The Expert's Guide for

Exchange 2003
Preparing for, Moving to, and Supporting
Exchange Server 2003

by Steve Bryant
 iv

Books

Contents
Chapter 4 Installing Exchange Server 2003 . . . . . . . . . . . . . . . . . . . . . . . . 65
Deployment Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Deployment Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Exchange Server 2003 Installation Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
New Exchange 2003 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Upgrade from Exchange 2000 Native Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Coexistence with Mixed Mode Exchange 2000 and Exchange 5.5 . . . . . . . . . . . . . . . 69
Coexistence and Migration from Exchange 5.5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Coexistence and Migration from Exchange 5.5: Step by Step . . . . . . . . . . . . . . . 70
Coexistence and Migration, Phase 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Coexistence and Migration, Phase 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Understanding ADC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
The ADC Tools Applet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Deploying ADC Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Deploying the Resource Mailbox Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Deploying the Connection Agreements Wizard . . . . . . . . . . . . . . . . . . . . . . . 76
Coexistance and Migration, Phase 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
ExDeploy Command-Line Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Next: Multiple Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
 65

Chapter 4:

Installing Exchange Server 2003

You might have noticed that I’ve covered nearly everything you need to know about installing
Microsoft Exchange Server 2003 except for the installation itself. After you meet the requirements
discussed in the first three chapters, the installation is just a few mouse clicks away. In fact, installing
Exchange has always been that easy – and therein lies a problem.
Many people don’t see the importance of a planning process and so don’t go through the
planning stages I describe in this book. However, if you prepare for Exchange Server 2003 and know
why you’re doing what you’re doing, you’re more likely to understand and be able to solve any
problems that arise. Lack of planning can lead to problems. For example, if you don’t place your
Global Catalog (GC) servers properly, Outlook will perform poorly. Also, failure to consider Exchange
server placement can negatively affect both performance and collaboration.
In this chapter, I discuss the new set of deployment tools for Exchange Server 2003 as well as
ways to install Exchange Server 2003 programmatically. To reflect the range of deployment options,
I cover deploying Exchange Server 2003 in several scenarios – including a new (“greenfield”)
installation and a migration from Exchange 5.5.
Having covered upgrading one Exchange organization to another in Chapter 3, in this chapter, I
emphasize migrating an existing Exchange 5.5 organization to Exchange Server 2003. I discuss in
some detail how to use the Active Directory Connector (ADC) to establish coexistence with Exchange
5.5 and, ultimately, to migrate mailboxes.

Deployment Tools
Initially, I wasn’t too excited about the new deployment tools Microsoft ships with Exchange Server
2003. Documentation about deployment is available online, and I felt that another wizard-like tool
was unnecessary. With Exchange Server 2000, users quickly learned about the required installation
of SMTP, Network News Transfer Protocol (NNTP), and Microsoft IIS on the server. Administrators
diagnosed problem installations with tools such as Dcdiag – and sometimes used ADSI Edit to inspect
Active Directory (AD). Although I thought these requirements and tools were common knowledge,
I’ve learned that they aren’t. The new tools make preparation and installation easier.
Most importantly, the new deployment tools introduce an important paradigm to installation: that
administrators check the domain for errors before they introduce Exchange Server 2003. Microsoft
Product Support Services (PSS) has used many of these tools to analyze Exchange Server installations,
but now the tools are included in the deployment toolset to let you inspect your domain, DNS, and
current Exchange systems. You can predict problems rather than having to react to them. I’ve come
to really appreciate the deployment tools and recommend them to even the most seasoned Exchange
administrators.
The Exchange Server 2003 deployment toolset, ExDeploy, resembles a wizard in that it walks you
through all the requirements and provides links to multiple tools, including Dcdiag and ADSI Edit –

Brought to you by Quest Software and Windows & .NET Magazine eBooks
66 The Expert’s Guide for Exchange 2003

to preemptively troubleshoot problems with AD, the ForestPrep process, and more. Systematically
using ExDeploy’s preparation tools can add 20 minutes to the deployment phase, but those
minutescan save you hours spent troubleshooting. Even as a seasoned consultant, I make it a habit to
run ExDeploy instead of manually running the setup from the \i386 directory. Doing so lets me
double-check myself on specific steps and provides quick access to diagnostic tools.
When you insert the Exchange Server 2003 media (e.g., CD-ROM, DVD) autorun launches a
setup file that displays a CD-ROM menu. From the list on this screen, select and click Exchange
Deployment Tools to launch ExDeploy. Later in the chapter, I discuss ExDeploy’s options.

Deployment Tasks
Deploying Exchange Server 2003 includes the following six phases:
• Phase 1: Planning the deployment and checking the infrastructure
• Phase 2: Checking and cleaning the Exchange 5.5 directory (if it exists)
• Phase 3: Replicating the Exchange 5.5 directory data
• Phase 4: Provisioning the AD for Exchange
• Phase 5: Installing the Exchange Server directory components
• Phase 6: Moving mailboxes and removing legacy Exchange 5.5 servers

The overall purpose of the deployment toolset is to give you the tools and wizards you need to walk
you through the installation – so you don’t have to call Microsoft Product Support Services (PSS). No
joke! Of course, other benefits include knowing that your AD is clean and functioning well and that
the Exchange environment is provisioned correctly.
The Exchange deployment tools provide a walkthrough that lets you mark off phases as you
complete them. The tools also let you check your current environment before and immediately after
the installation. Tools in the set
• check the Exchange 5.5 Directory Configuration and Directory Objects
• provide a Exchange 5.5 Directory User Count
• check Exchange and GC server versions
• check ADC replication
• run the NTDSNoMatch utility
• check Organization and Site Names
• run the Active Directory User Replication Scan
• check policies
• run the Organization Readiness Check
• run the Public and Private Folder DS/IS checks
• check the Exchange Server 2003 Configuration and Recipient Objects
• run an Org Report

Brought to you by Quest Software and Windows & .NET Magazine eBooks
 Chapter 4 Installing Exchange Server 2003 67

n Note For those of you who enjoy knowing the details, ExDeploy is actually exdeploy.hta, and it runs
from within your browser. Exdeploy.exe is the command-line tool ExDeploy uses to perform
the checks and create the logs.

Exchange Server 2003 Installation Scenarios

As I mentioned previously, I’ll discuss new installations of Exchange Server 2003 as well as migrations
from Exchange 5.5. However, I’ll spend more time on the migration scenario because it’s more com-
plicated and requires additional tools and procedures.
Because I lack space to cover an entire deployment, I’ll devote most of the discussion for each
scenario to deploying the first Exchange 2003 server. Initially, however, I want to emphasize two key
points:
• You can’t upgrade Exchange 5.5 Servers directly to Exchange Server 2003.
• Exchange Server Deployment Tools aren’t designed for inter-organization migration. If you have
two Exchange organizations, these tools aren’t for you. You might want to explore third-party
migration tools.

After you select the Exchange Deployment Tools option from the CD-ROM autorun screen, you’ll see
the Exchange Server Deployment Tools screen, which Figure 4.1 shows.

Figure 4.1
Exchange Server Deployment Tools

Brought to you by Quest Software and Windows & .NET Magazine eBooks
68 The Expert’s Guide for Exchange 2003

j Tip
You can download the Exchange 2003 Deployment Tools from
http://www.microsoft.com/downloads/details.aspx?FamilyID=271e51fd-fe7d-42ad-b621-45
f974ed34c0&DisplayLang=en. You should use the latest version of the installation tools.

After you select Deploy the first Exchange 2003 server, you’ll be prompted to choose whether you
plan to migrate from and coexist with Exchange 5.5, upgrade from Exchange 2000, or perform a new
installation. After you make your selection, the appropriate screen will appear and list specific
deployment tasks. I’ll discuss the scenarios in reverse order, saving the most complicated scenario
for last.

New Exchange 2003 Installation

The simplest Exchange Server 2003 installation is a new one. If you select Deploy the first Exchange
2003 server, then, when prompted, select New Exchange 2003 installation, you’ll see a new
installation page that contains eight steps.
The steps are designed to walk you through verifying that the target server has the appropriate
services installed. They offer instructions for deploying the Netdiag and Dcdiag tools to check
network and domain health.
Next, you’ll deploy ForestPrep and DomainPrep, then install the server. If you’re installing
Exchange Server 2003 into your production network, I recommend that you make sure the first server
is a permanent, non-clustered server. Some roles, such as the Recipient Update Service (RUS),
Routing Group Master, and system public folder server are assumed for the first server and don’t
work correctly in a clustered environment.

Upgrade from Exchange 2000 Native Mode

The next easiest installation is an upgrade from Exchange 2000 Native Mode. In fact, the installation
process is the same as the process for a new installation – except that you must address several
components shipped with Exchange 2000 that Exchange Server 2003 no longer supports.
Before you can upgrade an Exchange 2000 server to Exchange Server 2003, you must remove
the following components:
• Instant Messaging Server
• Chat
• Key Management Service (KMS)
• Lotus cc:Mail connector
• Microsoft Mail (MS Mail) connector
• Microsoft Mobile Information Server Event Sink
• Any third-party email connector that’s not compatible with Exchange Server 2003

If your situation requires the use of one or more of these components, you might choose to install a
new Exchange Server 2003 server in your environment alongside your Exchange 2000 server or

Brought to you by Quest Software and Windows & .NET Magazine eBooks
 Chapter 4 Installing Exchange Server 2003 69

servers. Keep in mind, however, that Exchange 2000 can’t act as a front-end to Exchange Server 2003.
In a mixed environment, you must upgrade your front-end servers before you upgrade the mailbox
servers.

Coexistence with Mixed Mode Exchange 2000 and Exchange 5.5

Technically, the difference between this scenario and the previous one is that this scenario uses the
ADC. Because the Exchange 2000 Native Mode installation contained no Exchange 5.5 servers, you
didn’t need to synchronize information in an Exchange 5.5 directory with information in AD.
In a Mixed Mode Exchange 2000 and Exchange 5.5 scenario, however, you have Exchange 2000
and Exchange 5.5 servers. And, although you’ll already have configured ADC, the Exchange 2000
version of ADC isn’t compatible with Exchange 2003.
Therefore, in this scenario, your main task is to upgrade the ADC servers, as Figure 4.2 indicates,
then verify the connection agreements (CAs), which control synchronization between Exchange 5.5
and AD.

Figure 4.2
Coexistence with Mixed Mode Exchange 2000 and Exchange 5.5

Brought to you by Quest Software and Windows & .NET Magazine eBooks
70 The Expert’s Guide for Exchange 2003

j Tip
I’ll discuss the ADC service and CAs in much more detail shortly, but you should know that the
ADC servers must run the Exchange Server 2003 version of ADC before you deploy Exchange
Server 2003 on any servers.

Because of the necessary integration with AD, deploying the first Exchange 2003 or Exchange
2000 server in an Exchange 5.5 organization is the largest step in moving toward these later versions
of Exchange. After this step is complete, subsequent installations of Exchange 2003 or Exchange 2000
are fairly simple.
The deployment tools walk you through this scenario in detail. When you select Upgrade Active
Directory Connector Servers, which Figure 4.2 shows, you’ll see a new task list that contains six steps
designed to walk you through extending the schema, prepping the domain, and running ADC Setup
to upgrade the ADC servers. (You’ll need to run ADC Setup for each of your ADC servers.)
All existing CAs will remain in place because they and their settings are still required. After
you’ve upgraded the ADCs, you should run the ADC tools (which I’ll cover in detail later in the
chapter), to verify that the CAs are configured correctly and that nothing else is required for Exchange
5.5 coexistence. The ADC tools will analyze the Exchange 5.5 organization and can automatically
create additional CAs as needed. After you’ve upgraded the ADCs, you can upgrade existing
Exchange 2000 servers to Exchange Server 2003 and install new Exchange 2003 servers into your
environment.

Coexistence and Migration from Exchange 5.5

I’ve saved the “best” scenario for last – and devote the remainder of the chapter to it. Exchange 5.5
migrations underscore the importance of AD to Exchange 2003 and Exchange 2000. Note that
Microsoft terms this process a “migration,” not an upgrade. (If you think back to early Exchange 2000
documentation, you’ll recall that Microsoft always termed the move to Exchange 2000 a migration.)

Coexistence and Migration from Exchange 5.5: Step by Step

The term migration is correct because directory information isn’t upgraded from Exchange 5.5. The
information is copied and the data is migrated. Because Exchange 5.5 has its own directory, to make
its contents available in Exchange 2000, you must migrate the configuration and mailbox directory
information to AD. The ADC service performs this directory migration. The ADC and its settings
differentiate this scenario from the previous one. The deployment tools divide the migration scenario
into three phases.

Coexistence and Migration, Phase 1

Much as you would in the Exchange 2000 coexistence scenario, you run Dcdiag and Netdiag.
However, you also run a group of tools known collectively as DSScopeScan. DSScopeScan uses
Lightweight Directory Access Protocol (LDAP) and credentials that you specify to connect to an
Exchange 5.5 server in your organization and determine its configuration, the number and types of
objects, the user count, and the version of Exchange 5.5 currently installed on the servers. You must

Brought to you by Quest Software and Windows & .NET Magazine eBooks
 Chapter 4 Installing Exchange Server 2003 71

have Exchange 5.5 Service Pack 3 (SP3) installed on at least one server in your organization before
you deploy Exchange Server 2003.

Coexistence and Migration, Phase 2

In phase two of the migration to an Exchange 5.5 coexistence scenario, you deploy ForestPrep and
DomainPrep to provision AD, and you launch OrgPrepcheck to check the results. You can find those
results in the ExDeploy.log file under the “+ Preparing Active Directory for Exchange Server 2003
(OrgPrepCheck)” section.
The ForestPrep procedure will take about 20 minutes depending on the number of items in the
domain and the performance of your server(s). During the procedure, you’re prompted to enter the
name of the account or group to use for subsequent installs. The account or group that you list will
have Exchange Full Admin permissions to the organization. Initially, only this account or group will
have permission to install Exchange Server 2003.
Before I discuss Phase 3 of the migration process, I’ll describe the ADC service and its function in
some detail. I’ll then resume the migration discussion with Phase 3. I think you’ll soon see why a
thorough understanding of ADC is essential.

Understanding ADC [3]

As I mentioned previously, the Exchange Directory Service (DS) contains objects: mailbox objects,
custom recipients, distribution lists (DLs), and configuration settings for the entire organization. For
Exchange 2003 to take advantage of those objects and settings, the objects must first be replicated to
the AD. Moreover, for Exchange 5.5 users to see and use Exchange 2003 mailboxes, contacts, and
groups, those objects must be replicated to the Exchange 5.5 DS.
ADC is a service that runs on a Windows 2003 or Windows 2000 server to perform directory
synchronization. From among the several versions of ADC, I’ll discuss the version that comes on the
Exchange 2003 CD-ROM or DVD in the \ADC\I386 folder.

n Note You can install the ADC service only after you’ve executed ForestPrep and DomainPrep
because the configuration settings for ADC are maintained within the Microsoft Exchange
object that ForestPrep creates.

ADSI Edit is a handy tool for verifying AD changes, as Figure 4.3 shows. In this case, you can easily
see where Exchange stores its settings within the Configuration Naming Context of the AD.

Brought to you by Quest Software and Windows & .NET Magazine eBooks
72 The Expert’s Guide for Exchange 2003

Figure 4.3
Exchange settings in ADSI Edit

During ADC installation, you’re prompted to install the Active Directory Connector Service and the
Active Directory Connector Management components, as Figure 4.4 shows. For the initial installation,
it’s best to install both. Installing the ADC requires a reboot, so plan accordingly.

Brought to you by Quest Software and Windows & .NET Magazine eBooks
 Chapter 4 Installing Exchange Server 2003 73

Figure 4.4
Microsoft Active Directory Connector Setup

j Tip
You don’t have to install the management tools on the ADC server. You might prefer to install
the management tools on your administrative terminal, so you can administer the connection
locally.

The ADC Tools Applet

Those of you who’ve used the Exchange 2000 Microsoft Management Console (MMC) Active
Directory Connector Services snap-in will find a new addition with Exchange Server 2003: the ADC
Tools applet, which Figure 4.5 shows.

Brought to you by Quest Software and Windows & .NET Magazine eBooks
74 The Expert’s Guide for Exchange 2003

Figure 4.5
ADC Tools applet

ADC Tools will help you collect information about the Exchange 5.5 environment, find resource
mailboxes (through the Resource Mailbox Wizard), and automatically create CAs based on the
discovered information (through the Connection Agreement Wizard).

n Note With the inclusion of ADC Tools in the Active Directory Connector Services snap-in, you no
longer need to download NTDSNoMatch or run queries against the Exchange organization.
Both functions are included in this tool.

Deploying ADC Tools

In ADC Tools Step 1, you set the server and the path for the log files. In Step 2, ADC Tools connects
to the target server and begins collecting information about the Exchange 5.5 organization. This
information is used in Step 3 as the Resource Mailbox Wizard, which Figure 4.6 shows, identifies
domain accounts associated with more than one mailbox.

Brought to you by Quest Software and Windows & .NET Magazine eBooks
 Chapter 4 Installing Exchange Server 2003 75

Figure 4.6
Resource Mailbox Wizard displaying two Exchange mailbox associations

Deploying the Resource Mailbox Wizard

Discovering these domain accounts is important: ADC Tools will find each Windows NT 4.0 account
that’s associated with more than one mailbox and let you match the appropriate account with one of
the mailboxes. In other words, one AD domain account must equal one Exchange mailbox.
In Exchange 5.5 multiple mailboxes could be associated with a single domain account. AD
makes that impossible because of the nature of the objects and the number of values possible within
the attributes.

j Tip
Each AD domain account can have only one primary associated mailbox.

Although you can add another account to the ACL of a mailbox later, each AD domain account is
limited to one primary mailbox account. In the example that Figure 4.6 shows, Daniel Malloy is the
primary NT 4.0 account on two Exchange 5.5 mailboxes.
Using ADC Tools, I selected the Malloy, Daniel (dmalloy) account as the primary account for his
mailbox and identified the other mailbox as a resource mailbox. Although the resource mailbox will
then be primarily associated with another domain account, Daniel Malloy will retain permissions to it.
With Exchange 5.5, the primary object was a mailbox and the associated NT 4.0 account was an
attribute you could change at will. Remember that the field for NT Account allowed a single reference
only. With AD, the domain account is the primary object and the Exchange settings are attributes of
that object, as Figure 4.7 shows.

Brought to you by Quest Software and Windows & .NET Magazine eBooks
76 The Expert’s Guide for Exchange 2003

Figure 4.7
Exchange settings in an AD account

Each Exchange 5.5 mailbox must be associated with a unique domain account before you
deploy the ADC – or the wrong domain account might be associated with the mailbox. The risk of
an incorrect association is quite real, especially with resource mailboxes such as mailboxes in
conference rooms – which is why ADC Tools includes the Resource Mailbox Wizard.
Depending on the number of resources in your organization, this association process could take
a few minutes or many hours. Therefore, you should run the Mailbox Resource Wizard as early in the
migration process as possible – and export and view the results so you can delegate the changes.
You can run the wizard again at a later time, after you or your staff members make the changes in
the DS.
Deploying the Connection Agreements Wizard
In ADC Tools Step 4, you’ll use the most longed-for tool for Exchange 5.5 migration projects: the
Connection Agreements Wizard, an automated tool for creating CAs. As with most technical
processes, the devil is in the details. With Exchange migration projects, those details involve CA
configurations, which contain the settings that the ADC service uses to keep the directories
synchronized. The ADC uses three types of CAs:

Brought to you by Quest Software and Windows & .NET Magazine eBooks
 Chapter 4 Installing Exchange Server 2003 77

• configuration CAs
• recipient CAs
• public folder CAs

Configuration CA. The first time you install Exchange Server 2003 into your Exchange 5.5
organization, a CA is created automatically. During this installation, you’ll be asked whether you want
to create a new Exchange organization or upgrade an existing Exchange 5.5 organization.
If you choose to upgrade an existing Exchange 5.5 organization, the installation program asks for
connection settings, then leverages the ADC to create the configuration CA and begin replicating the
configuration settings of the Exchange 5.5 organization into the AD configuration container.
You can move the configuration CA to other ADC servers and change the Windows connectivity
settings, but otherwise the configuration CA is read-only. Moreover, you can’t create this CA manually.
Therefore, if you attempted to install Exchange Server 2003 and don’t see the configuration CA, your
Exchange 5.5 organization hasn’t been upgraded.

Recipient CA. The recipient CA is the primary emphasis for this section. It controls synchronizing
mailbox objects to the AD. The recipient CA lets Exchange 5.5 objects appear in AD and adds
Exchange 2003 mailboxes to the Exchange 5.5 Global Address List (GAL).
Without the correct recipient CAs in place, you lack a single address book – even in a single-
organization scenario. The number of recipient CAs you need depends on the degree of granularity
your synchronization requires. By default, ADC Tools attempts to create a single recipient CA for each
site that synchronizes all of the recipients, contacts, and DLs for that site.
This default behavior means that
• you must make sure that each site has a network connection and proper credentials before ADC
Tools can complete all its steps. Although ADC Tools will launch regardless, you won’t get past
the authentication screen unless it can communicate with and authenticate to all sites in your
organization.
• synchronization to and from each site will occur on the same schedule using the same settings.
For example, if you want to synchronize DLs and mailboxes on different schedules or into
different containers, you’ll need to manually create separate CAs for the different settings.

n Note If you pay close attention to the ADC during the setup phases, you might notice how
accurately it matches accounts to mailboxes. The “magic” behind its ability to do so lies in the
fields the ADC uses during the search. In Exchange 5.5, the associated NT 4.0 account
(sometimes incorrectly referred to as the SID) is the only field that’s truly matched between
Exchange 5.5 and NT 4.0 directories. When you associate an NT 4.0 account with an Exchange
5.5 mailbox, the SID is copied into the mailbox object as an attribute. Assuming that an NT 4.0
domain is upgraded or the accounts migrated to a clean AD using SIDHistory, the SID value
will probably remain intact. Because the SID is unique and is an attribute for both systems, this
value is then the perfect field for the ADC to use to match objects between AD and the
Exchange DS.

Brought to you by Quest Software and Windows & .NET Magazine eBooks
78 The Expert’s Guide for Exchange 2003

j Tip
An interesting aspect of the recipient CA is that you can select root objects for the source. For
example, on the From Exchange tab from within the CA details, you can select the Exchange
5.5 organization name instead of a specific site to replicate every Exchange 5.5 object to AD
with a single CA. Although this might seem to be an effective way to minimize the complexity
of your ADC configuration, it isn’t ideal for two-way synchronization because any AD changes
made to objects in other Exchange 5.5 sites won’t replicate.

Public folder CA. The public folder CA’s purpose is to create public folder proxies in AD for
Exchange 5.5 public folders. After you’ve added the public folder proxy addresses, replication can
occur between Exchange 5.5 and Exchange Server 2003 servers – including the system folders. To
make replication changes easier during migration, ExDeploy now includes the Microsoft Exchange
Public Folder Migration Tool (pfMigrate.wsf) to help automate the process of adding Exchange Server
2003 to the replication list of the Exchange 5.5 public folders.
In addition to choosing the source and target servers and containers, you’ll need to select a
direction for your agreements. You have three choices for each agreement:
• Two-Way – The preferred and most common method of synchronization is a two-way
agreement.
• Windows to Exchange – If you want to establish a single Exchange 5.5 GAL, you might choose
not to replicate any changes to AD.
• Exchange to Windows – If you’re planning a quick move or want to avoid making changes to
the existing Exchange 5.5 environment, you can choose to synchronize with AD only those
attributes that exist in the DS.

n Note When you use the MMC Active Directory Connector Management snap-in, you might notice
that the first CA you create becomes the primary CA for that Exchange organization. You can
have just one primary CA, and only that CA that can create accounts in the target
environment. Secondary CAs can only append or modify existing objects.

The ADC is a powerful tool. Its mapping rules are flexible, and you can configure the CAs it
contains to be quite specific and granular. It can handle deletions and find matches within the target
systems without creating duplicates. The number of CAs you can run on an ADC server has no
published limit, but administrators in complex environments often choose to deploy multiple ADC
servers. As with any directory replication, a hub-and-spoke configuration is typical to centralize the
updates.

Brought to you by Quest Software and Windows & .NET Magazine eBooks
 Chapter 4 Installing Exchange Server 2003 79

j Tip
Without a direct upgrade path from Exchange 5.5 to Exchange Server 2003, you have to decide
what to do about a complex Exchange 5.5 environment. Such environments often have a hub
site that handles the complex mail routing topology by using a mix of site connectors, X.400
connectors, and specific SMTP settings. One solution is to first upgrade the hub-site servers to
Exchange 2000, which retains their mail settings, then upgrade the servers to Exchange Server
2003.

Coexistence and Migration, Phase 3

Phase 3 of the Coexistence with Exchange 5.5 scenario involves installing Exchange 2003 Server, and
this phase contains five steps. The first is to execute Setupprep to examine and verify that the
directories are synchronized. After you evaluate the results, you can install the first Exchange 2003
server into your organization.
During the Exchange Server 2003 setup, you’re prompted to select whether you’ll create a new
organization or upgrade an existing Exchange 5.5 organization. You’ll see this prompt only once –
and failure to make the right choice results in considerable cleanup work. Therefore, do your home-
work before you make this choice.
To move mailboxes from the Exchange 5.5 servers to the Exchange Server 2003 servers, you
need to add one Exchange 2003 server to the existing Exchange 5.5 site or sites. With the release of
Exchange Server 2003 SP1, you can now move mailboxes from Exchange 5.5 servers to Exchange
Server 2003 machines in other sites (admin groups), but you’ll need to manually modify the Outlook
profiles or run the Profile Migration script to reset the Outlook profiles to the new target server.
Moving mailboxes has been greatly improved with the Exchange Server 2003 MMC Active
Directory Users and Computers snap-in. Select one or more user objects in the snap-in and right-click
to bring up the Exchange Tasks. From this selection, select Move Mailbox, then select the target
Exchange 2003 server and the appropriate storage group.
You’re then asked to choose how to handle errors that occur during the process. You can
choose to have the mailbox move aborted in the event of any error, or you can choose to log a cer-
tain number of errors after which the attempt is considered failed.
The Mailbox Move Wizard can now migrate multiple accounts at once. You can choose to
migrate the accounts after hours or watch the migration live and monitor the progress with the new
onscreen reporting information, which Figure 4.8 shows.

Brought to you by Quest Software and Windows & .NET Magazine eBooks
80 The Expert’s Guide for Exchange 2003

Figure 4.8
Exchange Task Wizard progress report

n Note The Mailbox Move Wizard now moves multiple mailboxes (up to four) at once and displays the
status and progress of each move live.

After you’ve moved the information you need from Exchange 5.5, you can begin to think about
retiring the old servers. Microsoft maintains current information about this procedure in the Knowl-
edge Base Article 822450, “How to Remove the Last Exchange Server 5.5 Computer from an
Exchange Server 2003 Administrative Group,” at http://support.microsoft.com/default.aspx?scid=kb;
EN-US;822450.
In brief, you need to make sure the system folders are replicated, then verify and use the ADC
to replicate the changes. Finally, you stop the Exchange 5.5 services and use the Exchange 5.5
administrative tools from the Exchange Server 2003 console to remove the Exchange 5.5 server from
the site.

ExDeploy Command-Line Options

As I mentioned previously, ExDeploy is the brains behind the deployment tools. Immediately below
you see what the Help screen displays when you use exdeploy.exe /? to find the syntax for the tools:

Brought to you by Quest Software and Windows & .NET Magazine eBooks
 Chapter 4 Installing Exchange Server 2003 81

/s:<Exchange 5.5 server>[:port]

/gc:<Global Catalog server>|? Use <Global Catalog server> as target server
/p:<Log File Path> Redirects progress output to <Log File Path>
/h, /? Display this Help text
/c (Comprehensive) Runs all tools
/skip:<Tool1> [/skip:<Tool2>] ... ] Skips specified tools or tool groups
/t:<Tool1> [/t:<Tool2>] ... ] Runs all specified tools or tool groups
/site Runs PrivFoldCheck on all servers in the same site

Also, ExDeploy tools that help you gain information include the following:
• DSConfigSum runs Exchange 5.5 Directory Configuration Summary.
• DSObjectSum runs Exchange 5.5 Directory Object Summary.
• UserCount runs Exchange 5.5 Directory User Count.
• VerCheck runs Server Version Check.
• ADCUserCheck runs ADC User Replication Check.
• NTDSNoMatch runs NTDSNoMatch.
• OrgNameCheck runs Organization and Site Names Check.
• ADCObjectCheck runs ADC Object Replication Check.
• ADUserScan runs Active Directory User Replication Scan.
• PolCheck runs Policy Check.
• OrgCheck runs Organization Readiness Check.
• PubFoldCheck runs Public Folder DS/IS Check.
• ADCConfigCheck runs ADC Configuration Replication Check.
• ConfigDSInteg runs Exchange Server 2003 Configuration Object Check.
• RecipientDSInteg runs Exchange Server 2003 Recipient Object Check.
• PrivFoldCheck runs Private Folder DS/IS Check.
• OrgReport runs Existing Org Report.
• GCVerCheck runs Global Catalog Server Version Check.

Planning for your Exchange Server 2003 deployment can seem more daunting than the actual
installation. Determining AD design, setting goals for the migration, and determining the
administrative structure of the target system often involves non-technical decisions that require input
from non-technical teams.
However, after the planning stages are complete, you can take off your gloves and get to work.
As you know from this chapter, Exchange Server 2003 deployment tools will help you walk through
the installation process from start to finish.

Brought to you by Quest Software and Windows & .NET Magazine eBooks
82 The Expert’s Guide for Exchange 2003

Next: Multiple Directories

In the next chapter, I’ll cover the need for multiple directories and the methods you can use to keep
them in sync. I’ll discuss the Microsoft Identify Integration Server in depth, as well as migrations from
other directories (e.g., Notes), and, finally, the Interorg ADC agreement.

Brought to you by Quest Software and Windows & .NET Magazine eBooks