Migrate to Exchange 2000 and Active Directory

Make a smooth transition from Exchange 5.5 to 2000 by choosing the migration path that's best for you.

by William C. Wade III

*** Article originally published at: www.devx.com
 
In light of Windows 2000's recent release, many organizations are evaluating how this bold new product can help them become more productive. Of those organizations, many currently use Microsoft Exchange. These Exchange customers are also determining how Exchange 2000 will overcome Exchange 5.5's current limitations and how its new features will take Exchange beyond simple messaging.
 

What you need:
Windows 2000 Server or Advanced Server
Exchange 2000 Release Candidate 1 or later
Exchange 2000 Active Directory Connector (ADC)
Windows 2000 Active Directory Migration Tool (ADMT)
Active Directory
Account Cleanup Wizard (ADClean)
 

Once you decide to upgrade to Exchange 2000 and complete your Exchange design architecture, you need to develop a coexistence and migration plan. This plan will be unique because the Exchange 5.5 directory migrates to Active Directory, while the Exchange 5.5 servers migrate to Exchange 2000, making for a two-pronged migration plan. How challenging your migration is depends on the complexity of your current Exchange architecture and the intricacy of your envisioned Active Directory implementation. To help smooth the rough edges of migration, Microsoft provides some tools and suggests some common migration approaches. In this article, I'll address some of the coexistence and migration scenarios, as well as look at a few of the tools that will ensure a successful migration.

To make Exchange 5.5 and Exchange 2000 coexist, Microsoft placed certain restrictions on how you can configure Exchange 2000 during coexistence. As with Windows 2000's mixed mode to support coexistence with Windows NT, Exchange 2000 has a mixed mode to support coexistence with Exchange 5.5. When you install the first Exchange 2000 Server, your organization is in mixed mode. Once you no longer need to support Exchange 5.5 servers or services, you can configure the Exchange 2000 organization for native mode. But beware—once you configure for native mode, there's no going back.

  Figure 1
Figure 1 Get Connected. Click here.

 

To enable coexistence, Exchange 2000 must resemble Exchange 5.5 while in mixed mode. This means there are restrictions on the flexibility of Administrative and Routing Groups (see the sidebar, "How Exchange 5.5 and Exchange 2000 Fit Together"). In mixed mode, the Administrative Group and the Routing Group are directly associated so Exchange 2000 can simulate an Exchange site. Therefore, you can't span Routing Groups across Administrative Groups, nor can you have a server in a Routing Group belong to a different Administrative Group. Additionally, while in mixed mode, you can't move mailboxes between Administrative Groups. You can only move mailboxes between servers in the same Administrative Group.

These restrictions lock your administrative model into one similar to what you had with Exchange 5.5. Only after you change to native mode and Microsoft provides a tool (hopefully, soon after the release of Exchange 2000) for moving Exchange 2000 Servers between Administrative Groups will you be able to implement a new Administrative Group model.

Get Permission First
One fundamental difference between Exchange 2000 and Exchange 5.5 is how they apply permissions to public folders. Exchange 2000 uses Active Directory objects, such as users and security groups; and Exchange 5.5 uses Exchange objects, such as mailboxes and distribution lists. This means to apply permissions to public folders, Active Directory must have the equivalent to an Exchange distri-bution list. Unfortunately, this equivalent is Active Directory's Universal Security groups, which exist only in Windows 2000 native mode. Therefore, to support coexistence between Exchange 5.5 and Exchange 2000 public folder permissions, you must have at least one native mode domain. You can configure an Active Directory Connector connection agreement (described later in this article) between Exchange 5.5 and the native mode domain to synchronize groups between the two directories. Distribution lists become Universal Security groups in this domain, which have their membership published in the Global Catalog. When the public folder hierarchy is replicated between Exchange 5.5 and Exchange 2000 Servers, Active Directory Universal Security groups from the Global Catalog will be used wherever Exchange 5.5 distribution lists have been assigned permissions.

Figure 2
Figure 2 Agree on Connections. Click here.

 		  

This works because Universal Security groups are included in the Global Catalog, along with their membership. Because the distribution lists from Exchange 5.5 are being translated by the Active Directory Connector connection agreement into Universal Security groups in the native mode domain, they're included in the Global Catalog. The Exchange 2000 Servers in the mixed mode domain are able to access these security principals from the Global Catalog and use them to apply permissions to public folders. If you choose not to setup a native mode domain, and you use dis-tribution lists to apply permissions to public folders, you'll loose those permissions. You'll have to apply permissions manually, using Domain Global Groups or user objects.


 

      Next: Use Coexistence Components

 

^ Introduction 3 Agree on Configuration
2 Use Coexistence Components 4 Migrate the Directories
 

ITEC bullet Buffalo State College bullet Twin Rise 200 bullet 1300 Elmwood Avenue bullet Buffalo, NY 14222 bullet (716) 878-4832

[ Home ] [ Academic Support ] [ Administrative Support ] [ Systems Support ] [ News ] [ SUNY Links ]

E-mail ITEC: scacad@itec.mail.suny.edu