TECH: Exchange Migration and permissions testing
Posted by Joe
This posting will review the approach taken in a test environment to accomplish a simulation migration of our existing NT4 domain to server 2003 with Exchange 2003. All work was done offline on a private network IP scheme on an isolated switch to prevent communication problems with the production network. Access was limited to a hardwired laptop and a test desktop. Testing was performedwith a user/mailbox on Exchange 5.5, and another user/mailbox on Exchange 2003. Migration Process
The following are the steps in order that were used to perform a test migration of the NT4 domain. Directory exports from Exchange 5.5 were used to re-create the Exchange 5.5 Directory in a test environment.
? Initial NT4 PDC was create for the domain utilizing VMWARE and was updated to SP6A. Names utilized were duplicates of production network.
? Two additional NT4 BDCs were created;one to simulate a BDC, the other was create to perform the upgrade to Server 2003 and AD. Both were installed as BDCs and were updated to SP6A.
? Three NT4 member servers were created for use with Exchange 5.5. All were installed as member servers, and updated to SP6A. Each server was named the same as in production.
? Exchange 5.5 was installed on a member NT4 server, creating a duplicate of our existing Exchange 5.5 system. Org and site names were duplicated from Production.
? Exports of the Exchange Directory were imported and were also used to create the NT4 user accounts/mailboxes used in production. This populated the NT4 user database with usernames and blank passwords. New Mailboxes were created for users on their respective servers
? A test workstation was setup on the test NT4 domain. An exchange outlook profile was created for the exchange 5.5 user.
? Tests were performed to verify that DLs and inter-org mail flow was working.
? The last NT4 BDC that was created initially was promoted to a PDC (automatically making the original PDC a BDC).
? The OS on the new PDC was upgraded to Server 2003.
? The Active Directory Installation Wizard was run to upgrade our domain to AD.
? The AD wizard installed DNS locally on the PDC, but HOSTS files were still maintained on all NT4 servers, just as in production.
? A desktop was hardwired to the isolated switch and setup as an AD-client using a user account in AD. This was to verify that AD had successfully upgraded our NT4 domain to AD.
? A new server was installed also using VMWARE using server 2003 operating system. Server was installed as a member server of the AD domain. This was for use with the migration to Exchange 2003. SP1 was installed on the server and all updates and patches were applied.
? A temporary OU was created in AD to house the objects from the ADC replication process.
? Exchange 2003 was installed on this new 2003 server, along with the ADC and SRS. This new Exchange 2003 server was joined to our existing Exchange 5.5 site.
? The ADC replicated all Exchange 5.5 objects such as DLs, custom recipients, etc, into AD. The DLs were replicated to AD as universal distribution groups.
? Testing was performed between Exchange 5.5 users and Exchange 2003 users to verify mail flow and DL functionality. All tests completed successfully. No loss of public folder permissions was experienced. Although error 9552 in the Exchange 2003 server event log was experienced. But no loss of permissions was observed.
The above information was a test of a migration approach for an NT4 domain to Active Directory in a mixed mode domain. DLs are used in Exchange 5.5 public folders as security objects. Technically, when the ADC replicated the Exchange 5.5 DLs to AD as Universal Distribution Groups, once a user accesses a public folder where a DL is used as a security object, that Universal Distribution Group should automatically get converted to a Universal Security Group. However, since our domain is in mixed mode, this conversion failed. The result should have been a loss of all permissions on the public folder in question, leaving only the owner with any permissions to the folder. What I found in this test is that everything still worked, users of both Exchange 5.5 and Exchange 2003 were able to use the public folders without a problem. I called Microsoft support on this issue and they were not able to explain why this worked, as they agreed with their KB articles that it should have caused permissions problems on all public folders using DLs on the client permissions of public folders.]]>
About JoeI am the author of this blog, IT engineer, husband, father, and somewhat of a nerd.
Posted on April 4, 2006, in Job related and tagged active directory, data, DNS, exchange, installation, IP, LAN, liz, loss, Microsoft, migration, network, old, review, security, server, sing, tech. Bookmark the permalink. Comments Off on TECH: Exchange Migration and permissions testing.
Comments are closed.