How to migrate windows 2000 DC and Exchange 2000 on 2003 changing hardware

Posted on 2004-10-28
Last Modified: 2010-04-19
Hello all !

I'm planning how to migrate my server. I want to migrate one Server (PDC w2k + AD + Exchange 2000) on two differents servers.

I want a new Windows 2003 server with AD and a new Exchange 2003 with back-end/front-end technology.

Note : I'm configuring a DMZ. So, my new Exchange server will be configured in back-end and I will install Exchange front-end on my webserver.

I'have read a lot of informations about that and I finally decided to use ADMT v.2.

Have you an idea about the order I must proceed ?

Of course, in first I will install my 2 news servers in windows 2003 server. But after ? What must I migrate from my W2k server in first ? What the order ?

Note : I must change my domain name, so... When i do then change ? Before or after migration ? Are there any links between W2k old server and W2k3 new server during the migration ?

For Exchange 2003 configuration, which network ports must be blocked or not between the DMZ and the LAN considering there is a Front-end and a back-end server ?

Thanks a lot !

Question by:s2000_com
    1 Comment
    LVL 104

    Accepted Solution

    Forget about installing Exchange in the DMZ. A member of the domain does not belong in the DMZ and no one has given me any convincing reasons to do so. The number of holes required in a firewall makes it look like swiss cheese, you have to compromise security (changing dynamic ports to static) and if the DMZ machine is compromised the attacker can walk straight in to your network.

    Put both servers inside your network, allow port 443 (https) and 25 (smtp) ONLY into the network.

    If you are wary of Exchange being directly exposed to SMTP then a plain Windows 200x server makes an excellent relay. Make sure that it is part of a workgroup not your domain. If it gets attacked then the attacker hasn't gained anything.

    As you want to change the domain name, the order doesn't really matter. Build the new domain, two way trust with the old domain and then move everything across.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    When bringing a new server on line, you may see an error that says: The Security System detected an authenticaton error for the server ldap/xxxxxxxt. The failure code from the authentication protocal Kerberos was "There are currently no logon se…
    by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    846 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now