Upgrading, Integrating, and Troubleshooting Exchange Server 2003 in Mixed Environments

03 0987 ch03 4/14/04 10:24 AM Page 47

Upgrading, Integrating, and Troubleshooting Exchange Server 2003 in Mixed Environments ......

Terms you’ll need to understand:

✓ Domain controller ✓ Network News Transfer Protocol (NNTP) ✓ Global catalog server ✓ DomainPrep ✓ Organization ✓ ForestPrep ✓ Active Directory Connector (ADC) ✓ Active Directory Migration Tool (ADMT) ✓ Post Office Protocol version 3 (POP3) ✓ Simple Mail Transfer Protocol (SMTP) ✓ Internet Message Access Protocol version 4 (IMAP4)

Techniques you’ll need to master: ✓ Upgrading from Exchange Server 5.5 to ✓ Troubleshooting Exchange Server 2003 in Exchange Server 2003 coexistence with other Exchange organiza- ✓ Upgrading from Exchange 2000 Server to tions Exchange Server 2003 ✓ Configuring and troubleshooting Exchange ✓ Migrating from other messaging systems Server 2003 for existence with other mes- to Exchange Server 2003 saging systems ✓ Migrating to Exchange Server 2003 from ✓ Configuring and troubleshooting Exchange other Exchange organizations Server 2003 for interoperability with other ✓ Configuring Exchange Server 2003 to SMTP messaging systems coexist with other Exchange organizations 03 0987 ch03 4/14/04 10:24 AM Page 48

48 Chapter 3 ...... Introduction This chapter deals with the exam topics you need to understand in regard to upgrading to Exchange Server 2003 from prior versions of Exchange, migration from other messaging systems, coexistence with other messaging systems, coexistence with other Exchange organizations, and interoperability with other SMTP messaging systems. Microsoft understands that it is rare for Exchange Server 2003 to be installed into an environment in which there is no prior messaging infrastructure. For this reason, an important part of the exam is knowing how to migrate to Exchange Server 2003 from other messaging systems or prior versions of Exchange. Similarly, Microsoft realizes that in many situations, disparate messaging systems need to coexist with each other. This is the reason for the focus on interoperability on the exam, although Microsoft prefers, of course, that you migrate all messaging clients to Exchange Server 2003 at your ear- liest possible convenience.

If possible, it is beneficial for candidates to have experience upgrading from Exchange Server 5.5 and Exchange 2000 Server. As a student, the best option is to create a test network using virtual machine software, such as Virtual PC or VMWARE. This enables you to upgrade Exchange without negatively impacting a production Exchange network.

The installation of Exchange Server 2003 requires that substantial modifications be made to the Active Directory (AD) schema in the domain that will host Exchange Server 2003. For this reason, we recommend against installing Exchange Server 2003 in a production Active Directory environment, unless it is part of a planned and authorized deployment of the messaging system. Even though Exchange Server 2003 can later be uninstalled, the changes made to Active Directory itself are difficult to roll back. The schema modifications made by ForestPrep cannot be rolled back. In addition, it is important to note that only one Exchange organization can exist per forest. Any test deployment must be made with that understanding in mind. Upgrading from Exchange 2000 Server to Exchange Server 2003 Exchange 2000 Server will always be running on Windows 2000 Server and not on Windows Server 2003. This is because Exchange 2000 Server cannot run on the Windows Server 2003 platform. Exchange 2000 Server will either be in a Windows 2000 environment or on a Windows 2000 member server in a Windows Server 2003 environment. This is because Exchange 2000 Server, like Exchange Server 2003, requires Active Directory to function correctly. 03 0987 ch03 4/14/04 10:24 AM Page 49

Upgrading, Integrating, and Troubleshooting Exchange Server 2003… 49 ......

There are several platform requirements that must be met before Exchange 2000 Server can be upgraded to Exchange Server 2003. These requirements are as follows: ➤ Domain controllers must be running Windows 2000 Service Pack 3 or Windows Server 2003—If the domain in which Exchange 2000 servers are to be upgraded to Exchange Server 2003 has Windows 2000 domain controllers, these domain controllers must be patched to at least Service Pack 3. If the domain in which the Exchange 2000 servers that are to be upgraded to Exchange Server 2003 has Windows Server 2003 domain controllers, no further patching is required. ➤ Global catalog servers must be running Windows 2000 Service Pack 3 or Windows Server 2003—Similar to the preceding requirement, to support Exchange Server 2003, global catalog servers must be running Service Pack 3 or higher. Alternatively, if global catalog servers are running Windows Server 2003, no further patching is required. ➤ It is recommended that you have a global catalog server in each domain in which Windows Server 2003 is installed—This facilitates the generation of distribution lists for other domains within the forest. If global catalog servers are not installed, the generation of these distribution lists can take much longer. ➤ The computers that will be hosting the upgraded Exchange Server 2003 must be running Windows 2000 Service Pack 3 (or higher)—As Exchange 2000 Server cannot run on Windows Server 2003, any upgrade of the host computer to this operating system must occur after Exchange Server has been upgraded. Always upgrade Exchange 2000 to Exchange Server 2003 BEFORE upgrading Windows 2000 Server to Windows Server 2003. ➤ A Windows 2000 cluster running Exchange is patched to Service Pack 4—If Exchange 2000 Server is running on a cluster of Windows 2000, Windows 2000 must be patched to Service Pack 4. This is required to support Kerberos authentication within the Exchange cluster.

After the necessary upgrades have been made to the platform on which Exchange Server 2003 will run, Exchange 2000 Server needs to be upgraded. 03 0987 ch03 4/14/04 10:24 AM Page 50

50 Chapter 3 ...... Preparing Exchange 2000 Server for Upgrade to Exchange Server 2003 Upgrading Exchange 2000 Server to Exchange Server 2003 requires that the Exchange 2000 server undergo some preparation. The following conditions need to be met: ➤ Exchange 2000 Server must have the Exchange 2000 Service Pack 3 applied before being upgraded to Exchange Server 2003—Problems will arise if an attempt is made to upgrade a version of Exchange 2000 Server to Exchange Server 2003 prior to the application of Service Pack 3. ➤ All Exchange 2000 databases are backed up before the upgrade occurs—This way, if something goes wrong, you can always roll the upgrade back. ➤ The components that are unsupported by Exchange Server 2003 are uninstalled before the upgrade takes place—These components are listed in Table 3.1. To remove these components, use Exchange 2000 setup. If you require these components for your organization, do not upgrade the servers on which they are installed. Install Exchange Server 2003 on other servers within the organization and have them coexist with the Exchange 2000 servers. In some cases, the functionality of these components is built into the Exchange Server 2003 core.

Table 3.1 Exchange 2000 Server Components Unsupported by Exchange Server 2003 Component Description Microsoft Mobile Information Server Supports mobile devices such as PocketPC Instant messaging service Supports the instant messaging client Exchange Chat service Supports chat rooms Exchange 2000 Conferencing Server Allows data conferencing as well as audio and video conferencing Key Management Service Interfaces with organizational certificate authority cc: Mail connector Connects Exchange to cc: Mail MS Mail connector Connects Exchange with MS Mail 03 0987 ch03 4/14/04 10:24 AM Page 51

Upgrading, Integrating, and Troubleshooting Exchange Server 2003… 51 ......

If the Exchange 2000 server has been extensively tuned to maximize performance, you might also need to roll back these alterations. Either the performance enhancements are no longer applicable to Exchange Server 2003 or the performance enhancements themselves might cause problems on the new platform. When planning an upgrade of Exchange 2000 Server to Exchange Server 2003, the current state of POP3, IMAP4, and NNTP services are preserved. Any special configuration changes that have been made are carried over to the new installation.

Preparing the Domain for the Upgrade to Exchange Server 2003 Although you ran Exchange 2000 ForestPrep and DomainPrep when setting up Exchange 2000 Server, you must rerun the Exchange Server 2003 versions of these utilities before upgrading to Exchange Server 2003. As was the process with installing Exchange 2000 Server, ForestPrep must be run first. It is important to note that if Schema Manager was used to index Exchange Server 2000 schema attributes, you will be required to verify and reapply all manual changes that were made to the original schema after ForestPrep fin- ishes upgrading. Exchange Server 2003 ForestPrep does not preserve custom changes made to Exchange 2000 Server schema, starting fresh with its own Exchange Server 2003 schema.

Unfortunately, there is one large bug in the upgrade process to Exchange Server 2003 in a Windows 2000 AD environment that has a preexisting Exchange 2000 infrastructure. The InetOrg schema entries are incorrect and you must apply a script to modify these entries before running Exchange 2003 ForestPrep. For more information, consult Microsoft Technet. The relevant article is Q314649.

After Exchange Server 2003 ForestPrep has been run, the Exchange Server 2003 version of DomainPrep must be run as well. DomainPrep does not need to be run in every domain in the forest, but it does need to be run in the following locations: 03 0987 ch03 4/14/04 10:24 AM Page 52

52 Chapter 3 ......

➤ The root domain of the Active Directory forest ➤ Any domain in the forest that will host an Exchange 2003 server ➤ Any domain in the forest that will host Exchange Server 2003 mailbox- enabled objects, regardless of whether Exchange Server 2003 will be installed in that domain ➤ Any domain that contains users and groups that will manage the Exchange Server 2003 organization

After these steps have been taken, Exchange Server 2003 can be installed on the same server as Exchange 2000 Server. The process is essentially the same as that which is detailed in Chapter 1, “Microsoft Certification Exams.” The Exchange Deployment Tools will guide you through the process. As many things, such as the Exchange organization name, will already have been configured during the installation of Exchange 2000 Server, there are fewer questions to answer during the upgrade process.

Upgrading Front-end and Back-end Servers Special steps are required if you are migrating an organization that uses Exchange 2000 Server in a front-end/back-end configuration. Front- end/back-end configuration is often used with systems like Outlook Web Access on a network demilitarized zone (DMZ), or screened subnet. If the current Exchange 2000 organization uses a front-end/back-end architecture, the upgrade must be planned so that the front-end servers are all upgraded before the back-end servers. This process can be seen in Figure 3.1. An Exchange Server 2003 front-end server can support both an Exchange 2000 server or an Exchange Server 2003 system configured as the back-end server. An Exchange 2000 front-end server cannot support an Exchange Server 2003 back-end server. More about Exchange in front-end/back-end configuration can be found in Chapter 6, “Managing, Monitoring, and Troubleshooting the Exchange Organization.” 03 0987 ch03 4/14/04 10:24 AM Page 53

Upgrading, Integrating, and Troubleshooting Exchange Server 2003… 53 ......

STEP ONE

Front End Exchange 2000 Servers

Back End Exchange 2000 Servers

STEP TWO

Front End Exchange Server 2003 Servers

Back End Exchange 2000 Servers

STEP THREE

Front End Exchange Server 2003 Servers

Back End Exchange Server 2003 Servers

Figure 3.1 Upgrade the front-end server to Exchange Server 2003 before upgrading the back-end server to Exchange Server 2003. 03 0987 ch03 4/14/04 10:24 AM Page 54

54 Chapter 3 ...... Migration from and Coexistence with Exchange Server 5.5 There are many Exchange Server 5.5 sites still out there in the real world. For this reason, Microsoft has made migration from and coexistence with Exchange Server 5.5 an important part of the 70-284 exam. Exchange Server 5.5, like Exchange 2000 Server, is not supported on the Windows Server 2003 platform. Exchange Server 5.5 can exist in a Windows Server 2003 environment as a member server running on either Windows NT 4.0 or Windows 2000 Server. Unlike Exchange Server 2003, Exchange Server 5.5 has its own directory service. As Exchange was released before Windows 2000 Server, this directory service is entirely independent of Active Directory. Without special configuration using a tool called the Active Directory Connector, it is impossible to get the two different directory services to communicate with each other. Understanding how to get the two directory services communicating is a fundamental part of getting the two versions of Exchange to coexist. Coexistence is important because it is impossible to do a direct upgrade of an Exchange Server 5.5 installation to Exchange Server 2003. The only way you can do an upgrade-in-place is to go from Exchange Server 5.5 to Exchange 2000 Server and then from Exchange 2000 Server to Exchange Server 2003. Microsoft provides two alternatives for moving Exchange Server 5.5 organizations to Exchange Server 2003. The first option is to use the Exchange Server Migration Wizard, which is the simpler option, but which might not be practical if more than a few Exchange 5.5 servers need to be migrated. The Exchange Server Migration Wizard is covered later in this chapter. The second option is to create an environment in which Exchange Server 5.5 and Exchange Server 2003 can work side by side, gradually moving users from one environment to the other with a minimum of disruption. After a coexistence is established, users can be moved via the Move Mailbox tool. We cover setting up a coexistence next.

Creating a Coexistence Using ExDeploy ExDeploy provides a checklist of tasks that should be performed when creating a coexistence between Exchange Server 5.5 and Exchange Server 2003. ExDeploy can be run from the Exchange Server 2003 splash screen. Rather than choosing to install a new Exchange Server 2003 organization as we did in Chapter 2, “Installing, Configuring, and Troubleshooting Exchange Server 2003 in a New Exchange Environment,” this time select the 03 0987 ch03 4/14/04 10:24 AM Page 55

Upgrading, Integrating, and Troubleshooting Exchange Server 2003… 55 ......

Coexistence with Exchange 5.5 option, as shown in Figure 3.2. This enables you to join a new Exchange Server 2003 computer to an existing Exchange Server 5.5 organization. The coexistence with Exchange 5.5 checklist covers three different phases: Planning, AD Preparation, and Exchange Server 2003 installation.

Figure 3.2 Selecting the Coexistence with Exchange 5.5 option in the Exchange Server Deployment Tools.

The first step in the ExDeploy checklist is to ensure that Service Pack 3 or higher has been installed if a Windows 2000 platform is being used, or that Windows 2003 is being used. The second step in the checklist is to ensure that NNTP, SMTP, and the World Wide Web publishing service are installed and enabled on the server that will be running Exchange Server 2003. These steps are essentially the same as those you would have followed while installing Exchange Server 2003 for the first time in Chapter 2.

DSScopeScan Tool Group Things become different in the third step in the Exchange Server 2003 deployment tools checklist. Here, you run the DSScopeScan tool group. This tool group is used to find out information about the Exchange Server 5.5 organization prior to setting up a connection between it and a new Exchange Server 2003 system. The DSScopeScan tool must be run via an account that has Exchange Server 5.5 administrator permissions as it queries the organization for important information. The DSScopeScan tool group includes four separate tools. These are ➤ DSConfigSum—Reports the number of Exchange Server 5.5 sites and servers per site ➤ DSObjectSum—Reports the number of public folders, distributions lists, and contact objects 03 0987 ch03 4/14/04 10:24 AM Page 56

56 Chapter 3 ......

➤ UserCount—Reports the number of users per Exchange Server 5.5 site and in directory ➤ VerCheck—Checks if a server exists with Exchange Server 5.5 Service Pack 3 (or higher) within the organization

The only way that you can ascertain if the DSScopeScan tools have run successfully is by examining the exdeploy.log log file. There is no simple dialog box that informs you if the DSScopeScan tools have executed without error. By default, the exdeploy.log log file is written to the c:\ExDeploy Logs directory. You can view the log using Notepad. You need to scan the log file manually to resolve any problems that the log indicates exist with your current configuration. The first part of the log lists information about the Exchange Server 5.5 organization or mentions that it was unable to connect to the Exchange 5.5 server you listed. Needless to say, you want the DSScopeScan tool group to be able to communicate with your Exchange Server 5.5 organization if you hope to have it coexist with Exchange Server 2003. The second part of the test looks for a global catalog or domain controller running Windows 2000 Service Pack 3 or higher in the current or adjacent site.

After the DSScopeScan tools have run, you are asked to install and run DCDiag and NetDiag (these tools are covered in more length in Chapter 2). These tools check network connectivity as well as connectivity to domain controllers.

Phase 2 After you have completed these steps, you move on to phase 2 of the Coexistence with Exchange 5.5 section of the Exchange Server Deployment Tools (see Figure 3.3). The first step of phase 2 is to run ForestPrep. The second step of phase 2 is to run DomainPrep. Both of these tools’ functions are described in Chapter 2.

OrgPrepCheck The third step of phase 2 is to run the OrgPrepCheck tool group. This tool group consists of two tools, OrgCheck and PolCheck, that perform the following functions. OrgCheck does the following: ➤ Checks that the schema extensions created by ForestPrep are correct ➤ Checks that the required domain groups have been created 03 0987 ch03 4/14/04 10:24 AM Page 57

Upgrading, Integrating, and Troubleshooting Exchange Server 2003… 57 ......

➤ Checks that the security descriptors are correctly assigned ➤ Checks that the Exchange configuration container has been created ➤ Checks the availability of global catalog servers

Figure 3.3 Phase 2 of the coexistence checklist.

PolCheck examines all domain controllers in the local domain to ensure that they have the Manage Auditing and Security Logs permission set for the Exchange Enterprise Servers group. The OrgPrepCheck tool, like the DSScopeScan tool, writes output to the exdeploy.log log file. Checking this log file is step 4 of phase 2; you will find the relevant information at the end of the file.

Active Directory Connector The Active Directory Connector (ADC) allows communication between Active Directory and the Exchange Server 5.5 directory service (see Figure 3.4). The account running the ADC installation routine requires Domain Administrator privileges only. This is in contrast to the situation that existed with the ADC in Exchange 2000 Server. In Exchange 2000 Server, the ADC had a slightly different set of schema extensions than the general Exchange 2000 schema extensions. The schema extensions for Exchange Server 2003 and the Exchange 2003 ADC are the same. Unlike the Exchange 2000 Server version of ForestPrep, the Exchange Server 2003 version of ForestPrep does not write Exchange Server 5.5 organizational information to Active 03 0987 ch03 4/14/04 10:24 AM Page 58

58 Chapter 3 ......

Directory. A placeholder Exchange container is created and configuration information is written to Active Directory when you install the first Exchange Server 2003 instance in the forest.

Figure 3.4 Active Directory Connector Installation Wizard.

You must upgrade any prior ADCs to the Exchange Server 2003 ADC. You should perform this step before installing Exchange Server 2003 in the organization. The ADC can be installed on any computer in the domain. When you run the ADC installation program, you are asked which components you want to select. The two components are the Microsoft ADC Service Component and the ADC Management components. When performing this operation for the first time, you should install both components. After the ADC has finished installing, it should be run. The ADC Tools are shown in Figure 3.5. Running the ADC Tools consists of taking four steps. These steps are as follows: 1. Tool Settings—The first step is to set an Exchange Server 5.5 server with which the tools can communicate. This server must be running Exchange Server 5.5 with Service Pack 3 or higher. Here, you can enter the details of the Exchange server that has communicated with earlier tools, such as the DSScopeScan or OrgPrepCheck tool groups. You can also set the location of the log file, which should be checked if anything goes wrong. 2. Data Collection—The data collection step consists of four passes. Pass 1 is the resource mailbox scan and checks for unmarked resource mailboxes. Pass 2 is the ADC object replication check. It looks for objects that are not replicated between Exchange Server 5.5 and Active 03 0987 ch03 4/14/04 10:24 AM Page 59

Upgrading, Integrating, and Troubleshooting Exchange Server 2003… 59 ......

Directory. At this point, this pass finds that objects are not replicated because you haven’t set up any connections. Pass 3 is the object replication scan. Because no connection agreement has been configured, no objects have been replicated. Pass 4 is the Active Directory Unmarked Resource Mailbox Scan. This determines if you need to run the Resource Mailbox Wizard in step 3. In some cases, this wizard does not need to be run (for example, if there are no resource mailboxes in your Exchange Server 5.5 organization).

Figure 3.5 Active Directory Connector Tools.

3. Resource Mailbox Wizard—The Resource Mailbox Wizard is used to find accounts in Active Directory that match more than one Exchange Server 5.5 mailbox. The wizard can be used to match an AD account to a specific mailbox and to mark other mailboxes with the NTDSNoMatch attribute. Changes can be made directly or exported to a .csv file that can be modified later in Excel. Pass 4 of step 2 determines whether this wizard needs to be run. If it does not need to be run, nothing untoward will happen if it is. 4. Connection Agreement Wizard—The Connection Agreement Wizard (see Figure 3.6) helps configure connections between the Exchange Server 5.5 directory and Active Directory, which, you’ll remember, functions as the directory for Exchange Server 2003. 03 0987 ch03 4/14/04 10:24 AM Page 60

60 Chapter 3 ......

Figure 3.6 Connection Agreement Wizard.

The Connection Agreement Wizard In-Depth When you run the Connection Agreement Wizard, you are asked to specify a location of the destination container for new objects. By default, you should choose the Microsoft Exchange System Objects container. If your domain is not running in native mode with the ability to support universal groups, you are issued a warning that security cannot be properly managed. Next, you are issued a list of recommended connections, as shown in Figure 3.7. These connections can be one-way or two-way. When planning a coexistence strategy, two-way connections are better because they allow users who connect to both Exchange Server 5.5 and Exchange Server 2003 to retain full functionality.

Figure 3.7 Recommended connections in the Connection Agreement Wizard.

To create the Exchange Server 5.5 site connections to AD, you need to enter administrator credentials for those sites. This is done using the Set Credentials button, and the result is shown in Figure 3.8. 03 0987 ch03 4/14/04 10:24 AM Page 61

Upgrading, Integrating, and Troubleshooting Exchange Server 2003… 61 ......

Figure 3.8 Credentials for each site in the Connection Agreement Wizard.

After the administrator credentials have been entered for the Exchange Server 5.5 sites, a similar process must be undertaken for all of the domains that will interact with those sites, as shown in Figure 3.9.

Figure 3.9 Domain credentials in the Connection Agreement Wizard.

Next is the Connection Agreement Selection. By default, Public Folders and Users will be replicated between Active Directory and the Exchange Server 5.5 directory, as shown in Figure 3.10. The final page of the Connection Agreement Wizard provides a summary of all of the decisions that you have made throughout the process of running the wizard. Click Next to finish. After you finish the wizard process, the connection agreements will be created. This can take some time depending on the configuration of your Exchange Server 5.5 site and the layout of your domain. Eventually, you are greeted with a screen informing you that the connection agreements were created successfully. 03 0987 ch03 4/14/04 10:24 AM Page 62

62 Chapter 3 ......

Figure 3.10 Selecting the connection agreements to be created.

After the Connection Agreement Wizard is run, the final task in the ADC Tools is to verify that all the tools have run correctly. This is performed by clicking the Verify button. It is important to note that replication between the Exchange Server 5.5 directory and AD might take some time. If you run the verification immediately, you are informed that some objects have not had a chance to replicate yet. Wait several minutes, and then attempt to verify again. If after some time the verification fails, you need to again run the Connection Agreement Wizard. After you have completed the verification process, you have finished phase 2 of the Coexistence with Exchange 5.5 checklist.

SetupPrep Tool Group Phase 3 of the Coexistence with Exchange 5.5 checklist of the Exchange Server Deployment Tools begins with running the SetupPrep tool group. The SetupPrep tool group contains three separate tools: ➤ OrgNameCheck—Looks for Exchange Server 5.5 organization and site names that contain specific characters that will cause setup to fail. Organizations and sites must have names of less than 64 characters, the LDAP display name must not contain , = + < > # \ “ and the display name must not contain the characters ~ ! @ # $ % ^ & * ( ) _ + = { } [ ] | \ : ; “ ‘ < > , . ? / If any of these characters exist in Exchange Server 5.5 organization or site names, they must be changed before installing Exchange Server 2003. ➤ OrgCheck—Checks AD information. OrgCheck was run earlier in the third step of phase 2. 03 0987 ch03 4/14/04 10:24 AM Page 63

Upgrading, Integrating, and Troubleshooting Exchange Server 2003… 63 ......

➤ PubFoldCheck—Checks that the directory and the information store are synchronized. If there is an entry for a public folder in the directory database without an entry that corresponds to it in the information store, the PubFoldCheck tool flags it.

All tools output to the exdeploy.log log file. After you have run the SetupPrep tool group, check this log file for any problems. Step 3 is to install Exchange Server 2003 on a new server. This process is detailed in Chapter 2. The only significant difference is that you should select the option Join or Upgrade an Existing Exchange 5.5 Organization (see Figure 3.11). If you select Create a New Exchange Organization, the new organization will not interoperate with Exchange Server 5.5. To join the Exchange Server 5.5 organization, you need to enter the name of an Exchange 5.5 server running Service Pack 3 (or higher) that is located in your Exchange Server 5.5 organization. The same server that you have test- ed in prior tools can, of course, be used here. Setup then tests some prereq- uisite conditions and then you can continue with the installation.

Figure 3.11 Join or Upgrade an Existing Exchange 5.5 Organization.

After the installation has completed, you need to alter your connection agreements to connect to the Exchange Server 2003 system that you have just installed. To do this, you need to run the ADC Manager. From there, you need to select a public folder or a user connection agreement. Right- click and select Properties. Go to the Connections tab, as shown in Figure 3.12. In the Exchange Server Information box, enter the name of the new Exchange Server 2003 system. Alter the port number to 379. The port must be altered to 379 because this is the port that Site Replication Services (SRS) 03 0987 ch03 4/14/04 10:24 AM Page 64

64 Chapter 3 ......

uses. SRS is set to only respond to LDAP traffic on port 379. You are again asked to enter valid authentication credentials. You are then asked to perform a full replication the next time the connection agreement is run. You need to update all of the connection agreements in this manner.

Figure 3.12 Connections tab.

The benefit of all of this is that the connection agreements now run against SRS rather than AD. This helps prevent problems with directory replication and viewing the global address list.

Validating Exchange Server 5.5/Exchange Server 2003 Coexistence The final set of steps is to validate that Exchange Server 5.5 and the Exchange Server 2003 systems are coexisting correctly. The tools used to do this validation are ➤ ADCConfigCheck—Checks that Exchange Server 5.5 directory config objects have been copied to AD. It should be run after replication has occurred. ADCConfigCheck writes output to exdeploy.log. ➤ ConfigDSInteg—Checks objects in AD to ensure that no problems have arisen since the installation of ADC. ConfigDSInteg writes output to exdeploy.log. 03 0987 ch03 4/14/04 10:24 AM Page 65

Upgrading, Integrating, and Troubleshooting Exchange Server 2003… 65 ......

➤ RecipientDSInteg—Checks all recipient objects in AD looking for problems. Recipient objects include User, Group, Contact, or Public Folder. ➤ PrivFoldCheck—Uses Exchange 5.5 Directory Service/Information Store consistency adjuster to ascertain that the information store and the directory are in sync. Inconsistencies occur if a mailbox exists in one without a corresponding entry in the other. If a mailbox entry exists in the information store but not in the directory, PrivFoldCheck creates an entry in the directory.

After these tools have executed, examine the exdeploy.log log file for any problems that might exist. After all of this is done, you will have added an Exchange Server 2003 computer to an Exchange Server 5.5 organization and configured them to coexist.

Move Mailbox Wizard After the two technologies are in coexistence, you will be able to move mailboxes from the Exchange 5.5 server to the Exchange 2003 server. To move mailboxes from an Exchange 5.5 server to an Exchange Server 2003 system, log onto the Exchange Server 2003 system that you have just installed and run the Exchange System Manager. Expand the Administrative Groups node and the Server node until you can view individual Exchange servers in your organization, as shown in Figure 3.13.

Figure 3.13 Preparing to move a mailbox from Exchange Server 5.5 to Exchange Server 2003. 03 0987 ch03 4/14/04 10:24 AM Page 66

66 Chapter 3 ......

Exchange 5.5 servers are represented with white icons and Exchange Server 2003 servers are represented with gray icons. Expand the Exchange 5.5 server’s storage group until you reach the Mailbox folder. Right-click on the mailbox you are interested in and select the Exchange Tasks option. This starts the Exchange Task Wizard. You are presented with the option of either moving a mailbox or configuring Exchange features. Select Move Mailbox and click Next. You are then presented with two drop-down lists (see Figure 3.14) that enable you to select the new Exchange Server 2003 system and mailbox store to which to move the mailbox. Next, you can select whether to create a failure report, or to skip corrupted items and create a failure report, with an option of setting a corrupted items threshold. Finally, you are asked at what time you want this process to occur. The default is immediately, but you can schedule this to occur at a later stage. For example, you would do this if the mailbox was currently in use.

Figure 3.14 Selecting the moved mailbox’s destination.

Using the Exchange Server Migration Wizard to Move from Microsoft Exchange Server 5.5 to Exchange Server 2003 In many ways, the Exchange Server Migration Wizard is far less troublesome that the coexistence process. Rather than running innumerable tests, you simply point the Exchange Server Migration Wizard at an Exchange Server 5.5 or Exchange 2000 Server, enter the appropriate administrator credentials (as shown in Figure 3.15), and accounts and mail are transferred across. The Exchange Server Migration Wizard can be configured so that new user accounts are created in Active Directory for each account that is transferred across from the Exchange Server 5.5 organization. 03 0987 ch03 4/14/04 10:24 AM Page 67

Upgrading, Integrating, and Troubleshooting Exchange Server 2003… 67 ......

Figure 3.15 Preparing to migrate accounts from an Exchange 5.5 server.

This method is, in some ways, simpler than setting up a coexistence between an Exchange Server 5.5 organization and Exchange Server 2003 computer. After the Exchange Server Migration Wizard has run, you will be able to decommission the existing Exchange 5.5 server.

Migration from Other Messaging Systems Exchange Server 2003 ships with the Exchange Server Migration Wizard, which can be used to migrate accounts and messages from other mail systems to Exchange Server 2003. The Exchange Server Migration Wizard can assist in migration from the following mail systems, as shown in Figure 3.16: ➤ MS Mail for PC Networks (will migrate users, mail, and schedule data) ➤ Lotus cc:Mail ➤ Lotus Notes ➤ Novell GroupWise 4.x ➤ Novell GroupWise 5.x ➤ Internet Directory (LDAP via ADSI) ➤ Internet Mail (IMAP4)

When you use the Exchange Server Migration Wizard, you have the option of creating a new account in Active Directory for each user that is migrated across. Messages in account mailboxes are also moved from the original messaging system to Exchange Server 2003. It is important to note that you 03 0987 ch03 4/14/04 10:24 AM Page 68

68 Chapter 3 ......

cannot migrate from within an organization using the Exchange Server Migration Wizard; you can only migrate between separate organizations.

Figure 3.16 The Exchange Server Migration Wizard.

Coexistence with Other Messaging Systems Exchange Server 2003 can communicate with other messaging systems on the same network through the use of connectors. One of the great benefits of these connectors is that they allow users of both messaging systems to view a common address list. After Exchange Server 2003 is set up, several connectors can be installed by rerunning the setup utility. The connectors that can be installed are the Novell GroupWise connector and the Lotus Notes connector. To install the connectors, rerun setup, and use the Change action to install the necessary connector, as shown in Figure 3.17. In some cases, connectors that worked on Exchange Server 5.5 are not supported on Exchange Server 2003. Examples include the MS: Mail and Lotus cc: Mail connectors. If you are planning a coexistence strategy with these older mail systems, you need to keep at least part of your Exchange Server 5.5 organization operational. Connections to these older mail systems from Exchange Server 2003 will need to be mediated through Exchange Server 5.5. 03 0987 ch03 4/14/04 10:24 AM Page 69

Upgrading, Integrating, and Troubleshooting Exchange Server 2003… 69 ......

Figure 3.17 Installing the Novell GroupWise and Lotus Notes connectors.

The use of the Lotus Notes and Novell GroupWise connectors is not supported on Exchange Server 2003 in a clustered configuration. You need to install a separate Exchange Server 2003 server in the same organization to use as a bridgehead when requiring coexistence with a Lotus Notes or Novell GroupWise environment.

Only one connector needs to be installed for a particular messaging system. The server on which the connector is installed is called a bridgehead server.

Coexistence with Lotus Notes Lotus Notes/Domino is a messaging/workgroup competitor to Microsoft’s Outlook/Exchange Server 2003. The latest version of this product is Lotus Notes/Domino 6.5. The Lotus Notes connector that ships with Exchange Server 2003 supports versions 4.x and 5.x of the Notes/Domino software.

A Certified Lotus Professional (CLP) will tell you that Domino is the proper name for the server software and that the name Notes is used to refer to the client software. So, although the Exchange Server 2003 documentation refers to the Lotus Notes connector, it is, in actuality, a connector to a server running Domino.

The Lotus Notes connector that ships with Exchange Server 2003 does not directly support Lotus Notes/Domino 6 and above. 03 0987 ch03 4/14/04 10:24 AM Page 70

70 Chapter 3 ......

On the Exchange Administration exam, Microsoft does not expect you to be a Notes guru. All you need to know are the basics about configuring a connection between Exchange Server 2003 and a compatible Lotus Notes server.

Before the connection to the Lotus Notes/Domino server can be established, ➤ A special Notes user ID that will be used with the connector must be configured on the Notes/Domino server. ➤ The Lotus Notes client software must be installed on the Exchange server where the connector is installed.

To start a connector, you must enable the specific services that the connector relies upon. In the case of the connector for Lotus Notes, the following services must be configured to automatically start: ➤ Microsoft Exchange Connectivity Controller ➤ Microsoft Exchange Connector for Lotus Notes

After it is installed and running, the Lotus Notes connector can be located in the Connectors node (see Figure 3.18).

Figure 3.18 Location of the Connectors node.

To configure the connector, you need to edit its properties. The properties of the Lotus Notes connector are shown in Figure 3.19. The Notes Server text box must be completed with the full name of the Notes server with which the connector will interface. This must be done using the Lotus Notes “Notes server/Notes organization” convention. 03 0987 ch03 4/14/04 10:24 AM Page 71

Upgrading, Integrating, and Troubleshooting Exchange Server 2003… 71 ......

Figure 3.19 Lotus Notes Connector properties.

The notes.ini file is the ini file used by the Notes client that you will have already installed on the Exchange server. If the notes.ini file is located else- where on the server, this location needs to be changed. The notes.ini file is used to store settings about the special user that you have created on the Notes server as well as some of the server settings. The Import Container tab stores user, group, and resources imported from the Notes server. These can be represented in AD as a user or as a contact. The maximum size of an imported Notes address, which includes the Notes domain, is set by default to 128 bytes. Any address larger than this size is truncated. If truncation occurs, a modification can be made by editing the Exchsrvr\Conndata\Dxamex\Amap.tbl file. The Export Container tab holds those Exchange addresses that you want exported to Notes address books. The Notes address books will be populat- ed with the Exchange addresses when synchronization occurs. Contacts, users, and groups can be exported to the Notes server. After the connector is installed and functional, synchronization between Notes and Exchange, or vice versa, can be initiated by opening the Notes connector properties and selecting the Dirsync Options tab. From this tab, you can set the directory update schedule and configure updates to occur immediately either from Notes to Exchange or from Exchange to Notes. You would force an update if a major change had been made on either side and the next update was not scheduled to occur for a significant length of time. 03 0987 ch03 4/14/04 10:24 AM Page 72

72 Chapter 3 ......

Sharing Lotus Notes Calendars with the Calendar Connector The Calendar connector can be used to connect the calendaring system of Exchange Server 2003 with the calendaring system of Lotus Notes. This enables users of one mail system to schedule meetings via a shared calendar with the users of the other mail system. To create a new calendar connection, ensure that the calendar connection option is installed via Exchange Server 2003 setup (see Figure 3.17). If you are installing the Calendar connector on an Exchange server different from the one on which you installed the Lotus Notes connector, you need to install and configure the Lotus Notes client on the new Exchange Server 2003 computer. This creates the notes.ini file, which the Calendar connector requires to function. Locate the Calendar connector in the Exchange System Manager, as shown in Figure 3.18. Edit the properties of the Calendar connector and navigate to the Calendar Connector tab, where you can click New Calendar Type. Select either Lotus Notes and Novell Groupwise, as shown in Figure 3.20.

Figure 3.20 Select the Calendar to which you want to connect Exchange.

You are required to identify the Windows NT/2000 server hosting Lotus Notes. In general, you use the same Notes server as you did when configuring the Lotus Notes connector. You also need to know the path to the notes.ini file (by default, this is c:\windows\notes.ini) and need to enter the password of the Notes user that is configured to use the Notes client.

Coexistence with Novell GroupWise Novell GroupWise is another popular messaging server that can be configured to interact with Exchange Server 2003. As with Lotus Notes, a server running Exchange Server 2003 must be selected as a bridgehead server to mediate communication between the two different messaging systems. Before setting up the connection, you need to have the details of a NetWare username and password. This account must have administrator’s rights on 03 0987 ch03 4/14/04 10:24 AM Page 73

Upgrading, Integrating, and Troubleshooting Exchange Server 2003… 73 ......

the particular NetWare server that hosts the GroupWise messaging system. The account must have read/write permissions to the API gateway directories. The account also must be configured as a member of GroupWise’s NTGateway group.

Just as Microsoft does not expect you to be a Lotus Notes guru, they also do not expect you to demonstrate an intimate knowledge of Novell GroupWise during the Exchange Administration exam. All that you need to know are the basics about configuring a connection between Exchange Server 2003 and a compatible Novell GroupWise server.

You also need to install the Novell GroupWise connector on the Exchange Server 2003 computer that will be used as a bridgehead server between both messaging systems. How to install the connector was discussed earlier and shown in Figure 3.17. After the connector is installed, you need to start the services that the connector relies upon. These services can be found in the services MMC. They are ➤ Microsoft Exchange Connectivity Controller ➤ Microsoft Exchange Router for Novell GroupWise

After the connector is installed, you can locate it in the Exchange System Manager, as shown earlier in Figure 3.18. To configure the connection, right-click and select Properties. You are shown the General tab of the Connector for Novell GroupWise properties, as shown in Figure 3.21. After you reach this stage, you need to input the API Gateway Path, which is the UNC path (\\netwareservername\apipath) to the GroupWise API gateway located on the GroupWise server. You also need to enter the username and password for the account that you configured earlier with special permissions on the NetWare server. On the Import Container tab of the GroupWise connector properties, you can choose to create a Windows contact, create a disabled Windows account, or create a new Windows account for those NetWare users who do not have accounts in the domain. You can also set up filters to determine if you will import all of the GroupWise directory entries, or limit the importation to entries in a particular format. The Export Container tab allows you to export all of the users in a particular organizational unit (OU) to the GroupWise server as well as groups and contacts located in that OU. After this information is exported, it will be available to GroupWise users in their address book. 03 0987 ch03 4/14/04 10:24 AM Page 74

74 Chapter 3 ......

Figure 3.21 General Properties tab of the Novell GroupWise connector.

The Dirsync Schedule tab on the Novell GroupWise connector properties is exactly the same as the Dirsync Schedule tab on the Lotus Notes connector. From here, you can configure a schedule of how often Exchange and GroupWise update each other. You can also force an immediate full reload or update of each directory, be it from Exchange to GroupWise or vice versa.

Sharing GroupWise Calendars with the Calendar Connector Setting up a GroupWise calendar to be shared with an Exchange Server 2003 calendar is very similar to the process used to configure the Notes calendar connection. To create a new calendar connection, ensure that the calendar connection option is installed via Exchange Server 2003 setup (see earlier Figure 3.17). Locate the Calendar connector in the Exchange System Manager, as shown in Figure 3.18. Edit the properties of the Calendar connector and navigate to the Calendar Connector tab where you can click New Calendar Type. You need to enter the GroupWise API Gateway location, as shown in Figure 3.22. This needs to be in the format of GroupWise Domain and API Gateway sep- arated by a period (that is, Domain.Gateway). 03 0987 ch03 4/14/04 10:24 AM Page 75

Upgrading, Integrating, and Troubleshooting Exchange Server 2003… 75 ......

Figure 3.22 Setting up GroupWise Calendar Connection.

Removing a Connector If you want to move the Notes or GroupWise connector from one Exchange Server 2003 computer to another Exchange Server 2003 computer, you must first stop the connector services listed previously. Remove the connector. Use the Active Directory Users and Computers console to delete any contacts that the connector has imported into the directory. After all of that is done, you can reinstall the Notes or GroupWise connector on the new Exchange Server 2003 bridgehead. 03 0987 ch03 4/14/04 10:24 AM Page 76

76 Chapter 3 ...... Exam Prep Questions

Question 1

Which of the following services are not supported and, hence, need to be removed from an Exchange 2000 server before performing an upgrade to Exchange Server 2003? (Choose all that apply.) ❑ A. Instant messaging service ❑ B. Exchange Chat service ❑ C. Exchange 2000 Conferencing Server ❑ D. Microsoft Mobile Information Server ❑ E. Outlook Web Access

Answers A, B, C, and D are correct. Answer A is correct; Exchange Server 2003 does not support the instant messaging service. Answer B is correct; Exchange Server 2003 does not support Exchange Chat service. Answer C is correct; Exchange Server 2003 does not support Exchange 2000 Conferencing Server. Answer D is correct; Exchange Server 2003 does not support Microsoft Mobile Information Server components of Exchange 2000 Server. These components need to be removed before upgrading a computer to Exchange Server 2003. Answer E is incorrect, Outlook Web Access is supported by Exchange Server 2003 and does not need to be removed as it will be safely upgraded.

Question 2

Which of the following should be done to a server running Exchange 2000 Server before it is upgraded to Exchange Server 2003? (Choose all that apply.) ❑ A. Upgrade the operating system to Windows Server 2003. ❑ B. Upgrade Exchange 2000 Server to Service Pack 3. ❑ C. Upgrade Windows 2000 Server to Service Pack 3. ❑ D. Remove Internet Information Services 5. ❑ E. Run the IIS Lockdown Tool. ❑ F. Install Software Update Services.

Answers B and C are correct. Answer B is correct; before Exchange 2000 Server is upgraded, it should be patched to Service Pack 3 or higher. Answer 03 0987 ch03 4/14/04 10:24 AM Page 77

Upgrading, Integrating, and Troubleshooting Exchange Server 2003… 77 ......

C is correct; Windows 2000 Server should be patched to Service Pack 3 or higher before the installation of Exchange Server 2003. Answer A is incorrect; if the operating system is to be upgraded, this should occur after Exchange Server 2003 is to be installed. Answer D is incorrect; IIS should not be removed because this will hamper the installation of Exchange. Answer E, the IIS lockdown tool, and answer F, Software Update Services, are not required to install Exchange Server 2003; therefore, these answers are incorrect.

Question 3

You want to upgrade an English version of Exchange 2000 Server running on Windows 2000 Server to the Korean version of Exchange Server 2003. The server currently has the following components installed: ➤ Novell GroupWise connector ➤ Outlook Web Access ➤ cc: Mail connector ➤ MS Mail connector ➤ POP3 service Which of these components should be removed before performing the upgrade to the Korean version of Exchange Server 2003 from the English version of Exchange 2000 Server? (Choose all that apply.) ❑ A. Novell GroupWise Connector (not supported on Korean version) ❑ B. Outlook Web Access ❑ C. Lotus cc: Mail connector ❑ D. MS Mail connector ❑ E. POP3 service ❑ F. This upgrade is not possible.

Answers A, C, and D are correct. Answer A, the Novell GroupWise connector, is not supported on Korean versions of Exchange Server 2003. Answer C, the Lotus cc: Mail, and answer D, the MS Mail connector, are not supported either. If interoperability with these mail organizations is required, an Exchange 2000 server acting as a bridgehead server should be kept. Answer B and answer E are incorrect; Outlook Web Access and the POP3 service do not need to be removed before installation. Answer F is incorrect; the English version of Exchange 2000 Server can be upgraded to the Korean version. 03 0987 ch03 4/14/04 10:24 AM Page 78

78 Chapter 3 ......

Question 4

Which of the following pieces of information will be contained in the exdeploy.log log file when the DSScopeScan tools are run during the process of setting up a coexistence between Exchange Server 5.5 and Exchange Server 2003? (Choose all that apply.) ❑ A. The number of Exchange Server 5.5 sites ❑ B. The number of servers in each Exchange Server 5.5 site ❑ C. The names of servers in each Exchange Server 5.5 site ❑ D. The service pack level of each Exchange 5.5 server in the organization ❑ E. Whether or not Exchange 5.5 servers have connectivity to DNS servers

Answers A and B are correct. The DSScopeScan tool reports on the compo- sition of Exchange Server 5.5 sites, listing answer A, the number of sites, and answer B, the number of servers per site. It does not list answer C, the names of servers in each site, answer D, what service pack they are patched to, or answer E, whether or not they have connectivity to DNS servers.

Question 5

You are the mail administrator for a company that currently uses Lotus Notes R5. Your company has decided to migrate to Microsoft Exchange Server 2003. For a period of 6 months, both mail systems will need to interact. You have cho- sen a particular Exchange Server 2003 system to act as a bridgehead between the new Exchange Server 2003 system and the existing Lotus Notes R5 environment. Which of the following steps do you need to take before you configure the Lotus Notes connector on Exchange Server 2003? (Choose all that apply.) ❑ A. Ensure that the Notes connector has been installed by Exchange setup. ❑ B. Ensure that the Exchange Connectivity Controller and Exchange connector for Lotus Notes services are started. ❑ C. Create a special Lotus Notes account in Active Directory. ❑ D. Create a special Lotus Notes user ID on the Lotus Notes server. ❑ E. Install Outlook on the Lotus Notes server. ❑ F. Install the Notes client on the Exchange server. 03 0987 ch03 4/14/04 10:24 AM Page 79

Upgrading, Integrating, and Troubleshooting Exchange Server 2003… 79 ......

Answers A, B, D, and F are correct. Answer A is correct; you must ensure that the Notes connector has been installed by Exchange setup. Answer B is correct; you must ensure that the services that the connector relies upon are running. Answer D is correct; a special Notes ID needs to be created on the Lotus Notes server. Answer F is correct; the Notes client needs to be installed on the Exchange server. Answer C is incorrect. A Lotus Notes account does not need to be created within Active Directory. Answer E is incorrect. There is no reason to install outlook on the Lotus Notes server.

Question 6

You are configuring the NetWare user account that the Exchange Server 2003 connector will use to access GroupWise. Which of the following administrative rights must this account have on the NetWare server hosting GroupWise? (Choose all that apply.) ❑ A. The account must have Exchange Full Administrator permissions. ❑ B. The account must be a member of the Enterprise Admins group. ❑ C. The account must be a member of GroupWise’s NTGateway group. ❑ D. The account must be a member of GroupWise’s Exchange Connector group. ❑ E. The account must have read/write permissions to the API gateway directories on the Novell server. ❑ F. The account must have administrative rights on the NetWare server running GroupWise.

Answers C, E, and F are correct. Answer C is correct; the NetWare user account needs to be a member of the GroupWise NTGateway group. Answer E is correct; the account must have read/write permissions to the API gateway directories on the Novell server. Answer F is correct; the account must have administrative rights on the NetWare server running GroupWise. Answer A is incorrect; it is a NetWare account and needs no Exchange permissions. Answer B is incorrect for the same reason. Answer D is incorrect as there is no GroupWise Exchange Connector group. 03 0987 ch03 4/14/04 10:24 AM Page 80

80 Chapter 3 ......

Question 7

You are the mail administrator for an Exchange Server 2003 organization that coexists with a Novell GroupWise organization. The directory update schedule is configured to run every morning at 2:00 a.m. This morning at 10:00 a.m., you have added 30 new mail-enabled users to Exchange Server 2003. You receive a call from your manager asking why these users are not immediately visible to GroupWise clients. You inform your manager that the directories update each other at 2:00 a.m. Your manager asks if you can do something so that these new users are visible earlier than that. Which of the following steps minimizes traffic but meets your manager’s goals? ❍ A. Force an immediate full reload of the Exchange to GroupWise directory synchronization on the Dirsync Schedule tab of the GroupWise connector properties. ❍ B. Force an immediate update of the Exchange to GroupWise directory synchronization on the Dirsync Schedule tab of the GroupWise connector properties. ❍ C. Force an immediate full reload of the GroupWise to Exchange directory synchronization on the Dirsync Schedule tab of the GroupWise connector properties. ❍ D. Force an immediate update of the GroupWise to Exchange directory synchronization on the Dirsync Schedule tab of the GroupWise connector properties.

Answer B is correct. Forcing an immediate update from Exchange to GroupWise updates the GroupWise data with the new Exchange users. Using an immediate update rather than a full reload minimizes network traffic and is quicker. Answer A is incorrect because it does not minimize network traffic. Answers C and D are incorrect because they update from GroupWise to Exchange rather than the other way around.