Microsoft Exchange Server 2007 Administrators Pocket Consultant Second Edition

Existing Exchange 2000 Server and Exchange Server 2003 installations can coexist with Exchange Server 2007 installations. Generally, you do this by integrating Exchange Server 2007 into your existing Exchange 2000 Server or Exchange Server 2003 organization. Integration requires:

• Preparing Active Directory and the domain for the extensive Active Directory changes that will occur when you install Exchange Server 2007.

• Configuring Exchange Server 2007 so that it can communicate with Exchange Server 2000 and Exchange Server 2003 servers.

You cannot upgrade existing Exchange 2000 Server and Exchange Server 2003 servers and organizations to Exchange Server 2007. You must install Exchange Server 2007 on new hardware, and then move the mailboxes from your existing installations to the new installation. See "Transitioning to Exchange Server 2007" in this chapter for more details.

Preparing Active Directory for Exchange Server 2007

Exchange Server 2007 can be integrated into Exchange 2000 Server and Exchange Server 2003 organizations. If you have any servers running Exchange 2000 Server or Exchange Server 2003, you need to prepare Active Directory and the domain for the extensive Active Directory changes that will occur when you install Exchange Server 2007. You do this by completing the following steps:

1. Run Setup with the /PrepareLegacyExchangePermissions option. To successfully run this command, you must be a member of the Exchange Admins groups and the domain in which you run this command must be able to contact all domains in the forest.

2. After all permissions have replicated across your entire Exchange organization, run Setup with the /PrepareSchema option to connect to the schema master and update the schema with attributes for Exchange Server 2007. To run this command, you must be a member of the Schema Admins group and the Exchange Admins group. You must run this command on a computer in the same Active Directory domain and same Active Directory site as the schema master. The schema master is located in the forest root domain.

3. After all schema changes have been made, run Setup with the /PrepareAD option to configure global Exchange objects in Active Directory, create Exchange Universal Security groups in the root domain, and prepare the current domain for Exchange Server 2007. To run this command, you must be a member of the Enterprise Admins group. When completed, the root domain should have a new organizational unit called Microsoft Exchange Security Groups, and this organizational unit should contain the following groups: Exchange Organization Administrators, Exchange Recipient Administrators, Exchange View-Only Administrators, Exchange Servers, and Exchange2003Interop.

4. Finalize security settings for Exchange Server 2007 by preparing the local domain by running Setup with the /PrepareDomain option or by preparing all domains by running setup with the /PrepareAllDomains option. To run this command, you must be a member of the Domain Admins groups for the local domain or the Enterprise Admins group.

Configuring Exchange Server 2007 for Use with Existing Exchange Organizations

All the Exchange 2007 server roles are supported for coexistence with a native-mode Exchange organization. In the Exchange System Manager for Exchange 2000 Server and Exchange Server 2003, all Exchange servers are displayed as members of the Exchange Administrative Group. Exchange Server 2007 servers are also displayed as members of the Exchange Routing Group. These groups are created only for purposes of coexistence with Exchange 2000 Server and Exchange Server 2003.

When managing Exchange servers, you should use the administrative tools for that Exchange Server version. Exchange Server 2007 doesn't use Active Directory Users And Computers for recipient management and instead uses only the Exchange Management Console and the Exchange Management Shell for this purpose. Exchange Management Console and the Exchange Management Shell are the primary management tools for Exchange Server 2007.

Mailboxes located on Exchange 2000 Server and Exchange Server 2003 servers are also displayed in the Exchange Management Console. You can manage the Exchange 2000 Server and Exchange Server 2003 mailbox properties using the Exchange Management Console or Exchange Management Shell. However, you can use only Exchange Management Shell to move mailbox recipients from Exchange 2000 Server and Exchange Server 2003 to Exchange 2007.

When deploying Exchange Server 2007 in an Exchange 2000 Server or Exchange Server 2003 organization, keep the following in mind:

• If you want to use the Exchange Server 2007 Client Access Server role, you must deploy a Client Access Server role in each Active Directory site that contains the Mailbox Server role. Clients will see the Microsoft Office Outlook Web Access or Exchange ActiveSync version that is on their mailbox store.

• If you want to use the Hub Transport Server role, you must configure a two-way routing group connector from the Exchange Routing Group to each Exchange Server 2003 routing group that communicates directly with Exchange Server 2007. You must also suppress link state updates for each Exchange Routing Group that communicates with Exchange Server 2007.

• If you want to use the Unified Messaging Server role, you must deploy the Exchange Server 2007 Hub Transport Server role in the same Active Directory site as the Unified Messaging Server role. Keep in mind that Exchange Server 2003 mailboxes cannot be unified messaging–enabled.

• If you want to use the Mailbox Server role, you must deploy the Exchange Server 2007 Hub Transport Server role in the same Active Directory site as the Mailbox Server role.

• If you want to use the Edge Transport Server role, you must configure SMTP Connectors to accept mail from and send mail to the Internet. Four connector configurations are needed: Internet Send Connector, Internet Receive Connector, Legacy Send Connector, and Legacy Receive Connector. Other modifications are required to mail Exchange and smart host records. Further, you can synchronize the Edge Transport server's ADAM data with Active Directory only if the Exchange Server 2007 Active Directory preparation process has been performed.

Moving to Exchange Server 2007

Most organizations have existing Exchange installations. When moving those installations to Exchange Server 2007, you cannot perform an in-place upgrade. Instead, you must install new Exchange Server 2007 servers into the existing organization and then either migrate or transition to Exchange Server 2007.

• Migration from Exchange 2000 Server or Exchange Server 2003 to Exchange Server 2007 involves installing Exchange Server 2007 on new hardware and then moving the mailboxes from your existing installations to the new installation. In a migration, only mailbox data is moved and any Exchange configuration data is not maintained.

• Transitioning from Exchange 2000 Server or Exchange Server 2003 to Exchange Server 2007 is a multiple-phase process that allows for the retention of Exchange configuration and mailbox data. During these transitioning processes, the Exchange organization is considered to be operating in a coexistence mode.

Migrating to Exchange Server 2007

Migration from Exchange 2000 Server or Exchange Server 2003 to Exchange Server 2007 moves the mailboxes from your existing installations to your new Exchange Server 2007 installations. In a migration, only mailbox data is moved and any Exchange configuration data is not maintained.

The steps you perform to migrate from Exchange 2000 Server or Exchange Server 2003 to Exchange Server 2007 are as follows:

1. Install Exchange Server 2007 on new hardware, and make it a member of the appropriate domain in the forest. At a minimum, you should install the Client Access Server role, the Hub Transport Server role, and the Mailbox Server role. You can install these roles on a single server or on multiple servers. If you plan to have an Edge Transport server in your Exchange 2007 organization, you must install the Edge Transport Server role on a separate computer.

2. Move mailboxes from your existing Exchange Server 2003 or Exchange 2000 Server installations to the new Exchange Server 2007 Mailbox server or servers.

3. If you want to remove your Exchange 2000 Server or Exchange Server 2003 servers, you must first remove Exchange Server 2003 routing groups and all connectors to these routing groups. Also, keep the following in mind:

   • q Exchange Server 2007 does not support the following Exchange 2000 Server features: Microsoft Mobile Information Server, Instant Messaging service, Exchange Chat service, Exchange 2000 Conferencing Server, Key Management service, cc:Mail connector, or MS Mail connector. If you require any of these features, you must retain at least one computer running Exchange 2000 Server in your organization.

   • q Exchange Server 2007 does not support the Novell GroupWise connector for Exchange Server 2003 or the use of the Inter-Organization Replication tool to share free/busy and public folder data across forests. If you require these features, you must keep at least one Exchange Server 2003 server in your organization.

4. Remove your old Exchange Server 2003 or Exchange 2000 Server server from the organization.

Transitioning to Exchange Server 2007

The steps you perform to transition from Exchange 2000 Server or Exchange Server 2003 to Exchange Server 2007 depend on the forest configuration. To transition from a single forest organization to a single forest organization or to deploy Exchange Server 2007 in an Exchange resource forest and then transition to Exchange Server 2007, follow these steps:

1. Install Exchange Server 2007 on new hardware, and make it a member of the appropriate domain in the forest. At a minimum, you should install the Client Access Server role, the Hub Transport Server role, and the Mailbox Server role. You can install these roles on a single server or on multiple servers. If you plan to have an Edge Transport server in your Exchange 2007 organization, you must install the Edge Transport Server role on a separate computer.

2. Move mailboxes from your existing Exchange Server 2003 or Exchange 2000 Server installations to the new Exchange Server 2007 Mailboxserver or servers.

3. For any public folders in your existing Exchange 2000 Server or Exchange Server 2003 organization that you want to maintain, create a replica on your Exchange Server 2007 Mailbox server or servers. You must create the replica using Exchange System Manager in the Exchange 2000 Server or Exchange Server 2003 organization. Exchange will then replicate the public folder data to the Exchange Server 2007 Mailbox server or servers.

   Note

   You do not need to create replicas for the offline address book (OAB) or free/busy system folders. When you install the first Exchange Server 2007 server, Exchange creates these replicas.

4. If you want to remove your Exchange 2000 Server or Exchange 2003 Server servers, you must first remove Exchange Server 2003 routing groups and all connectors to these routing groups. Also, keep the following in mind:

   • q Exchange Server 2007 does not support the following Exchange 2000 Server features: Microsoft Mobile Information Server, Instant Messaging service, Exchange Chat service, Exchange 2000 Conferencing Server, Key Management service, cc:Mail connector, or MS Mail connector. If you require any of these features, you must retain at least one computer running Exchange 2000 Server in your organization.

   • q Exchange Server 2007 does not support the Novell GroupWise connector for Exchange Server 2003 or the use of the Inter-Organization Replication tool to share free/busy and public folder data across forests. If you require these features, you must keep at least one Exchange Server 2003 server in your organization.

5. Remove your old Exchange Server 2003 or Exchange 2000 Server server from the organization.

In some cases, you may want to have one or more forests that contain accounts and a separate resource forest for your Exchange organization. Although configuring a separate resource forest provides clear separation between accounts and your Exchange organization, it requires a great deal of predeployment planning and additional work to maintain. In the Exchange forest, you must disable any user accounts with mailboxes and then associate these disabled user accounts, and all other user accounts, with the user accounts in your other forests. To do this, you must install Microsoft Integration Identity Server 2003 or later, or the Identity Integration Feature Pack 1a or later for Microsoft Windows Server Active Directory and then use its GAL Synchronization feature to create mail-enabled contacts that represent recipients from other forests.

To transition from a single forest organization to a resource forest organization, follow these steps:

1. Create a new Active Directory forest, and then create a one-way, outgoing forest trust from this forest to your existing forest. This ensures that the Exchange Server 2007 resource forest trusts the existing forest. You will need the trust so that you can move mailboxes from servers in the existing forest to servers in the Exchange Server 2007 forest.

2. In the Exchange Server 2007 forest, install Exchange Server 2007 on new hardware, and make it a member of the appropriate domain in this forest. At a minimum, you should install the Client Access Server role, the Hub Transport Server role, and the Mailbox Server role. You can install these roles on a single server or on multiple servers. If you plan to have an Edge Transport server in your Exchange Server 2007 organization, you must install the Edge Transport Server role on a separate computer.

3. Move all mailboxes from the existing forest to the Exchange Server 2007 forest. You must move all mailboxes. If you do not move all mailboxes, you will be in an unsupported hybrid forest scenario.

4. Follow steps 3 through 5 from the procedure previously described under "Transitioning to Exchange Server 2007."