Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to migrate windows 2000 DC and Exchange 2000 on 2003 changing hardware

Posted on 2004-10-28
1
Medium Priority
?
179 Views
Last Modified: 2010-04-19
Hello all !

I'm planning how to migrate my server. I want to migrate one Server (PDC w2k + AD + Exchange 2000) on two differents servers.

I want a new Windows 2003 server with AD and a new Exchange 2003 with back-end/front-end technology.

Note : I'm configuring a DMZ. So, my new Exchange server will be configured in back-end and I will install Exchange front-end on my webserver.

I'have read a lot of informations about that and I finally decided to use ADMT v.2.

Have you an idea about the order I must proceed ?

Of course, in first I will install my 2 news servers in windows 2003 server. But after ? What must I migrate from my W2k server in first ? What the order ?

Note : I must change my domain name, so... When i do then change ? Before or after migration ? Are there any links between W2k old server and W2k3 new server during the migration ?

For Exchange 2003 configuration, which network ports must be blocked or not between the DMZ and the LAN considering there is a Front-end and a back-end server ?

Thanks a lot !

Gaël
0
Comment
Question by:s2000_com
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 12449536
First.
Forget about installing Exchange in the DMZ. A member of the domain does not belong in the DMZ and no one has given me any convincing reasons to do so. The number of holes required in a firewall makes it look like swiss cheese, you have to compromise security (changing dynamic ports to static) and if the DMZ machine is compromised the attacker can walk straight in to your network.

Put both servers inside your network, allow port 443 (https) and 25 (smtp) ONLY into the network.

If you are wary of Exchange being directly exposed to SMTP then a plain Windows 200x server makes an excellent relay. Make sure that it is part of a workgroup not your domain. If it gets attacked then the attacker hasn't gained anything.

As you want to change the domain name, the order doesn't really matter. Build the new domain, two way trust with the old domain and then move everything across.

Simon.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question