Tuesday, November 4, 2008

Transitioning from Exchange 2000/2003 to Exchange Server 2007 (Part 1)

Transitioning from Exchange 2000/2003 to Exchange Server 2007 (Part 1)




If you would like to read the other parts in this article series please go to:

Introduction

In this 3 part article series I'll walk you through how to perform a transition from Exchange 2000/2003 to Exchange Server 2007. A transition is the process in which you perform an upgrade to Exchange 2007, that is you move data from any legacy Exchange servers in your Exchange organization to new Exchange 2007 Servers, after which you decommission the legacy Exchange servers. A transition should not be confused with a migration, because unlike a transition a migration is the process in which you move data from a non-Exchange messaging system (such as GroupWise, Lotus Notes or SendMail) to an Exchange organization, or move data from a legacy Exchange organization in an existing Active Directory Forest to an Exchange organization in a new Active Directory Forest.

It's important to note that unlike previous versions of Exchange, in-place upgrades from Exchange 2000 or 2003 to Exchange Server 2007 aren't supported, because, among other reasons, Exchange 2007 is 64-bit and therefore requires the x64-bit version of Windows Server 2003.

Note:
Exchange Server 2007 also exists in a 32-bit version but this version is meant to be used for testing and evaluation purposes only, so unless we're speaking management tasks, it's only the 64-bit version of Exchange Server 2007 that's supported in a production environment.

Although in-place upgrades to Exchange 2007 are unsupported, I can assure you that a transition from Exchange 2000 or 2003 to Exchange 2007 in the same Active Directory Forest is a straightforward process, as I'll show you throughout this article series.

Prerequisites

Before you even start thinking about deploying Exchange 2007 Servers in your existing environment, there are several requirements that must be fulfilled first.

You must make sure that the Exchange organization is set to Native Mode (no pre-Exchange 2000 servers) as shown in Figure 1.1 below.


Figure 1.1: Exchange Organization set to Native Mode

Since any pre-Exchange 2000 servers that may exist in your Exchange organization must be decommissioned before you can switch to native mode, it means that any Exchange 5.5 Servers in your organization must be properly removed before you can perform this step. 'So does this mean that you cannot do a transition directly from Exchange 5.5 to Exchange 2007 in the same Active Directory Forest?' I hear some of you ask. Yes that is correct! Those, hopefully few, of you who still have an Exchange 5.5 organization who want to move to Exchange 2007 must first upgrade from Exchange 5.5 to 2000 or 2003 and then do the transition from Exchange 2000 or 2003 to Exchange 2007.

You must also make sure that any Exchange 2000 Servers in your Exchange organization run with Exchange 2000 Service Pack 3, and that any Exchange 2003 Servers have Service Pack 2 applied. In addition you should take note that if you plan to keep at least one Exchange 2000 or 2003 server in the Exchange organization, the following services are unsupported by Exchange Server 2007:

    • Novell GroupWise connector (Exchange 2003 Service)
    • Microsoft Mobile Information Server (Exchange 2000 Service)
    • Instant Messaging service (Exchange 2000 Service)
    • Exchange Chat Service (Exchange 2000 Service)
    • Exchange 2000 Conferencing Server (Exchange 2000 Service)
    • Key Management Service (Exchange 2000 Service)
    • cc:Mail connector (Exchange 2000 Service)
    • MS Mail connector (Exchange 2000 Service)

You must make sure that the Domain Controller that is the schema master in your Active Directory runs Windows Server 2003 with at least Service Pack 1 applied. This is also true for any Global Catalog servers in each Active Directory site in which you plan on deploying Exchange 2007. Actually I recommend you run Windows Server 2003 with at least Service Pack 1 applied on all Domain Controllers in the Active Directory Forest. This version supports Exchange 2007 service notifications, allows users to browse the address book in Microsoft Outlook Web Access and provides the ability to look up distribution list membership in a more efficient manner than in Windows 2000 Server.

Note:
If you have any non-English Domain Controllers in your Active Directory, you should also apply the hotfix mentioned in MS KB article 919166 to those servers, as you otherwise can experience issues accessing the address book via OWA 2007.

Finally Exchange 2007 requires that the Active Directory functional level is set to Windows Server 2000 or Windows Server 2003 as shown in Figure 1.2 below.


Figure 1.2: Active Directory Domain Functional Level

If you're unsure whether your Active Directory environment is ready for deploying the first Exchange 2007 Server, I recommend you run the latest version of the Exchange Best Practices Analyzer (ExBPA) to see if there's anything you need to resolve before you continue.

The latest version of ExBPA version 2.7, which you can download at www.exbpa.com, includes an Exchange 2007 Readiness Check option as shown in Figure 1.3.


Figure 1.3: Exchange 2007 Readiness Check Option in ExBPA

You may also have heard that you must suppress Link State updates on any Exchange 2000 or 2003 Servers when deploying an Exchange 2007 Server into a legacy Exchange organization. But this is only true if you're planning on having more than one routing group connection established between Exchange 2000/2003 and Exchange 2007. For the purpose of this article series we're deploying one Exchange 2007 Server into a legacy Exchange organization consisting of one Exchange 2003 Server, and therefore don't need to suppress Link State updates. If you plan on establishing more than one routing group connector, see this link for instructions on how to suppress Link State updates.

Preparing Active Directory

With all prerequisites fulfilled we can move on and prepare the Active Directory using the respective Exchange 2007 Setup.exe switches. Exchange 2007 Setup includes several switches; we'll go through each of those related to preparing the Active Directory in this section.

Important:
Each of the switches we go through below will be run automatically during the deployment of the first Exchange 2007 server in the Exchange legacy organization, so it's not mandatory to run them before installing Exchange 2007, but depending on the size as well as topology of your environment, it may be wise to prepare the Active Directory first using these switches before you start the actual deployment process.

Prepare Legacy Exchange Permissions

The first thing we need to do when deploying an Exchange 2007 into a legacy Exchange organization is to run Setup.com /PrepareLegacyExchangePermissions. This is in order to grant specific Exchange permissions in the Active directory domain(s) in which one or more Exchange 2000 or 2003 Servers exist, or where Exchange 2000 or 2003 DomainPrep has been executed. The reason why we must run the Setup.com /PrepareLegacyExchangePermissions is because the Exchange 2003 or Exchange 2000 Recipient Update Service otherwise won't function correctly after the Active Directory schema has been updated with Exchange 2007 specific attributes.

Note:
For a detailed explanation on why the Setup.com /PrepareLegacyExchangePermissions must be run in an Active Directory domain in which one or more Exchange 2000 or 2003 Servers exist, or where Exchange 2000 or 2003 DomainPrep has been executed, see this section in the Exchange 2007 Online Documentation.

In order to run Setup.com /PrepareLegacyExchangePermissions, you must open a Command Prompt window and navigate to the directory, network share or DVD media containing your Exchange 2007 Setup files, then simply type Setup.com /PrepareLegacyExchangePermissions and hit Enter as shown in Figure 1.4.


Figure 1.4: Running Setup.com with the /PrepareLegacyExchangePermissions Switch

Note:
Some of you might be in a situation where you want to prepare the Active Directory domain before you install the x64-bit version of Windows Server 2003 on a server in the Active Directory Forest, and therefore cannot run Setup.com /PrepareLegacyExchangePermissions using the 64-bit version of Exchange 2007 as you don't have any x64-bit Windows 2003 Servers deployed yet. But fear not, as it's fully supported to use the 32-bit version of Exchange 2007 to prepare your production Active Directory environment. As I mentioned in the introduction, the 32-bit version of Exchange 2007 is fully supported in a production environment, when speaking management tasks, and preparing the Active Directory is considered a management task.

Prepare Schema

The next command to run in order to prepare the environment is the Setup.com /PrepareSchema, which will connect to the Domain Controller schema master and import LDAP files to update the schema with Exchange 2007 specific attributes. In order to do so, open a Command Prompt window and type Setup.com /PrepareSchema followed by hitting Enter like we did with the previous switch. Setup will now update the schema as necessary as shown in Figure 1.5.


Figure 1.5: Running Setup.com with the PrepareSchema Switch

Like was the case with the previous command, this can be done using the 32-bit version of Exchange 2007.

Prepare AD

The Setup.com /PrepareAD command is used to configure global Exchange objects in Active Directory, create the Exchange Universal Security Groups (USGs) in the root domain as well as prepare the current domain. The global objects reside under the Exchange organization container. In addition, this command creates the Exchange 2007 Administrative Group which is named Exchange Administrative Group (FYDIBOHF23SPDLT) as well as creates the Exchange 2007 Routing Group called Exchange Routing Group (DWBGZMFD01QNBJR).

As some of you may be aware, Exchange 2007 doesn't make use of Routing Groups and Administrative Groups like Exchange 2000 or 2003 did. Administrative Groups have been dropped completely and message routing in Exchange 2007 is based on Active Directory Sites. But in order for Exchange 2007 to co-exist with Exchange 2000 or 2003, Exchange must create the mentioned Administrative Group and Routing Group, which can only be viewed via an Exchange 2000 or 2003 System Manager or by using ADSIEdit as can be seen in Figure 1.6 and 1.7 below.


Figure 1.6: Exchange 2007 Administrative and Routing Group in the Exchange 2003 System Manager


Figure 1.7: Exchange 2007 Administrative and Routing Groups in ADSIEdit

You can run the Setup.com /PrepareAD command before running /PrepareLegacyExchangePermissions and /PrepareSchema. Doing so will run the /PrepareLegacyExchangePermissions and /PrepareSchema commands automatically.

Note:
Okay with all these boring switches it's time for a little fun! Did you know that although coding a product such as Exchange 2007 is a lot of hard work, the Exchange Product Group always has time for a little humor? To prove it let us try to take the GUID of the above Administrative Group shown in Figure 1.6 and shift each letter upwards. Do the same for the GUID of the Exchange Routing Group shown in Figure 1.7 but do it downwards. Did you manage to see what it translates to?

In order to run this command, open a Command Prompt window and type Setup.com /PrepareAD followed by Enter. Setup will now configure the organization as necessary as shown in Figure 1.8.


Figure 1.8: Running Setup.com with the PrepareAD Switch

PrepareDomain and PrepareAllDomains

It's also possible to prepare a local domain or all domains in the Active Directory using the Setup.com /PrepareDomain and Setup.com /PrepareAllDomains respectively. These switches will set permissions on the Domain container for the Exchange Servers, Exchange Organization Administrators, Authenticated Users, and Exchange Mailbox Administrators, create the Microsoft Exchange System Objects container if it does not exist, and set permissions on this container for the Exchange Servers, Exchange Organization Administrators, and Authenticated Users and create a new domain global group in the current domain called Exchange Install Domain Servers. In addition it will add the Exchange Install Domain Servers group to the Exchange Servers USG in the root domain.

As with the commands we have already been through, these commands also need to be run from a Command Prompt window as shown in Figure 1.9.


Figure 1.9: Running Setup.com with the PrepareDomain Switch

This was all there was for part 1 in this 3 part article series covering a transition from Exchange 2000/2003 to Exchange 2007 in the same Active Directory Forest. In part 2 which will be published soon here on MSExchange.org, we'll prepare the new server for Exchange 2007 and then do the actual Exchange 2007 installation.

If you would like to read the other parts in this article series please go to:

No comments: