Transitioning from an Exchange 2003 to an Exchange 2007 environment

There is no shortage of information out there on transitioning from Exchange 2000 or Exchange 2003 to an Exchange 2007 environment, although when performing the transition myself I found myself relying upon multiple resources to get the job done. Specifically, one of the things that was a problem for me was the fact that there is no real process to “upgrade” to Exchange 2007 retaining your old server name (a problem for third party issues SSL certificates).

I’ve run through the transition in a lab environment three times to capture all of the required steps (and hopefully the most common transitioning problems) in order to create a guide on performing this in your own environment.

There are a few assumptions with this guide (you can factor in any differences pretty easily):

  • This is an Exchange 2003 on Windows Server 2003 to Exchange 2007 on Windows Server 2008 transition process
  • This is a single server exchange environment transitioning to another single server environment
  • The environment uses RPC/HTTPS (now called Outlook Anywhere) for all client access

This guide will also include a transition from your legacy Exchange 2003 environment, to a temporary Exchange  2007 server, and then a migration from that temporary server to a new Exchange 2007 server of the same name as your legacy Exchange 2003 server. A quick summary:

  • Existing Exchange 2003 server (I will refer to this as the legacy server) migrating to…
  • Temporary Exchange 2007 server (I will refer to this as the temporary server) migrating to…
  • New Exchange 2007 server (I will refer to this as the new server) and that’s the end of the line

So let’s get started…

  • Export your SSL certificate (if you have a trusted third party issued certificate) from the legacy server to a .pfx file and copy this .pfx file to a file share to be accessible at the end of the transition
  • Ensure that the account to perform the transition is a Domain Administrator and a Schema Admin
  • Ensure that the legacy server has at least Exchange 2003 SP2 applied
  • Ensure that the schema master domain controller, and any global catalog servers in the same site as the Exchange server have at least Windows 2003 SP1 applied
  • Ensure that the domain functional level is Windows Server 2000 native or higher
  • Add the following registry key to the legacy server

HKLM\SYSTEM\CurrentControlSet\Services\RESvc\Parameters\SuppressStateChanges = 1 (DWORD)

  • Provision the temporary server using Windows Server 2008 and join to the domain
  • Install Windows Powershell, Remote Server Administration Tools (RSAT) and issue the following commands to install IIS dependencies dependencies:

ServerManagerCmd -i Web-Server
ServerManagerCmd -i Web-Dyn-Compression
ServerManagerCmd -i Web-Stat-Compression
ServerManagerCmd -i Web-Basic-Auth
ServerManagerCmd -i Web-Windows-Auth
ServerManagerCmd -i Web-Digest-Auth

  • Install the Exchange Best Practices Analyzer (ExBPA) on any server that has an internet connection and access to the domain controllers, and run an Exchange 2007 readiness check to determine if there are any warnings or recommendations
  • Run /PrepareAD from the Exchange 2007 install media (make sure to “Run as Administrator” if UAC is turned on)
  • Install Exchange 2007 on the temporary server as a “Typical Exchange Server Installation” and select the legacy Exchange server when prompted for mail flow settings (make sure to “Run as Administrator” if UAC is turned on)
  • Using the Exchange Management Console (EMC) on the temporary server, migrate all mailboxes using the “Recipient Configuration | Mailbox” menu
  • Remove all mailbox databases from the legacy server
  • Ensure that the new mailbox databases are configured to use the new public folder database as their default
  • Migrate all public folder replicas by running moveallreplicas.ps1 –server <legacyserver> -newserver <temporaryserver> from the temporary server
  • Wait for all of the records under the “Public Folder Instances” node in the public folder database in ESM to disappear on the legacy server (this can take a while, sometimes days to complete depending on the amount of data)
  • Using Exchange Server Manager (ESM) on the legacy server, create a new “Public Folder Container” directly under the new Exchange 2007 administrative group
  • Drag the existing “Public Folders” tree under the “Folders” tree in the new administrative group
  • Remove the public folder store from the legacy server, selecting the temporary server’s public folder database when prompted for a new store
  • Remove all storage groups from the legacy server
  • Remove the routing group connectors that were created during the Exchange 2007 install, using ESM on the legacy server, under both the legacy and the new administrative groups
  • Delete the domain and enterprise Recipient Update Services (RUS) object using adsiedit.msc
  • Uninstall Exchange 2003 from the legacy server
  • Using adsiedit.msc on the temporary server, delete the legacy administrative group
  • Delete the legacy Exchange Domain Servers and Exchange Enterprise Servers groups (if they aren’t being used for other custom purposes in your environment)
  • If the legacy server is being entirely decommissioned, remove it from the domain and shut it down
  • Provision the new server using Windows Server 2008 and join to the domain
  • Install Windows Powershell and the IIS dependencies as per the temporary server build
  • Install Exchange 2007 on the new server as a “Typical Exchange Server Installation”
  • Install the latest Exchange 2007 updates, including service packs and update rollups (this is important) and then restart the server
  • Rename the storage group and mailbox databases as desired
  • Configure the location for the storage group and mailbox database as desired
  • Create a new public folder database with the desired name and location
  • Migrate all mailboxes from the temporary server to the new server using the “Recipient Configuration | Mailbox” menu
  • Remove the mailbox database(s) from the temporary server
  • Change the default public folder database on the mailbox database(s) on the new server to be the new public folder database (it’s under the “Client Settings” tab of the mailbox database properties)
  • Move all offline address book by running Move-OfflineAddressBook -identity “\<oabname>” -server <newserver> -confirm:$false
  • From the temporary server, move all public folder replicas to the new server by running moveallreplicas.ps1 –server <temporaryserver> -newserver <newserver>
  • Monitor the status of the replica move by running Get-PublicFolderStatistics -server <temporaryserver> until no items are returned, or you can append | Measure-Object -Line to count the number of lines returned to monitor the public folders moving (this can take hours, days or weeks depending on the amount of data)
  • Remove the public folder database from the temporary server
  • Remove Exchange 2007 from the temporary server, remove the server from the domain and shut down
  • Create a new wildcard (*) send connector using the “Organization Configuration | Hub Transport” menu
  • Configure the “Default <servername>” receive connector to allow “Anonymous users” to connect using the “Server Configuration | Hub Transport” menu
  • Copy the exported .pfx file from earlier and use the “Server Certificates” option on the parent node in IIS7 to import the certificate
  • Change the certificate used by OWA by selecting the Default Web Site, clicking the “Bindings” menu on the right hand side, and editing “https”
  • Select the imported certificate from the drop-down box and save settings
  • Install the “RPC over HTTP Proxy” feature
  • Enable Outlook Anywhere using the “Server Configuration | Client Access” menu in EMC on the new server, right clicking on the server and selecting “Enable Outlook Anywhere”
  • Allow 15 minutes before testing (check the event logs for event ID 3006 which indicates that Outlook Anywhere is configured)
  • Edit the hosts file to comment out the IPv6 localhost line (::1) and add the following lines <hostname> <hostname.domain>

  • Restart the new server and test the connection

I have a fairly complicated environment regarding permissions, address lists and the like, so I found that I had to go through and make sure that my showInAddressBook attributes were set correctly on all of my mailboxes (the address lists were fine, but the global address lists were not). This may not be an issue in your environment, but feel free to drop me a line if you’re having issues.

Leave a Reply

Your email address will not be published. Required fields are marked *