The tools you need and the approaches you can follow
Now that Microsoft Exchange Server 2003 is shipping, some companies are likely planning to migrate their Exchange 2000 Server or Exchange Server 5.5 systems to Exchange 2003. No matter whether you plan to migrate from Exchange 2000 or Exchange 5.5, the Exchange 2003 migration process is fairly straightforward. First, you need to understand the deployment and interoperability basics so that you can determine your system's new infrastructure. Then, you need to plan and prepare for your migration. Finally, you can perform the migration.
Deployment and Interoperability Basics
Microsoft designed Windows Server 2003 and Exchange 2003 to work together. However, as Table 1, page 36, shows, you can combine different versions of Windows and Exchange. When you're planning your Exchange/Windows environment, here are some considerations to keep in mind:
- You can run Exchange 2003 on both Windows 2003 and Windows 2000 Server, but you can't run Exchange 2000 on Windows 2003, primarily because of changes in Microsoft Internet Information Services (IIS) 6.0. So, if you're planning to migrate to Windows 2003, you should also plan to migrate to Exchange 2003. The only other option is to run Exchange 2000 on a Win2K member server in a Windows 2003 domain.
- You can use only Windows 2003 domain controllers (DCs) or Win2K DCs running Service Pack 3 (SP3) or later for Exchange 2003. At least one of these DCs must be available within the domain in which you install the Exchange 2003 server.
- Exchange 5.5 can operate in legacy Windows environments because it doesn't rely on Active Directory (AD). However, Exchange 5.5 isn't supported on a Windows 2003 server because of changes in IIS 6.0.
- Running Exchange 2000 SP1 on a Win2K server in a Windows 2003 domain requires a hotfix. (Later service pack versions don't require this hotfix.) For more information about the problem and its solution, see the Microsoft articles "XADM: You Cannot Install Exchange 2000 on a Computer That Is Running Windows Server 2003" (http://support.microsoft.com/?kbid=321648) and "XGEN: Exchange 2000 Server Post-Service Pack 2 Directory Fixes Available" (http://support.microsoft.com/?kbid=316463).
Planning and Preparing for the Migration
Exchange 2003's new ExDeploy utility can guide you through the Exchange 2003 migration process. ExDeploy offers a three-phase approach that walks you through all the steps involved in a migration, including planning and preparing for the migration. You can even launch the utilities you need in each step from within ExDeploy. Alternatively, you can manually launch the utilities. You can find ExDeploy in the \support\exdeploy directory on the Exchange 2003 installation CD-ROM. After you open ExDeploy, you simply select one of the following migration options: Coexistence with Exchange 5.5, Coexistence with Mixed Mode Exchange 2000 and Exchange 5.5, Upgrade from Exchange 2000 Native Mode, or New Exchange 2003 Installation. ExDeploy then directs you to the appropriate page.
Whether you're migrating from Exchange 2000 or Exchange 5.5, one of the most important preparations is readying the AD environment for Exchange 2003. This preparation involves running the Forestprep and Domainprep utilities. You must run the Exchange 2003 versions of both Forestprep and Domainprep, even if you previously ran the Exchange 2000 versions. You can use ExDeploy to launch these utilities. Another option is to launch them from the \setup\i386 directory on the Exchange 2003 installation CD-ROM by using the commands
Forestprep updates AD with new schema definitions that Exchange 2003 uses and adds other configuration information to AD. The Exchange 2003 version of Forestprep updates AD with 142 additional object and attribute definitions over and above those that Exchange 2000 added.
Running Forestprep in a pure Windows 2003 environment is better than running it in a Win2K environment. When Forestprep updates the schema, it adds some of the new object classes to AD's Partial Attribute Set (PAS) so that these attributes replicate to the Global Catalog (GC) servers. When Forestprep updates the PAS in Win2K, AD replicates the complete PAS to all GCs. However, when Forestprep updates the PAS in Windows 2003, AD replicates only new changes in the PAS to all GCs because of the replication improvements in Windows 2003. Another benefit of running Forestprep in a pure Windows 2003 environment is that the Exchange 2003 schema extensions are now identical to the Exchange 2003 Active Directory Connector (ADC) schema extensions, so you don't end up with two waves of replication across your network.
Domainprep performs several functions, including creating the Exchange-Domain Servers Global Security Group and the Exchange Enterprise Servers Local Security Group. These groups give Exchange servers the permissions they need to perform their functions.
You need to run Domainprep in every domain in your environment, including the root domain, regardless of whether the domain holds Exchange servers or mailbox-enabled objects or whether it holds other types of applications. You must run Domainprep in the root domain because Exchange expects to see the Public Folder Proxy container in the root domain of the forest—and Domainprep creates this container.
In an Exchange 5.5 to Exchange 2003 migration, another important preparatory step is to install the Exchange 2003 ADC. You need to create one or more ADC servers and create the appropriate connection agreements (CAs) between the AD organizational units (OUs) and the Exchange 5.5 sites to facilitate interoperability between the Exchange 2003 and Exchange 5.5 servers. All Exchange 5.5 servers in the site should be running at least SP3, but SP4 is preferable. If you have Exchange 2000 ADCs in your Exchange 5.5 site, you must replace them with Exchange 2003 ADCs.
For large or complex environments, you should take the time to carefully analyze your environment and design a CA model. For small or simple environments, Microsoft provides ADC Tools, a new ADC feature that automates much of the checking and configuration required to establish the correct CA model.
After you install the Exchange 2003 ADC, the Microsoft Management Console (MMC) Active Directory Connector Manager snap-in displays the new ADC Tools feature, which Figure 1, page 38, shows. To use ADC Tools, you must first specify the Exchange 5.5 Directory Service (DS) connection information for at least one Exchange 5.5 server in any site. You need only to read permissions to access the Exchange configuration, so any site will suffice. Next, you need to have ADC Tools run several preconfiguration tests to collect information about the Exchange 5.5 environment. After collecting this information, you need to run the Resource Mailbox Wizard. This wizard performs NTDSAttrib checks to identify Exchange 5.5 mailboxes without associated Windows accounts. Such accounts are invalid because Exchange 2003 mailboxes must belong to an AD account. ADC Tools writes the results from these tests to the adctools.log file, which is in the C:\exdeploy logs directory. You must run the Resource Mailbox Wizard at least once if you want to install an Exchange 2003 server in an existing Exchange 5.5 environment. The Exchange 2003 installation procedure, setup.exe, explicitly checks for the results of these tests before it lets the installation proceed.
Finally, from ADC Tools, you can run the Connection Agreement Wizard to analyze your Exchange 5.5 and AD environments and automatically create the CAs that are most applicable for your organization. This wizard gives you recommended CA configurations, as Figure 2 shows. You can make some modifications to this CA, if necessary.
The operation of the Exchange 2003 ADC is similar to that of the Exchange 2000 ADC. However, one significant difference exists in the synchronization of Exchange 5.5 mailboxes to AD objects. The Exchange 2000 ADC uses the samAccountName attribute to synchronize the Exchange 5.5 alias to the Windows account. Some migration tools use this attribute to find matches between Exchange 5.5 mailboxes and Win2K objects during Windows account cloning operations. The Exchange 2003 ADC doesn't use the samAccountName attribute for synchronization. Instead, the Exchange 2003 ADC generates a pseudo-random value. As a result, make sure that your migration tool can use a different attribute (e.g., SID, sIDHistory) for matching purposes.
Migrating from Exchange 2000 to Exchange 2003
You can migrate from Exchange 2000 to Exchange 2003 in one of two ways: You can perform an in-place upgrade on the Exchange 2000 server, or you can install a new Exchange 2003 server in the same administrative group as the existing Exchange 2000 server, then use the Move Mailbox tool to move mailboxes from the old server to the new one. Moving mailboxes is the easiest approach but requires additional hardware, so it's well suited for large organizations with large budgets. For small organizations, the in-place upgrade approach might be more desirable than the move-mailbox approach because you can use existing hardware. However, the in-place upgrade approach has reduced service availability and increased risk because the server isn't available for the duration of the upgrade process and any problems during the migration means that the whole upgrade is compromised. Exchange 2000 SP3 is a prerequisite for an in-place upgrade.
Performing an in-place upgrade. If you perform an in-place upgrade, you must upgrade Exchange 2000 to Exchange 2003 before you upgrade Win2K to Windows 2003. For most Exchange 2000 servers, you can simply back up your system, perform the in-place upgrade, then back up your system immediately after the upgrade. However, exceptions exist. For example, you can't perform an in-place upgrade on Exchange 2000 servers that run the Chat Service, Instant Messaging (IM), Exchange Conferencing Server (ECS), or Key Management Service (KMS) without first removing these services because these services aren't supported on the same server on which Exchange 2003 is running. If you still want to run these services, you can keep an Exchange 2000 server to host them. If you're using the front-end/back-end server model to host Microsoft Outlook Web Access (OWA), POP, or IMAP clients, you must upgrade any front-end servers before you upgrade any back-end servers for a given administrative group.
You can use ExDeploy to upgrade Exchange 2003, or you can manually upgrade to Exchange 2003 by executing setup.exe in the \setup\i386 directory on the Exchange 2003 installation CD-ROM. In-place upgrades typically take only about 20 or 30 minutes. Nevertheless, you should perform the upgrade during off-hours.
The upgrade process doesn't involve any modifications to the format of the existing Exchange databases. If you run full-text indexing on any upgraded Exchange 2000 servers, the full-text indexes require a complete rebuild after the upgrade finishes. The upgrade process indefinitely pauses the full-text rebuild so that you don't run the risk of having the newly upgraded server come back online, then perform the resource-intensive index rebuild.
Installing a new Exchange 2003 server and using the Move Mailbox tool. You can install Exchange 2003 from within ExDeploy, or you can manually run setup.exe. After the new server is in place, you use Exchange 2003's Move Mailbox tool to move the mailboxes from the old server to the new one. However, you can't use Move Mailbox to move mailboxes between servers in different administrative groups unless the Exchange organization contains only Exchange 2000 servers or contains only Exchange 2003 servers and the Exchange organization is running in native mode.
The Move Mailbox tool isn't new to Exchange 2003, but Microsoft has improved the Exchange 2003 version several ways. The improvements include the following:
- You can now access Move Mailbox from two consoles: the MMC Active Directory Users and Computers snap-in and the MMC Exchange System Manager snap-in. (You can't launch Move Mailbox from ExDeploy.) Previously, you could access the Move Mailbox tool only through the Active Directory Users and Computers snap-in. Having this tool available in the Exchange System Manager snap-in makes sense when you consider that Exchange administrators often want to review properties of the Exchange databases before migrating users. Now, all the information is available in the same place.
- The Move Mailbox tool is now multithreaded, with as many as four threads per session. In the server environment that hosts my production mailboxes, performance statistics showed that a single thread executed at a transfer rate of about 500MB per hour between servers that supported several hundred users and that were on the same LAN segment.
- You can now schedule the Move Mailbox tool to run unattended at a particular time of day.
- You can now configure the Move Mailbox tool so that the tool will skip as many as 100 corrupted messages (i.e., messages that the wizard can't read from the source server or write to the target server) in a mailbox and still move that mailbox. Move Mailbox logs the corrupted messages as errors in the failure report. If you don't want to tolerate any problems during the move operation, you can have Move Mailbox terminate a mailbox's move operation if it finds a corrupted message. After the tool terminates that mailbox's move operation and writes the error to the failure report, it proceeds to move the next mailbox. Figure 3 shows the GUI you use to specify how you want to handle corrupted items as well as the GUI you use to schedule the move operation.
Migrating from Exchange 5.5 to Exchange 2003
You can't perform an in-place upgrade from an Exchange 5.5 server to an Exchange 2003 server. For this type of migration, you must install an Exchange 2003 server into the Exchange 5.5 site, then use the Move Mailbox tool to move mailboxes from the Exchange 5.5 server to the Exchange 2003 server.
You can install the Exchange 2003 server from within ExDeploy, or you can manually run setup.exe. After you've installed Exchange 2003, you use the Move Mailbox tool to move the mailboxes from the old Exchange 5.5 servers to the new Exchange 2003 servers. After moving the mailboxes, you can run ExDeploy's postinstallation checks.
Migrations in Mixed Environments
If your current environment has both Exchange 2000 and Exchange 5.5 servers, the migration to Exchange 2003 involves a combination of the migration techniques I just covered. In this mixed environment, the Exchange 2000 ADC should already be in place to provide directory synchronization between the Exchange 5.5 DS and AD. Be sure to upgrade to the Exchange 2003 ADC, then rerun Forestprep and Domainprep.
A Painless Process
If you have past experience with Exchange migrations, you'll find the migration to Exchange 2003 easy because little has changed. You use the same basic procedures and tools. Another element that hasn't changed is the need for a lot of planning and preparatory work. However, the new ExDeploy tool can help make the planning and preparations much simpler.