Solved

Exchange 2000 with only 2000 DCs to new Forest with Ex 2007 & Server 2008

Posted on 2010-09-17
6
290 Views
Last Modified: 2012-05-10
I have my plan for this but just looking for reassurance.  We have a fully functioning Windows 2000 Forest with an Empty Root Domain at the top of the tree.  We also have a single Exchange 2000 server serving the whole organisation (500 users, multiple sites all UK).  The Exchange server is in the secondary domain in the tree.  Both the Empty Root and the main Domain have different domain names. (ie not same name space)

Since this was setup our organisation has been sold and we introduced our new name as an additional SMTP address, but left the domain/organisation reflecting the old name.

We are now upgrading all servers to 2008 (Initial release as a mixture of 32bit and 64bit hardware) and want to replace our Exchange Server with Exchange 2007 (we've bought a licence for 2010 but as we only have Office XP for at least another year we are only upgrading to 2007).

However we also want to remove all reference to the old company name and remove the Empty Root Domain at the same time.

Planning to do this as a migration to a completely new Forest using our new Company Name as the domain and not bother with an empty root as it is no longer standard practice.

I replaced my DC's last year with new hardware so I know they can run 64bit Server 2008.  Plan is as follows though :

1. Demote a current DC to a member server, remove from AD and then wipe it.
2. Build this as Server 2008 64bit and create the new domain/forest using new company domain name. (Hardware is capable)
3. Build the Exchange 2007 server again on 2008 64bit on completely new Hardware and join to new domain.
4. Run ADPrep on the old domain just so it is 2008 aware even though I am just going to get up trusts.
5. Set-up 2way trust between the old and new domain obviously testing this works
6. Install ADMT v3.1 on the new Forest DC and migrate a test account
7. Move the Test Account mailbox from the old Exchange 2000 server to the new Exchange 2007 server and test mail still flows.
8. If all works fine then work around my sites migrating users to new Domain/Forest and replacing their local fileserver with new 2008 model.
9. Once all sites and users/computers etc migrated then decommission the old Exchange Server.
10. Remove temporary Trust and decommission the old Domain controllers for the Empty Root and the Main Domain and rebuild them as new 2008 Servers to move back into the new 2008 Domain.

Concerns:

1. I have no 2003 DCs, do I need at least one somewhere in the old domain for the Exchange 2007 Move Mailbox to work correctly?  I don't want to mess around with PST/Exmerge files for 500 users.
2. I am planning on using our new domain "companyxyz.co.uk" as the organisation for Exchange 2007 but of course we accept mail to this domain already as an additional SMTP address on the old company Organisation running Exchange 2000.  Is this an issue?  I was hoping because of the 2 way trust this would be OK?
3. DNS and DHCP runs on the main DC in the Old Tree Sub Domain, but I plan on leaving this running there and when I finally decommission that server (over a weekend) just rebuild both services to run from this machine again in the new domain,as machine will have the same Netbios name and IP address.
3. Is this the best way to do this?  I thought about them all, breaking existing trust? Introduce 2008 to the current Forest and rename domain when finished?  But this does seem to be the cleanest way to get to my end result of losing the Empty Root Domain, and changing our Company Name in the Domain?

Thanks for reading.

0
Comment
Question by:st1967
  • 5
6 Comments
 
LVL 11

Accepted Solution

by:
djxtreme earned 500 total points
Comment Utility
1) Not sure, you would have to test
2) Would get interesting - unless you are migrating all users at once you are going to have to allow both Exchange systems to accept mail for this domain. Easiest way of doing this would be to allow Exchange 2007 to be the primary target for that domain, and configure it as Non-Authorative, with a send connector for that domain to the old Exchange system. This would then route to the world.
3) seems fine
4) tbh, unless you want to invest heavily in the Quest tools (or similar), yes it is the best method.
0
 

Author Comment

by:st1967
Comment Utility
Thanks, hoping to be ready to test by the middle of this week, currently building the new Exchange Server and then about to decommision one of the existing DCs.

Thanks for the tips about Exchange Primary Target I will have a read up on that tomorrow.
0
 

Author Comment

by:st1967
Comment Utility
Just as another follow up I am about to start this migration process but have decided to do some work on my existing Forest first just to cover all issues.   I had a server running as my SMTP gateway which then fed into the Exchange server (used to run antivirus before we moved it to the internet side) so I have stopped this and Exchange is now the SMTP gateway too.

I am now going to rebuild this server as a 2003 R2 DC in the existing domain really as a belt and braces solution to make sure the "Mailbox Move" works correctly for Exchange 2007 across Forests.

This part of the MSDN article makes me think I am doing the right thing

"If you have a forest with a previous version of Exchange that contains only Windows 2000 Server  domain controllers (not Windows Server 2003 domain controllers), you cannot use the Move-Mailbox cmdlet to move mailboxes to an Exchange 2007 server in another forest. The Move-Mailbox cmdlet can communicate only with domain controllers running Windows Server 2003 with Service Pack 1 or later. To move mailboxes, you must have at least one domain controller in both the source and the destination forests running Windows Server 2003 with Service Pack 1 or later."

So I will do this first and I have also found an excellent article about Exchange 2007 SMTP Namespace Sharing and different Relay Domain Types which should also help with my 2nd concern from the initial question.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Closing Comment

by:st1967
Comment Utility
Got it all working thanks, as quoted non-authorative accepted domain and setup an internal relay to my Exchange 2000.

Shared namespace caused some issues as I could feed mail through to Exchange but when sending back you would get undeliverable as the exchange 2000 server held the authoritative settings for the shared domain.

However in the Virtual SMTP server settings there is the option to route all unrelsoved names to another host, so I enter the new Exchange 2007 server in as this smart host and mail flows happily between both servers, and they can both send to the internet via our firewall.

Now to migrate 26 sites and 500 users :-)
0
 

Author Comment

by:st1967
Comment Utility
GALsync caused me to rethink the shared namespace connectors but got it working after some head scratching, added additional temp SMTP addresses to either side for GALsync to work.

Move-Mailbox is also quite a minefield, cross-forest moves always bring the mailbox in as linked rather than user, which could have an NDR issue if replying to old mail, but working on that one at the moment.

Thanks goodness we only do this every 8 years .... LOL
0
 

Author Comment

by:st1967
Comment Utility
All working finally, process finally down so we can now migrate the whole network with the following:

1. Migrate User and Groups with ADMT to preserve SID and access to local profile (saves work at the back end) If you want to preseve local profile you need to migrate user before the computer.
2. Migrate the computer with ADMT.  Can be a bit fiddly to get working, there is a hotfix for XP machines so they can deal with RODCs in 2008 and even if you don't have RODCs you have to run the hotfix or else the computer migration continually fails (typical MS shenanigans), also run this as an admin in the source domain.
3. Move-Mailbox cmdlet then migrate the mailbox.  I run this simply so it moves the mailbox and deletes the mail attributes from the Source Domain.   Doing this also removes the GALsync contact already created in the new domain.  All you have to do is create a new GALsync contact to the user in the source domain.
4. User logs onto new domain and all settings, printers, documents etc are preserved, the only thing they have to do is connect to the new Exchange server to get to their e-mail.  Although in my case I have also renamed the local printers as local fileserver also upgraded to 2008 so they have to re-add the printers, but they would not have had to do this if I had left the names the same.

So this is a Cross Forest migration from a windows 2000 AD multiple forest with an empty root domain to a new windows 2008 forest with a single domain, moving the mailbox from Exchange 2000 to Exchange 2007 !!  It was a slog but got there in the end.
0

Featured Post

Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

Join & Write a Comment

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now