CHAPTER
6
PREPARATION OF EXCHANGE SERVER
ENVIRONMENTS
The actual upgrade form Exchange Server 5.5 is relatively easy compared to the various prerequisites
that must be met.
You will use the Active Directory Connector (ADC) to populate and synchronize user accounts with
mailbox information.
Preparing the Windows Environment
Hence, your preparation requires an upgrade to Windows 2000 Server and Active Directory first.
Upgrading the Primary Domain Controller
To avoid the installation of separate Windows 2000 domains, consider upgrading the PDCs in your
domain environment directly. A SID is a value uniquely identifies a user account and is used by
Windows 2000 to Determine access permissions.
Site Services Account Upgrade
Exchange 2000 Server is unable to work with Windows NT 4.0-based security information.
NOTE: You don’t need to upgrade your entire Windows NT 4.0 environment to Windows 2000 to
upgrade to Exchange 2000 Server. However, it is a good idea to upgrade at least the PDCs of
all your user domains.
Active Directory Migration Tool
Through the old SID preserved in the SIDHistory attribute, the Windows 2000 user can access
all network resources available to the source account, provided that trusts exist between the
windows NT domains and the clone’s Active Directory domain.
=======================================================================
winexc6.html PAGE
2 2002/06/09
Avoiding LDAP Ports Conflicts
When upgrading PDCs or backup domain controllers (BDCs) running Exchange Server 5.5, you
need to change the LDAP port number for the Exchange Directory service.
NOTE: Microsoft recommends changing the LDAP port for the Exchange directory service prior
to upgrading to Windows 2000 and Active Directory.
Exercise Summary:
change the
Upgrading the Operating System
Exchange 2000 Server can only be installed on a computer running Windows 2000 Server, Windows
Advanced Server, or Windows Datacenter Server updated Windows 2000 Service Pack 1.
Mixed Domain Environments
Active Directory supports mixed networks containing computers running Windows NT Server 4.0 and
Windows 2000 Server, so you don’t need to upgrade all operating systems at once before installing
Exchange Server 5.5 one at a time.
Configuring the Active Directory Connector
To ensure a common global address list for all users, whether they still reside on Exchange Server
5.5 or are migrated to Exchange 2000 Server, you need to synchronize the directories with each other.
Windows 2000 Versus Exchange 2000
Server
To support Exchange Server 5.5, Windows 2000 provides a basic ADC version. The ADC of
Exchange 2000 Server, alternatively, comes with enhanced functionality for replicating configuration
and routing information.
TIP: For best performance, upgrade all ADC installation to the version that comes with Exchange
2000 Server.
=======================================================================
winexc6.html PAGE
3 2002/06/09
Synchronizing Directory Information
Typically, the Global Catalog is the first server installed in the forest. It is a good idea to assign the role
of one server in each Windows 2000 domain. You even if you do not plan to deploy ADC in all of
our domains, you need to extend the domain where the schema master resides using the ADC Setup
program with the /schemaonly switch.
Automatic Account Creation
In Exchange Server 5.5 it is possible to specify one Windows NT account as the primary Windows
account for multiple mailboxes.
Exercise Summary:
After you have successfully configured the connection agreement, recipient information is replicated
between Active Directory, and the Exchange Server organization.
Lesson 2:
Upgrade the Migration Strategies
Now that you have started to deploy Windows 2000 and Active Directory and you have configured
at least one connection agreement with ADC to synchronize the Exchange directory with Active
Upgrade Strategies
You can either install Exchange 2000 Server directly on a computer running Exchange Server 5.5,
performing an in-place upgrade, or join an existing Exchange Server 5.5 site with a new server and
move mailboxes and other resources to Exchange 2000 Server manually, which corresponds to a
move-mailbox upgrade.
=======================================================================
winexc6.html PAGE
4 2002/06/09
Database Conversion
During the in-place upgrade, Setup stops the Exchange Server services to convert the information
store databases. The upgrade process works with approximately 8GB per hour, which is
extremely fast. However, the actual conversion speed depends on a number of factors, such as
the number of mailboxes and public folders.
NOTE: The database conversion is a resource-intensive tasks during which the computer or the
Setup procedure may appear to hang, for instance, at 85 or at 100% completion. This is expected
behavior, especially if the size of the databases being upgraded is large. You will need to be patient;
o not terminate the Setup process, and do not restart the server.
Upgrade Prerequisites
The following prerequisites must be met to perform an in-place upgrade:
The computer running Exchange Server was upgraded to Windows 2000 Server SP1 and is part
of an Active Directory domain. Internet Information Services (IIS) 5.0 with Simple Mail Transport
Protocol (SMTP) and Network News Transfer Protocol (NNTP) service must be installed.
The server hardware must fulfill the minimum requirements for running Exchange 2000.
You are running Exchange Server 5.5 Service Pack 3 or later. You have the required permissions
to install Exchange 2000, as outlined in Chapter 4, “Planning the Microsoft Exchange 2000 Server Installation”.
LeapFrog Upgrade
You may want to use the upgrade to Exchange 2000 Server as a perfect opportunity to replace
outdated hardware, or you may reuse the old hardware for subsequent Exchange 2000 Server
installations after the data has been moved from the old system. This is known as leapfrog upgrade.
=======================================================================
winexc6.html PAGE
5 2002/06/09
Joining an Existing Site
The move-mailbox upgrade involves manual configuration steps, but its most significant advantage
is that business processes are not interrupted. You need to specify an existing server running
exchange Server 5.5 with Service Pack 3.
The Exchange 2000 Server will then join the selected site. As soon as Exchange 2000 Server
is running in the site, you can more mailboxes and replicate public folders to the new system.
Dedicated Server Configurations
The more-mailbox migration strategy works best for mailbox and public folder resources.
Existing connectors, however, need to be reconfigured on the new server if you plan to remove
the old server from the site. This is also true if you have installed Key Management Service
(KMS) in your organization. To most conveniently upgrade server responsible for connectors
(bridgehead servers) and KMS, consider the in-place upgrade method.
NOTE: It is a good idea to check the configuration of messaging connectors after an in-place
or leapfrog upgrade. Do not forget to check whether or not the routing information is upgraded
properly.
Upgrade Order
You can upgrade to Exchange 2000 Server in any order, which means that you don’t need to
consider upgrading bridgehead or connector servers first. As a matter of fact, you might want
to upgrade these systems last, especially when they are running connector instances not
supported by Exchange 2000 Server, such as the Professional Office System (PROFS)
connector.
Exercise Summary:
The in-place upgrade method is easy to accomplish if all prerequisites are met. You cannot
change any configuration settings during the installation process.
During the upgrade, existing configuration information is transferred to Active Directory.
=======================================================================
winexc6.html PAGE
6 2002/06/09
Administering Heterogeneous Exchange Organizations
Although Exchange 2000 Server resources are displayed in the directory information tree
within the Exchange Administrator, any changes you make to these configuration objects are
not replicated to Exchange 2000 Server and don’t take effect.
*******This will be
on test, emphasized in class ******
NOTE: You must administer Exchange Server 5.5 using the Exchange Administrator program
and Exchange 2000 Server using the Exchange System snap-in and other Microsoft Management
Console (MMC) snap-ins.
User Account and Mailbox Management
Use only the Active Directory Users and Computers management tool for mail-box management.
Don’t use Exchange Administrator for this purpose. After all, you are migrating away from
Exchange Server 5.5, and, therefore, it is a good idea to create mailboxes for new Windows
2000 Accounts on servers running Exchange 2000 Server only. Exchange 5-10,000
Users/server.
Directory Replication with Previous Exchange Server Versions
When viewing your organization in Exchange Administrator, note that Exchange 2000 servers
are displayed in much the same way as server running previous versions of Exchange.
Site Replication Service (DISABLED BY
DEFAULT)
It will be activated and its database initialized when you install a first Exchange 2000 server on
a site or when you upgrade a directory replication bridgehead server.
=======================================================================
winexc6.html PAGE
7 2002/06/09
TIP: KCC Knowledge Consistency Checker handles replication
SKCC (Super Knowledge Consistency Checker) for Exchange Server 5.5.
Can map out, can tell routes are wrong, and the SKCC is dynamic.
SRS Directory Integration
You can think of SRS as an Exchange directory service for Exchange 2000 Server. Only the
Name Service Provider Interface (NSPI) is disabled to prevent Microsoft Outlook clients
from connecting to SRS and retrieving directory information from this service. As a matter
of fact, SRS contains much of the executable code of the former directory service, which
ensures full compatibility with earlier versions.
SRS consists of the following components
The Windows 2000 SRS implemented in SRSMAIN.EXE
A Site Consistency Checker, which runs as part of STS and performs tasks similar to the
Knowledge Consistency Checker of Exchange Server 5.5, such as the creation of replication
links.
An SRS database named SRS.EDB and corresponding transaction logs, which hold Exchange
Server 5.5 directory information and reside in the \Exchangeesrvr\Dsadata directory (in-place
upgrade) or the \Exchange\Srsdata directory (joining an existing site)
NOTE: When installing or enabling SRS, all existing Exchange 2000 administrators inherit the
permissions to manage the SRS environment. To grant these administrators SRS permissions,
use the Exchange Administrator program and connect to the Exchange 2000 Server.
Intrasite and Intersite
Directory Replication
Within a site, SRS automatically replicates directory information using remote procedure calls
(RPCs). Between sites, SRS replicates directory information via e-mail messages, just as the
Exchange directory service does.
Configuration Connection Agreements
The STS only replicates data with previous Exchange directories. Connection agreements
of the ADC, on the other hand, replicate changes between SRS and Active Directory.
In a manner similar to the Exchange directory service, SRS accepts incoming connections
from the ADC via a customized LDAP port if you are running Exchange 2000 Server on a
domain controller; otherwise, it accepts them through the well-known LDAP port 389.
=======================================================================
winexc6.html PAGE
8 2002/06/09
Server-to-Server Communication and Message Transfer
The mechanisms for server-to-server communication in Exchange 2000 rely primarily on
SMTP and the extended Windows 2000 service. This is different than previous Exchange
Server versions, where directory services performed directory replication and Message
Transfer Agents (MTAs) provided the native messaging transport between servers in a site
and message transfer to servers in other sites.
Server-to-Server Communication
The MTA of Exchange 2000 Server works similar to the old MTA, with minor enhancements
and the exception that the new MTA uses LDAP instead of Directory API (DAPI) to perform
directory lookups.
NOTE: If you install two or more Exchange 2000 servers in a site, these servers will detect
ach other through Active Directory and route messages to one another using the SMTP service
rather than the MTA.
Never use the Administrator Account for maintenance.
NOTE: The Site Services account specified in the properties of an administrative group is
only used for communication with legacy Exchange systems. Exchange 2000 servers use the
LocalSystem account for their native communication.
Intersite and Gateway Message Transfer
Exchange 2000 Server can utilize any existing connector installed in the site because SRS, in
conjunction with the ADC, replicates configuration information, including information about
connected sites and gateways, to Active Directory.
NOTE: The administrator account creates a new password randomly every 7 days.
=======================================================================
winexc6.html PAGE
9 2002/06/09
Proxy Addresses
Proxy address definitions must be preserved on Exchange 2000 Server so that all users in a site
or administrative group have the same proxy addresses generated.
Upgrading Outlook Web Access
It is important to note that Outlook Web Access (OWA) will be replaced entirely when
upgrading to Exchange 2000 Server. If you have customized the .asp pages of OWA to
implement your own Web-based messaging solution, this solution will not work with Exchange
2000 Server, because OWA in Exchange 2000 Server has been entirely redesigned.
The rendering process is handled directly by an Internet Server API (ISAPI) component
(DAVEX.DLL) and other DLLs, instead of .asp pages. DAVEX and WebDav are related.
Switching from Mixed Mode to Native Mode
Be care when switching to Native Mode is irreversible, you need to reinstall. Be sure that you
are not having to be backward compatibility to take into account or you should stay in Mixed
Mode. Consequently, the Change Mode button in the General property sheet of the
organization (for example, Blue Sky Airlines [Exchange]) is deactivated in the Exchange
System snap-in.
IMPORTANT To switch to organization to native mode, all computers running previous
Exchange Server versions must be upgraded or removed. Switching to native mode disables
interoperability with previous versions, which is an irreversible process.
Exercise Summary:
approach, a complete migration requires numerous manual configuration steps.
=======================================================================
winexc6.html PAGE
10 2002/06/09
Active Directory Cleanups
Upgraded users now working with mailboxes on Exchange 2000 Server will notice subtle
changes in the structure of the address boot because they now connect to the Global Catalog
server for address lookups.
Duplicate Account Generation
The procedure outlined in this chapter rely on a Windows NT and Exchange Server in-place
upgrade, which prevents the generation of duplicate accounts because the user accounts are
converted to Windows 2000 accounts first and then synchronized with Exchange Server 5.5
mailbox information.
This may happen, for instance, when users work with Exchange Server mailboxes that reside
in different domains and all PDCs could not be upgraded to Windows 2000. If ADC user
connection agreements generated Windows 2000 accounts for those Windows NT user’s
mailboxes, and you upgrade these users to Windows 2000 at a later time, you will end up
with duplicate accounts.
TIP To avoid the generation of duplicate accounts in your environment, upgrade all existing
PDCs to Windows 2000 before configuring user connections agreements with the ADC.
(upgrade the PDC first, have the BDC only for B/U).
Using the Active Directory Cleanup Wizard
If you need to remove numerous duplicate accounts from Active Directory, you will find the
Active Directory Cleanup Wizard a very helpful tool. It is available in the Microsoft Exchange
program group.
It is also possible to manually match duplicates that were not found and merge duplicate
accounts into a selected destination account. Merging duplicate accounts preserve group
and distribution list membership and access permissions to existing resources.
NOTE: It is not possible to perform cleanups or merge operations across multiple Active
Directory forests.
=======================================================================
winexc6.html PAGE
11 2002/06/09
Chapter Summary:
Exchange 2000 Server. Because Exchange 2000 Server must use the Site Services
account for its communication with previous versions, you must first upgrade the PDC
of the domain in which the Exchange Site Service account exists.
in-place upgrade, Exchange 2000 Server must replicate directory information with
earlier versions of Exchange Server, which is handled by SRS.
serversrunning previous versions of Exchange Server.
for synchronization. Do not do in Exchange, too slow!!!