Solved

Moving Exchange 2007 to new hardware

Posted on 2010-11-22
13
436 Views
Last Modified: 2012-05-10
Hi guys,
I'm pretty new to administrating. I have a server which serves as our domain controller and  mail-server (exchange 2007 version 08.01.0240.006). The OS is windows 2003 standard. The server usage is pretty high with all that stuff. That is why i need to move exchange 2007 to a brand new hardware which is running under windows 2008 R2 standard.

I'm really concerned about networking issues (MX-, PTR- records, etc.). The current server has two network connections: 1st for the internal (LAN) connection, 2nd -- for the external. Also, note that internet-connection is routed via another server which has ISA 2006 installed. Internet-server is the main gateway in our LAN for all user computers, and the mail-server has its own main gateway which is identical to internet-server's main gateway.

Could you please guide me through this task?
Many thanks and please let me know if you have any questions!
0
Comment
Question by:Janibek
  • 6
  • 5
  • 2
13 Comments
 
LVL 25

Expert Comment

by:Tony1044
ID: 34188486
Well the first thing to bear in mind is that you cannot do any kind of in place upgrade.

I'm not sure offhand why your current Exchange server has two NIC's in that configuration.

The simple steps though would be as follows:

Install Windows 2008 R2 onto the new server.

Patch etc.

Add it to the existing domain.

Prepare the Active Directory legacy permissions by running the following from the Exchange 2007 CD:

Setup.com /PrepareLegacyExchangePermissions

Extend the existing Active Directory schema by running the following from the Exchange CD:

Setup.com /PrepareSchema

and

Setup.com /PrepareAD

Install Exchange 2007.

It's pretty smart and will realise there is an existing infrastructure. To that end, it will create the necessary interoperability connectors to and from Exchange 2003.

Once that's done, follow http://msexchangeteam.com/archive/2006/11/17/431555.aspx to allow it to send/receive mail from the internet.

Next you can migrate mailboxes and public folders (plenty of docs online on this).

Change your firewall to point SMTP (TCP port 25) to the new Exchange server.

In a nutshell, that's about it.

Why not bite the bullet though, and go 2010? Almost identical steps.

Some caveats - you AD needs to be at 2003 SP1 level or above. It's not advisable to have Exchange installed on a DC if you can possibly avoid it, and I'd recommend running a few tests to make sure your DNS etc is fully operational.

If you download and run the Exchange Best Practices Analyser, there is a readiness check section.

0
 
LVL 19

Expert Comment

by:R--R
ID: 34189322
0
 
LVL 19

Expert Comment

by:R--R
ID: 34189340
0
 

Author Comment

by:Janibek
ID: 34193948
Thank's a lot guys, for the help! I've read the links and your responces.
After considering everything, i'm guessing it would be easier to just move the domain controller (note that currently, on the server there is DC and exchange 2007) instead of moving exchange 2007.
R--R's link says, "Rename the new server to the same name as the original server that you are replacing, and then join this computer to the domain.". So, that's probably not  feasible, because, due to the DC role, the old server will still have to be running under the same name.

So what do you think, guys. Would it be easier to move the DC role to 2008 R2 Standard from 2003 Standard, and reconfigure exchange 2007 to understand that AD has been moved to another server? Another advantage of having DC on 2008 R2 is that it gives you more functionality in administrating user PCs as opposed to 2003.

Thanks in advance, guys!
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 34194869
In some ways it'd be easier to just throw in a new DC but something of a waste of hardware if the server is even vaguely new.

Really, that link from R-R is only useful if you want to move Exchange and keep the same name - I'd suggest you don't want/need to do that but rather introduce a new server on new hardware and migrate everything across to it.

The old server could then be reused as a DC.

Also you may wish to investigate Hyper-V. If you buy an Enterprise license and have the new server as only a Hyper-V host (by which, MS mean no other services such as DNS, DHCP etc) that same Enterprise license then allows you to run 4 x Enterprise or Standard virtual servers on that one host.

You could have a virtual DC, Virtual Exchange, and a physical DC and still have capacity for two more virtual machines as and when required.
0
 

Author Comment

by:Janibek
ID: 34195251
Thanks, Tony1044.

Alright, then I need to set the role of the NEW server as the PDC. I probably need to reset 2003 server as a BDC. Also, another old server which is the internet-server must be demoted from BDC to just an internet-server.

Could you guide me through the steps that must be taken in order to properly reconfigure Exchange 2007? Let me remind that currently I have 3 servers:
1) Current PDC and Exchange 207 server with OS Windows Server 2003 Standard, has it's own separate external IP
2) ISA 2006 with OS Windows Server 2003 Standard, has it's own separate external IP
3) Brand new server with no roles assigned, running OS Windows Server 2008 R2 Standard (currently as a 180-day trial, but it will be licensed shortly), connected locally and has no external IP.

If you guys need any additional info, please let me know and i will provided it. Many thanks!
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 25

Accepted Solution

by:
Tony1044 earned 500 total points
ID: 34195403
Ok - first off there are no PDC and BDC roles within Active Directory in the truest sense of the word, just role masters.

Daniel Petri describes the roles nicely here: http://www.petri.co.il/understanding_fsmo_roles_in_ad.htm

If your new physical server has the RAM & storage capacity, I'd still tend to consider wiping it and installing Hyper-V. I'm a big advocate of one server, one role to simplify troubleshooting and day to day management.

However, that choice of course is entirely yours and I'll assume we're sticking with a single new physical box.

The first thing is I would ensure that your existing domain controller is up to the latest patch and service pack levels. Your domain functional level should be fine since you already have Exchange 2007.

Also the same goes for your new Exchange server - make sure it has all the relevant MS patches and updates.

By the way - as a side note, if you are using Windows 2008 R2 you need to use Exchange 2007 SP3 for supportability and compatibility.

Install the prerequisite components for Exchange 2007 by running the following from an administrative command prompt:

ServerManagerCmd -i RSAT-ADDS

(Reboot required here)
ServerManagerCmd -i PowerShell

ServerManagerCmd -i Web-Server

ServerManagerCmd -i Web-ISAPI-Ext

ServerManagerCmd -i Web-Metabase

ServerManagerCmd -i Web-Lgcy-Mgmt-Console

ServerManagerCmd -i Web-Basic-Auth

ServerManagerCmd -i Web-Digest-Auth

ServerManagerCmd -i Web-Windows-Auth

ServerManagerCmd -i Web-Dyn-Compression

Once that is done, you should be able to do an install of Exchange 2007 (a default install should be sufficient).

Don't forget that as it's eventually going to be the only Exchange server you need to add the anonymous users group to the default receive connector (otherwise it'll reject email from the internet).

Everything else should get picked up from the existing Exchange server by the installation routine.

Next you have to consider the actual migration steps.

You need to create an internet facing send connector on the new server.

From the Exchange Management Shell, run the following command (all one line):

New-sendconnector -name "Internet Send Connector" -usage "Internet" --AddressSpaces 'smtp:*;1' -DNSRoutingEnabled $true -UseExternalDNSServersEnabled $false -SourceTransportServers 'new-exchange-server-name-goes-here'

Needless to say, you replace the 'new-exchange-server-name-goes-here' with the name of your new exchange server :)

You should have a receive connector and it should have your accepted domains already.

You can check that in the management console.

Change your firewall rule to point port 25 (SMTP) to the new server.

Now you can move a test mailbox and check that mail flows internally, outbound to the net and inbound. Also confirm mail flow works for everyone else.

Once you're happy you can migrate all the other mailboxes.

What I would do then is leave everything running for a couple of weeks - that way users will get automatically pointed to the new server when they connect outlook.

The final two stages for me would be to turn the old server off for a few days - does anything break? If not, it's safe to remove Exchange. Remember this is a once only piece of work - there's no going back so you need to be sure it all works (hence my turning it off for a bit).

The only thing to say is do you have public folders? You will need to rehome them. Also make sure things like free/busy and out of office all work (you really need a public UC certificate).

If you use OWA you need to update the firewall rules to take this into account too.

I think I've covered everything. Feel free to ask for more help.
0
 

Author Comment

by:Janibek
ID: 34195588
Dang, that's quite an informative reply!
Yes, indeed I have OWA and shared folders setup on exchange 2007. What about the external network connection? If I move Exchange 2007, as you suggest, the new server should probably be directly connected to an external IP?

Many thanks! What if I just move the DC from 2003 to 2008 and reconfigure Exchange on the old server accordingly? If I go that way, do I avoid all the hassle with firewalls, certificates, and exchange migration process?

Sorry if i'm switching back and forth, I'm just trying to find the easiest way to balance the load. Your help is really appreciated.
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 34195653
So your external IP information doesn't change.

The MX record in external DNS will point to an IP address that is usually an internet-facing port on a firewall. This won't usually change unless you do something like change ISP/move buildings etc.

You would then have to repoint the rule.

Outbound - most firewalls I see don't do any kind of rule for outbound SMTP so it'd just go as normal.

If you wanted to move to just a Windows 2008 R2 domain controller then it definately removes a lot of the reconfiguration for sure.

But...if you were doing that, I'd still recommend Hyper-V or one of the free VMware or Xen hypervisors. A DC on a brand new server will be lucky to use 2% of its resources (I'm making assumptions on the size of your environment, but I'm guessing it's not a big one).

Remember that if you go down the virtualisation route, there are lots of benefits, notwithstanding a single Enterprise license for Windows Server 2008 R2 allows you to have a physical host with 4 licenses within it.

So - let's say you install hyper-v (and the same is true for VMware or Xen) you could use a single license to run 4 virtual servers. That's a considerable saving.

The one caveat here is if it's hyper-v that is the host, as I said before, it _must not_ host any services beyond hyper-v. If it does, scratch one of your virtual licenses as one will be taken by the host.

If you have a standard license you can install hyper-v and one single virtual machine on the same license.

There's a nice explanation here:

http://msmvps.com/blogs/virtualreality/archive/2009/04/01/hyper-v-licensing-explained.aspx

To summarise, I'd suggest if you are going down the 'simpler' new DC route that you do so in a virtual environment because otherwise you're burning a lot of server resources that could be better utilised (and here's a thing...you could even do a P2V [physical to virtual] migration of your existing Exchange server*) onto the new virtual environment.

*If you decided to do this, I would generally recommend that (a) the server is not a domain controller during the migration and (b) has all of the Exchange services stopped and disabled for the duration of the migration.
0
 

Author Comment

by:Janibek
ID: 34290587
Thanks a lot, Tony1044 and R--R! I'm not done with this question, that is why i'm not closing the thread yet. I'm sorry for being silent and keeping it frozen for a little while, i've just been busy these days on my work. But i'll try to implement everything you wrote here asap. Your help is appreciated!
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 34290879
Hi Janibek,

No worries - there's no rush closing a question off if you think you might have other things to ask. Good luck going forwards with your migration :)
0
 

Author Closing Comment

by:Janibek
ID: 34614005
Thanks for the efforts and broad answers!
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 34614942
Glad to have helped. Thank you for the points.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now