Need advise how to setup network and perform migration from Windows 2000+Exchange to SBS 2003 Premium


I'm on my way to perform a migration from Windows 2000 Server with Exchange 2000 to Windows 2003 SBS R2.

Exchange-related discussion is here:

I do not have any experience with multidomain networks, so I need some information which can make my life and migration easier. I do not have experience with Exchange as well, but I was forced to accept this job and I have to learn and perform it. However, I have some experience setting up and maintaining Windows Server and AD. Some details about existing setup:

a. T1 line with 32 public IPs, Riverstone RS3000 router and Netscreen firewall (both of them locked and I do not have a password but maybe I will find the person who set them years ago). If I connect computer directly to the router it can pickup one of available public static IPs but cannot go online without setting up of DNS server address manually (but Skype works without setting up DNS).

b. Windows 2000 Server, domain controller for domain which public domain is not in use but users authenticate using this domain name, with Exchange 2000 which serve mail for domain is public domain with hosted site somewhere in internet and mail server which is running all the time in the office and I cannot stop it during the day (that means the migration should be performed with minimum downtime, but it's fine if the server is down for 12-24 hours during weekend and not accepting new mail).

c. New SBS server box will be domain controller for domain and will serve mail for the same domain ( I will need to transfer everything from existing user accounts to new server - old email, contact, tasks, calendars.

d. There is no DHCP server set on old w2k server, all the workstations use static IP addresses whcih I set manually when I started because most of the workstations initially was with public IPs (the company got 32 public IPs and previous administrator assigned them to workstations). Some of them are Windows XP Home so they cannot join a domain anyway but I will upgrade them. Below is what I got from IP config:

C:\Documents and Settings\Administrator.ALPHA-2>ipconfig /all

Windows 2000 IP Configuration

        Host Name . . . . . . . . . . . . : alpha-1
        Primary DNS Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Broadcast
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . :

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Compaq NC3120 Fast Ethernet NIC
        Physical Address. . . . . . . . . : 00-B0-88-6D-8E-00
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . :
        Subnet Mask . . . . . . . . . . . :
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . :

C:\Documents and Settings\Administrator.ALPHA-2>

So far I know that the mail server (old 2000 Server box with Exchange) is on IP address xxx.266.206.194 and somebody told me that this address is mapped in the router and everything which is compung on this address is forwarded to which is server's LAN address.


Right now I have my new SBS server OS installed on new box. I used additional router to separate new server from existing network and set it up as domain controller using private addresses as it was proposed by setup and domain name is set as beta.lcl to avoid future conflicts with 3 or 4 Macs. I set net router to use public IP address xxx.266.26.200 on WAN site, xxx.266.26.193 as Gateway and appropriate DNS server using information obtained from ISP. From LAN side the router is set to use as its own address and run DHCP server As I said, new server is with and its WAN interface is set to use as GW and itself as DNS. Secondary LAN adapter on the server will be used to connect 24-switch for internal network.

1. I feel that I did something wrong with this initial setup, and probably I do not even need second router and should connect the new server to any unused port on old Riverstone router and just assign to it any unused address from - for example, which is not in use. Am I right? There is not a problem for me to reinstall Windows 2003 SBS from scratch and instead of using I can use My point is that there is no DHCP server running on old box or on the router so I can exclude some of IPs whcih are currently assigned to existing workstations from DHCP range and have DHCP server running on new box. How does it sounds for you?

2. If I do the setup in way I described above, can I have both servers runnings in the same network together (they use different domains, but I am not clear will the new server affect for any reason mail delivery to domain which is still accepted by old server). ANd new server actually uses beta.lcl as domain name...

3. Actually, should I use beta.lcl as domain name or I can use directly as domain name for new server in case I will run Exchange server on it and will host web site on it? I am confused because before some people here at EE told me that if I'm going to host Exchange is better to use real public domain (, not beta.lcl). WHich way is easier, or it doesn't matter because actually DNS records for domain name are on different name server and all what I have to do is set new IP address for new server or even just remove old one and replace it with new one which will use the same IP address once I'm ready?

4.  OK, if everything above (#1...3) is done and I have new server up and running as domain controller for, I can start thinking about Exchange. There will be not a problem to join a domain from workstations, they as I said will be connected to new switch which will be connected to LAN port on SBS server (I will install ISA server later, it comes with SBS Premium anyway, do you recommend this sequency or I should install it immediately). The reason why I was thinking about installing it later is because I'd like to see everything up and runnings (Exchange, shares) and then install ISA insead installing ISA and then troubleshooting problems related to firewall :-).

At this point, I have old server running and accepting mail at xxx.266.206.194. New one use xxx.266.206.200 if I am right with my plan. How can I test the new server and especially new Exchange or there is no way to do it until DNS settings are chenged to point to xxx.266.206.200?

5. Shoud I import old user data before I switch to new server or I can start using new server and process mail and later just merge old user data to appropriate accounts? Which way is recommended?

Sorry for such a long explanation and  (probably) useless details provided above, just trying to give you the whole picture as I see it so you can give me the right way how it's better to do it. Any comments, advise or so how to perform this part of the migration process will be greatly appreciated and used almost immediately (it will be nice if I can finish with everything until the end of the week).

Please let me know if I am wrong in my reasonings, I'll be more than happy to learn better or right way to do it. Maybe I will need to ask you additional questions here or in separate topics to clarify the process. Thanks.

Who is Participating?
The only issue with multiple domains on one subnet is with DHCP.  You won't be able to setup the new server as a DHCP server, as it will conflict with your existing DHCP server.  Setting it up on a new subnet and migrating all workstations to that subnet is probably the way to go.  As for the exchange migration, I would use exmerge.exe to export mailboxes to individual .pst files, then import them into the SBS server after you create the new users.
I'm sure there are people out there that swear by SBS, but as far as I'm concerned it's the bastard stepchild of Microsoft's server line.  I'd much rather deal with a dual server setup, or see the extra money spent for Server 2003 and Exchange 2003.

I just went through the process of trying to get a basic SBS server going, 2003 R2 with WSUS 3.0.  Starting from scratch it was still a disaster.  After several hours of futzing with it I decided to ditch SBS and I had a functional Domain with WSUS 3.0 going in about 30 minutes of work.

Do you have any option to ditch SBS and use standard server?  Migration would be much much easier, you just join the new server to the domain, wait for replication, migrate FSMO services, and then demote the old server.

Is cost of licensing the software(exchange, server 2003) the main reason for choosing SBS?  
MACROLEVELAuthor Commented:
2 benhanson:

Unfortunately, everything is purchased already so I have to use 2003 SBS. I have only about 10 users to migrate so it's not a problem just to re-create their new accounts on new server by hand. I do not need to migrate anything else but user data in Exchange. So the first thing I need to know is it acceptable to have two working domain controllers inside the network which serve different domains or not...
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

MACROLEVELAuthor Commented:
2 benhanson:

Old server does not run DHCP server as I mentioned above, so there is no problem with it. I did some work today with this migration and now I have both server running and new one is using Public IP on WAN interface and it is domain controller for beta.lcl
Next step will be to create all user accounts on new server and then I don't know how I can test Exchange... Maybe I will temporary disconnet old server and will assign the same Public IP to new one to see how it can process mail which is coming and how it can send it. If it work, I can leave it and just play with user data migration while old server is offline. Or I can change MX records to point to new server IP address...
Having your domain controller with a public IP address is a really bad idea.  Is there a reason you don't want these resources behind your firewall?  Normally you would do a static NAT translation to forward the public IP address to the private, only allowing the type of traffic that you want to pass through(e.g. smtp to your exchange server)

Better to transition this now, rather than deal with two migrations, two periods of downtime.
MACROLEVELAuthor Commented:
New server is with two NICs so the static IP is on WAN side. As per Microsoft setup wizard, when you use two netwok cards, no firewall device is required because Windows server act as firewall and you use secondary NIC as interface for internal network. Am I right? I still have time to change configuration and choose different setup (for example, with one network card as it is on old server).
The concern is not so much with exposing internal clients as with exposing the DC itself.  Your domain controller is not a machine you want to risk having directly connected to the internet.  I would just do one network card(or do adapter teaming with both on the inside network), and forward SMTP traffic through the firewall to the internal address.

MACROLEVELAuthor Commented:
I can't install ISA server with just one NIC as you know... SBS 2003 R2 comes with ISA, SQL & Exchange integrated and that's why I set it up in this way... Of course, I can disable secondary NIC and then I will need router with firewall and cannot install ISA server which is as I heard pretty flexible firewall. Any other expert comments Re: my current setup with two NICs and installation of ISA as part of SBS 2003 premium? Is it secure enought compared with external router/firewall and just one NIC? Thanks.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.