Tuesday, August 26, 2008

MIGRATION EXCHANGE 2003 to EXCHANGE 2007




I am about to finish a project located in Washington DC for a government. This project involved taking active directory 2003 and exchange 2003 and bringing into AD 2008 and Exchange 2008. To be honest the team I belong to is "ROCK" smart dedicated , intelligent people, and I have to give most of the credits to the team, prod to be part of a good team

AD 2003 and AD 2008 doesn't have huge differences in my opinion, knowing basic 2003 is the key to understand AD 2008 and life simply gets better with 2008 servers, hands up I started to love windows 2008 server. I love the new idea behind most of the new Microsoft products secure out the box, even exchange won't work because "Anonymous authenticating is not enabled" by default. This is just an example many other things are not there so Microsoft is giving us secure product ,we will have to turn these futures on so we cannot blame Microsoft no more (-:, this is very smart approach in my opinion.

The windows 2008 Core server was a lot of fun to play with but, I have to admin you will need to find tool called "Core configuration" to make your life easy otherwise you will have hard time to configure core servers. I hope that Microsoft soon hae this tool available for us officialy as MS tool.

Steps I have taken going through the migration

  1. Prepare active directory, fix replication issues among DC's
  2. Make sure FRS is happy, as well as SysVol, no journal wrap errors
  3. Use DCdiag /q (quite) until, no errors are reported, fix the issues reported accordingly
  4. Don't touch existing exchange 2003 environment ( I liked this one (-:, didn't have to fix anything)
  5. Build new DC's windows 2008, migrate the functionalities, DNS, DHCP, FSMO roles etc.
  6. Perform IP swap , Old DC IP addresses swap to new build DC's, to prevent , possible application related issues
  7. Build Exchange 2007 mailbox server (SCC single cluster copy), I really think this is a great configuration considering having rock solid SAN is being used and we used NetAPP, hands up I used to work with NetAPP, these appliance are rock solid, so no worries about SAN going down. Having two nodes in active passive configuration is great as one can be used to maintenance and install patches over fail over if it is needed.
  8. Used store calculator to find out MS best practices and followed one SG one DB model as it is recommended by MS.
  9. I have to give many credits to NetAPP Engineers as they know their stuff in and out as well as clustering technologies and Exchange 2007, especially to Mike Mitchell, Denise Otarola and Jason Middleton. Thanks guys for excellent service and deep knowledge.
  10. Installed HTS (Hub transport servers) two for redundancy and high availability
  11. Installed mail gateways as always IronPort as smart host and first line of defense for the corporate network. Thanks to IronPort engineer John for his supports as always.
  12. Installed CAS ( Client access servers) for OWA, Active sync, and Outlook anywhere etc
  13. Configure virtual directories and have a lot of fun with IIS 7.0, looks real nice and neat, finally.
  14. During installing mailbox server created connector to existing exchange 2003 server, the idea behind this was not to change anything on the production environment
  15. Moved some test mailboxes from exchange 2003 to exchange 2007, and test the mail flow.
  16. After make sure moved rest of the users from 03 to 07.
  17. Run into some minor issues such as
  • OWA issues , needed bulk changes in ad used ADMOD (fixed right a way)
  • Some default address book issues (fixed later on)
  1. Changed mail flow, deleted old connectors
  2. Start preparing decommission process for exchange 03
  1. Decommission existing legacy mail servers and domain controllers one by one
  2. Setup ISA server and use it as Proxy , internet firewall, ISA, CAS, and mailbox servers


I am still working on finishing this project and I will be posting more issues and experiences on my blog

--Oz Ozugurlu

MVP (Exchange) MCITP (EMA),

MCITP (SA) MCSE 2003, M+, S+,

MCDST, Security+, Project +, Server +

Blog: http://www.smtp25.blogspot.com

2 comments:

Anonymous said...

Excellent so far just getting started - Why did you not set up your edgetransport first ?

Oz Ozugurlu said...

We deployed IronPort as mail relay gateways in this project.

That is very good question. Most of the contract we work with we deploy IronPort for mail security. There are several reasons why we do that, I really do not want to get details but overall
Most security folks fell well about placing UNIX into DMZ and having it to face outside world
If you tell them you will be doing this with windows, they will freak out (-: and honestly, window OS is not there, or ready to be placed in DMZ facing outside world as SMTP relay host in my personal opinion.
I am a windows person don’t get me wrong, but again none of our clients wants windows in DMZ when it comes to mail.
UNIX (IronPort) is rock solid, very strong, and secure, and IronPort meets all kind of government security regulations and requirements. I most of the time do not even have to log on after it has been set correctly; it just works never goes down. No spam almost 98 percent success rates is the killing point.
All these reasons are preventing us deploying Edge for the clients we work for so far. I am not sure if this will change in the future or now, but one thing I know from experience IronPort has never failed us, not even once.
Best,
Oz