| Author |
Message |
Brian
Guest
|
 Posted:
Thu Nov 10, 2005 9:50 pm Post subject:
how to move to new domain with AD plus Exchange 2003 |
|
|
We have an NT 4 domain (call it "NTD") and a new AD domain Windows 2003
server (call it "2k3"). In NTD there is a single Exchange 5.5 server.
We are planning to add a new Exchange 2003 server to "2k3" (and can do
so at any time). The goal is to have all 60 users and PCs as part of
2k3, and use Exchange 2003, and the NT4 domain and the Exchange 5.5
server go away.
We do not want to do a long weekend-move-everything-at-once migration.
we would prefer to move a few users and PCs at a time, so both domains
will have to co-exist as well as the two Exchange servers.
I've read up as much as possible on this. My confusion is in the best
way to proceed, and which of the MS tools to use. I know what the ADMT
is, and I know what the ADC is. I am familiar with the process of
upgrading an NT4 domain to AD, and adding an Exchange 2000 server to a
5.5 site and running ADC. But we do not want to just upgrade our
crappy NT 4 domain - we need to start fresh.
Should we:
a) migrate all users and PCs to 2k3 using ADMT, leaving mail on the
Exchange 5.5 server? then, after all users have moved, install
Exchange 2003 into 5.5 site, move mailboxes over and de-commission 5.5?
b) run ADC and install Exchange 2003 on a 2k3 domain member server, and
gradually move users from NT4 to 2k3 domain?
c) do something different?
TIA for any and all help.
Brian |
|
| Back to top |
|
 |
Mark
Guest
|
| Posted:
Fri Nov 11, 2005 1:50 am Post subject:
RE: how to move to new domain with AD plus Exchange 2003 |
|
|
Hi Brian,
If you want to move to a new domain I have tested these steps. Each of these
steps should be a 2 page document :) -
Install AD and configure 2way trust with sid filtering disabled
Forest prep, domain prep
Migrate Users (admt), Run ADC to sync directories and mail enable AD users
Users can now login to AD and still access mailboxes on 5.5
Slowly migrate mailboxes to 2k3 which will repoint AD accounts
Then set mail to flow through 2k3 server and decommission 5.5
It has been quite a while since i've done this so it might be worth reading
through http://www.informit.com/articles/article.asp?p=349747&seqNum=8 as a
start. I will have missed out something.
This is just my prefered method but half the people on this site probaby
have another way.
Good Luck
Thanks,
Mark |
|
| Back to top |
|
|
Brian
Guest
|
| Posted:
Fri Nov 11, 2005 1:50 pm Post subject:
Re: how to move to new domain with AD plus Exchange 2003 |
|
|
Mark,
Thanks very much for your reply.
Couple of follow up questions:
1. do I have to migrate ALL users before I do the ADC piece, or can I
migrate 10, move their mailboxes, migrate 10 more, etc.?
2. if the answer to 1. is No, will users migrated (using ADMT) still be
able to get to the Exchange 5.5 server in the "old" domain?
Thanks again,
Brian |
|
| Back to top |
|
|
Mark
Guest
|
| Posted:
Fri Nov 11, 2005 5:50 pm Post subject:
Re: how to move to new domain with AD plus Exchange 2003 |
|
|
Hi Brian,
Other way around, migrate the accounts first, ADC after. ADC will find the
migrated accounts during replication and using the sid it then matches
accounts and mailboxes nicely. If you run ADC first the place holder
(mentioned http://support.microsoft.com/?id=316047)
accounts are created which just causes issues and are a nightmare to clean up.
I'll take a look at the permissions thing when I get access to those images.
Let me know.
Thanks,
Mark |
|
| Back to top |
|
|
Brian
Guest
|
| Posted:
Fri Nov 11, 2005 5:50 pm Post subject:
Re: how to move to new domain with AD plus Exchange 2003 |
|
|
Mark,
1. based on your response above, it looks like I need (or should have)
the ADC up and running before I migrate anyone with the ADMT. is this
true?
2. logging in with the AD accounts. but you pretty much answered it.
I'm familiar with the SID history concept, so as long as that will give
them access to 5.5 when they are in the new domain, that will cover it.
Thanks.
Brian |
|
| Back to top |
|
|
Mark
Guest
|
| Posted:
Fri Nov 11, 2005 5:50 pm Post subject:
Re: how to move to new domain with AD plus Exchange 2003 |
|
|
Hi Brian,
1.Each mailbox in e2k3 needs an account associated with it. If ADC can't
find an account when its replicating the directories it will create a
placeholder account. (I think it uses the sid to match them)
http://support.microsoft.com/?id=316047
So migrate the users first, adc will then stamp these accounts with Exchange
attributes and point their accounts to the mailboxes on 5.5.
2. Are you asking whether users logging in with NT accounts can still access
their mailboxes or logging in with the AD accounts?
Anyway, the sid gives the NT users access to the mailboxes. 2k3 user
accounts have a sidhistory attribute that lets them in until you move the
mailboxes away from 5.5. (this last section about SID is very much "as far as
I remember" but I think I still have a few nt images around so i'll take a
look and let you know. Pretty sure that's how it works out though.)
Thanks,
Mark |
|
| Back to top |
|
|
Brian
Guest
|
| Posted:
Fri Nov 11, 2005 9:50 pm Post subject:
Re: how to move to new domain with AD plus Exchange 2003 |
|
|
Mark,
no need to check on the permissions issue, I think I'm all set.
That informIT Exchange article looks great. full of good info.
thanks again for all your help.
regards,
Brian |
|
| Back to top |
|
|
Spin
Guest
|
| Posted:
Sat Nov 12, 2005 5:50 pm Post subject:
Re: how to move to new domain with AD plus Exchange 2003 |
|
|
What's the purpose of "sid filtering disabled" I don't understand. I
actually don't even understand what "sid filtering" is. Please give me a
clue.
--
Spin |
|
| Back to top |
|
|
Mark
Guest
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in