Solved

Need advise how to setup network and perform migration from Windows 2000+Exchange to SBS 2003 Premium

Posted on 2007-11-27
8
428 Views
Last Modified: 2009-04-13
Hi,

I'm on my way to perform a migration from Windows 2000 Server with Exchange 2000 to Windows 2003 SBS R2.

Exchange-related discussion is here: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_22976910.html


I do not have any experience with multidomain networks, so I need some information which can make my life and migration easier. I do not have experience with Exchange as well, but I was forced to accept this job and I have to learn and perform it. However, I have some experience setting up and maintaining Windows Server and AD. Some details about existing setup:


a. T1 line with 32 public IPs, Riverstone RS3000 router and Netscreen firewall (both of them locked and I do not have a password but maybe I will find the person who set them years ago). If I connect computer directly to the router it can pickup one of available public static IPs but cannot go online without setting up of DNS server address manually (but Skype works without setting up DNS).

b. Windows 2000 Server, domain controller for domain alpha.com which public domain is not in use but users authenticate using this domain name, with Exchange 2000 which serve mail for domain beta.com. Beta.com is public domain with hosted site somewhere in internet and mail server which is running all the time in the office and I cannot stop it during the day (that means the migration should be performed with minimum downtime, but it's fine if the server is down for 12-24 hours during weekend and not accepting new mail).

c. New SBS server box will be domain controller for domain beta.com and will serve mail for the same domain (xxxx@beta.com). I will need to transfer everything from existing user accounts to new server - old email, contact, tasks, calendars.

d. There is no DHCP server set on old w2k server, all the workstations use static IP addresses whcih I set manually when I started because most of the workstations initially was with public IPs (the company got 32 public IPs and previous administrator assigned them to workstations). Some of them are Windows XP Home so they cannot join a domain anyway but I will upgrade them. Below is what I got from IP config:

C:\Documents and Settings\Administrator.ALPHA-2>ipconfig /all

Windows 2000 IP Configuration

        Host Name . . . . . . . . . . . . : alpha-1
        Primary DNS Suffix  . . . . . . . : alpha.com
        Node Type . . . . . . . . . . . . : Broadcast
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : alpha.com

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Compaq NC3120 Fast Ethernet NIC
        Physical Address. . . . . . . . . : 00-B0-88-6D-8E-00
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.1.2
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . : 192.168.1.2
                                            209.144.50.125

C:\Documents and Settings\Administrator.ALPHA-2>

So far I know that the mail server (old 2000 Server box with Exchange) is on IP address xxx.266.206.194 and somebody told me that this address is mapped in the router and everything which is compung on this address is forwarded to 192.168.1.2 which is server's LAN address.

-----

Right now I have my new SBS server OS installed on new box. I used additional router to separate new server from existing network and set it up as domain controller using private addresses 192.168.16.xxx as it was proposed by setup and domain name is set as beta.lcl to avoid future conflicts with 3 or 4 Macs. I set net router to use public IP address xxx.266.26.200 on WAN site, xxx.266.26.193 as Gateway and appropriate DNS server using information obtained from ISP. From LAN side the router is set to use 192.168.1.1 as its own address and run DHCP server 102.168.1.10....100. As I said, new server is with 192.168.16.2 and its WAN interface is set to use 192.168.1.1 as GW and itself as DNS. Secondary LAN adapter on the server will be used to connect 24-switch for internal network.

1. I feel that I did something wrong with this initial setup, and probably I do not even need second router and should connect the new server to any unused port on old Riverstone router and just assign to it any unused address from 192.168.1.xxx - for example, 192.168.1.5 which is not in use. Am I right? There is not a problem for me to reinstall Windows 2003 SBS from scratch and instead of using 192.168.16.xxx I can use 192.168.1.xxx. My point is that there is no DHCP server running on old box or on the router so I can exclude some of IPs whcih are currently assigned to existing workstations from DHCP range and have DHCP server running on new box. How does it sounds for you?

2. If I do the setup in way I described above, can I have both servers runnings in the same network together (they use different domains, but I am not clear will the new server affect for any reason mail delivery to domain beta.com which is still accepted by old server). ANd new server actually uses beta.lcl as domain name...

3. Actually, should I use beta.lcl as domain name or I can use directly beta.com as domain name for new server in case I will run Exchange server on it and will host web site on it? I am confused because before some people here at EE told me that if I'm going to host Exchange is better to use real public domain (beta.com, not beta.lcl). WHich way is easier, or it doesn't matter because actually DNS records for domain name are on different name server and all what I have to do is set new IP address for new server or even just remove old one and replace it with new one which will use the same IP address once I'm ready?

4.  OK, if everything above (#1...3) is done and I have new server up and running as domain controller for beta.com, I can start thinking about Exchange. There will be not a problem to join a domain from workstations, they as I said will be connected to new switch which will be connected to LAN port on SBS server (I will install ISA server later, it comes with SBS Premium anyway, do you recommend this sequency or I should install it immediately). The reason why I was thinking about installing it later is because I'd like to see everything up and runnings (Exchange, shares) and then install ISA insead installing ISA and then troubleshooting problems related to firewall :-).

At this point, I have old server running and accepting mail at xxx.266.206.194. New one use xxx.266.206.200 if I am right with my plan. How can I test the new server and especially new Exchange or there is no way to do it until DNS settings are chenged to point to xxx.266.206.200?

5. Shoud I import old user data before I switch to new server or I can start using new server and process mail and later just merge old user data to appropriate accounts? Which way is recommended?
 

Sorry for such a long explanation and  (probably) useless details provided above, just trying to give you the whole picture as I see it so you can give me the right way how it's better to do it. Any comments, advise or so how to perform this part of the migration process will be greatly appreciated and used almost immediately (it will be nice if I can finish with everything until the end of the week).

Please let me know if I am wrong in my reasonings, I'll be more than happy to learn better or right way to do it. Maybe I will need to ask you additional questions here or in separate topics to clarify the process. Thanks.


0
Comment
Question by:MACROLEVEL
  • 4
  • 4
8 Comments
 
LVL 12

Expert Comment

by:benhanson
ID: 20363677
I'm sure there are people out there that swear by SBS, but as far as I'm concerned it's the bastard stepchild of Microsoft's server line.  I'd much rather deal with a dual server setup, or see the extra money spent for Server 2003 and Exchange 2003.

I just went through the process of trying to get a basic SBS server going, 2003 R2 with WSUS 3.0.  Starting from scratch it was still a disaster.  After several hours of futzing with it I decided to ditch SBS and I had a functional Domain with WSUS 3.0 going in about 30 minutes of work.

Do you have any option to ditch SBS and use standard server?  Migration would be much much easier, you just join the new server to the domain, wait for replication, migrate FSMO services, and then demote the old server.

Is cost of licensing the software(exchange, server 2003) the main reason for choosing SBS?  
0
 

Author Comment

by:MACROLEVEL
ID: 20365480
2 benhanson:

Unfortunately, everything is purchased already so I have to use 2003 SBS. I have only about 10 users to migrate so it's not a problem just to re-create their new accounts on new server by hand. I do not need to migrate anything else but user data in Exchange. So the first thing I need to know is it acceptable to have two working domain controllers inside the network which serve different domains or not...
0
 
LVL 12

Accepted Solution

by:
benhanson earned 500 total points
ID: 20371428
The only issue with multiple domains on one subnet is with DHCP.  You won't be able to setup the new server as a DHCP server, as it will conflict with your existing DHCP server.  Setting it up on a new subnet and migrating all workstations to that subnet is probably the way to go.  As for the exchange migration, I would use exmerge.exe to export mailboxes to individual .pst files, then import them into the SBS server after you create the new users.
0
 

Author Comment

by:MACROLEVEL
ID: 20371544
2 benhanson:

Old server does not run DHCP server as I mentioned above, so there is no problem with it. I did some work today with this migration and now I have both server running and new one is using Public IP on WAN interface and it is domain controller for beta.lcl
Next step will be to create all user accounts on new server and then I don't know how I can test Exchange... Maybe I will temporary disconnet old server and will assign the same Public IP to new one to see how it can process mail which is coming and how it can send it. If it work, I can leave it and just play with user data migration while old server is offline. Or I can change MX records to point to new server IP address...
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 12

Expert Comment

by:benhanson
ID: 20371753
Having your domain controller with a public IP address is a really bad idea.  Is there a reason you don't want these resources behind your firewall?  Normally you would do a static NAT translation to forward the public IP address to the private, only allowing the type of traffic that you want to pass through(e.g. smtp to your exchange server)

Better to transition this now, rather than deal with two migrations, two periods of downtime.
0
 

Author Comment

by:MACROLEVEL
ID: 20373413
New server is with two NICs so the static IP is on WAN side. As per Microsoft setup wizard, when you use two netwok cards, no firewall device is required because Windows server act as firewall and you use secondary NIC as interface for internal network. Am I right? I still have time to change configuration and choose different setup (for example, with one network card as it is on old server).
0
 
LVL 12

Expert Comment

by:benhanson
ID: 20379223
The concern is not so much with exposing internal clients as with exposing the DC itself.  Your domain controller is not a machine you want to risk having directly connected to the internet.  I would just do one network card(or do adapter teaming with both on the inside network), and forward SMTP traffic through the firewall to the internal address.


0
 

Author Comment

by:MACROLEVEL
ID: 20379739
I can't install ISA server with just one NIC as you know... SBS 2003 R2 comes with ISA, SQL & Exchange integrated and that's why I set it up in this way... Of course, I can disable secondary NIC and then I will need router with firewall and cannot install ISA server which is as I heard pretty flexible firewall. Any other expert comments Re: my current setup with two NICs and installation of ISA as part of SBS 2003 premium? Is it secure enought compared with external router/firewall and just one NIC? Thanks.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now