cfgchiran
asked on
Adding a 2003 AD server to a Win 2k domain with Exchange
I have a network (with multiple subnets) that is Windows 2k AD with five 2k BDCs. My Win2k Domain also has an Exchange 2k server running with AD.
I have a need to add a 2003 AD server for the purpose of authentication for a Internet Control/Content Filter. This device only works with Win 2003 AD.
So my question is, since I don't want to have to upgrade my Exchange 2k licenses, is it possible to add a Windows 2003 AD server on to my domain without making any changes to the Exchange server? Would I also need to upgrade all my BDC servers to 2003?
I realize that I would have run domain and forest prep prior to adding the 2003 server, but I want to know whether that would cause an issue with the 2k Exchange server running AD.
Basically can an Exchange server running 2k with AD co-exist in a 2003 domain?
My domain is in a mixed environment.
Thank you.
I have a need to add a 2003 AD server for the purpose of authentication for a Internet Control/Content Filter. This device only works with Win 2003 AD.
So my question is, since I don't want to have to upgrade my Exchange 2k licenses, is it possible to add a Windows 2003 AD server on to my domain without making any changes to the Exchange server? Would I also need to upgrade all my BDC servers to 2003?
I realize that I would have run domain and forest prep prior to adding the 2003 server, but I want to know whether that would cause an issue with the 2k Exchange server running AD.
Basically can an Exchange server running 2k with AD co-exist in a 2003 domain?
My domain is in a mixed environment.
Thank you.
Jay_Jay70
yes thats fine, just run your adprep tools and away you go, remember, you have to run those tools from the second CD in the R2 set if introducing R2 server
ASKER
Thanks for the response. Do I need to uprgade all of the 2k AD servers to 2003, or can I just introduce a new server or upgrade just the primary domain controller?
So effectively I would have just one 2003 Primary Domain Controller, and a bunch of backup DCs running 2k and the Exchange Server (with Active Directory) running 2k as well.
What is the difference between running the prep tools from the 2nd CD vs the 1st CD? Or is it just that the tools are on the 2nd CD in 2003?
Thanks.
So effectively I would have just one 2003 Primary Domain Controller, and a bunch of backup DCs running 2k and the Exchange Server (with Active Directory) running 2k as well.
What is the difference between running the prep tools from the 2nd CD vs the 1st CD? Or is it just that the tools are on the 2nd CD in 2003?
Thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the info. I am going to leave the question open for a couple more days to see if anybody has a different opinion.
And yes, I am aware that there is no longer PDCs and BDCs. What I meant by the PDC was the FSMO role holder, which is all one and the same for us.
And yes, I am aware that there is no longer PDCs and BDCs. What I meant by the PDC was the FSMO role holder, which is all one and the same for us.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
A little more info on the Exchange attributes that are renamed if you don't have run the inetorgpersonprevent.ldf script taken from the article I mentioned above....
The Exchange 2000 schema defines three inetOrgPerson attributes with non-Request for Comment (RFC)-compliant LDAPDisplayNames: houseIdentifier, secretary, and labeledURI.
The Windows 2000 inetOrgPerson Kit and the Windows Server 2003 adprep command define RFC-complaint versions of the same three attributes with identical LDAPDisplayNames as the non-RFC-compliant versions.
When the Windows Server 2003 adprep /forestprep command is run without corrective scripts in a forest that contains Windows 2000 and Exchange 2000 schema changes, the LDAPDisplayNames for the houseIdentifier, labeledURI, and secretary attributes become mangled. An attribute becomes “mangled” if "Dup" or other unique characters are added to the beginning of the conflicted attribute name so that objects and attributes in the directory have unique names.
The Exchange 2000 schema defines three inetOrgPerson attributes with non-Request for Comment (RFC)-compliant LDAPDisplayNames: houseIdentifier, secretary, and labeledURI.
The Windows 2000 inetOrgPerson Kit and the Windows Server 2003 adprep command define RFC-complaint versions of the same three attributes with identical LDAPDisplayNames as the non-RFC-compliant versions.
When the Windows Server 2003 adprep /forestprep command is run without corrective scripts in a forest that contains Windows 2000 and Exchange 2000 schema changes, the LDAPDisplayNames for the houseIdentifier, labeledURI, and secretary attributes become mangled. An attribute becomes “mangled” if "Dup" or other unique characters are added to the beginning of the conflicted attribute name so that objects and attributes in the directory have unique names.
I've already been through the same migration (adding a 2003 DC to a 2000 forest with Exchange 2000) and had no problems as long as you follow the article above and run the script first.
ASKER
resourcepc - Thank you very much for your comments and suggestion. In other readings I did come across the same ideas you presented regarding Exchange and I am thankful that you pointed it out too.
Since I know adding a new server is almost always better than upgrading one, I will be adding a new 2003 DC, after doing both the Exchange prep first and then the domain and forest prep on my master DC, and then demoting that 2000 master DC.
You mentioned that I should run from the 2nd CD if upgrading the server. Since I am not upgrading, which CD should I run from? Or does it even matter? I just ordered the R2 media and licenses and should be getting it any day now.
Since I know adding a new server is almost always better than upgrading one, I will be adding a new 2003 DC, after doing both the Exchange prep first and then the domain and forest prep on my master DC, and then demoting that 2000 master DC.
You mentioned that I should run from the 2nd CD if upgrading the server. Since I am not upgrading, which CD should I run from? Or does it even matter? I just ordered the R2 media and licenses and should be getting it any day now.
you will still need to prep the domain from the second cd in the R2 set, it doesnt matter if youare upgrading an actualy server, you are still upgrading the domain
If you are adding or upgrading a Windows 2003 R2 server then you need to run adprep from the 2nd CD. Only if it's R2. Obviously you'll just have 1 cd if you're just adding Server 2003 SP1. You'll soon find out if you ran adprep from the proper CD because Windows won't let you run dcpromo until you've ran adprep /forestprep and adprep /domain prep correctly.
You'll still need to run the inetorgpersonprevent.ldf script first though.
You'll still need to run the inetorgpersonprevent.ldf script first though.
ASKER
Thank you both very much for your responses. If I receive the media and licenses in time I hope to do the upgrade over Thanksgiving weekend. I will post any questions I have during that time, if need be, but otherwise will write at completion of project.
Thank you both once again.
Thank you both once again.
cheers mate and good luck
Good luck, I'm sure you'll do just fine.
ASKER
Thanks guys - everything went off pretty well overall.