How to migrate from Exchange Server 5.5 to Exchange 2000 Server

This step-by-step article describes how to install Microsoft Exchange 2000 Server into an existing Microsoft Exchange Server 5.5 organization, migrate mailboxes to Exchange 2000 by using the Move Mailbox method, and how to remove the last Exchange Server 5.5 computer from the Exchange organization.

Prepare Microsoft Windows 2000 Active Directory for Exchange 2000 Server installation

Note Before you migrate mailboxes from Exchange Server 5.5 to Exchange 2000, you must first migrate the User Accounts to Microsoft Windows 2000 Active Directory. There are three ways to do this:

Method 1

The preferred method is to upgrade your existing User Account Domain to Microsoft Windows 2000 Active Directory.

Method 2

If you are migrating user accounts and mailboxes to a new Windows 2000 domain, you can use the ADMT (Active Directory Migration Tool) to migrate User Accounts by using security identifier (SID) history to retain permissions. You can then use an ADC (Active Directory Connector) RCA (Recipient Connection Agreement) to replicate mailbox attributes and associate the new account created using ADMT with the existing Exchange 5.5 mailbox.

Important You must migrate user accounts with SID history first, using ADMT, and then configure an ADC RCA. Failure to do this in the proper order will result in the negative consequences associated with method 3 later in this article. To download the ADMT utility, visit the following Microsoft Web site:

Method 3

If you are migrating user accounts and mailboxes to a new Windows 2000 Domain, you can use an ADC RCA to create new disabled User Accounts related to Exchange 5.5 mailboxes. This is the least desirable way to create new Windows 2000 Active Directory Users and is not recommended, because they are new User Accounts, they are disabled accounts, they have no SID history and they are not the owner of the existing mailbox. This method results in a great deal of additional work because you must use Active Directory Users and Computers to activate each account individually, then modify the properties of each user account individually to allow access to the mailbox by the new account.

For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base: Important If your Exchange Server 5.5 computer is in a different domain than the Exchange 2000 Server domain, you must establish a two-way trust between the domains.

Verify that your Domain Name System (DNS) configuration is properly updating your Active Directory. To do so:

1. Install Windows 2000 Support Tools if they are not already installed. You can find them on the Windows 2000 CD in the Support\Tools\Setup.exe folder.
2. Run Netdiag.exe on the server that is to host Exchange 2000 Server, and then ensure that all of the tests are passed.
3. Run Dcdiag.exe and Netdiag.exe on all domain controllers, and then ensure that all of the tests are passed.
4. From the server that is to host Exchange 2000 Server, run the nltest /dsgetsite command. A site name returns that contains no errors. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
   259427  (http://support.microsoft.com/kb/259427/ ) SETUP /FORESTPREP does not work when Windows 2000 sites are incorrectly defined
5. From the Exchange Server 5.5 computer, use the ping command to search for the short (NetBIOS) name of server in which you want to install Exchange 2000 Server. The response returns the fully qualified domain name (FQDN) of the server. For example, when you run the ping e2k command, the following data displays:
   pinging e2k.addomain.internal [192.168.1.10] with 32 bytes of data
   However, you expect the following data, which contains the NetBIOS name, to be displayed:
   pinging e2k [192.168.1.10] with 32 bytes of data
   If the FQDN does not appear, configure the proper name resolution for the Exchange Server 5.5 computer. This may require that the Exchange Server 5.5 computer that you are migrating from to point to your Windows 2000 DNS server for DNS.
   
   Note Other configurations are possible.

Verify that Microsoft Windows 2000 Service Pack 2 (SP2), the Simple Mail Transfer Protocol (SMTP) and Network News Transfer Protocol (NNTP) protocols are installed on the server in which Exchange 2000 Server is to be installed. In addition, verify that Microsoft Windows 2000 Service Pack 2 (SP2) is installed on all domain controllers.

Note Because Exchange 2000 Server is typically the first program installed in a Microsoft Windows 2000 domain that requires Active Directory to be properly updated by DNS dynamically with Server Resource Records, it is critical that DNS is properly configured. The DNS server referenced by the Exchange 2000 Server computer should be an internal DNS server. No external DNS servers should be referenced, other than as Forwarders in your internal DNS server's settings.

For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

Prepare Exchange Server 5.5 for migration

With Exchange 2000 you must have a one to one ratio of User Accounts to Mailboxes. If you do not have a one to one ratio, by default, the first time you run the Active Directory Connector (ADC), it will create disabled users in Active Directory if it cannot match a mailbox to a user.

In order to avoid the possibility of a User Account/Mailbox mismatch you can use the NTDSNoMatch utility (also known as NTDSATRB) to identify any mailboxes that would not be associated with a specific User Account by the ADC.

If you have a very large number of mailboxes requiring an update, you can use the .CSV file created by NTDSNoMATCH to set Custom Attribute 10 to NTDSNoMatch for the mailboxes that will not be associated with active user accounts. Or, preferably, if you have a smaller number of mailboxes requiring an update, you can manually create new User Accounts and associate them with mailboxes as needed, to create a one to one ratio. Then run the NTDSNoMATCH utility again to verify your work.

For the latest version of this utility, download the latest Exchange 2000 service pack and view the \Support\Utils\i386\Ntdsatrb folder for instructions and the executable file.
For additional information, click the following article number to view the article in the Microsoft Knowledge Base: On the Exchange Server 5.5 computer, run DS/IS Consistency Adjustment on the public folder store and on the Mailbox Store to remove "zombie" Access Control Entries (ACEs). To be effective, DS/IS must run on every server in every site. To run DS/IS Consistency Adjustment, perform the following steps:

1. In the Exchange Server 5.5 Administrator program, select a server that runs Exchange Server 5.5 and that contains a public information store.
2. On the File menu, click Properties, and then click the Advanced tab.
3. Click Consistency Adjuster.
4. In DS/IS Consistency Adjustment, click the Remove unknown user accounts from public folder permissions check box, click the Remove unknown user accounts from mailbox permissions check box, and then click the All inconsistencies button.
   
   Important Clear all other check boxes.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
Verify that only valid characters (Alpha/Numeric/hyphen) are used for Organization and Site name, and then change the display name if necessary. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
Verify that only valid characters (alpha, numeric, and hyphen) are used for the organization directory name and for the site directory name. The Exchange Server 5.5 organization directory name and site directory name must not contain characters that Exchange 2000 and Exchange 2003 do not support. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
Verify that all distribution lists (DLs) are configured for "Any Server in Site" for DL Expansion. You can perform this procedure manually or through a "best effort" utility named XChangeXS, which is available from Microsoft Product Support Services.

Prepare Active Directory for the installation of Exchange 2000 Server

Note We recommend that you have a Windows 2000 Native Mode Domain to host your Windows 2000 Distribution Groups, before you configure ADC Connection Agreements. Exchange 2000 uses Universal Security Groups (USGs) instead of Distribution Groups to access public folders, and USGs are available only in Windows 2000 Native Mode Domains. Failure to replicate your distribution lists (DLs) to a Windows 2000 Native Mode Domain may cause public folders to be inaccessible, unless all client permissions to public folders are reassigned without use of DLs. There are three possible methods to avoid this situation.

Method 1

The preferred method is to convert the Domain hosting your Windows 2000 DLs to Windows 2000 Native Mode by upgrading all NT 4.0 Domain Controllers to Windows 2000, or by removing them from use, leaving only Windows 2000 domain controllers.

Method 2

Create a temporary Windows 2000 Native Mode Child Domain; this can be done with one server, but it is better to have two. You can then configure a Recipient Connection Agreement for DLs (Distribution Lists) to this Native Mode Domain. As soon as you are able to convert your Domain to Windows 2000 Native Mode, you can replicate your DLs to this domain and remove the temporary Native Mode Domain.

Method 3

The least desirable method, and the most labor-intensive, is to remove all Distribution Groups from access to all Public Folders prior to replicating DLs with your Recipient Connection Agreement, and replace them with the individual user accounts that were in the DL. In some cases, where you have few Public Folders, this option can be used as a temporary work around until you are able to convert your Domain to Windows 2000 Native Mode. To do this on each Public Folder:

1. Open the Exchange 5.5 Administrator program.
2. Navigate to the Exchange 5.5 Server object.
3. Expand Public Information Store, and then expand Public Folder Resources.
4. Double-click the first public folder, and then click Properties.
5. On the General tab, click Client Permissions.
6. Check for any DLs that have been given client permissions to this Public folder. Remove any DLs, and then replace them with the individual user accounts that were in the DL.
7. Repeat steps 4 through 6 for all the Public folders.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

Install Active Directory Connector and configure a two-way Active Directory Connector Recipient Connection Agreement

Install the Exchange 2000 Active Directory Connector (ADC) from the Exchange 2000 Server CD-ROM, or preferably, install the latest version of the Exchange 2000 ADC from the latest Exchange 2000 Service Pack. ADC setup is located on Exchange 2000 SP2 at \server\adc\i386\setup.exe. You should install both the ADC, and the Management components. The ADC works best if installed on a GC (Global Catalog Server). Configure a two-way ADC RCA (Recipient Connection Agreement). For additional information, click the following article number to view the article in the Microsoft Knowledge Base: Run Exchange 2000 Server Setup with the ForestPrep and DomainPrep switches. The account used to run the /forestprep switch must have Schema Admin, Enterprise Admin, and Domain Admin rights in your Windows 2000 Domain, and at least view only permissions on the Site, and Configuration containers in the existing Exchange Server 5.5 organization. However, it is strongly recommended that you give this account the Role of Service Account Admin, at the Exchange 5.5 Organization, Site, and Configuration levels in Exchange 5.5 Admin. If there are several Exchange 5.5 servers in the site, allow time for them to replicate the new permissions.

After running /forestprep, verify that the Exchange Organization object is present in Active Directory Sites and Services. If the Services node is not visible, click View, click Show Services Node, click to expand the Services node, and then click to expand Microsoft Exchange to locate the Organization Object.

Install Exchange 2000 Server into the same site as the existing Exchange 5.5 Server

Note If you are installing Exchange 2000 cluster in an existing Exchange Server 5.5 organization, the Exchange 2000 cluster may not be the first Exchange 2000 server in a site, and the Exchange 2000 cluster may not be a bridgehead server. This is because the Exchange 2000 Site Replication Service (SRS) is not currently supported in a clustered environment, and Exchange 2000 requires an SRS to exist in a mixed Exchange 2000 and Exchange Server 5.5 environment.

Run the Setup.exe program for Exchange 2000 Server. After Setup completes, verify that the Microsoft Exchange services have started, and that the information store is mounted. Test functionality by creating a new Active Directory user account with a mailbox on the Exchange 2000 Server. Apply any Exchange 2000 Server Service Packs. Exchange 2000 Server Service Pack 2 (SP2) is currently released.

A Recipient Policy is automatically created in the Exchange System Manager, under Organization\Recipients\Recipient Policies. You will notice a Default Policy with a priority of Lowest. You may also have a Policy for the Exchange Site in which you have just installed Exchange 2000 Server marked with a higher priority. Right-click the highest priority policy, click Properties, click the Email Addresses(Policy) tab, and then verify that the primary SMTP address (in bold) is correct. If it is not, you can create an additional SMTP address if it is necessary, and then designate it as primary. Select the Recipient Policy designated as highest or you only have a default Recipient Policy, create a new Recipient Policy with a higher priority and modify the E-mail Addresses. If you create a new Recipient Policy, ensure that the filter rules on the General tab are correct.

Note Do not remove or modify the default Recipient Policy. If necessary you can modify the alias name created by Recipient Policy. A Recipient Update Service (RUS) is automatically created for the domain in which you installed Exchange 2000 Server. If you have any other domains that have user accounts that are to be mailbox enabled (Parent or Child Domain), you must create and configure a RUS for each of those additional Domains. To do so, navigate to the following location, and then select the appropriate domain:

Migration of mailboxes and public folders

1. Start the Exchange 5.5 Administrator program, and then connect to the Exchange Server 5.5 computer.
2. Locate the following folder, and then click Public Folder Resources:
   Organization\Site\Configuration\Server\ServerName\Public Information Store\Public Folder Resources
3. For each public folder in the right pane, click File, and then click Properties.
4. On the Replicas tab, make sure that only the Exchange 2000 Servers you are replicating the public folder to are listed on the right side under Replicate folders to. If the Exchange 2000 server is listed on the left side under Servers, click the Exchange 2000 server, and then click Add to move it to the right side.
5. Allow time for your public folder data to replicate to the Exchange 2000 server. The more data you have in public folders, the longer it will take. It can take hours or even days if you have a large amount of data. To verify that your public folders have replicated, follow these steps:
   1. Start Exchange System Manager.
   2. Locate your Exchange 2000 server's public folder store.
   3. Click Public Folder Instances. On the right side of the screen there appears all the public folders that have replicated to the Exchange 2000 server.
   4. Verify that the size (in KB) reported here is approximately the same as that which the Exchange Administrator utility reported for each folder on your Exchange 5.5 server. They should be approximately the same size when replication has completed.
6. To further verify the replication of public folder data has completed, follow these steps:
   1. Log on to an Outlook (MAPI) client that has a mailbox hosted on the Exchange 2000 Server.
   2. Temporarily stop the Information Store service on the Exchange Server 5.5 computer.
   3. Verify that you have access to all the public folders that have been replicated to the Exchange 2000 server from the Outlook client.
7. When all of your public folder data has been replicated to the Exchange 2000 server you can remove the replica from the Exchange Server 5.5 computer. To do so:
   1. Start the Exchange Server 5.5 Administrator program, and then connect to the Exchange Server 5.5 computer.
   2. Locate Public Folder Resources in the following folder in Exchange Administrator:
      Organization\Site\Configuration\Server\ServerName\Public Information Store\Public Folder Resources
   3. For each public folder in the right pane, click File, and then click Properties.
   4. On the Replicas tab, make sure that only the Exchange 2000 Servers that you are replicating the public folder to are listed on the right side under Replicate folders to. If the Exchange Server 5.5 computer is listed on the right side under Replicate folders to, click the Exchange Server 5.5 computer, and then click Remove, to move it to the left side, under Servers.

Following these steps not only replicate all public folders to the Exchange 2000 server, but also rehomes them to the Exchange 2000 server. Make sure that you also replicate your system folders, which include the following folders:

• Schedule+ Free Busy
• Offline Address Book
• Organizational Forms, if present

Move all mailboxes

Move all mailboxes to the new Exchange 2000 Server computer by using Active Directory Users and Computers. This task must be done from the Exchange 2000 Server computer, or from any system with the Active Directory Users and Computers MMC Snap In installed (such as a domain controller), and Exchange System Manager (ESM) installed.

Note During the time when the mailboxes are being moved, temporarily disable the Active Directory Connector (ADC) service, or temporarily set the Replication Schedule to Never in the properties of your Recipient Connection Agreements. This lets you avoid the possible issues that are described in the following Microsoft Knowledge Base article:

1. Click the Organizational Unit (OU), and then click User to select a single User, or in order select Multiple Users at one time for Move Mailbox, you can press the SHIFT or CTRL key.
2. Right-click the object or objects, click Exchange Tasks, click Move Mailbox and then click Next. This procedure initializes the Move Mailbox Wizard, which guides you through the process of moving the mailboxes to the appropriate Exchange 2000 Server and Mailbox Store.
3. Verify that all mailboxes have been removed by using the Exchange 5.5 Administrator program, at the server level, Private Information Store\Mailbox Resources. No mailboxes should be visible here.
4. All users must log on to their mailboxes to automatically update their exchange profiles to point to the new Exchange 2000 Server before you remove the computer running Exchange Server 5.5. If you remove the Exchange Server 5.5 computer before the users update their exchange profiles, you must visit each user desktop to manually update their Exchange Profile to point to the new Exchange 2000 Server.

Removal of the last Exchange Server 5.5 computer

Because both inbound and outbound Internet mail may have been flowing through the Exchange Server 5.5 computer, you must transfer these processes to Exchange 2000 Server before you remove Exchange Server 5.5.

To reroute incoming Internet e-mail to the Exchange 2000 Server computer

To reroute incoming e-mail, use one of the following methods:

• If you have a firewall that routes e-mail messages to a private IP address on your Exchange Server 5.5 computer, you can reconfigure your firewall to route e-mail messages to the private IP address of the Exchange 2000 Server computer.
• Swap IP addresses of the new Exchange 2000 Server computer and the old Exchange Server 5.5 computer. Note that this can result in some temporary name resolution issues on your network. After changing the IP address of the Exchange 2000 server you will need to update its records in DNS and AD. To do this, go to a command prompt, you must run the following commands:
  • IPCONFIG /FLUSHDNS
  • IPCONFIG /REGISTERDNS
  
  Then restart the NET LOGON service on the Exchange 2000 Server computer, and then restart the Exchange Server 5.5 computer.
• Alternatively, have your Internet Service Provider (ISP) update the mail exchange (MX) record to reference the new Exchange 2000 Server computer. You can expect incoming e-mail to be disrupted for at least three hours, and up to three days, while this update is replicated over the Internet.

Note If there is no SMTP connector on the computer that is running Exchange 2000 Server, mail cannot leave the site if you disable the Internet Mail Service (IMS). Because of this, you must create an SMTP connector on the computer that is running Exchange 2000 Server before you remove the Exchange Server 5.5 IMS.



To reroute outgoing Internet e-mail to the Exchange 2000 Server computer

To reroute outgoing Internet e-mail through the Exchange 2000 Server computer, follow the steps in the following Microsoft Knowledge Base article:

All outbound Internet e-mail now flows through the new bridgehead server. Locally-scoped address spaces are not permitted in Exchange 2000 Server environments. Only organization scopes and routing group scopes are permitted.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

Removing the last Exchange 5.5 Server computer

1. Stop Exchange 5.5 services, and then set the Microsoft Exchange System Attendant to disabled.
2. From the Exchange 2000 Server, use the Exchange 5.5 Administrator program. Make sure that you are using the Exchange 2000 Server version of the Exchange 5.5 Administrator program, which is an option that is installed from the Exchange 2000 Setup program. After you start this version of the Exchange 5.5 Administrator program, click Connect to Server on the File menu. Type the name of the Exchange 2000 Server computer, and then click OK.
3. Select the Exchange Sever 5.5 computer from the site by double-clicking the Site container, and then double-clicking the Servers container. Click the Exchange 5.5 servername. Click Edit, and then click Delete.
   
   For additional information about how to remove the last Exchange Server 5.5 computer from an Exchange 2000 Administrative Group, click the following article number to view the article in the Microsoft Knowledge Base:
   284148  (http://support.microsoft.com/kb/284148/ ) How to remove the last Exchange Server 5.5 computer from an Exchange 2000 administrative group
4. Locate Active Directory Connection Manager, right-click Configuration Connection Agreement (Config_CA), and then force replication by clicking Replicate Now.
5. You can now delete the ADC Recipient and Public Folder Connection Agreements for this site:
   
   Important If this is the last Exchange 5.5 server in your Organization, you can proceed with the remaining steps. However, if you have other Exchange 5.5 servers in your Organization, we strongly recommend that you keep all Site Replication Service (SRS) databases and Config_CA connection agreements in place until after you have removed the last Exchange 5.5 server from your Organization.
   
   If you remove an SRS database or a Config_CA connection agreement before you remove the last Exchange 5.5 server from an Organization, the result may be a non-supported configuration. This is primarily due to complications that may occur with re-arbitration of your Config_CA connection agreements as well as other issues.
   
   For more information on arbitration of the Config_CA, consult the following Microsoft Knowledge Base article: For additional information about arbitration of the Config_CA, click the following article number to view the article in the Microsoft Knowledge Base:
   315408  (http://support.microsoft.com/kb/315408/ ) How to control which Site Replication Services owns a site
6. Wait for the Exchange Server 5.5 computer to disappear from Exchange System Manager, and then use Exchange System Manager to delete the Site Replication Service, which is located in the following location:
   Organization\Tools\Site Replication Services\YourSiteReplicationService
7. This procedure deletes the Config_CA connection agreement and you can now delete the ADC Recipient and Public Folder Connection Agreements.
8. Use the Add/Remove Programs tool to remove the Active Directory Connection Manager.
9. You can now locate Exchange System Manager, click the Organization, click Properties, and then switch to native mode. To do so, under the General tab, click Change Mode.

For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
Note In the Application event log on the Exchange 2000 Server computer, you may see some event ID message 9318s from the message transfer agent (MTA) and event ID messages 1025s from the MSExchangeIS private information store after you apply these changes. These event ID messages are warnings that may be due to Name Resolution failure using cached DNS naming information in Active Directory. These event ID messages are typically removed in three to six days. Some customers have reported to have removed these warnings more quickly by rebooting their Global Catalog Servers.

For general recommendations when you migrate from Exchange Server 5.5 to Exchange 2000 Server, refer to the following document: "Upgrading Exchange Server 5.5 to Exchange 2000 Server." To obtain this document, visit the following Microsoft Web site:

For additional information, click the following article number to view the article in the Microsoft Knowledge Base: For additional information about how to configure DNS for Internet access in Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base: For additional information about frequently asked question about Window 2000 DNS, click the following article number to view the article in the Microsoft Knowledge Base: For additional information about documentation for the NTDSNoMatch utility, click the following article number to view the article in the Microsoft Knowledge Base: For additional information about invalid character errors that occur when you upgrade or join an Exchange Server 5.5 Site, click the following article number to view the article in the Microsoft Knowledge Base: For additional information about how to configure a two-way Recipient Connection Agreement for Exchange Server 5.5 users, click the following article number to view the article in the Microsoft Knowledge Base:

For more information about how to install Exchange 2000 Server SP2, obtain the Exchange 2000 Service Pack 2 Deployment Guide at the following Microsoft Web site: For additional information about how to customize the SMTP e-mail address generators through recipient policies, click the following article number to view the article in the Microsoft Knowledge Base: For additional information about locally scoped connectors that are not allowed in a mixed Exchange Server 5.5-Exchange 2000 Environment, click the following article number to view the article in the Microsoft Knowledge Base: For additional information about how to remove the last Exchange Server 5.5 computer from an Exchange 2000 administrative group, click the following article number to view the article in the Microsoft Knowledge Base: For additional information about how to remove the first Exchange Server in a site, click the following article numbers to view the articles in the Microsoft Knowledge Base: For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base: For general recommendations when you migrate from Exchange 5.5 Server to Exchange 2000 Server, refer to the following: