Windows/Exchange 2000 to Windows 2008/Exchange 2007 Upgrade

Posted on 2008-10-12
Medium Priority
Last Modified: 2013-12-05

I am planning my AD and Exchange upgrade and would like some help fine-tuning/critiquing the steps to reduce the probability of screwing up.
I have read many questions on this site as well as others and although some scenarios are similar they are obviously not exactly the same.

Current setup is as follows:
* Windows 2000 AD (DC1, DC2 & XMAIL)
* Exchange 2000 BE (XMAIL)
* Exchange 2003 FE (OWA - in DMZ)

By the end of the process I would like the following:
* DC1 will have been upgraded to 2008 Server
* XMAIL will have been transitioned to 2007 on a new 2008 server
* DC2 will be replaced by a new 2008 server down the track.
* FE to be moved to a new 2008 server as legacy apps also run on this.

We are in the same site as 3 other offices each with separate domains. All DNS is AD integrated except one primary zone held by our Head Office. We also

have bulk email software which uses OWA to send out through.

Things I'm unsure about:
* The damn 2007 server roles. Not exactly sure what configuration to go with. Ideally I would like a similar scenario (FE/CAS in dmz and BE/Mailbox inside if

* How to allow bulk emails to send out through CAS server.

I am worried about coming into trouble with rights due to FSMO roles, replication (between 2000 and 2008 AD), and the public folder move.

Any help is greatly appreciated.

Steps planned thus far:

1.      Ensure Exchange server skips the discovery process by hard-coding DSAccess (to look at itself).
2.      Ensure AD replication is running correctly (Replmon).
3.      Make sure AD backups ran successfully.
4.      Prep domain for 2008 (2008 dvd; \Sources folder). Should be run on DC1, hopefully we dont have trouble due to not owning the schema master role.
a.      Adprep /forestprep
b.      Adprep / domainprep
c.      Adprep /gpprep
5.      Install Windows Server 2008 on new server (MAIL) and join to domain as member server
6.      Promote MAIL to domain controller
7.      Make MAIL a GC
8.      Install DNS on MAIL (have HEAD OFFICE add new DC to zone transfer list for the primary zone they host)
9.      Make sure AD and DNS replicate correctly
10.      Test DNS through MAIL
11.      Change DCHP scope settings on DC2 (as well as NICs on all servers) to point to MAIL for DNS
12.      Transfer FSMO roles to MAIL.
a.      Transfer RID, PDC and Infrastructure roles via AD Users and Computers
b.      Wait 24 hours for replication
13.      Demote DC1 via DCPROMO
14.      Install Windows Server 2008 on DC1 and join to domain as additional DC
15.      Install DNS and DHCP on DC1, set up DHCP scope and Authorize DC1 as a DHCP server
16.      De-activate DHCP on DC2 and unplug from the network
17.      Activate DHCP scope on DC1
18.      If DHCP is working correctly; demote DC2 via DCPROMO

1.      Install Windows Server 2008 on new 64bit server (CAS)
2.      Run the Exchange Best Practices Analyzer to verify the environment is ready
3.      Prepare legacy Exchange permissions
a.      Run setup.com /PrepareLegacyExchangePermissions
4.      Prepare the Schema
a.      Run setup.com /PrepareSchema
5.      Prepare Active Directory
a.      Run setup.com /PrepareAD
6.      Prepare the Domain
a.      Run setup.com /PrepareDomain
7.      Install the following software/updates:
a.      Microsoft .NET Framework V2.0
b.      MMC 3.0
c.      Windows PowerShell V1.0
8.      Make sure the following are enabled:
a.      WWW Service
b.      ASP.NET V2.0
9.      Run setup.exe and being installation
a.      Enable error reporting
b.      Configure Mail Flow Settings to point to XMAIL
c.      Select the custom installation and choose Client Access and Hub Transport
d.      Review logs once setup has completed
10.      Run the Exchange Best Practices Analyzer to verify the environment is ready
11.      Enter license key
12.      Configure Client Access on Exchange 2007
13.      Configure firewall for correct port forwarding/opening
14.      Test OWA access, if successful redirect OWA traffic to CAS
15.      Configure SMTP relay for bulk emails by setting up a receiver connector (http://technet.microsoft.com/en-us/library/bb232021(EXCHG.80).aspx)
16.      Test bulk emails, if successful remove Exchange from OWA
17.      Log on to MAIL and run the Exchange Best Practices Analyzer to verify the environment is ready
18.      Install the following software/updates:
a.      Microsoft .NET Framework V2.0
b.      MMC 3.0
c.      Windows PowerShell V1.0
19.      Make sure the following are enabled:
a.      WWW Service
b.      ASP.NET V2.0
20.      Install Exchange on MAIL
a.      Enable error reporting
b.      Configure Mail Flow Settings to point to XMAIL
c.      Select typical installation
d.      Review logs once setup has completed
21.      Enter license key
22.      Configure accept smtp domains:
a.      Organization Configuration  Hub Transport  New Accepted Domain
23.      Replicate Public Folders:
a.      On XMAIL go to the Replication tab of the Public Folder properties and add MAIL to the replica list.
24.      Move public folders:
a.      On XMAIL go to FirstAdministrativeGroup->Folders->Public Folders->Our Public Folders, right-click->Properties->add MAIL to replication tab

I'm not sure at this point whether this will work or if I need to use the migration script; ttp://technet.microsoft.com/en-us/library/bb331970(EXCHG.80).aspx

25.      Move the OAB
a.      In Exchange 2007 go to Organization Configuration->Mailbox->Offline Address Book, Right-click->Default Offline Address List->Move
26.     Move Mailboxes to Exchange 2007 server
a.      In Exchange 2007 go to Recipient Configuration->Mailbox, highlight the mailboxes and click on Move Mailbox...
b.      Follow the steps and once it has completed check the mail flow
27.      Redirect all mail traffic to MAIL
28.      Decommission XMAIL
a.      Assign Recipient Update Service to MAIL->Recipient Update Service (domain)->Properties->Browse->Exchange 2007 Server
a.      Remove from XMAIL via add/remove programs

Question by:padiap
  • 5
  • 4
LVL 58

Expert Comment

ID: 22700581

> The damn 2007 server roles. Not exactly sure what configuration to go with. Ideally I would like a similar scenario (FE/CAS in dmz and BE/Mailbox inside if possible).

How many mailboxes do you have which will be running on this mail system? If it is say 50 - 100, and the Exchange 2007 Server exceeds the minimum requirements in CPU power and RAM, I would probably be inclined to put the CAS, Hub Transport and Mailbox Roles on one server. Alternatively, if you do want two servers, you're probably going to want the CAS and Hub Transport on one server, and leave Mailbox Store to the other server.

I would recommend against putting any Exchange Server in the DMZ. It really is a horrible configuration which puts you open for more attack than if it is on the internal LAN. It is probably better - now you are planning a new infrastructure - to put the CAS and Hub Transport server on the LAN and just open ports 443 (for OWA) and 25 (for SMTP) to the server.

Other than that, it looks like your procedure is pretty good. Do remember you will need one DC at at least Server 2003 SP1 / 2008 before Exchange 2007 will install, though. http://technet.microsoft.com/en-us/library/aa996719.aspx


Author Comment

ID: 22726811
Cheers for the info Tigermatt. Your right, I probably should put it on the one server.
Yeah, we're sweet when it comes to the requirements.

Do you think Exchange Upgrade step 24 will replicate and keep the data on the 2007 box once the 2000 server has been removed? Or would I be better off attempting to use the infamous script?

Also, do you think Exchange Upgrade Step 15 will allow me to send out through the server?

LVL 58

Expert Comment

ID: 22728564

You are going to need to replicate EVERY public folder to the new Exchange Server, including the system folders. Personally I would attempt to do it using the script you have linked to, but one thing I can tell you for sure is that whatever you do, Public Folder replication off of Exchange 2000 is VERY slow - it can sometimes take weeks, so be prepared for a long wait.

Setting up a receive connector in step 15 is not going to enable you to receive email. A Receive connector Receives email into the Exchange Organization. You would need to configure a Send Connector in the Management Console and configure it as appropriate, so email is sent via a smart host or using DNS. http://technet.microsoft.com/en-us/library/aa998662(EXCHG.80).aspx   http://www.petri.co.il/configuring-exchange-2007-send-external-email.htm

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.


Author Comment

ID: 23032628
I'll make sure I set plenty of time aside for the replication then!
That's true, not sure why I linked that now. Thanks for the correct links.

I've gone through with the AD upgrade (took some time due to waiting on another office to run the forestprep as well as some some dns changes). Everything seems great aside from a couple hiccups (a dns issue that has since been fixed, and the fact that my new 2008 dhcp server is leasing addresses but not listing them).
I'm almost ready for the Exchange install but I've run into an issue with step 3; Preparing legacy Exchange permissions. I am receiving the following error:
* Setup cannot contact the primary DNS server (server ip) using TCP port 53.
* Exchange 2007 cannot be used with the version of Windows operating system running on this computer. - As you know I'm running Server 2008.
* Cannot find at least one domain controller running Widnows Server 2003 Service Pack 1 or later in domain (my domain).

Any ideas on the Exchange install errors?
LVL 58

Expert Comment

ID: 23036870

Ah - the notorious Exchange 2007 and Server 2008 issue. Basically Exchange 2007 was released long before Server 2008 was, so they had to release a Service Pack for Exchange so it would co-operate with Server 2008. If you are not installing the Exchange 2007 with SP1 slipstreamed (you can get the files from Microsoft) then it won't detect your 2008 Server and setup won't run.

So, you'll need to:


Author Comment

ID: 23074044
That link was a godsend! Thanks Matt!!
Now I've just got to wait for our head office to fix up their end before continuing (more delays).

I'm thinking again of going down the path of having 2 exchange boxes.
Can I run HT on the Mailbox server as well as the CAS/HT server? I'm wanting mail sent out by staff to be sent from the Mailbox/HT server (and therefore its external ip address), and mail sent by our mass mailing software would be sent via the send connector on the CAS/HT server (using its external ip address).
Reason being if we're blacklisted (which has happened before) I'm hoping for only the ip of the CAS/HT box to be affected.

Do you think this would be at all possible?


LVL 58

Accepted Solution

tigermatt earned 2000 total points
ID: 23079640

Yes, you can have any role on one or more servers - just install it through the Exchange interface. Exchange 2007 is designed to be modular, so if you want two HT servers, just put the role on two, and if you want 3 mailbox servers, you just install the role on them. There is no issue with having two Hub Transport servers on a network.

The approach you mention is plausible - and one I highly recommend. Keeping your mass-mailing software away from your main IP used for sending and receiving regular email is always a good approach, since you can protect yourself as much as you like, but can guarantee with mass-mails that somehow you will be blacklisted (and of course, if it is unsolicited, you will instantly get blacklisted, but I hope it isn't spam!). This way, regular mail still works and it is just mass-mailing which will be down.

Don't forget: if your new Exchange 2007 server is powerful enough, you could always virtualise the second HT / CAS role in a virtual machine on that same hardware, rather than purchase more hardware when its power really won't be used to the full extent that it could be. If all it is doing is CAS and a bit of HT for mass-mailing, that's not much load or RAM required, so there's no reason why it couldn't be virtualised.


Author Comment

ID: 23359000
Still waiting on our Head Office to finish their transition so I'm closing this question. Will open another if I run in to any troubles.
You were a massive help as always Tigermatt. Thanks again!
LVL 58

Expert Comment

ID: 23365407

Thanks! Good luck.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question