What order - steps

[Ganners]

I have an Exchange 5.5 Server (SP4) running on NT4 SP6 BDC. I need to:
1. Migrate the server to Windows 2000
2. Change the domain/AD information (we are amalgamating)
3. Change the service account/password

So far my testing hasn't gone too well - I keep hitting security problems.

Has anyone done this - what order should I use?

Ganners

 

[aliciaJ]

Ganners -
Here's GREAT site with step by step for moving an exchange server:

http://www.swinc.com/resource/exch_faq_appxa.htm

(you'll see on the right column other good links, too, including how to change the service account password.)

Ed Crowley will step you through it and reference a couple of other MS Q articles as well. I'll add one more Q: Q189286 talks about how to del a server from a site.

These steps will get you to a new server (different hardware, which I assume you have since you said "migrate" and not "upgrade" - sorry if this is inaccurate for your purposes.)
On your new hardware, I'd suggest Win 2000 member server (unless you're crunched for hardware, best suggestion is to NOT have exchange running on a NT4 BDC or a W2K DC). You'll want this new server as part of your old domain for the time being until you get everything settled.

As for moving the Exchange server into the Active Directory (AD) - there are lots of possible gottcha's - you're probably going to want to do a lot of reading and/or hire a consultant. The details will revolve around how you move your users to AD - whether you have "SID history" which is dependent upon whether you're W2K native mode. One major issue around this is whether your new users (new SID's) in AD will still have permissions to their Exchange 5.5 mailboxes. If you have only a handful of users, you can manually go and update this "primary NT account" on each mailbox to the new AD user account. Otherwise, you could be in for some headaches.

For your reading/reference purposes, I would suggest this book: "Windows 2000 Active Directory" by Alistair G. Lowe-norris, pub by O'Reilly. It's about $40(US), but well worth it.

Sorry this post won't answer all your inquires, but perhaps it will get you started. Your questions actually involve an entire project scope! Good luck!
aliciaJ

 

[Ganners]

Alicia
Thanks for your reply.

I guess there is a lot to it. Basically we are amalgamating a multi-domain model under NT4 into a single domain model under Win2k/AD and we are the domain that's being retired! The structure for Exchange already exists and isn't changing - so its the underlying security model for the Exch database that I need to address.

I was always told that Exchange was better on a BDC (although recent events have illustrated that it may be better on a member!) because of the integrated security (per mailbox) and the number of accesses to the SAM.

Ganners

 

[aliciaJ]

Greetings -
Yes, we're moving from 5 NT domains to one AD domain as well. It's a huge project.

Yes, our 5.5 email servers (I inherited them all) are running on BDC's also - but as you and I have found out - it's no so pretty for conversion. The 2 consultants I've talked to about moving 5.5 to W2K servers say to not put it on a W2K DC, but to instead put it on memeber servers.

And for a while, we are actually going to leave these as memeber servers of the old domains and set up trusts to the new AD (while using SID history on the new AD users to access their mailboxes).

Best of luck to you.
aliciaJ