tempt fate by having anything less than two domain controllers in a domain. Three is better, because you can take one domain controller down for maintenance and still have two up and running. Also, you'll want a couple of Global Catalog servers so that Exchange can expand group membership and Outlook can get the Global Address List.

Install SP4 and the Latest Security Patches on the
Exchange 5.5 Servers

You can get by with Exchange 5.5 SP3 on the end-point servers for Active Directory Connector (ADC) Connection Agreements, but why introduce complexity? Get all servers at the most current service pack and patch level.

Normalize Mailboxes
Spend an afternoon, maybe a long afternoon, validating that you have a one-to-one match between each legacy Exchange mailbox and an Active Directory user. At the same time, verify that each mailbox owner actually exists in Active Directory. The Exchange 2003 ADC has tools for this, but why wait until you're in the middle of the migration to find that you have a problem?

Verify Public Folder Permissions
Spend another long afternoon going through the permission list for each public folder to ensure that the recipients and distribution lists actually exist. This avoids having zombies on the permission lists; that is, distinguished names that do not point at a valid account in the legacy Exchange directory service.

Install Active Directory Connector (ADC)
This updates the Active Directory schema to include all changes required by Exchange Server 2003, so it takes some preparation on the Windows side.

Configure Recipient and Public Folder Connection Agreements A Connection Agreement (CA) defines a pathway and translation rules for synchronizing mail-enabled objects in Active Directory and the legacy Exchange directory service. You'll get warnings because your domain is in Mixed mode, but you'll correct that problem in short order.

Install the First Exchange 2003 Server
This creates a Configuration connection agreement in the ADC that copies information about the legacy Exchange organization into Active Directory. This server also runs an instance of the Site Replication Service (SRS) so the Exchange 2003 server can act as an endpoint for a Connection Agreement.

Move Connection Agreement Endpoints
The ADC Connection Agreement Wizard initially assigns endpoints to legacy Exchange servers. Manually move the endpoints of these CAs to the Exchange 2003 SRS server.

Move Mailboxes
Now that you have a fully functional Exchange 2003 server, you can move mailboxes to it from the legacy Exchange servers in the same site. You may want to install additional Exchange 2003 servers if you need the extra storage capacity and horsepower, or you can install Exchange 2003 Enterprise Edition and create additional storage groups and mailbox stores. Exchange is still in Mixed mode, so you cannot move mailboxes directly between servers in different legacy sites.

Move Connectors
The legacy Exchange server could host a variety of connectors, such as the Internet Mail Service (IMS), Site connectors, Directory Replication connectors, and possibly connectors for X.400 and third party e-mail systems. You'll need to create new connectors on the Exchange 2003 server and make sure that those connectors work satisfactorily before removing the legacy connectors. You'll need Exchange Server 2003 Enterprise Edition to get an X.400 connector.

Decommission the Legacy Servers
At this point, you no longer need the legacy Exchange servers in this particular site. De-install Exchange from the servers. This removes their objects from the organization both in the legacy Exchange directory service and from Active Directory.

Decommission the NT BDCs
This eliminates the need to support legacy LanMan replication.

Shift the Domain and Forest to Windows Server 2003
Functional Level

This enables you to create Universal Security Groups, a requirement for proper Exchange operation in a multiple domain forest. You can change any Global groups to Universal groups after you upgrade the functional level.

Repeat for Other Sites
While upgrading the first Exchange site to Exchange 2003, start upgrading the other sites using the same steps.

Shift to Exchange Native Mode
With all legacy servers decommissioned, remove the Site Replication Service from all Exchange 2003 servers then set a flag in the Organization that puts it in Native mode. This releases the organization from compatibility with legacy Exchange and enables the new Exchange Server 2003 features.

Hope this helps.

comments powered by Disqus

Reader Comments:

Sat, Mar 19, 2011 umsdfot alHAn5 dtgqenwxplql, [url=]beuitynvrinr[/url], [link=]kpgvjsxbmbfq[/link],

alHAn5 DOT , [url=]beuitynvrinr[/url], [link=]kpgvjsxbmbfq[/link],

Thu, Aug 25, 2005 JAPHspam hacker
I just like spam! I'm collocting junk email...

Sat, Apr 2, 2005 G. Smith Anonymous

Take a look for U-Promote from Algin Software if you need to retain the NT4 box. This will strip the domain SID, making it a standalone box which you can then join to the domain as a member. I've used it on NT4 DC's acting as Exchange and SQL servers and had no noted issues. It's relatively cheap - $100 or so to do a single server; mre for an unlimited license. Despite my good results - it is NOT supported by Microsoft; just a FYI. Works great though. Good luck.

Tue, Feb 15, 2005 Anonymous Anonymous


Tue, Feb 15, 2005 Anonymous Anonymous

real bad

Wed, Feb 9, 2005 Rick Reading, UK

Like George I have 1 machine running Exchange 5.5 on NT4 BUT my biggest concern is that it is also a BDC and can't be demoted to member server easily. It is the only NT BDC in a otherwise Windows 2003 Interim Domain Mode. All other DCs are 2003 - no 2000. Can I definately install Exchange 2003 on a brand new 2003 server and move the mailboxes across, with x2 2003 DCs and 1x NT BDC (where 5.5 is residing).
Do I HAVE to somehow get ALL DCs to AD 2003 Level???????

Your help will be greatly appreciated.

Tue, Dec 28, 2004 rick g montana

Thanks - it helps my situation but doesn't resolve all my questions - I will submit one after more diggin using information from this fine article. Thank you!

Tue, Sep 7, 2004 Anonymous Anonymous

Your "Move Mailboxes" section does not go into detail about moving mailboxes between sites and the pain involved with that. We found a third party tool to help speed this and most of the other issues you present here. (fyi

Thank for the info - keep up the good work!

Tue, Mar 30, 2004 Anonymous Anonymous

good outline of steps. A little more detail would not hurt though.

Sat, Mar 6, 2004 Richard UK

I am studying for my final exam for the MCSE on windows 2000 which is 70-224 Exchange 2000 Server Administration. One comment made in the article by Bill Boswell is that "You can't upgrade an exchange server directly from Exchange 5.5 to Exchange 2000. You'll need to introduce a new Exchange server".

I would like to chellenge this - quoting page 194 of the MCSE Training Kit for Exchange 2000 written by Microsoft Corporation and Kay Unkroth:
Chapter 6 - Upgrade and Migration Strategies>

Upgrade Strategies

In general, you have to decide between two upgrade strategies. You can either install Exchange 2000 Server directly on a computer running Exchange Server 5.5, performing an in-place upgrade, or join an existing Exchange Server 5.5 site with a new server and move mailboxes and other resources to Exchange 2000 Server manually, which corresponds to a move-mailbox upgrade.

In-Place Upgrade

The in-place upgrade is simple and quickly accomplished, but it is only supported over Exchange Server 5.5 Service Pack 3 or later. When you launch the Exchange 2000 Setup program directly on a computer running Exchange Server 5.5 Service Pack 3, the previous version is detected automatically, and Setup switches into upgrade mode, not allowing you to add additional components or change the existing configuration in any way. To make any changes, you will need to launch Setup one more time after the upgrade in maintenance mode, which was introduced in Chapter 5, "Installing Microsoft Exchange 2000 Server."

Please can someone email me about this as I am genuinely confused, and I think its quite important to clarify this as I am supposed to be taking my exam shortly....

Wed, Feb 18, 2004 rsangha Anonymous

Superb artilcle Mr. Boswell - but very importantly, excellent correction and comments from G.

Tue, Feb 17, 2004 G Anonymous

One thing that always seems to be left out about being in a native versus mixed mode is this. If a distribution list in Exchange 5.5 is used to secure a public folder and then that public folder is homed on an Exchange 2000 server the access control list on the public folder will be ambiguous because Exchange tells AD to turn the ADC created Universal distribution group to a Universal security group and AD can't do that because it's in mixed mode. This is a very big deal in environments that do this.

Second there is a typo. You CAN upgrade from 5.5 to 2000, you CAN'T upgrade from 5.5 directly to 2003 unless you call an upgrade going from 5.5 to 2000 then 2003. :-)

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.