LDAP, Exchange & Legacy Issues
I've posted previously about this but now Its causing an issue.
We have and old server called TUBE1 running on Windows NT. This server ran Active Directory for the company and had Exchange 5.5 installed.
A about two years ago a new server was put into place called TLSVR02, this machine was given a new Active Directory Forest called APO. Then an Active Directory Connector was installed and all users accounts were migrated.
After that Exchange 2003 was installed on TLSVR02 in APO but due to ADC the new Exchange Server was published into the TUBE1\First Administrative Groups.
So the ADC was never turned off and a few years later I am not working with the system.
When ever a user account is created in APO and given a mailbox it is in turned created on TUBE1 and their mailbox is placed under the TUBE1\First Admin Group all of their internal routing
CCMAIL
MS
SMTP
X400
X500
Information is generated and put into the old TUBE1 domains recipient containers.
I found this all today when I had to create a new user for an employee we just hired. All of his info while being created on the APO domain was pushed to TUBE1.
At first we had an issue sending the new employee mail, when looking on the TLSVR02 (APO) there were alot of EVENT ID 8026's
LDAP Bind was unsuccessful on directory tlsvr02.apo.tl.com for distinguished name 'TUBE1\exchange_apo'. Directory returned error:[0x51] Server Down. (Connection Agreement 'Config CA_TUBELITE_TLSVR02' #2920)
I think this is all tied back to the two domains being intertwined and exchange in the APO domain being installed into the TUBE1 admin group and then having the ADC continuously sync between the domains.
1. We want to get rid of these errors and our email issue with the new employee
2. We want to decomission the old TUBE1 domain and get rid of this connector
3. We don't want any issue with exchange after we get rid of TUBE1.
We have and old server called TUBE1 running on Windows NT. This server ran Active Directory for the company and had Exchange 5.5 installed.
A about two years ago a new server was put into place called TLSVR02, this machine was given a new Active Directory Forest called APO. Then an Active Directory Connector was installed and all users accounts were migrated.
After that Exchange 2003 was installed on TLSVR02 in APO but due to ADC the new Exchange Server was published into the TUBE1\First Administrative Groups.
So the ADC was never turned off and a few years later I am not working with the system.
When ever a user account is created in APO and given a mailbox it is in turned created on TUBE1 and their mailbox is placed under the TUBE1\First Admin Group all of their internal routing
CCMAIL
MS
SMTP
X400
X500
Information is generated and put into the old TUBE1 domains recipient containers.
I found this all today when I had to create a new user for an employee we just hired. All of his info while being created on the APO domain was pushed to TUBE1.
At first we had an issue sending the new employee mail, when looking on the TLSVR02 (APO) there were alot of EVENT ID 8026's
LDAP Bind was unsuccessful on directory tlsvr02.apo.tl.com for distinguished name 'TUBE1\exchange_apo'. Directory returned error:[0x51] Server Down. (Connection Agreement 'Config CA_TUBELITE_TLSVR02' #2920)
I think this is all tied back to the two domains being intertwined and exchange in the APO domain being installed into the TUBE1 admin group and then having the ADC continuously sync between the domains.
1. We want to get rid of these errors and our email issue with the new employee
2. We want to decomission the old TUBE1 domain and get rid of this connector
3. We don't want any issue with exchange after we get rid of TUBE1.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
If we remove the ADC and the 5.5 box how will that affect our 2003 server when it lives in the old domains Administrative Group.
Is the Windows 2003 server part of the domain that will remain when the ADC is removed? Does the Administrative Group show up in the Exchange 2003 Management tool?
ASKER
Yes the W3k Server with E3k will remain, its all in the APO domain.
the Administrative group that shows up in E3k management tool (which is the admin group the E3k Server is assigned to) is the TUBE723 domain's administrative group.
there is no exchange administrative group for the APO domain.
the Administrative group that shows up in E3k management tool (which is the admin group the E3k Server is assigned to) is the TUBE723 domain's administrative group.
there is no exchange administrative group for the APO domain.
The object (admin group) was synchronized to the the AD/Exchange 2003 environment, so the fact that it is in that Admin group will not be an issue if you remove the ADC and the 5.5 box. You want to make sure before you remove the box that you have all the "agreements" removed.
Check out this article: it may be closer to what you are attempting to do.
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;555158 How to disconnect Exchange 5.5 site and Exchange 2003/2000 site that resides in two forests
BTW - it has been a LONG time since I have worked with an ADC so I am trying to drudge up from memory a few things...hard to believe there are still Exchange 5.5 servers out there ;-)
Check out this article: it may be closer to what you are attempting to do.
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;555158 How to disconnect Exchange 5.5 site and Exchange 2003/2000 site that resides in two forests
BTW - it has been a LONG time since I have worked with an ADC so I am trying to drudge up from memory a few things...hard to believe there are still Exchange 5.5 servers out there ;-)
ASKER
great article, looks exactly like what we want to do.
Good Luck!
ASKER
Your message did not reach some or all of the intended recipients.
Subject: FW: Tre
Sent: 7/6/2010 9:54 AM
The following recipient(s) could not be reached:
Montrel A. on 7/6/2010 9:54 AM
The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
<tlsvr02.apo.com #5.1.1>