Understanding the Big Picture | Microsoft Exchange Server 2003 Administrators Companion (Pro-Administrators Companion)

You need to understand the big picture before you can grasp each part of the migration process. The overarching goal of your migration is to merge two different user account databases into a single database (Figure 15-1). This is important to understand because you will use different tools to migrate different databases to Active Directory. Also, understanding where information resides in Active Directory is essential to performing a migration. Fundamentally, you must understand where you’re coming from as well as where you’re going. Figure 15-2 illustrates where the Exchange information resides in Active Directory.

click to expand
Figure 15-1: Database migrations.

click to expand
Figure 15-2: Where Exchange information resides in Active Directory.

To avoid creating duplicate accounts, you migrate your Windows NT 4 user accounts before you migrate your Exchange user accounts by using the Active Directory Connector (ADC). In Windows NT 4, even though the mailbox is tied to a primary account (or could be tied to a primary account) in the Windows NT account database, a separate user account also exists in the Exchange 5.5 directory for that mailbox. If you migrate the user accounts to Active Directory via the ADC before migrating the user accounts from the Windows NT accounts database, a new user account is created in Active Directory for that Exchange 5.5 account. The default setting is to create a disabled user account.

Even though the ADC can create user accounts in Active Directory for the Exchange 5.5 accounts, you will need to migrate the domain accounts from the Windows NT account database to preserve the Security Identifiers (SIDs) of each user account in Windows NT (which means preserving access to resources). Such resources include the Exchange 5.5 mailboxes while those mailboxes reside on an Exchange 5.5 server.

In this first stage of the migration, you will need to make some initial decisions that will have an impact on the approach you take to your migration:

Whether you will create a new Exchange organization in the Active Directory forest or join your Exchange 2003 servers to the existing Exchange 5.5 organization
Whether you will perform an in-place upgrade of your Windows NT primary domain controller (PDC) or move your Windows NT accounts to Active Directory
Whether you will need to allow access to resources in the Windows NT domains after the accounts have been moved to Active Directory
Whether you will expire the old Windows NT accounts

If you choose to join your Exchange 2003 servers to your Exchange 5.5 organization, you’ll be able to move your mailboxes between the servers as the main method of migrating the mailboxes to Exchange 2003. If you choose to create a new organization, you’ll need to use the utilities provided by Microsoft to move the mailboxes to the Exchange 2003 organization.

Likewise, if you choose to upgrade the PDC as your first Windows Server 2003 domain controller, the user accounts will automatically be upgraded to Active Directory and there will be no need to migrate the user accounts to Active Directory. However, if you want a clean start with your new Active Directory, you must use the utilities provided by Microsoft to migrate the accounts out of the Security Account Manager (SAM) database into Active Directory.

If you are running a single Exchange server hosted on a single domain controller, the easiest migration approach is to perform an in-place upgrade. In this scenario, you upgrade the PDC and then upgrade Exchange 5.5, all on the same box. The common problem with this scenario is hardware—most of the hardware that was purchased to run Windows NT and Exchange 5.5 will not be adequate to run Windows Server 2003 and Exchange 2003. Therefore, even in a single-server environment, the chances are good that you’ll need to perform some type of migration to a new Active Directory and that an in-place upgrade will not be feasible.

Note

You could take a new server, make it a backup domain controller (BDC), promote it to a PDC, install Exchange 5.5 on it, move the mailboxes and other information, and then perform an in-place upgrade. But this process really just re-invents the wheel: your actions are very similar to installing Windows Server 2003 and then doing a migration. Our advice is to perform a migration rather than an in-place upgrade unless you’re in the unusual position of having hardware that will accommodate future in-place upgrades.

The advantage of installing Exchange 2003 on an Exchange 5.5 site is that the mailboxes, public folders, connectors, and system folders can all be moved to the Exchange 2003 server without using any migration tools provided by Microsoft. In many scenarios, this will be the best way to perform the migration.

In our running example, we redesign our Exchange system, starting with migrating the user accounts from the Windows NT SAM to the Active Directory. Our redesign focuses on going from three Exchange servers in three sites to one Exchange server in the forest. However, we install our Exchange Server 2003 into the Exchange 5.5 organization.

The first step in our migration scenario is to create a Windows Server 2003 forest, which we have already done (but did not illustrate here). Then we migrate the Windows NT accounts to Active Directory. If you do this correctly, you won’t encounter any duplicate accounts in Active Directory.