Monday, September 3, 2007

Transitioning from exchange 2000 to 2007 (Part 3)

Now after checking the entire pre-installation components, if we start the setup we will get some error messages such as this one:
Setup encountered a problem while validating the state of Active Directory: Domain Controller Operating System version is 5.0 (2195) Service Pack 4. The minimum version required is 5.2 (3790) Service Pack 1.
This a common issue actually, the reason behind this is that the setup is checking all the DCs that they must be 2003 sp1 as well as the GCs, because of that we have to point the setup to the specific 2003 dc.. This issue will be fixed in exchange 2007 sp1.

So, I am going to start the setup in an unattended mode starting by prepare the forest by running the mentioned switches previously but with specifying /dc: parameter to point to the windows 2003 DC.

•The first thing we need to do in deploying Exchange 2007 into a legacy Exchange
Organization is to run /PrepareLegacyExchangePermissions
to run this command, open the command prompt, browse to the directory of the exchange 2007 setup files, the simply type the command.

•After that we have to prepare the schema, this can be done by running the following command /PrepareSchema /DC:

•Prepare AD, by typing the command: /PrepareAD /dc:
Note: you can run the /PrepareAD command before running
/PrepareLegacyExchangePermissions and /PrepareSchema, this will run the /PrepareLegacyExchangePermissions and /PrepareSchema commands automatically.

Now we can start the setup, but we have to start the setup in an unattended mode as we said, by combining a couple of switches with the setup command, depending on your needs:
setup /m:Install /roles:M,HT,C,MT /dc: /EnableLegacyOutlook /LegacyRoutingServer: /t:"d:\program files\Microsoft\Exchange Server"
This command will install the management tools, Hub Transport role, Client access role and the Mailbox role.
That is it, exchange 2007 had been installed, and now we have to move the mailboxes to the new exchange 2007 and finally decommission the old 2000 server.

For more details, you can follow up with Henrik article on moving the mailboxes and decommissioning the old exchange server.


Sunday, September 2, 2007

Transitioning from exchange 2000 to 2007 (Part 2)

It is recommended to run the latest version of Exchange best practice analyzer tools now, and choose Exchange 2007 readiness check, in my case, the tool gave me the following report:

So, my exchange organization is in mixed mode, it must be changed to native mode.

In general, there is three prerequisites that must checked before installing exchange 2007, they are:
® Active Directory forest: the domain functionality level must be windows 2000 or windows server 2003, also you must make sure that the domain controller that is the schema master is running windows server 2003 SP1 or higher, this is also applied for the Global catalog server running on the site as well.

There are some switches that you can run them to prepare the environment by preparing the permission required for exchange 2007, preparing the schema, preparing active directory, and preparing domain.

Those switches are: /PrepareLegacyExchangePermissions /PrepareSchema /PrepareAD /PrepareDomain or /PrepareAllDomains

Note: you can run the 32-bit version of exchange 2007 to prepare you environment.

®Exchange organization: it is a must to run the exchange organization in native mode, so we have to remove any exchange servers running exchange 5.5 .In my case I have to change the organization mode simply by opening the exchange system manager, right click exchange organization, choose properties then choose the change mode button you will get a warning message, click yes, as simple as that.

®Server requirements:
Software needed:

- .Net framework 2.0 and the update KB926776 as well
-MMC 3.0
-Windows PowerShell 1.0
-HotFix for Windows x64 (KB904639)

Also, there are some additional components that you have to install on the server depending on the role you are planning to implement, those are:
For Mailbox server role, you need the following components:
• Enable network COM+ access
• Internet Information Services
•World Wide Web Service

For Client Access Server, you need the following components:
-RPC over HTTP proxy
-ASP.NET 2.0

For Hub transport server role, no more components are needed.
But be sure that the SMTP AND NNTP is not installed.

For Edge transport server role, you will need ADAM
AND also make sure that SMTP AND NNTP.

In the next article we gonna start the setup........

Wednesday, August 29, 2007

Transitioning from exchange 2000 to 2007 (Part 1)

Transitioning from exchange 2003 to exchange 2007 is easy and straightforward, there is many articles on the web describing the process. Henrik walther wrote one of the best articles on this topic. But what about transitioning from exchange 2000 to exchange 2007 in a situation where you have a single box (windows 2000 DC and exchange 2000), I believe the scenario is different a little bit and need more concentrate and careful.
In this article series (3 parts), I am gonna show you my real experience on this issue, enjoy it!

• The setup is as follow:
-Two Domain controllers running windows 2000 advanced server.
-Exchange 2000 is installed on one of the domain controllers.
-The FSMO roles had been moved to the domain controller that is not running exchange.

Well, the first thing we have to think about it is to upgrade the domain controllers to windows 2003 before we go through the installation of Exchange 2007, since this is one of the requirements for exchange 2007.
Regarding to MS
KB325379, there is certain attributes in the schema must be changed before we run the /Forestprep , /Domainprep of the windows 2003, those attributes are:

These attributes must appear as msExchAssistantName, msExchHouseIdentifier, and msExchLabeledURI.
In order to do such change, we can create a script that modifies these attribute in the following way:

“1.Log on to the console of the schema operations master by using an account that is a member of the Schema Admins security group.
2.Click Start, click Run, type notepad.exe in the Open box, and then click OK.
3.Copy the following text including the trailing hyphen after "schemaUpdateNow: 1" to Notepad.

dn: CN=ms-Exch-Assistant-Name,CN=Schema,CN=Configuration,DC=X

changetype: Modify
LDAPDisplayName: msExchAssistantName

dn: CN=ms-Exch-LabeledURI,CN=Schema,CN=Configuration,DC=X
changetype: Modify
replace: LDAPDisplayName
LDAPDisplayName: msExchLabeledURI

dn: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=X
changetype: Modify
replace: LDAPDisplayName
LDAPDisplayName: msExchHouseIdentifier

changetype: Modify
add: schemaUpdateNow
schemaUpdateNow: 1

4.Confirm that there is no space at the end of each line.
5.On the File menu, click Save. In the Save As dialog box, follow these steps:
a. In the File name box, type the following:
b. In the Save as type box, click All Files.
c. In the Encoding box, click Unicode.
d. Click Save.
e. Quit Notepad.
6.Run the InetOrgPersonPrevent.ldf script.
a. Click Start, click Run, type cmd in the Open box, and then click OK.
b. At a command prompt, type the following, and then press ENTER:
cd %userprofile%
c. Type the following command
c:\documents and settings\%username%>ldifde -i -f inetorgpersonprevent.ldf -v -c DC=X "domain name path for forest root domain"
Syntax notes:
•DC=X is a case-sensitive constant.
•The domain name path for the root domain must be enclosed in quotation marks.
For example, the command syntax for an Active Directory forest whose forest root domain is TAILSPINTOYS.COM would be:
c:\documents and settings\administrator>ldifde -i -f inetorgpersonprevent.ldf -v -c DC=X "dc=tailspintoys,dc=com"
Note You may need to change the Schema Update Allowed registry subkey if you receive the following error message:
Schema update is not allowed on this DC because the registry key is not set or the DC is not the schema FSMO Role Owner.
For more information about how to change this registry subkey, click the following article number to view the article in the Microsoft Knowledge Base:
285172 Schema update require Write access to schema in Active Directory

Now we have to verify that previous attributes had been modified, this can be done through ADSI edit tools (installed as a part of the support tools), under the schema find the attributes (CN=ms-Exch-Assistant-Name CN=ms-Exch-House-Identifier CN=ms-Exch-LabeledURI). Double click each of them, on the attributes tab in the "Select which properties to view" dropdown, select either Mandatory. In the next drop down "Select a property to view" select lDAPDisplayName. Then at the text in the box next to value, make sure that the three attributes same as the attribute name without the CN= and the dashes i.e. msExchAssistantName).

Now we can safely run adprep on the schema operations master. To do so, Log on to the console of the schema operations master with an account that is a member of the Schema Admins security group.
Click Start, click Run, type cmd, and then click OK.
X:\I386\adprep /forestprep
Where X:\I386\ is the path of the Windows Server 2003 installation media.
Verify that the adprep /forestprep changes have replicated on all the domain controllers in the forest.

After that, Run adprep /domainprep on the Infrastructure master. To do so, click Start, click Run, type cmd, and then on the Infrastructure master type the following command:
X:\I386\adprep /domainprep

Verify that domainprep completed successfully, and a replication had been initiated between the DCs.

In my scenario, I had a new server (windows 2003 SP1) which I promote it successfully to be the first domain controller running windows 2003, after preparing the schema.
After that I had transferred the FSMO roles to the new DC and set it as a Global catalog, then upgrade the old DC to windows 2003 (the one that it is not running exchange).

Transitioning from exchange 2000 to 2007 (Part2)
Transitioning from exchange 2000 to 2007 (Part 3)