Migration: Exchange 5.5 To Exchange 2000

Misc

Notes

Utilities

     Exchange 5.5 is typically used in a Windows NT 4.0 domain environment, Exchange 2000 is strictly a Windows 2000 platform. Your preperation requires an upgrade to Windows 2000 Server and AD first. You must deploy AD in your environment if you are planning to install Exchange 2000.

     To avoid the installation of separtate Windows 2000 domains, consider upgrading the PDCs in your domain environment directly. This method preserves all account information, including the original security identifiers (SIDs). However, upgrading the PDC involves an additional configuration step if your PDC also runs Exchange Server. Exchange 2000 is unable to work with Windows NT 4.0 based security information. This includes the Site Services account used to communicate with previous Exchange Server versions. Because Exchange 2000 needs to use the Site Services account, you must first upgrade the PDC of the domain in which this special account exists. During this upgrade, the Site Services account is converted into a Windows 2000 security principal. You don't need to upgrade your entire NT 4.0 environment to Windows 2000 to upgrade to Exchange 2000, however it is a good idea to upgrade at least the PDCs of all your user domains.

     You can install Windows 2000 in seperate doamins and using the AD Migration Tool to clone the existing security information. Cloned accounts are specific Windows 2000 accounts for which properties and group memberships have been copied from corresponding NT 4.0 source accounts. Although the account objects will have a different primary SID than their source accounts, each source account's SID is copied to the SIDHistory attribute of the corresponding clone. Through the old SID preserved in the SIDHistory attribute, the Windows 2000 user can access all network resources available to the source account - provided that trusts exist between the NT doamins and the clone's AD domain.

     The AD Migration Tool is appropriate for complex Windows NT environments consisting of multiple NT 4.0 domains because it allows consolidation of the domain environment.

     Microsoft recommends changing the LDAP port (389) for the Exchange 5.5 directory service prior to upgrading to Windows 2000 and AD.

The Active Directory Connector (ADC)

     To ensure a common global address list for all users, whether they still reside on Exchange 5.5 or are migrated to Exchange 2000, you need to syncronize the directories with each other. To enable directory synchronization, install the ADC and configure user connection agreements. Connection agreements can replicate recipient and public information between Exchange 5.5 and the Global Catalog. The ADC of Exchange 2000 of Exchange 2000 requires Exchange 5.5 SP3 be running on the Exchange 5.5 server you plan to connect to.

     Windows 2000 comes with a basic version of the ADC so that Exchange 5.5 can operate in a Windows 2000 environment even if Exchange 2000 is not installed. The Exchange 2000 version comes with another version of the ADC which comes with advanced functionality. The Exchange 2000 version of the ADC updates the AD schema on its first installlation.

     When directory replication occurs b/w AD and Exchange 5.5 via the ADC, the default configuration creates disabled Windows 2000 accounts for all Exchange 5.5 mailboxes that do not already have a matching AD object (account object).

     When directory replication between Exchange 5.5 and Exchange 2000 occurs, Exchange 2000 disguises itself as and Exchange 5.5 server. It also appears in the Exchange Administrator (5.5) as a 5.5 server. This feature is possible via the Microsoft Exchange Site Replication Service (SRS / SRSMAIN.EXE). The transaction logs reside in \exchsrvr\dsadata\ with an in place upgrade and in \exchsrvr\srsdata\ when joining an existing site. When installing or enabling SRS, all existing Exchange 2000 administrators inherit the permissions to manage the SRS environment. Administrators that have been granted permissions in Exchange System Manager at a later time are unable to manage SRS. To grant these administartors SRS permissions, use the Exchange Adminstator program and connect to the Exchange 2000 server. Grant the desired user account the appropriate rights, such as Service Account Administrator, as usual at the organization, site, and configuration level. You need the rights of a Permissions Admin.

     If you are installing a first Exchange 2000 server on a Windows 2000 DC not running any previous version of Exchange and joining an existing site, SRS automatically uses TCP port 379 to avoid LDAP port conflicts with AD.

     Exchange 5.5 uses RPC for intrasite replication. All Exchange servers in a site must validate each other using a common Site Services account before server to server communications is allowed. Servers not using the correct Site Services account will not be able to communicate. Exchange 2000 must use the common Site Services account for its communications with previous Exchange versions. When joining an existing site, you will be prompted for the Site Services account information. To modify the account password, use Exchange System snap in when displaying the properties of the administrative group that represents the site in question. Choose Modify on the General property sheet to change the information displayed under Exchange 4.0/5.x Services Account For This Site. The Site Services account specified in the properties of an administrative group is only used for communications with legacy Exchange systems. Exchange 2000 servers use the LocalSystem account for their native communications.

     Exchange 2000 server can utilize any existing connector installed in the site because SRS, in conjunction with the ADC, replicates configuration information, including information about connected sites and gateways, to AD. Information about existing Exchange 2000 connectors is replicated to all Exchange directories. Eariler versions of Exchange can, therefore, also use new connectors for message transfer. Through directory replication, routing information from servers running previous Exchange server versions is placed in the Exchange 2000 Server link state table. This allows Exchange 2000 servers to include any existing connectors in its routing decisions.

     The Outlook Web Access (OWA) in Exchange 2000 uses the Internet Server API (ISAPI) componenent (DAVEX.DLL) and other DLLs instead of ASP pages, therefore, any customized ASP pages you have made will no longer work once you upgrade to Exchange 2000. You can, however, use an Exchange 5.5 box as a front end for an Exchange 2000 server, but not vice versa.

     To switch an organization to native mode, all computers running previous versions of Exchange must be upgraded or removed. The Change Mode button in the General property sheet of an organization running mixed versions of Exchange is deactivated in the Exchange System snap in. Switching to native mode is an irreversible process.

     Although the move-mailbox upgrade represents an interesting alternative to the in-place approach, a complete migration requires numerous manual configuration steps. After you have removed a server running an earlier version of Exchange from the site, you need to delete its references from AD using the Exchange Administrator program. The last Exchange server must be delete from the SRS database manually because no other Exchange directory service exists in the site that could accomplish this via directory replication.

     Upgraded users now working with mailboxes on Echange 2000 will notice small changes in the structure of the address book because they now connect to a GC server for address lookups. Users might sometimes see duplicate accounts in the address book, the duplicate accounts, which might have been generated during the migration process, require a dedicated cleanup using the Active Directory Account Cleanup Wizard. To use the AD Account Cleanup Wizard, look in the Exchange program group. To avoid the generation of duplicate accounts in your environment, upgrade all existing PDCs to Windows 2000 before configuring user connections agreements with the ADC.

Migration Summary

     You must deploy Windows 2000 and AD if you are planning to install Exchange 2000. Because Exchange 2000 must use the Site Services account for its communications with previous versions, you must first upgrade the PDC of the domain in which the Exchange Site Services account exists. If you are planning to directly upgrade an existing Exchange 5.5 system, you need to upgrade its operating system as well, and possibly change the TCP port for the LDAP interface of the Exchange directory service.

     By upgrading the PDC, you migrate Windows NT user accounts to AD. The corresponding mailbox information, however, still resides in the Exchange directory. Consequently, you need to synchronize both directories via a connection agreement to add the mailbox information to the user account objects.

     Whether you join an existing site with a new Exchange 2000 server or perform an in-place upgrade, Exchange 2000 Server must replicate directory information with earlier versions of Exchange Server, which is handled by SRS. A configuration connection agreement transfers the directory information from the SRS database into AD, where previous Exchange Server resources are displayed as transpartent objects. In the Exchange Administrator program, Exchange 2000 servers appear similar to servers running previous versions of Exchange Server.

     To switch an organization to native mode, all computers running previous Exchange Server versions must be upgraded or removed. Switching to native mode permanently disables interoperability with previous versions.

Links

HOW TO: Migrate from Exchange Server 5.5 to Exchange 2000 Server