Experts Guide to Exchange 2003 Chapter 4 by smbutt

VIEWS: 28 PAGES: 20

									The Expert's Guide for Exchange 2003
Preparing for, Moving to, and Supporting Exchange Server 2003
by Steve Bryant

iv

Books
Contents
Chapter 4 Installing Exchange Server 2003 . . . . . . . . . . . . . . . . . . . . . . . . 65
Deployment Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Deployment Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . New Exchange 2003 Installation . . . . . . . . . . . . . . . . . . . . . . . Upgrade from Exchange 2000 Native Mode . . . . . . . . . . . . . . . Coexistence with Mixed Mode Exchange 2000 and Exchange 5.5 Coexistence and Migration from Exchange 5.5 . . . . . . . . . . . . . Coexistence and Migration, Phase 1 . . . . . . . . . . . . . Coexistence and Migration, Phase 2 . . . . . . . . . . . . . Understanding ADC . . . . . . . . . . . . . . . . . . . . . The ADC Tools Applet . . . . . . . . . . . . . . . . . . . Deploying ADC Tools . . . . . . . . . . . . . . . . . . . . Deploying the Resource Mailbox Wizard . . . . Deploying the Connection Agreements Wizard Coexistance and Migration, Phase 3 . . . . . . . . . . . . . ExDeploy Command-Line Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 68 68 69 70 70 71 71 73 74 75 76 79 80

Exchange Server 2003 Installation Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Coexistence and Migration from Exchange 5.5: Step by Step . . . . . . . . . . . . . . . 70

Next: Multiple Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

65

Chapter 4:

Installing Exchange Server 2003
You might have noticed that I’ve covered nearly everything you need to know about installing Microsoft Exchange Server 2003 except for the installation itself. After you meet the requirements discussed in the first three chapters, the installation is just a few mouse clicks away. In fact, installing Exchange has always been that easy – and therein lies a problem. Many people don’t see the importance of a planning process and so don’t go through the planning stages I describe in this book. However, if you prepare for Exchange Server 2003 and know why you’re doing what you’re doing, you’re more likely to understand and be able to solve any problems that arise. Lack of planning can lead to problems. For example, if you don’t place your Global Catalog (GC) servers properly, Outlook will perform poorly. Also, failure to consider Exchange server placement can negatively affect both performance and collaboration. In this chapter, I discuss the new set of deployment tools for Exchange Server 2003 as well as ways to install Exchange Server 2003 programmatically. To reflect the range of deployment options, I cover deploying Exchange Server 2003 in several scenarios – including a new (“greenfield”) installation and a migration from Exchange 5.5. Having covered upgrading one Exchange organization to another in Chapter 3, in this chapter, I emphasize migrating an existing Exchange 5.5 organization to Exchange Server 2003. I discuss in some detail how to use the Active Directory Connector (ADC) to establish coexistence with Exchange 5.5 and, ultimately, to migrate mailboxes.

Deployment Tools
Initially, I wasn’t too excited about the new deployment tools Microsoft ships with Exchange Server 2003. Documentation about deployment is available online, and I felt that another wizard-like tool was unnecessary. With Exchange Server 2000, users quickly learned about the required installation of SMTP, Network News Transfer Protocol (NNTP), and Microsoft IIS on the server. Administrators diagnosed problem installations with tools such as Dcdiag – and sometimes used ADSI Edit to inspect Active Directory (AD). Although I thought these requirements and tools were common knowledge, I’ve learned that they aren’t. The new tools make preparation and installation easier. Most importantly, the new deployment tools introduce an important paradigm to installation: that administrators check the domain for errors before they introduce Exchange Server 2003. Microsoft Product Support Services (PSS) has used many of these tools to analyze Exchange Server installations, but now the tools are included in the deployment toolset to let you inspect your domain, DNS, and current Exchange systems. You can predict problems rather than having to react to them. I’ve come to really appreciate the deployment tools and recommend them to even the most seasoned Exchange administrators. The Exchange Server 2003 deployment toolset, ExDeploy, resembles a wizard in that it walks you through all the requirements and provides links to multiple tools, including Dcdiag and ADSI Edit –

Brought to you by Quest Software and Windows & .NET Magazine eBooks

66

The Expert’s Guide for Exchange 2003

to preemptively troubleshoot problems with AD, the ForestPrep process, and more. Systematically using ExDeploy’s preparation tools can add 20 minutes to the deployment phase, but those minutescan save you hours spent troubleshooting. Even as a seasoned consultant, I make it a habit to run ExDeploy instead of manually running the setup from the \i386 directory. Doing so lets me double-check myself on specific steps and provides quick access to diagnostic tools. When you insert the Exchange Server 2003 media (e.g., CD-ROM, DVD) autorun launches a setup file that displays a CD-ROM menu. From the list on this screen, select and click Exchange Deployment Tools to launch ExDeploy. Later in the chapter, I discuss ExDeploy’s options.

Deployment Tasks
Deploying Exchange Server 2003 includes the following six phases: • Phase 1: Planning the deployment and checking the infrastructure • Phase 2: Checking and cleaning the Exchange 5.5 directory (if it exists) • Phase 3: Replicating the Exchange 5.5 directory data • Phase 4: Provisioning the AD for Exchange • Phase 5: Installing the Exchange Server directory components • Phase 6: Moving mailboxes and removing legacy Exchange 5.5 servers The overall purpose of the deployment toolset is to give you the tools and wizards you need to walk you through the installation – so you don’t have to call Microsoft Product Support Services (PSS). No joke! Of course, other benefits include knowing that your AD is clean and functioning well and that the Exchange environment is provisioned correctly. The Exchange deployment tools provide a walkthrough that lets you mark off phases as you complete them. The tools also let you check your current environment before and immediately after the installation. Tools in the set • check the Exchange 5.5 Directory Configuration and Directory Objects • provide a Exchange 5.5 Directory User Count • check Exchange and GC server versions • check ADC replication • run the NTDSNoMatch utility • check Organization and Site Names • run the Active Directory User Replication Scan • check policies • run the Organization Readiness Check • run the Public and Private Folder DS/IS checks • check the Exchange Server 2003 Configuration and Recipient Objects • run an Org Report

Brought to you by Quest Software and Windows & .NET Magazine eBooks

Chapter 4 Installing Exchange Server 2003

67

n Note
For those of you who enjoy knowing the details, ExDeploy is actually exdeploy.hta, and it runs from within your browser. Exdeploy.exe is the command-line tool ExDeploy uses to perform the checks and create the logs.

Exchange Server 2003 Installation Scenarios
As I mentioned previously, I’ll discuss new installations of Exchange Server 2003 as well as migrations from Exchange 5.5. However, I’ll spend more time on the migration scenario because it’s more complicated and requires additional tools and procedures. Because I lack space to cover an entire deployment, I’ll devote most of the discussion for each scenario to deploying the first Exchange 2003 server. Initially, however, I want to emphasize two key points: • You can’t upgrade Exchange 5.5 Servers directly to Exchange Server 2003. • Exchange Server Deployment Tools aren’t designed for inter-organization migration. If you have two Exchange organizations, these tools aren’t for you. You might want to explore third-party migration tools. After you select the Exchange Deployment Tools option from the CD-ROM autorun screen, you’ll see the Exchange Server Deployment Tools screen, which Figure 4.1 shows.

Figure 4.1
Exchange Server Deployment Tools

Brought to you by Quest Software and Windows & .NET Magazine eBooks

68

The Expert’s Guide for Exchange 2003

j

Tip
You can download the Exchange 2003 Deployment Tools from http://www.microsoft.com/downloads/details.aspx?FamilyID=271e51fd-fe7d-42ad-b621-45 f974ed34c0&DisplayLang=en. You should use the latest version of the installation tools.

After you select Deploy the first Exchange 2003 server, you’ll be prompted to choose whether you plan to migrate from and coexist with Exchange 5.5, upgrade from Exchange 2000, or perform a new installation. After you make your selection, the appropriate screen will appear and list specific deployment tasks. I’ll discuss the scenarios in reverse order, saving the most complicated scenario for last.

New Exchange 2003 Installation
The simplest Exchange Server 2003 installation is a new one. If you select Deploy the first Exchange 2003 server, then, when prompted, select New Exchange 2003 installation, you’ll see a new installation page that contains eight steps. The steps are designed to walk you through verifying that the target server has the appropriate services installed. They offer instructions for deploying the Netdiag and Dcdiag tools to check network and domain health. Next, you’ll deploy ForestPrep and DomainPrep, then install the server. If you’re installing Exchange Server 2003 into your production network, I recommend that you make sure the first server is a permanent, non-clustered server. Some roles, such as the Recipient Update Service (RUS), Routing Group Master, and system public folder server are assumed for the first server and don’t work correctly in a clustered environment.

Upgrade from Exchange 2000 Native Mode
The next easiest installation is an upgrade from Exchange 2000 Native Mode. In fact, the installation process is the same as the process for a new installation – except that you must address several components shipped with Exchange 2000 that Exchange Server 2003 no longer supports. Before you can upgrade an Exchange 2000 server to Exchange Server 2003, you must remove the following components: • Instant Messaging Server • Chat • Key Management Service (KMS) • Lotus cc:Mail connector • Microsoft Mail (MS Mail) connector • Microsoft Mobile Information Server Event Sink • Any third-party email connector that’s not compatible with Exchange Server 2003 If your situation requires the use of one or more of these components, you might choose to install a new Exchange Server 2003 server in your environment alongside your Exchange 2000 server or

Brought to you by Quest Software and Windows & .NET Magazine eBooks

Chapter 4 Installing Exchange Server 2003

69

servers. Keep in mind, however, that Exchange 2000 can’t act as a front-end to Exchange Server 2003. In a mixed environment, you must upgrade your front-end servers before you upgrade the mailbox servers.

Coexistence with Mixed Mode Exchange 2000 and Exchange 5.5
Technically, the difference between this scenario and the previous one is that this scenario uses the ADC. Because the Exchange 2000 Native Mode installation contained no Exchange 5.5 servers, you didn’t need to synchronize information in an Exchange 5.5 directory with information in AD. In a Mixed Mode Exchange 2000 and Exchange 5.5 scenario, however, you have Exchange 2000 and Exchange 5.5 servers. And, although you’ll already have configured ADC, the Exchange 2000 version of ADC isn’t compatible with Exchange 2003. Therefore, in this scenario, your main task is to upgrade the ADC servers, as Figure 4.2 indicates, then verify the connection agreements (CAs), which control synchronization between Exchange 5.5 and AD.

Figure 4.2
Coexistence with Mixed Mode Exchange 2000 and Exchange 5.5

Brought to you by Quest Software and Windows & .NET Magazine eBooks

70

The Expert’s Guide for Exchange 2003

j

Tip
I’ll discuss the ADC service and CAs in much more detail shortly, but you should know that the ADC servers must run the Exchange Server 2003 version of ADC before you deploy Exchange Server 2003 on any servers.

Because of the necessary integration with AD, deploying the first Exchange 2003 or Exchange 2000 server in an Exchange 5.5 organization is the largest step in moving toward these later versions of Exchange. After this step is complete, subsequent installations of Exchange 2003 or Exchange 2000 are fairly simple. The deployment tools walk you through this scenario in detail. When you select Upgrade Active Directory Connector Servers, which Figure 4.2 shows, you’ll see a new task list that contains six steps designed to walk you through extending the schema, prepping the domain, and running ADC Setup to upgrade the ADC servers. (You’ll need to run ADC Setup for each of your ADC servers.) All existing CAs will remain in place because they and their settings are still required. After you’ve upgraded the ADCs, you should run the ADC tools (which I’ll cover in detail later in the chapter), to verify that the CAs are configured correctly and that nothing else is required for Exchange 5.5 coexistence. The ADC tools will analyze the Exchange 5.5 organization and can automatically create additional CAs as needed. After you’ve upgraded the ADCs, you can upgrade existing Exchange 2000 servers to Exchange Server 2003 and install new Exchange 2003 servers into your environment.

Coexistence and Migration from Exchange 5.5
I’ve saved the “best” scenario for last – and devote the remainder of the chapter to it. Exchange 5.5 migrations underscore the importance of AD to Exchange 2003 and Exchange 2000. Note that Microsoft terms this process a “migration,” not an upgrade. (If you think back to early Exchange 2000 documentation, you’ll recall that Microsoft always termed the move to Exchange 2000 a migration.)

Coexistence and Migration from Exchange 5.5: Step by Step
The term migration is correct because directory information isn’t upgraded from Exchange 5.5. The information is copied and the data is migrated. Because Exchange 5.5 has its own directory, to make its contents available in Exchange 2000, you must migrate the configuration and mailbox directory information to AD. The ADC service performs this directory migration. The ADC and its settings differentiate this scenario from the previous one. The deployment tools divide the migration scenario into three phases.

Coexistence and Migration, Phase 1
Much as you would in the Exchange 2000 coexistence scenario, you run Dcdiag and Netdiag. However, you also run a group of tools known collectively as DSScopeScan. DSScopeScan uses Lightweight Directory Access Protocol (LDAP) and credentials that you specify to connect to an Exchange 5.5 server in your organization and determine its configuration, the number and types of objects, the user count, and the version of Exchange 5.5 currently installed on the servers. You must

Brought to you by Quest Software and Windows & .NET Magazine eBooks

Chapter 4 Installing Exchange Server 2003

71

have Exchange 5.5 Service Pack 3 (SP3) installed on at least one server in your organization before you deploy Exchange Server 2003.

Coexistence and Migration, Phase 2
In phase two of the migration to an Exchange 5.5 coexistence scenario, you deploy ForestPrep and DomainPrep to provision AD, and you launch OrgPrepcheck to check the results. You can find those results in the ExDeploy.log file under the “+ Preparing Active Directory for Exchange Server 2003 (OrgPrepCheck)” section. The ForestPrep procedure will take about 20 minutes depending on the number of items in the domain and the performance of your server(s). During the procedure, you’re prompted to enter the name of the account or group to use for subsequent installs. The account or group that you list will have Exchange Full Admin permissions to the organization. Initially, only this account or group will have permission to install Exchange Server 2003. Before I discuss Phase 3 of the migration process, I’ll describe the ADC service and its function in some detail. I’ll then resume the migration discussion with Phase 3. I think you’ll soon see why a thorough understanding of ADC is essential.

Understanding ADC [3]
As I mentioned previously, the Exchange Directory Service (DS) contains objects: mailbox objects, custom recipients, distribution lists (DLs), and configuration settings for the entire organization. For Exchange 2003 to take advantage of those objects and settings, the objects must first be replicated to the AD. Moreover, for Exchange 5.5 users to see and use Exchange 2003 mailboxes, contacts, and groups, those objects must be replicated to the Exchange 5.5 DS. ADC is a service that runs on a Windows 2003 or Windows 2000 server to perform directory synchronization. From among the several versions of ADC, I’ll discuss the version that comes on the Exchange 2003 CD-ROM or DVD in the \ADC\I386 folder.

n Note
You can install the ADC service only after you’ve executed ForestPrep and DomainPrep because the configuration settings for ADC are maintained within the Microsoft Exchange object that ForestPrep creates.

ADSI Edit is a handy tool for verifying AD changes, as Figure 4.3 shows. In this case, you can easily see where Exchange stores its settings within the Configuration Naming Context of the AD.

Brought to you by Quest Software and Windows & .NET Magazine eBooks

72

The Expert’s Guide for Exchange 2003

Figure 4.3
Exchange settings in ADSI Edit

During ADC installation, you’re prompted to install the Active Directory Connector Service and the Active Directory Connector Management components, as Figure 4.4 shows. For the initial installation, it’s best to install both. Installing the ADC requires a reboot, so plan accordingly.

Brought to you by Quest Software and Windows & .NET Magazine eBooks

Chapter 4 Installing Exchange Server 2003

73

Figure 4.4
Microsoft Active Directory Connector Setup

j

Tip
You don’t have to install the management tools on the ADC server. You might prefer to install the management tools on your administrative terminal, so you can administer the connection locally.

The ADC Tools Applet
Those of you who’ve used the Exchange 2000 Microsoft Management Console (MMC) Active Directory Connector Services snap-in will find a new addition with Exchange Server 2003: the ADC Tools applet, which Figure 4.5 shows.

Brought to you by Quest Software and Windows & .NET Magazine eBooks

74

The Expert’s Guide for Exchange 2003

Figure 4.5
ADC Tools applet

ADC Tools will help you collect information about the Exchange 5.5 environment, find resource mailboxes (through the Resource Mailbox Wizard), and automatically create CAs based on the discovered information (through the Connection Agreement Wizard).

n Note
With the inclusion of ADC Tools in the Active Directory Connector Services snap-in, you no longer need to download NTDSNoMatch or run queries against the Exchange organization. Both functions are included in this tool.

Deploying ADC Tools
In ADC Tools Step 1, you set the server and the path for the log files. In Step 2, ADC Tools connects to the target server and begins collecting information about the Exchange 5.5 organization. This information is used in Step 3 as the Resource Mailbox Wizard, which Figure 4.6 shows, identifies domain accounts associated with more than one mailbox.

Brought to you by Quest Software and Windows & .NET Magazine eBooks

Chapter 4 Installing Exchange Server 2003

75

Figure 4.6
Resource Mailbox Wizard displaying two Exchange mailbox associations

Deploying the Resource Mailbox Wizard Discovering these domain accounts is important: ADC Tools will find each Windows NT 4.0 account that’s associated with more than one mailbox and let you match the appropriate account with one of the mailboxes. In other words, one AD domain account must equal one Exchange mailbox. In Exchange 5.5 multiple mailboxes could be associated with a single domain account. AD makes that impossible because of the nature of the objects and the number of values possible within the attributes.

j

Tip
Each AD domain account can have only one primary associated mailbox.

Although you can add another account to the ACL of a mailbox later, each AD domain account is limited to one primary mailbox account. In the example that Figure 4.6 shows, Daniel Malloy is the primary NT 4.0 account on two Exchange 5.5 mailboxes. Using ADC Tools, I selected the Malloy, Daniel (dmalloy) account as the primary account for his mailbox and identified the other mailbox as a resource mailbox. Although the resource mailbox will then be primarily associated with another domain account, Daniel Malloy will retain permissions to it. With Exchange 5.5, the primary object was a mailbox and the associated NT 4.0 account was an attribute you could change at will. Remember that the field for NT Account allowed a single reference only. With AD, the domain account is the primary object and the Exchange settings are attributes of that object, as Figure 4.7 shows.

Brought to you by Quest Software and Windows & .NET Magazine eBooks

76

The Expert’s Guide for Exchange 2003

Figure 4.7
Exchange settings in an AD account

Each Exchange 5.5 mailbox must be associated with a unique domain account before you deploy the ADC – or the wrong domain account might be associated with the mailbox. The risk of an incorrect association is quite real, especially with resource mailboxes such as mailboxes in conference rooms – which is why ADC Tools includes the Resource Mailbox Wizard. Depending on the number of resources in your organization, this association process could take a few minutes or many hours. Therefore, you should run the Mailbox Resource Wizard as early in the migration process as possible – and export and view the results so you can delegate the changes. You can run the wizard again at a later time, after you or your staff members make the changes in the DS. Deploying the Connection Agreements Wizard In ADC Tools Step 4, you’ll use the most longed-for tool for Exchange 5.5 migration projects: the Connection Agreements Wizard, an automated tool for creating CAs. As with most technical processes, the devil is in the details. With Exchange migration projects, those details involve CA configurations, which contain the settings that the ADC service uses to keep the directories synchronized. The ADC uses three types of CAs:

Brought to you by Quest Software and Windows & .NET Magazine eBooks

Chapter 4 Installing Exchange Server 2003

77

• configuration CAs • recipient CAs • public folder CAs Configuration CA. The first time you install Exchange Server 2003 into your Exchange 5.5 organization, a CA is created automatically. During this installation, you’ll be asked whether you want to create a new Exchange organization or upgrade an existing Exchange 5.5 organization. If you choose to upgrade an existing Exchange 5.5 organization, the installation program asks for connection settings, then leverages the ADC to create the configuration CA and begin replicating the configuration settings of the Exchange 5.5 organization into the AD configuration container. You can move the configuration CA to other ADC servers and change the Windows connectivity settings, but otherwise the configuration CA is read-only. Moreover, you can’t create this CA manually. Therefore, if you attempted to install Exchange Server 2003 and don’t see the configuration CA, your Exchange 5.5 organization hasn’t been upgraded. Recipient CA. The recipient CA is the primary emphasis for this section. It controls synchronizing mailbox objects to the AD. The recipient CA lets Exchange 5.5 objects appear in AD and adds Exchange 2003 mailboxes to the Exchange 5.5 Global Address List (GAL). Without the correct recipient CAs in place, you lack a single address book – even in a singleorganization scenario. The number of recipient CAs you need depends on the degree of granularity your synchronization requires. By default, ADC Tools attempts to create a single recipient CA for each site that synchronizes all of the recipients, contacts, and DLs for that site. This default behavior means that • you must make sure that each site has a network connection and proper credentials before ADC Tools can complete all its steps. Although ADC Tools will launch regardless, you won’t get past the authentication screen unless it can communicate with and authenticate to all sites in your organization. • synchronization to and from each site will occur on the same schedule using the same settings. For example, if you want to synchronize DLs and mailboxes on different schedules or into different containers, you’ll need to manually create separate CAs for the different settings.

n Note
If you pay close attention to the ADC during the setup phases, you might notice how accurately it matches accounts to mailboxes. The “magic” behind its ability to do so lies in the fields the ADC uses during the search. In Exchange 5.5, the associated NT 4.0 account (sometimes incorrectly referred to as the SID) is the only field that’s truly matched between Exchange 5.5 and NT 4.0 directories. When you associate an NT 4.0 account with an Exchange 5.5 mailbox, the SID is copied into the mailbox object as an attribute. Assuming that an NT 4.0 domain is upgraded or the accounts migrated to a clean AD using SIDHistory, the SID value will probably remain intact. Because the SID is unique and is an attribute for both systems, this value is then the perfect field for the ADC to use to match objects between AD and the Exchange DS.
Brought to you by Quest Software and Windows & .NET Magazine eBooks

78

The Expert’s Guide for Exchange 2003

j

Tip
An interesting aspect of the recipient CA is that you can select root objects for the source. For example, on the From Exchange tab from within the CA details, you can select the Exchange 5.5 organization name instead of a specific site to replicate every Exchange 5.5 object to AD with a single CA. Although this might seem to be an effective way to minimize the complexity of your ADC configuration, it isn’t ideal for two-way synchronization because any AD changes made to objects in other Exchange 5.5 sites won’t replicate.

Public folder CA. The public folder CA’s purpose is to create public folder proxies in AD for Exchange 5.5 public folders. After you’ve added the public folder proxy addresses, replication can occur between Exchange 5.5 and Exchange Server 2003 servers – including the system folders. To make replication changes easier during migration, ExDeploy now includes the Microsoft Exchange Public Folder Migration Tool (pfMigrate.wsf) to help automate the process of adding Exchange Server 2003 to the replication list of the Exchange 5.5 public folders. In addition to choosing the source and target servers and containers, you’ll need to select a direction for your agreements. You have three choices for each agreement: • Two-Way – The preferred and most common method of synchronization is a two-way agreement. • Windows to Exchange – If you want to establish a single Exchange 5.5 GAL, you might choose not to replicate any changes to AD. • Exchange to Windows – If you’re planning a quick move or want to avoid making changes to the existing Exchange 5.5 environment, you can choose to synchronize with AD only those attributes that exist in the DS.

n Note
When you use the MMC Active Directory Connector Management snap-in, you might notice that the first CA you create becomes the primary CA for that Exchange organization. You can have just one primary CA, and only that CA that can create accounts in the target environment. Secondary CAs can only append or modify existing objects.

The ADC is a powerful tool. Its mapping rules are flexible, and you can configure the CAs it contains to be quite specific and granular. It can handle deletions and find matches within the target systems without creating duplicates. The number of CAs you can run on an ADC server has no published limit, but administrators in complex environments often choose to deploy multiple ADC servers. As with any directory replication, a hub-and-spoke configuration is typical to centralize the updates.

Brought to you by Quest Software and Windows & .NET Magazine eBooks

Chapter 4 Installing Exchange Server 2003

79

j

Tip
Without a direct upgrade path from Exchange 5.5 to Exchange Server 2003, you have to decide what to do about a complex Exchange 5.5 environment. Such environments often have a hub site that handles the complex mail routing topology by using a mix of site connectors, X.400 connectors, and specific SMTP settings. One solution is to first upgrade the hub-site servers to Exchange 2000, which retains their mail settings, then upgrade the servers to Exchange Server 2003.

Coexistence and Migration, Phase 3
Phase 3 of the Coexistence with Exchange 5.5 scenario involves installing Exchange 2003 Server, and this phase contains five steps. The first is to execute Setupprep to examine and verify that the directories are synchronized. After you evaluate the results, you can install the first Exchange 2003 server into your organization. During the Exchange Server 2003 setup, you’re prompted to select whether you’ll create a new organization or upgrade an existing Exchange 5.5 organization. You’ll see this prompt only once – and failure to make the right choice results in considerable cleanup work. Therefore, do your homework before you make this choice. To move mailboxes from the Exchange 5.5 servers to the Exchange Server 2003 servers, you need to add one Exchange 2003 server to the existing Exchange 5.5 site or sites. With the release of Exchange Server 2003 SP1, you can now move mailboxes from Exchange 5.5 servers to Exchange Server 2003 machines in other sites (admin groups), but you’ll need to manually modify the Outlook profiles or run the Profile Migration script to reset the Outlook profiles to the new target server. Moving mailboxes has been greatly improved with the Exchange Server 2003 MMC Active Directory Users and Computers snap-in. Select one or more user objects in the snap-in and right-click to bring up the Exchange Tasks. From this selection, select Move Mailbox, then select the target Exchange 2003 server and the appropriate storage group. You’re then asked to choose how to handle errors that occur during the process. You can choose to have the mailbox move aborted in the event of any error, or you can choose to log a certain number of errors after which the attempt is considered failed. The Mailbox Move Wizard can now migrate multiple accounts at once. You can choose to migrate the accounts after hours or watch the migration live and monitor the progress with the new onscreen reporting information, which Figure 4.8 shows.

Brought to you by Quest Software and Windows & .NET Magazine eBooks

80

The Expert’s Guide for Exchange 2003

Figure 4.8
Exchange Task Wizard progress report

n Note
The Mailbox Move Wizard now moves multiple mailboxes (up to four) at once and displays the status and progress of each move live.

After you’ve moved the information you need from Exchange 5.5, you can begin to think about retiring the old servers. Microsoft maintains current information about this procedure in the Knowledge Base Article 822450, “How to Remove the Last Exchange Server 5.5 Computer from an Exchange Server 2003 Administrative Group,” at http://support.microsoft.com/default.aspx?scid=kb; EN-US;822450. In brief, you need to make sure the system folders are replicated, then verify and use the ADC to replicate the changes. Finally, you stop the Exchange 5.5 services and use the Exchange 5.5 administrative tools from the Exchange Server 2003 console to remove the Exchange 5.5 server from the site.

ExDeploy Command-Line Options
As I mentioned previously, ExDeploy is the brains behind the deployment tools. Immediately below you see what the Help screen displays when you use exdeploy.exe /? to find the syntax for the tools:
Brought to you by Quest Software and Windows & .NET Magazine eBooks

Chapter 4 Installing Exchange Server 2003

81

/s:<Exchange 5.5 server>[:port] /gc:<Global Catalog server>|? Use <Global Catalog server> as target server /p:<Log File Path> Redirects progress output to <Log File Path> /h, /? Display this Help text /c (Comprehensive) Runs all tools /skip:<Tool1> [/skip:<Tool2>] ... ] Skips specified tools or tool groups /t:<Tool1> [/t:<Tool2>] ... ] Runs all specified tools or tool groups /site Runs PrivFoldCheck on all servers in the same site Also, ExDeploy tools that help you gain information include the following: • DSConfigSum runs Exchange 5.5 Directory Configuration Summary. • DSObjectSum runs Exchange 5.5 Directory Object Summary. • UserCount runs Exchange 5.5 Directory User Count. • VerCheck runs Server Version Check. • ADCUserCheck runs ADC User Replication Check. • NTDSNoMatch runs NTDSNoMatch. • OrgNameCheck runs Organization and Site Names Check. • ADCObjectCheck runs ADC Object Replication Check. • ADUserScan runs Active Directory User Replication Scan. • PolCheck runs Policy Check. • OrgCheck runs Organization Readiness Check. • PubFoldCheck runs Public Folder DS/IS Check. • ADCConfigCheck runs ADC Configuration Replication Check. • ConfigDSInteg runs Exchange Server 2003 Configuration Object Check. • RecipientDSInteg runs Exchange Server 2003 Recipient Object Check. • PrivFoldCheck runs Private Folder DS/IS Check. • OrgReport runs Existing Org Report. • GCVerCheck runs Global Catalog Server Version Check. Planning for your Exchange Server 2003 deployment can seem more daunting than the actual installation. Determining AD design, setting goals for the migration, and determining the administrative structure of the target system often involves non-technical decisions that require input from non-technical teams. However, after the planning stages are complete, you can take off your gloves and get to work. As you know from this chapter, Exchange Server 2003 deployment tools will help you walk through the installation process from start to finish.

Brought to you by Quest Software and Windows & .NET Magazine eBooks

82

The Expert’s Guide for Exchange 2003

Next: Multiple Directories
In the next chapter, I’ll cover the need for multiple directories and the methods you can use to keep them in sync. I’ll discuss the Microsoft Identify Integration Server in depth, as well as migrations from other directories (e.g., Notes), and, finally, the Interorg ADC agreement.

Brought to you by Quest Software and Windows & .NET Magazine eBooks


								
To top