EDS

Document Sample
EDS Powered By Docstoc
					January 23, 2004
Enterprise Testing and Architecture
Migrating GoodLink to Windows 2003 and Exchange 2003

Summary
This document should be used by customers who are migrating from a Windows NT 4.0 domain to
Windows 2003 ( or 2000) Active Directory domain and migrating from an Exchange 5.5 organization to an
Exchange 2003 (or 2000) organization. Because GoodLink is tightly coupled with Exchange, and because
GoodLink is considered critical productivity software, the customer wants to ensure a minimal impact to
GoodLink users during the Exchange2003 migration process. This document details the recommended
process for migrating the GoodLink system and the GoodLink users to Active Directory and Exchange
2003. Please read the document completely before beginning the migration.

          Migration Requirements
              Minimized downtime
              Support Exchange 5.5 and Exchange 2003 Coexistence
              Support Native Mode Exchange 2003 Transition

          Phases of Migration
              Windows NT Account Migration to Windows 2003 Active Directory
              GoodLink Mailbox Move from Exchange 5.5 to Exchange 2003
              Provisioned Users Mailbox Move from Exchange 5.5 to Exchange 2003

Good recommends that the customer upgrade each GoodLink Server host to GoodLink version 3.0 or
above before entering any phase of the migration process listed below.

          Phase I
          Windows NT 4.0 GoodLink Service Account Migration to Windows 2003 Active Directory

          If the customer plans to run their Windows NT 4.0 domains in parallel with their new Active
          Directory domains and they do not plan to upgrade their existing domain controllers in-place, then
          they will need to create a new GoodLink account in Active Directory that will coexist with the
          existing GoodLink NT account. There will be no impact to GoodLink services during this phase
          since the GoodLink services will continue to run under the existing Windows NT 4.0 domain
          account.

          Exchange 2003 and Exchange 5.5 will also coexist in the customer environment. To support this
          coexistence the new GoodLink service account will need permissions to both the Exchange 5.5
          and the Exchange 2003 systems.

          It is assumed that the customer has created new GoodLink AD account using one of the methods
          below before proceeding with Phase 1

                  Active Directory Users and Computer (recommended)
                  Microsoft Active Directory Migration Tool
                  Active Directory Connector
                  Third party tool that supports domain account migration.


          Phase 1 Actions

          Before customer can change the GoodLink service account on each GoodLink server from the
          legacy Windows NT account to the new Active Directory account, they must first grant the Active
          Directory account the appropriate permissions to:
    1) Access user mailboxes on Exchange 2003 and Exchange 5.5
    2) Administer GoodLink Hosts and Run as a Service
    3) Access to the existing GoodLink Exchange 5.5 mailbox

These permissions can be granted without impacting GoodLink service and therefore the customer
can leave GoodLink services running when executing these tasks.

Granting Permissions to Access user mailboxes on Exchange 2003 and Exchange 5.5
Using Active Directory Users and Computers, grant the new GoodLink Active Directory account
membership into the Exchange Services group. The Exchange Services group is created when
Active Directory Connector Service component is installed on a Windows 2003 domain controller.
The group has global Exchange permissions to all Exchange servers in the Exchange organization
(E55 and E2003). These permissions include both send as and receive as access to each Exchange
mailbox in the Exchange organization which are necessary for GoodLink to function.

An alternative method of granting the proper Exchange permissions to the new GoodLink AD
account is to use Exchange Administrator to grant the account Service Account Admin
permissions at the site and configuration level of each site in the Exchange Organization, and then
use Exchange 2003 System Manager to grant the GoodLink AD account permission within
Exchange 2003 (See the 2000_2003 Exchange Security Settings for the GoodAdmin Domain
Account technical document for step by step instructions on how to grant the Exchange 2003
permissions). This method takes more time, but is more secure.

Note:
Do not add the GoodLink account to other Active Directory domain groups and do not use the
delegate permission feature of Exchange 2003 System Administrator to grant GoodLink an
administrative role. Unlike Exchange 5.5, Exchange 2003 restricts mailbox access to high level
administrative groups and administrator roles.

Granting Permissions to Administer GoodLink Hosts and Run as a Service
Once the Exchange permissions have been granted to the new GoodLink domain account, go to
each GoodLink server host, add the new GoodLink domain account to the local administrators
group, and grant the GoodLink AD account log on as service rights.

Granting the New AD Account Rights to the Existing GoodLink Mailbox
At this point, the GoodLink mailbox should still reside on an Exchange 5.5 server. The new
GoodLink AD account will need mailbox owner rights to this existing GoodLink mailbox. Launch
Exchange 5.5 Administrator. Find the GoodLink mailbox. Open the properties page for the
GoodLink mailbox and select the permissions tab. Select Add and choose the new GoodLink AD
account. Verify that mailbox owner is checked and choose OK.

At this point, the AD GoodLink service account is ready to take over for the Windows NT
GoodLink service account.

Phase 1 Summary
        1. Migrated the GoodLink NT 4.0 account to Active Directory
        2. Granted the GoodLink AD account Exchange permissions
        3. Granted the GoodLink AD account Admin and logon as service permissions on each
           GoodLink Server host
        4. Granted the GoodLink AD account owner rights to the existing Exchange 5.5
           GoodLink mailbox

There is no GoodLink service impact during this phase. GoodLink continues to run using the
original NT account. This phase should take approximately 1 hour. If permissions replication takes
a while in the customer environment, allow more time before moving to the next phase.
Note about migrating the accounts of provisioned users:
Migrating the Windows NT accounts of provisioned users has no affect on GoodLink performance
since there is no relationship between GoodLink and individual users’ domain accounts. Customer
should feel free to migrate the Windows NT account of provisioned users at anytime.

Rollback Procedures
If necessary, delete the new GoodLink AD account and start this phase again. GoodLink services
are not affected by the tasks in Phase I.

Phase II
Updating the GoodLink Service Account on each GoodLink server

Synopsis
In this phase customer will change the service log on account for all GoodLink services from the
GoodLink Windows NT 4.0 domain account to the new GoodLink Active Directory domain
account. This change will be performed on all GoodLink servers. Successful completion of Phase
I above is a prerequisite for this phase. During this phase, the GoodLink services will be stopped
for a few seconds and then restarted.

At the completion of this phase, the new GoodLink Active Directory account will be used as the
log on account for all GoodLink services on all GoodLink hosts and the new GoodLink Active
Directory account will have a new MAPI profiles associated with the existing GoodLink
Exchange 5.5 mailbox.

The customer will need a copy Microsoft Windows Messaging (ntwms.exe) to perform certain
tasks in this phase.

Phase II Actions

The following actions should be performed in order on each GoodLink Server host. It is
recommended that customer verifies that devices on each GoodLink server host are able to
synchronize in both directions before moving to the next host. Specifically, the customer will

    1) Create new MAPI profiles on the GoodLink host
    2) Change the log on account for the GoodLink services on the GoodLink host
    3) Update the GoodLink registry on the GoodLink host

Creating new MAPI profiles
Log on to the GoodLink Host as the new GoodLink AD account and install Windows Messaging.
An inbox should appear on the desktop. Right click the inbox and choose properties. Click the
show profiles button. Click the add button and add a new profile called GoodLink Server and
associate it with the Exchange 5.5 GoodLink mailbox. The profile should be enabled for Exchange
services.

If you have installed GoodLink Management Server on this host, create another profile called
GoodLink Management Server following the instructions above.

If you did not install GoodLink Management Server on this host, but you installed GoodLink
Management Console, create a profile called GoodLink Management Console using the
instructions in above. (This step is not necessary if GoodLink Management Server and GoodLink
Management console were both installed on the host. It is only necessary if the GoodLink
Management console was installed by itself.)

Updating NT Login Registry Key on the GoodLink Host
On the GoodLink host, launch the registry editor. Change the following key’s data field to reflect
the GoodLink Active Directory account (use domainname\username):
        HKLM/software/Good Technology/GoodLink Install Parameters/NT Login

This key is used during upgrades to auto-populate the service account during the GoodLink
software installation. Changing it while GoodLink is running has no affect on GoodLink
performance.

Changing the Log on Account for the GoodLink Services
From the GoodLink host, launch the Computer Management MMC. Under Services, right click
the GoodLink Server service and choose properties. From the properties, select the logon tab.
Under “This account” change the account from the GoodLink NT 4.0 account to the GoodLink
Active Directory Account, then change the password to the GoodLink AD account password.
Choose OK. Perform this same procedure for GoodLink Watchdog service and the GoodLink
Management Server service (if it is installed on this host)


Phase II Summary
    1. Created new MAPI profiles on each GoodLink host
    2. Changed the log on account to the GoodLink AD account for each GoodLink service on
         each host
    3. Updated the NT Login registry key on each GoodLink host to reflect the new GoodLink
         AD account

The impact on GoodLink service is minimal during this phase. At the end of this phase the
GoodLink host services should be running as the new GoodLink AD account and still using the
existing GoodLink Exchange 5.5 mailbox. If this phase is successful, the GoodLink Windows NT
4.0 account can be retired.


Rollback Procedures
If necessary, the GoodLink service log on account can be switched back to the original Windows
NT 4.0 account since this account still exists and has the proper Exchange and local host
permissions. GoodLink services will need to be restarted after the service logon account is
changed.

MAPI profiles for the original Windows NT account still exists, so MAPI profiles would not need
to be changed, deleted, or added during a rollback.

The data field for “NT Login” registry entry can be changed back to the original Windows NT
domain account to complete the rollback. The rollback can be done to one or all of the GoodLink
hosts as necessary.

Phase III
Moving the GoodLink Mailbox from Exchange 5.5 to Exchange 2003
Exchange 2003 System Manager needs to be installed on all GoodLink servers prior to moving the
GoodLink mailbox or any provisioned user’s mailbox. This phase has and estimated downtime of
25-40 minutes.

Phase III Actions
         1. Export User lists from each GoodLink Server
         2. Install Exchange 2003 System Manager on each GoodLink server
         3. Move the GoodLink Mailbox to Exchange 2003
         4. Update the registry on each GoodLink server

Exporting the user lists on each GoodLink Server
As a precaution, it is recommended that customer export the user list on each GoodLink server
before executing the remaining tasks of this phase. In the very rare case that a user is not listed in
the users list after the GoodLink mailbox is moved to Exchange 2003, the exported user list can be
imported.

Steps
         A.   Log on to a GoodLink Server as the Active Directory GoodLink account
         B.   Launch the GoodLink Management Console
         C.   Choose Action | Export from the menu
         D.   Save the user list as a CSV file.
         E.   Choose Action | Export Statistics
         F.   Save the statistics as a CSV file (do not use the same name as the user list)

Moving the GoodLink mailbox for Exchange 5.5 to Exchange 2003
The section requires that customer stop the GoodLink services on all GoodLink service for a
certain amount of time while software is installed and the GoodLink mailbox is moved. Though
moving the GoodLink mailbox from one Exchange server to another using the move mailbox
wizard is not a difficult task, following the steps below will insure the safest migration of the
GoodLink mailbox.

Steps
         A. On all GoodLink servers, stop all GoodLink services (GoodLink, Watchdog, and
            GoodLink Management Server service if present).
         B. Set each service to manual.
         C. On one GoodLink Server install Exchange 2003 System Manager and reboot
         D. Using the Active Directory move mailbox utility, move the GoodLink Mailbox from
            the Exchange 5.5 server to the Exchange 2003 server.
         E. After the GoodLink mailbox has been moved, log on to the GoodLink server using
            the GoodLink AD account and launch Windows messaging by double clicking on
            the inbox icon (installed in phase II). Verify that you can log into the GoodLink
            mailbox.
         F. On the GoodLink server, launch the GoodLink Management Console and make sure
            that all of the provisioned users are listed in the user list. You can compare the
            exported list to the GoodLink Management Console List.
         G. On the GoodLink server, start the GoodLink services and set them to automatic.
         H. Check the Windows Application event log and make sure there are no critical
            GoodLink errors. (It there are critical errors, stop all of the GoodLink services)
         I. Verify that users who were provisioned on this particular GoodLink server can
            synchronize messages to and from their devices. If successful, you can leave this
            GoodLink server running for the remainder of this phase.
         J. Install Exchange 2003 System Manager on the remaining GoodLink servers. Reboot
            each. (The Exchange System Manager installation takes the most amount of time in
            this phase, so if you can install it in parallel you can save time.)
         K. For each of the remaining GoodLink servers, set the services to automatic, start the
            services, check the event logs and verify two-way synchronization (as you did in
            steps G and H). Do this one server at a time. If successful, leave the GoodLink
            services running and move to the next GoodLink Server host.



Updating the Exchange Server Registry Key on each GoodLink Server Host
During a GoodLink Server software upgrade, the GoodLink installer will auto-populate certain
fields with information taken from the GoodLink section of the registry. You will need to change
the data field of the Exchange Server key in the GoodLink section of the registry so it is accurate
for future upgrades. This field does not affect GoodLink performance and can be changed while
GoodLink is running.
Steps
         A. Log on to the GoodLink Server host and launch the registry editor.
         B. Select HKEY_LOCAL_MACHINE/SOFTWARE/Good Technology/GoodLink
            Install Parameters
         C. Modify the string value of the Exchange Server key to reflect the new Exchange
            server name
         D. Perform steps A, B, and C for each remaining GoodLink Server host.

Phase III Summary
1. Exported copies of the User list and statistics.
2. Installed Exchange 2003 System Administrator on all GoodLink Server hosts
3. Moved the GoodLink mailbox from Exchange 5.5 to Exchange 2003
4. Updated the GoodLink section in the registry to reflect the Exchange 2003 server where the
    GoodLink mailbox now resides.


Rollback Procedures
Usually, if the GoodLink mailbox was moved successfully to the Exchange 2003 server, it’s easier
and more productive to troubleshoot problems while the mailbox is located on the Exchange 2003
server rather than move the GoodLink mailbox back to Exchange 5.5. For example, if the user list
wasn’t accurate after the move, or if the GoodLink services didn’t start, or if mailboxes were not
synchronizing, it’s usually something that can be fixed without moving the mailbox back to
Exchange 5.5. In the very rare case that the mailbox move wasn’t successful and the GoodLink
mailbox is corrupted, the GoodLink Mailbox can be restored from a backup.
If it has been concluded that moving mailbox back to Exchange 5.5 is the appropriate
troubleshooting step, stop all GoodLink Services on all GoodLink hosts. Use the Active Directory
move mailbox wizard to move the GoodLink mailbox back to Exchange 5.5.

Having Exchange 2003 System Manager installed on the GoodLink server will not affect
GoodLink service if the GoodLink mailbox is moved back to Exchange 5.5. So there is no need to
uninstall it.

The registry key entry that was changed can be change back to the Exchange 5.5 server following
same instructions listed above.

Phase IV
Moving Provisioned Mailboxes from Exchange 5.5 to Exchange 2003

If Phases I, II, and III were successful, you can move mailboxes (single or batch move) using the
Active Directory move mailbox wizard only. GoodLink server pauses moved mailboxes for 15
minutes or more while it attempts to find the moved mailboxes on the destination Exchange
server. Services for these mailboxes will resume as soon as they are found. Other provisioned
mailboxes will not be affected by this process and should continue to synchronize.