Exchange 2003 Migration Roadmap
Safely find your way to Exchange 5.5 to Exchange 2003.
- By Bill Boswell
My company is ready to move from Exchange 5.5 to
Exchange 2000 or Exchange 2003. We have Windows 2000 with Exchange 5.5
and OWA on one front-end server and Exchange 5.5 on Windows NT 4.0 Service
Pack 6a on another. The NT server is a BDC but the domain runs Windows
2000 with Active Directory. I have seen documentation (see KnowledgeBase
article 822179, "Overview of Operating System and Active Directory
Requirements for Exchange Server 2003" at http://support.microsoft.com/default.aspx?
) that indicates Exchange 2003 is only supported
in Active Directory environments with Windows 2000 and/or 2003 domain
controllers and global catalog servers. Even though I still have an NT
BDC, my Active Directory environment complies with requirements.
Can I safely introduce a new Exchange 2003 server into the Exchange 5.5
site? If yes, should I install Exchange 2003 on Windows Server 2000 or
2003? The goal is to use the Exchange Server Deployment tools to migrate
Exchange 5.5 Mailboxes and Public Folders.
George: Just as a summary, you have a mixed-mode Windows
2000 domain with Exchange 5.5 servers running on Windows 2000 and NT 4.0
servers. In this configuration, you can introduce new Exchange 2000 or
Exchange 2003 servers, with this caveat: You can't create Universal groups
in a mixed-mode domain. In a multi-domain forest, using Global groups
for e-mail distribution can cause incomplete group membership expansion.
It sounds like you only have one Active Directory domain, but you never
know what the future holds, so you need to plan for a mode shift as soon
as possible in the Exchange migration.
I recommend jumping directly to Exchange 2003, as it has all the latest
fixes and code updates and represents a more mature messaging platform.
Exchange Server 2003 also automates many of the processes required to
migrate account information and permissions from legacy mailboxes and
public folders. Your OWA users will really like the new interface and
additional features in Exchange 2003 OWA. Also, if you want to use a front-end/back-end
architecture for OWA, you only need to buy Exchange Server 2003 Standard
Edition for the front-end server—that's a significant savings.
I also recommend upgrading to Windows Server 2003 to get the security
improvements, the reliability enhancements in IIS 6.0 and the improved
handling for group membership changes. That being said, you can run Exchange
2003 servers in a Windows 2000 domain and you can even run Exchange 2003
on Windows 2000 servers (SP3 or higher) but since you're going to spend
quite a bit of time on this migration, why not get to the most current
Help from Bill
Got a Windows or Exchange question or need troubleshooting
help? Or maybe you want a better explanation than provided
in the manuals? Describe your dilemma in an e-mail
to Bill at mailto:email@example.com;
the best questions get answered in this column.
When you send your questions, please include your
full first and last name, location, certifications (if
any) with your message. (If you prefer to remain anonymous,
specify this in your message but submit the requested
information for verification purposes.)
You can't upgrade an Exchange server directly from Exchange 5.5 to Exchange
2003. [Note: The preceding sentence originally contained a typographical error. The sentence has been corrected.—Editor] You'll need to introduce a new Exchange server. Here's a brief roadmap.
I'm going to assume that you upgrade to Windows Server 2003, as well.
Upgrade the Forest to
You can upgrade the current Windows 2000 domain controller if you have
confidence in your configuration control, or you can introduce a new server
to get a pristine installation of Windows Server 2003 with all the new
security enhancements. You sound as if you only have a single Windows
2000 domain controller, so adding a second Active Directory domain controller
would be a good move. You can then upgrade the PDC Emulator to Windows
Server 2003 or demote it, wipe the drives, install Windows Server 2003
and promote it to be the second domain controller. Don't tempt fate by
having anything less than two domain controllers in a domain. Three is
better, because you can take one domain controller down for maintenance
and still have two up and running. Also, you'll want a couple of Global
Catalog servers so that Exchange can expand group membership and Outlook
can get the Global Address List.
Install SP4 and the Latest Security Patches on
Exchange 5.5 Servers
You can get by with Exchange 5.5 SP3 on the end-point servers for Active
Directory Connector (ADC) Connection Agreements, but why introduce complexity?
Get all servers at the most current service pack and patch level.
Spend an afternoon, maybe a long afternoon, validating that you have a
one-to-one match between each legacy Exchange mailbox and an Active Directory
user. At the same time, verify that each mailbox owner actually exists
in Active Directory. The Exchange 2003 ADC has tools for this, but why
wait until you're in the middle of the migration to find that you have
Verify Public Folder Permissions
Spend another long afternoon going through the permission list for each
public folder to ensure that the recipients and distribution lists actually
exist. This avoids having zombies on the permission lists; that is, distinguished
names that do not point at a valid account in the legacy Exchange directory
Install Active Directory Connector (ADC)
This updates the Active Directory schema to include all changes required
by Exchange Server 2003, so it takes some preparation on the Windows side.
Configure Recipient and Public Folder Connection
Agreements A Connection Agreement (CA) defines a pathway and translation
rules for synchronizing mail-enabled objects in Active Directory and the
legacy Exchange directory service. You'll get warnings because your domain
is in Mixed mode, but you'll correct that problem in short order.
Install the First Exchange 2003 Server
This creates a Configuration connection agreement in the ADC that copies
information about the legacy Exchange organization into Active Directory.
This server also runs an instance of the Site Replication Service (SRS)
so the Exchange 2003 server can act as an endpoint for a Connection Agreement.
Move Connection Agreement Endpoints
The ADC Connection Agreement Wizard initially assigns endpoints to legacy
Exchange servers. Manually move the endpoints of these CAs to the Exchange
2003 SRS server.
Now that you have a fully functional Exchange 2003 server, you can move
mailboxes to it from the legacy Exchange servers in the same site. You
may want to install additional Exchange 2003 servers if you need the extra
storage capacity and horsepower, or you can install Exchange 2003 Enterprise
Edition and create additional storage groups and mailbox stores. Exchange
is still in Mixed mode, so you cannot move mailboxes directly between
servers in different legacy sites.
The legacy Exchange server could host a variety of connectors, such as
the Internet Mail Service (IMS), Site connectors, Directory Replication
connectors, and possibly connectors for X.400 and third party e-mail systems.
You'll need to create new connectors on the Exchange 2003 server and make
sure that those connectors work satisfactorily before removing the legacy
connectors. You'll need Exchange Server 2003 Enterprise Edition to get
an X.400 connector.
Decommission the Legacy Servers
At this point, you no longer need the legacy Exchange servers in this
particular site. De-install Exchange from the servers. This removes their
objects from the organization both in the legacy Exchange directory service
and from Active Directory.
Decommission the NT BDCs
This eliminates the need to support legacy LanMan replication.
Shift the Domain and Forest to Windows Server 2003
This enables you to create Universal Security Groups, a requirement for
proper Exchange operation in a multiple domain forest. You can change
any Global groups to Universal groups after you upgrade the functional
Repeat for Other Sites
While upgrading the first Exchange site to Exchange 2003, start upgrading
the other sites using the same steps.
Shift to Exchange Native Mode
With all legacy servers decommissioned, remove the Site Replication Service
from all Exchange 2003 servers then set a flag in the Organization that
puts it in Native mode. This releases the organization from compatibility
with legacy Exchange and enables the new Exchange Server 2003 features.
Hope this helps.
Contributing Editor Bill Boswell, MCSE, is the principal of Bill Boswell Consulting, Inc. He's the author of Inside Windows Server 2003 and Learning Exchange Server 2003 both from Addison Wesley. Bill is also Redmond magazine's "Windows Insider" columnist and a speaker at MCP Magazine's TechMentor Conferences.