In-Place Upgrade From Microsoft Exchange 5.5 To Microsoft Exchange 2000

In-Place Upgrade from Microsoft®
Exchange 5.5 to Microsoft®

Exchange 2000
White Paper
Published: May 2001
Copyright
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the
date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment
on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This white paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE
INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this
document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft
Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in
this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does
not give you any license to these patents, trademarks, copyrights, or other intellectual property.
Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places
and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, email
address, logo, person, place or event is intended or should be inferred.
 2001 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, Outlook, Win32, Windows, and Windows NT are either registered trademarks or trademarks of Microsoft
Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Table of Contents
Introduction 4
Upgrade Overview ................................................................................................ 4
Prepare Your Exchange 5.5 Organization .................................................................. 5

Install Windows 2000 Service Pack 2 on All Domain Controller and Global Catalog
Servers ........................................................................................................... 5
Ensure That At Least One Domain in the Forest Is in Native Mode ............................ 6
Verify the Service Pack Level of Your Exchange 5.5 Server...................................... 6
Check the LDAP Port.......................................................................................... 6
Remove Invalid Characters from the Organization and Site Display Names ................ 7
Set Permissions So That the Server Can Be Upgraded ............................................ 7
Use the NTDSAtrb Utility .................................................................................... 8
Run the MTACheck Utility ................................................................................... 9
Run the Knowledge Consistency Checker .............................................................. 9
Remove Unused Access Control Entries ................................................................ 9
Verify Available Disk Space .............................................................................. 10
Perform an Online Backup ................................................................................ 10
Prepare Your Microsoft Active Directory Directory Services........................................ 11

Install the Windows 2000 Support Tools ............................................................. 11
Use the NLTEST Utility ..................................................................................... 11
Install the First Instance of the ADC Service ....................................................... 12
Create ADC Connection Agreements .................................................................. 13
Verify That All Connection Agreements Have Replicated........................................ 14
Prepare the Forest with the Setup /ForestPrep Command...................................... 14
Wait for the Exchange 2000 Schema Extensions to Replicate ................................. 15
Prepare Each Domain with the Setup /DomainPrep Command................................ 16
Wait for DomainPrep Replication ....................................................................... 17
Test DomainPrep Policy Replication.................................................................... 18
Perform Final Preinstallation Tasks..................................................................... 18
Upgrade Your Exchange 5.5 Server ....................................................................... 19
Conclusion......................................................................................................... 21
Appendix ........................................................................................................... 23
Related Knowledge Base Articles ....................................................................... 23
Additional Resources ....................................................................................... 24
In-Place Upgrade from Microsoft
Exchange 5.5 to Microsoft Exchange 2000
White Paper
Published: May 2001
For the latest information, please see http://www.microsoft.com/exchange/.
Introduction
This white paper will walk you through an in-place upgrade from Microsoft®
Exchange 5.5 to Microsoft Exchange 2000 in a single server, single site
environment. The steps in this document should be followed in sequence and
none should be omitted. By the end of this document, you should have a
functional Exchange 2000 server with users able to log on and send mail to other
users on the same server.
This document does not cover configuring Internet mail flow, Microsoft Outlook™
Web Access, Exchange 2000 Conferencing Server, Instant Messaging, Chat, or
hosting mail for multiple domains.
Upgrade Overview
The in-place upgrade is one of several methods you can use in migrating from
Exchange 5.5 and Exchange 2000. Two other frequently used methods are the
Move Mailbox method and the Swing method.
The Move Mailbox method involves installing a new Exchange 2000 server into
the Exchange 5.5 site, and then moving mailboxes and public folders from the
Exchange 5.5 server to the Exchange 2000 server. This option works best when
you are planning to move your Exchange organization to newer hardware. It may
also decrease downtime and increase fault tolerance because your users stay
online throughout the process.
For additional information about the Move Mailbox method, see the following
Microsoft Knowledge Base article:
• Q259712 XADM: Upgrading to Exchange 2000--the Move Mailbox Method

http://support.microsoft.com/support/kb/articles/q259/7/12.asp
The Swing method is similar to the Move Mailbox method. You follow the same
procedure as the Move Mailbox method, and then perform an in-place upgrade of
your original server and move the mailboxes and public folders back. This method
is appropriate if you have the hardware to temporarily host your Exchange
organization, but do not want to keep it on that hardware permanently.
In-Place Upgrade from Microsoft Exchange 5.5 to Microsoft Exchange 2000 5
For additional information about the Swing method, see the following Microsoft
Knowledge Base article:
• Q264879 XADM: Upgrading to Exchange 2000--the Swing Upgrade

Method
The in-place upgrade method, as detailed in this white paper, includes the
following major steps, each of which is presented more fully in this paper:
1. Prepare your Exchange 5.5 organization
2. Prepare your Microsoft Active Directory™ directory services
3. Upgrade your Exchange 5.5 server
Prepare Your Exchange 5.5 Organization

When you prepare your Exchange 5.5 organization for an in-place upgrade to
Exchange 2000, you will use the following steps:
1. Install Windows® 2000 Service Pack 2 on all domain controller and global
catalog servers.
2. Ensure that at least one domain in the forest is in native mode.
3. Verify the service pack level of your Exchange 5.5 server.
4. Check the LDAP port.
5. Remove invalid characters from the organization and site display names.
6. Set permissions so that the server can be upgraded.
7. Use the NTDSAtrb utility.
8. Run the MTACheck utility.
9. Run the Knowledge Consistency Checker.
10. Remove unused access control entries.
11. Verify available disk space.
12. Perform an online backup.
Install Windows 2000 Service Pack 2 on All Domain Controller

and Global Catalog Servers
Although the Exchange 2000 Setup program is hard-coded to look for the Service
Pack 1 (SP1) installation on the local computer, it does not physically check the
domain controllers in your environment to see if they are running the latest
service pack and hotfixes. You need to have a good process in place to ensure
that your servers are kept up-to-date. Various problems may arise if some of
your domain controllers are not running the latest service pack. These problems
can range from intermittent non-delivery reports (NDRs) to serious performance
problems.
As of the publication date of this white paper, the recommended set of fixes for
all servers (Exchange 2000, Active Directory Connector (ADC), Conferencing
Server, domain controllers, and global catalogs) is:
• Windows 2000 Service Pack 2
Ensure That At Least One Domain in the Forest Is in Native Mode
At least one of your Active Directory domains must be in native mode. This
requirement allows Exchange 5.5 distribution lists to be mapped to universal
distribution groups and universal security groups in Active Directory. You will
configure the Active Directory Connector (ADC) to replicate distribution list
objects into this native mode domain. The ADC is hard-coded to create universal
distribution groups, but the Exchange Store.exe process can and will convert
these to universal security groups on an as-needed basis. Universal security
groups can only exist in native mode domains. If these objects exist in a mixed
mode domain, the conversion will fail, an error will be logged, and your public
folder permissions will fail.
If you already have a native mode domain in your forest, you can use this domain
for your Exchange 2000 deployment. If all of your domains are in mixed mode,
you will either need to switch at least one of them to native mode, or create a
new native mode domain.
In most enterprise organizations, the root domain normally consists of Windows

2000 servers only, and is a prime candidate for native mode. However, most
companies have decided to reserve the root domain for system objects only.
More information can be found in the “Microsoft Exchange 2000 Internals: Group
Objects” white paper located at
http://www.microsoft.com/exchange/techinfo/deployment/2000/E2KGroups.a
sp
Verify the Service Pack Level of Your Exchange 5.5 Server
An in-place upgrade is only supported if the Exchange 5.5 server is running

Service Pack 3 (SP3) or later. You must upgrade the server to at least SP3 to
begin the upgrade to Exchange 2000.
Check the LDAP Port
If Exchange 5.5 is installed on a domain controller, you must change the

Lightweight Directory Access Protocol (LDAP) port that Exchange 5.5 uses. Active
Directory uses port 389 for LDAP, which prevents Exchange from using that port
to communicate with the ADC. You can change the LDAP port that Exchange uses
in Exchange 5.5 Administrator. Under your site and configuration container, select
the protocols object. LDAP configuration should appear in the right pane of the
screen. You can then change the LDAP port in the properties of the LDAP object.
Generally, you can use port 390 for the LDAP port, unless you are running any
other applications that use 390. At a command prompt, run netstat –an to verify
that port 390 is not in use. After changing the LDAP port, you must restart the
Exchange 5.5 services for the changes to take effect.
Remove Invalid Characters from the Organization and Site

Display Names
All objects in Exchange 5.5 have two names: directory (internal) and display
(external). The directory name is used to make up the X.500-like distinguished
name of an object (for example, /o=Microsoft/ou=Redmond); whereas, the
display name is the friendly name seen within Exchange Administrator. You
cannot change the internal directory name of an object after it exists, but you can
change the display names whenever you want.
Exchange 2000 places strict limitations on the common name value of objects
stored in Active Directory. Because of this restriction, you may need to rename
either your existing Exchange 5.5 organization or site names, or both. The
following characters are allowed in Exchange 2000 names:
• A–Z
• a–z
• 0–9
• dash/hyphen
• space
For example, you may have parenthesis or brackets in your existing organization
or site name. If so, you’ll need to change the display names of these objects
before you install your first Exchange 2000 server. If you do not change these
names before running ForestPrep, an error will occur. But it’s very easy to change
the display (external) names of these objects in Exchange 5.5. The directory
(internal) name of the object will not and cannot be changed; however, this is not
a problem because the directory names for these objects are stored in the
legacyExchangeDN attribute of the equivalent object in Active Directory.
Be sure to write down both the display and directory names of both your
organization and site; you will need these names later.
Note If you need to change either the organization or site display names,
you must remove the Internet Mail Service before starting the upgrade. If you
do not, Exchange 2000 Setup may fail. Write down any custom configuration
information you may have added, such as smart host, address spaces, or
delivery restrictions. Then, in the Connections container, click Internet Mail
Service, and then click Delete.
Set Permissions So That the Server Can Be Upgraded
The account used to run the /ForestPrep switch and your first Exchange 2000
installation needs to have at least view only permissions on the site and
configuration containers in the existing Exchange 5.5 organization. The “Exchange
2000 Internals: Permissions Guide” white paper outlines the permissions required
in both Active Directory and Exchange 5.5 directory to perform such operations.
This document can be found at:
http://www.microsoft.com/exchange/techinfo/administration/2000/e2kpermm
isions.asp
Use the NTDSAtrb Utility
It is not uncommon for Exchange 5.5 administrators to create resource mailboxes

and map these to the same primary Windows NT® 4.0 account. Although this
configuration is valid for Exchange 5.5, with Exchange 2000 and Active Directory,
each mailbox must have its own logon account.
If you do not proactively research and fix these duplicate account mappings, the
ADC may perform incorrect object matching. For example:
The following Exchange 5.5 mailboxes are all mapped to the Active Directory
account “Jeff Smith”:
• Jeff Smith
• Conference Room 1
• Conference Room 2 (Video)
The ADC is responsible for matching Jeff’s mailbox and Active Directory account
(and uploading attribute information such as his telephone number). However,
because more than one mailbox is mapped to the Active Directory account, the
ADC cannot work out which mailbox actually holds Jeff’s personal e-mail. In this
scenario the ADC will take the first mailbox in the alphabetical list and match it up
(in this case, Conference Room 1). The ADC will then generate Application Log
errors for the other mailboxes. If you find yourself in the situation where the ADC
has matched the wrong accounts, you will need to remove the
msExchADCGlobalNames attribute from the Active Directory account (using a
tool such as LDP), and remove the ADC-Global-Names attribute from the
Exchange 5.5 mailbox (using the Exchange 5.5 Administrator program in raw
mode).
The easiest way to work out which accounts are mapped to multiple mailboxes is
to run the NTDSAtrb utility. This utility is included in Exchange 2000 Service Pack
1 and later service packs.
To run the tool, use the following steps:
1. Unzip the files to a new folder.
2. Run the Setup program.
3. Open a command prompt and switch to the directory that NTDSAtrb was
installed to
4. Type the following line at the command prompt:
ntdsatrb <Exchange 5.5 server name>: <LDAP port number (if

changed from 389)>
Depending on the size of your Exchange organization, the tool may take up to
several hours to complete. Ultimately, you will have a list of all multiple mailbox
mappings. By default, NTDSAtrb puts the output file in the same directory as the
NTDSAtrb utility and names it Ntdsnomatch.csv. Use either Microsoft® Notepad or
Microsoft® Excel to review the output file and, for each resource mailbox, add the
NTDSNoMatch string to custom attribute 10 of the object in Exchange 5.5
Administrator. When the ADC attempts to replicate the mailbox to Active
Directory, this string will inform the ADC not to try to match the account with an
existing account, even if a good mapping can be made. Instead, the ADC will
create a new Active Directory object for the resource mailbox. The type of object
created will depend on the way that you’ve configured the ADC connection
agreement. By default, a disabled Windows user account will be created. If
preferred, you can inform the ADC instead to create a contact object; use the
alternate string of NTDSContact in custom attribute 10 to create this contact
object.
For more information on NTDSAtrb, see the following Microsoft Knowledge Base
Article:
• Q274173 XADM: Documentation for the NTDSNoMatch Utility

Run the MTACheck Utility
Before you run the MTACheck utility, stop the Microsoft Exchange Message
Transfer Agent service on your Exchange 5.5 server, and back up your
exchsrvr\Mtadata directory on all drives. Then run MTACheck from the
exchsrvr\bin directory on that server. Use the following syntax for this utility:
MTACheck /v
If you encounter any issues when you run this utility, resolve the issues and then
run the utility again.
Run the Knowledge Consistency Checker
Run the Exchange Knowledge Consistency Checker (KCC) on your Exchange 5.5
server. To run the KCC, perform the following steps:
1. Open the Exchange Server Administrator program, and connect to the

server.
2. Click to expand the Organization container, click to expand the Site

container, click to expand the Configuration container, and then click the
server object.
3. In the right pane, click the directory service icon and open the properties.
4. On the General tab, click the Check Now button next to Check
knowledge consistency.
Remove Unused Access Control Entries
Before you install your first Exchange 2000 server, you’ll need to remove unused
access control entries (ACEs) from your Exchange 5.5 public folders. Unused
entries exist when an object such as a mailbox has permissions on a public folder
resource, but then the object is deleted. The ACE on the public folder will not be
removed. In a pure Exchange 5.5 environment, the unused entries do not cause
any problems; however, when the public folder hierarchy replicates to Exchange
2000, the Store.exe process will attempt to convert all Exchange 5.5 ACEs into
Active Directory security principals (SIDs). As the unused entries won’t be
present within Active Directory, the ACE cannot be converted, which means that
the access control list (ACL) will not be converted, which means that the public
folder will be inaccessible to all Exchange 2000 users.
Additional information about public folder permissions is available in the

“Microsoft Exchange 2000 Internals: Group Objects” white paper available on the
Web at:
http://www.microsoft.com/exchange/techinfo/deployment/2000/e2kgroups.as
p
Unused entries can be removed by running the DS/IS consistency adjuster from
the Exchange 5.5 Administrator program. To find the consistency adjustor, go to
the properties page of the server object, and then click the Advanced tab. It’s
important that you choose to remove only the unknown permissions from
mailboxes and public folders. Selecting the other options in the consistency
adjuster can cause unwanted effects, such as DS/IS forcibly changing the home
server of one or more public folders and removing the permissions from the
public folders. Also be sure to filter for all inconsistencies by using the radio
button at the bottom of the window. For more information on the possible side
effects of running the Consistency Adjuster, see the following Microsoft
Knowledge Base Article:
• Q156705 XADM: Site Tear-Down Causes Public Folders to be Re-homed

Verify Available Disk Space
The upgrade process requires free space equal to at least 30 percent of the
combined size of the Priv.edb and Pub.edb files on the partition that contains your
transaction logs. If your Priv.edb file is 8 GB, your Pub.edb file is 2 GB, your
databases are on drive C, and your transaction logs are on drive D, you will need
at least 3 GB of free space on drive D. You can verify the partition where the
databases and transaction logs are stored in Exchange 5.5 Administrator. Go to
the properties of the Exchange 5.5 server and click the Database Paths tab.
If you currently do not have enough free disk space, there are several options
that you can try. First, perform a full backup of your Exchange server. This
backup should purge most of your transaction logs from you hard disk. If still
needed, you can use Performance Optimizer to move the transaction log location
to another partition with sufficient disk space. Another option is to perform an
offline defragmentation of the databases to potentially decrease the database
size.
Perform an Online Backup
Before you continue with the upgrade process, make an online backup of the
Exchange 5.5 Directory Service and Information Store. Also, create a Windows
2000-level backup of the rest of the system. Include the registry and system
state information in this backup. These backups will give you a rollback position in
case you need to fully recover the server to the point before you started the
installation.
Prepare Your Microsoft Active Directory Directory

Services
When you prepare your Microsoft Active Directory directory services, you will use
the following steps:
1. Install the Windows 2000 Support Tools.
2. Use the NLTEST Utility.
3. Install the first instance of the ADC service.
4. Create ADC connection agreements.
5. Verify that all connection agreements have replicated.
6. Prepare the forest with the setup /ForestPrep command.
7. Wait for the Exchange 2000 schema extensions to replicate.
8. Prepare each domain with the setup /DomainPrep command.
9. Wait for DomainPrep replication.
10. Test DomainPrep policy replication.
11. Perform final preinstallation tasks.
Install the Windows 2000 Support Tools
During the upgrade process, you will use several tools that are part of the
Windows 2000 Support Tools. To install these tools, follow these steps:
1. Insert the Windows 2000 CD-ROM.
2. Browse to Support\Tools.
3. Run Setup.exe in this folder.
4. Select a typical installation. The default installation path is

Systemdrive:\Program Files\Support Tools.
Use the NLTEST Utility
The Exchange 2000 Setup program makes rigorous checks on Active Directory to
ensure that it is configured correctly. Regardless of how long Active Directory has
been installed and running without any problems, Exchange Setup fails if Active
Directory has been configured incorrectly.
The first set of checks that Setup performs is to query Active Directory through
the Directory Service Locator service to ensure that the local server is in a valid
Active Directory site. One of the most common configuration errors is one in
which the Active Directory administrator has changed the name of the first site
(the default name is Default-First-Site-Name) without defining the subnets for the
site. You can avoid this type of setup failure by using the NLTEST utility. This
utility is shipped as part of the Windows 2000 Support Tools. NLTEST uses the
same Win32® API calls as the Exchange 2000 Setup program; therefore, if
NLTEST returns an error, so will Exchange Setup.
For the first check, use NLTEST with the /dsgetsite command-line switch. If the
server can find its own Active Directory site name, it will return a simple string of
text. For example:
C:\>nltest /dsgetsite
Default-First-Site-Name
The command completed successfully
If you see an error instead, look closely at your site and subnet definitions. You
will need to resolve the issue before installing your Exchange 2000 server.
At this point, perform some more extensive tests to ensure that you can read
information about your local domain, and the forest root. For this test, use
NLTEST with the /dsgetdc<your-domain-here> switch. For example:
C:\>nltest /dsgetdc:xg
DC: \\DC-007
Address: \\157.58.36.242
Dom Guid: ef453e9b-fc67-4dbc-8fb2-4f84404a7770
Dom Name: XG
Forest Name: xg.exchange.microsoft.com
DC Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_FOREST CLOSE_SITE
The meaning of some of the information is obvious. The Flags section is

interesting because it shows which services the local domain controller is running.
If your Exchange 2000 server is a domain controller more than likely, the
/dsgetdc switch will return data about the local computer. If your Exchange
2000 server is a member of the domain, NLTEST will use the DSGetDCName
Win32 API call to find the closest domain controller.
Finally, the last command-line switch that you may want to use with NLTEST is
/dclist:<your-domain-here>. This switch will provide you with a complete list
of domain controllers for the domain name that you specify. Additionally, you can
see the primary domain controller (PDC) emulator for the domain. For example:
C:\>nltest /dclist:xg
Get list of DCs in domain 'xg' from '\\DC-007'.
DC-007.xg.exchange.microsoft.com [PDC] [DS] Site: Default-First-
Site-Name
If the results from NLTEST don’t return any errors, it is likely that Active Directory
and DNS have been configured correctly in your environment and your Exchange
2000 implementation should now go more smoothly.
Install the First Instance of the ADC Service
The task of the ADC is to replicate directory information (such as users,

mailboxes, and groups) between the Exchange 5.5 directory and Active Directory.
The ADC service itself relies on the administrator to define connection
agreements. These agreements name the servers involved in the replication
cycle, which direction to replicate, which objects to replicate, and when to
replicate the data.
The ADC uses LDAP to contact both the Exchange 5.5 and Active Directory. LDAP
works efficiently over all types of network links, regardless of whether the
connection is fast, slow, or highly latent (where packets take a long time to go
from one computer to another). For efficiency reasons, try to place the ADC
computer relatively close to the servers involved in the connection agreement.
Depending on the amount of information to replicate, a significant amount of data
is sent over the wire. If you are faced with the decision of either placing the ADC
close to the Exchange 5.5 server or close to the Active Directory server, it is
usually best to go with the former option. The ADC will usually (in a two-way
connection agreement) generate more data to the Exchange server than to the
Active Directory server.
Install the ADC from the Exchange 2000 CD. The ADC that comes on the
Windows 2000 CD will not work.
Create ADC Connection Agreements
It is extremely important that you create some connection agreements to the

Exchange 5.5 server before upgrading it. Failing to create these connection
agreements might result in problems with the Exchange 2000 public folder
hierarchy. Create at least the following connection agreements before proceeding
with the installation:
• Two-way Recipient Connection Agreement (RCA) between the Exchange

5.5 Site and the Active Directory domains where the user accounts for
those Exchange 5.5 mailboxes are held.
• Two-way Recipient Connection Agreement (RCA) to replicate Exchange 5.5

Distribution Lists to a native mode Active Directory domain. This
agreement can be coupled with the first agreement if the user accounts
are located in a native mode domain.
• Two-way Public Folder Connection Agreement (PFCA) between the

Exchange 5.5 Site and the Active Directory domains where the Exchange
2000 server will be installed. A PFCA replicates public folder directory
proxy objects into the Active Directory so that you can send e-mail to
public folders from Exchange 2000 users and applications. If you receive
an error that informs you to run DomainPrep before creating this
agreement, create the agreement after running DomainPrep but before
running setup.
When creating a Recipient Connection Agreement (RCA), you will be presented

with several tabs that you must complete. On the General tab, give the RCA a
name and verify that the replication direction is Two-way. On the Connections
tab, you must enter information for a Windows server and Exchange server. For
the Windows Server, enter the name of a domain controller that is located near
your Exchange server. For Connect as, enter an account that is a member of the
Enterprise Admins security group. For Exchange Server, enter the name of
your Exchange 5.5 server. If you have changed the LDAP port on your Exchange
server, make sure to enter the new port number. For Connect as, use your
Exchange Service Account. On the From Exchange and From Windows tabs,
enter the name of the Exchange recipients container that contains your
recipients. Also enter the Organizational Unit that contains your Active Directory
users. Leave the rest of the configuration information as the defaults for the rest
of the tabs.
Verify That All Connection Agreements Have Replicated
If you have scheduled your connection agreements to use the Always option,
you should notice that replication occurs almost immediately. You can verify this
replication by looking at the CPU time for the Adc.exe process in Task Manager,
examining the MSADC performance monitor counters, or by inspecting the
directory objects with the Active Directory Users and Computers snap-in. Rich
directory information in the Exchange 5.5 directory will be uploaded to the same
object within Active Directory. You can also create a custom recipient in the
Exchange 5.5 directory and make sure it replicates to Active Directory as a
contact. If objects don’t appear to be replicating, try right-clicking the connection
agreement and choosing the Replicate Now option. Additionally, if you have
many domain controllers within your environment, you may have to wait for
some time for Active Directory replication to complete.
It is very important that all recipient connection agreements are fully replicated
before you upgrade you Exchange 5.5 server. If it’s not possible to deploy all of
these connection agreements before your first installation (perhaps because of
timing, security, or political issues), you may need to remove the public folder
store from the Exchange 2000 server after installation. This removal ensures that
Exchange 2000 users will see a complete public folder hierarchy when they log
on.
Prepare the Forest with the Setup /ForestPrep Command
In large corporations, it is likely that the person installing Exchange will not have
full permissions to the Active Directory. Running the Exchange 2000 Setup
program with the /ForestPrep switch allows Active Directory schema
administrators to prepare the forest for an Exchange 2000 installation. As such,
the person running ForestPrep must have both Schema and Enterprise admin
permissions.
To run ForestPrep, from the command prompt, type F:\setup\i386\setup

/forestprep, where F is your CD-ROM drive.
Note When you reach the screen with the drop-down boxes, make sure that
they read ForestPrep and not Upgrade. If they do read Upgrade, you have
mistyped the /forestprep switch; cancel Setup and try again.
ForestPrep performs a number of tasks:
• Creates an Exchange organization object in Active Directory.
• Sets base permissions for the first Exchange Administrator.
• Extends the Active Directory schema with the Exchange 2000 schema
extensions.
When you run ForestPrep, you will be asked whether you want to create a new
Exchange 2000 organization or join an existing Exchange 5.5 organization. When
you choose to join an existing Organization, you will be asked for the name of an
existing Exchange 5.5 server; enter the name of your Exchange 5.5 server. The
Exchange 2000 Setup program will connect to your Exchange 5.5 server and read
its configuration data (such as organization name, site name) and will copy this
information to Active Directory. You must know the service account details for the
existing Exchange 5.5 site.
The next stage of ForestPrep asks you to nominate the first Exchange
administrator account. This account can be a user account, but it is better to
choose a group. The object that you nominate here will be given full organization-
wide permissions to Exchange. You must log on using this account to upgrade the
Exchange 5.5 server.
Additional information about the ForestPrep utility is available in the “ForestPrep

and DomainPrep Utilities” white paper available on the Web at:
http://www.microsoft.com/exchange/techinfo/deployment/2000PrepUtility.asp
Wait for the Exchange 2000 Schema Extensions to Replicate
At this point, you rely on Active Directory replication to send your schema
changes to all domain controllers. Depending on the number and location of your
domain controllers, this replication can take anywhere from five minutes to
several hours. You can use tools such as ReplMon from the Windows 2000
Support Tools to check your Active Directory replication. However, if you want to
manually check a specific domain controller to see if the Exchange 2000 schema
extensions have been replicated to it, use LDP and attempt to view the following
object:
cn=ms-Exch-Schema-Version-Pt,cn=schema,cn=configuration,dc=<your-
domain-here>
If you receive an “object not found” error, the schema extensions have not yet
been replicated. If you are able to bind to the object, look at its rangeUpper
attribute. If this attribute is set to 4397, the schema has fully replicated. Full
replication is known because the very last change ForestPrep makes to the
schema is the importing of this attribute:
dn: CN=ms-Exch-Schema-Version-Pt,<SchemaContainerDN>
changetype: modify
replace: rangeUpper
rangeUpper: 4397
For additional information about using LDP, see the following Microsoft Knowledge
Base article:
• Q252335 Using LDP to View Directory Tree and Exchange Container

http://support.microsoft.com/support/kb/articles/q252/3/35.asp.
If the schema extensions have not replicated, manually initiate Active Directory
replication. For instructions on manually initiating replication, see the following
Microsoft Knowledge Base article:
• Q232072 Initiating Replication Between Direct Replication Partners

If replication is unable to complete successfully, you must resolve any underlying

network or Active Directory problems before continuing with Exchange 2000
setup. For more information on troubleshooting Active Directory replication

problems, see the following Microsoft Knowledge Base article:
• Q260371 Troubleshooting Common Active Directory Issues in Windows

2000
Prepare Each Domain with the Setup /DomainPrep Command
When you run the Exchange 2000 SETUP program with the /DomainPrep
switch, you prepare your Active Directory domain for Exchange 2000 servers or
users.
To run DomainPrep, from the command prompt, type F:\setup\i386\setup

/domainprep, where F is your CD-ROM drive.
Note When you reach the screen with the drop-down boxes, make sure that
they read DomainPrep and not Upgrade. If they do read Upgrade, you have
mistyped the /domainprep switch; cancel Setup and try again.
One of the important DomainPrep tasks is to change the domain controller

security policy so that all Exchange servers can manage the auditing and security
log. Because DomainPrep changes a policy, it is critical that all domain controllers
within the domain run properly. You can encounter instances where a domain
controller may not receive a policy change if it’s not running or if the Windows NT
File Replication service (FRS) is having problems. In these instances, if one of
your Exchange 2000 servers selects this domain controller for its Config DC role,
the databases will fail to connect.
During the DomainPrep process, the local computer tries to communicate to the
Active Directory schema operations master role. The name lookup for the schema
master is performed by using the short name (that is, the NetBIOS name) of the
server.
To run DomainPrep, you must be logged on as a Domain Admin. DomainPrep

must be run in each domain that will host either Exchange 2000 servers or
Exchange 2000 users. Although the DomainPrep process is quick to run, it
performs a number of critical tasks:
• Creates the special Exchange Domain Servers global security group in the
Users container.
• Creates the special Exchange Enterprise Servers local security group in

the Users container.
• Places the Exchange Domain Servers group into the Exchange Enterprise
Servers group.
• Grants various permissions for the Exchange Enterprise Servers group to

the domain object.
• Stamps permissions for the Exchange Enterprise Servers group on the

AdminSDHolder object.
• Creates the Microsoft Exchange System Objects container underneath the

domain node.
The special group objects created by DomainPrep provide the basis for
permissions in Exchange 2000. For example, if the system administrator creates a
new user with a mailbox, the Recipient Update Service has to modify various
attributes on the account (such as e-mail addresses) so that the user can log on.
The Recipient Update Service runs in the context of the System Attendant, which,
in turn, is running under the security context of the local computer account;
therefore, the computer account must have permissions over user objects in the
domain.
As you install new Exchange 2000 servers, the Setup program adds the computer
account to the local Exchange Domain Servers group. In turn, this group is a
member of the Exchange Enterprise Servers group, which has permissions to
both the domain naming context and configuration data. In multiple domain
environments, the Recipient Update Service enforces each Exchange Enterprise
Servers group to contain membership of all other Exchange Domain Servers
groups from each domain that has been prepared with DomainPrep.
Note It is critical that you do not rename or move the special groups
because Exchange 2000 relies on both their creation names and location of
the Users container.
A behavior of Active Directory is to block the inheritance of permissions to all

Domain Admin accounts. Because it’s important that the Recipient Update Service
processes all accounts in the domain, the DomainPrep function grants the
Exchange Enterprise Servers group full read and write permission on the
AdminSDHolder system object. These permissions allow the Recipient Update
Service to make changes to Domain Admin objects directly without relying on
inheritance.
Finally, the Microsoft Exchange System Objects container that is created by

DomainPrep is used to hold public folder proxy objects. As you create new mail-
enabled public folders in Exchange 2000, or if you create a Public Folder
Connection Agreement (PFCA) in the ADC, proxy objects will exist for public
folders. Proxy objects allow users to send mail to public folders in Exchange 5.5
and Exchange 2000.
Additional information about the DomainPrep utility is available in the “ForestPrep

and DomainPrep Utilities” white paper available on the Web at:
http://www.microsoft.com/exchange/techinfo/deployment/2000PrepUtility.asp
Wait for DomainPrep Replication
Depending on your Active Directory site configuration, it can take a while to

replicate domain changes to all domain controllers. You can use tools such as
ReplMon to verify the replication within the domain. If you want to test
DomainPrep replication to a specific domain controller, you can use a tool such as
LDP to query the domain naming context replica. You should enumerate the
Microsoft Exchange System Objects container and inspect its objectVersion
attribute; this attribute should be set to 4406. If you find this value, DomainPrep
replication has occurred to the domain controller to which you are bound. If this
value is not present, you must wait for replication to occur and/or troubleshoot
Active Directory replication before continuing.
Test DomainPrep Policy Replication
Although you’ve verified that the Active Directory information created by

DomainPrep has replicated around the domain, perform a check to ensure that
the domain controller security policy has also replicated. As stated in a previous
section, if the security policy is incorrect, the Exchange databases on your servers
will fail to connect.
You can use the Policytest.exe tool supplied on the Exchange 2000 compact disc
to test the replication of the policy. Run the tool in the domain and inspect the
results. All domain controllers should report SeSecurityPrivilege. If the policy
has not replicated properly, you will see numeric error codes returned. The
following is an example of a Policytest.exe report:
===============================================
Local domain is “extest.microsoft.com"
Account is “RED\Exchange Enterprise Servers"
========================
DC = “EURO-DOG"
In site = “TVP"
Right found: "SeSecurityPrivilege"
========================
DC = “RED43-DOG"
In site = "(null)"
!! LsaOpenPolicy returned error 5 !!
========================
DC = “AFRICA-DOG"
In site = “JOBURG"
!! LsaOpenPolicy returned error 1722 !!
To interpret the returned error codes, use the Err.exe tool available in the
Exchange 2000 Resource Kit and cross-reference with the Winerror.h library. For
example, error 1722 means RPC_S_SERVER_UNAVAILABLE; that is, the domain
controller is down.
If you find that one or more domain controllers does not report the correct
SeSecurityPrivilege right, you should wait a few hours and then run
Policytest.exe again. If you find that even after waiting, one or two domain
controllers are still reporting problems, it might be that Windows NT FRS is not
working properly, in which case you should check the Event Log for errors. If you
want to manually intervene, you can use the Secedit tool from the Windows 2000
Support Tools to enforce the policy on a particular domain controller.
Perform Final Preinstallation Tasks
Perform the following final preinstallation tasks before you begin upgrading your
Exchange 5.5 servers:
• Verify that both Simple Mail Transfer Protocol (SMTP) and Network News
Transfer Protocol (NNTP) are installed on the Exchange 5.5 server.
Exchange 2000 extends both SMTP and NNTP, so they must be installed
before Exchange 2000 Setup is run.
• Remove any server or link monitors from the Exchange 5.5 server.
Exchange 2000 Setup stops the Exchange 5.5 services and there will be
problems if a server monitor attempts to restart those services

automatically.
• Disable any antivirus software on the server before starting the upgrade.
Antivirus software may cause complications during the upgrade.
Upgrade Your Exchange 5.5 Server

With your preparation phase completed, you can now upgrade your Exchange 5.5
SP3 server. As stated earlier in this document, you must be running Exchange 5.5
SP3 to perform this upgrade, as there is no direct upgrade path from any other
version of Exchange.
To upgrade the server, complete the following steps:
1. Log on to the server with the Exchange full administrator account that was
specified when running setup /ForestPrep.
2. Insert the Exchange 2000 CD into the server you want to upgrade. Close
the autorun window, and open a command prompt.
3. From the command prompt, type F:\SETUP\I386\SETUP where F is

your CD-ROM drive.
4. On the first page of the Exchange 2000 Installation Wizard, click Next. On
the second page, click I agree, and then click Next; and on the third
page, type the product ID number from your Exchange 2000 Server CD,
and then click Next.
5. On the Component Selection page, Upgrade is the only available

option. If a feature was installed on the Exchange 5.5 server, you can
upgrade that component. However, you cannot change the status of these
items, nor can you add items to the list. Click Next to continue (see Figure
1).
Figure 1 Server upgrade component selection detail
6. On the Service Account page, enter the Exchange 5.5 Service Account
password and click Next.
7. On the Component Summary page, review the selected components and

click Next to start the upgrade process.
You will see the bars moving on the Component Progress page. There
are three phases during the upgrade.
Note During each of these upgrade phases, the installation routine

performs several functions on the items being upgraded. If you want
detailed information about what happens in each step, you can open the
“Exchange Server Setup Progress.log” log file in the root of the system
drive after the upgrade completes.
If you are upgrading an Exchange 5.5 server with Service Pack 4 (SP4) or
later, Setup will pause at some point and indicate that several files on the
hard drive are newer than the files you are copying. You should select
“No to All” when asked if you would like to overwrite these files.
For additional information about upgrading Exchange Server 5.5 SP4, see
the following Microsoft Knowledge Base article:
• Q282309 XADM: Upgrading Exchange Server 5.5 SP4 to Exchange

2000
8. When the upgrade process completes, you will be at the Installation

Complete screen. Click Finish to close the wizard.
The upgrade does not happen all at once. During the manual portion of the
upgrade process, the database schema is modified and files are copied to the
server. When this part completes, the server becomes operational. The average
time for this portion of Setup to complete is around 9 GB per hour. This may vary
according to the server hardware.
The database entries are actually upgraded as part of a background process that
happens after the manual process completes. This process allows the
Exchange 2000 upgrade process to complete in a very short period of time.
However, if all your users access their mailboxes shortly after the manual part of
the upgrade, the background Store.exe process attempts to upgrade their
mailboxes (at least the folders that the users are accessing) in an on-demand
fashion. This on-demand upgrading can cause your newly upgraded
Exchange 2000 server to slow down considerably. Therefore, you should upgrade
your server when only a very small number of users would access it immediately
after the upgrade completes; for example, early in the weekend, which would
allow the background process to upgrade the folders before the majority of users
try to access the server.
Because of the client access issue described above, you should include a detailed
schedule of when you will actually be performing your server upgrades as part of
your Exchange 2000 migration plan.
Conclusion
After you finish running Setup, you will have migrated all of your user and
mailbox information into Active Directory and Exchange 2000. You should now be
able to log on to your mailbox and send mail to other users on your server. If you
are unable to log on immediately, you may need to wait up to 30 minutes for the
Recipient Update Service to finish updating your user accounts with Exchange-
specific information. After you have verified that mail is moving between users on
your server, you can then proceed with further customizations to your new
Exchange 2000 server. You can find more information on configuring your server
in the Exchange 2000 release notes, online help, and at
http://www.microsoft.com/exchange/.
For more information: http://www.microsoft.com/exchange/
Did this paper help you? Please give us your feedback. On a scale of 1 (poor)
to 5 (excellent), how would you rate this paper.
mailto:exchdocs@microsoft.com?subject=Feedback: In-Place Upgrade from Exchange 5.5 to

Exchange 2000
Appendix
Related Knowledge Base Articles
As with all components within the product, it is impossible to cover all scenarios
where you might install Exchange 2000, and account for errors that you might
see. For this reason, I’ve included a list of knowledge base articles related to the
technologies discussed in this document. You can access these online from
http://support.microsoft.com
Useful Knowledge Base Articles for ADC Setup

• Q281223 XADM: Understanding Connection Agreements in Exchange
2000 Server
• Q250989 XADM: Installing ADC on Windows 2000 DC w/Exchange Server

• Q237434 XADM: ADC Setup Causes Lsass.exe to Use 100 Percent CPU
• Q253593 XADM: Installation of ADC Does Not Work Because of Logon

Failure
• Q257888 XADM: Error Message: No Site Name Is Available for This

Machine
Useful Knowledge Base Articles for Exchange 2000 Setup

• Q252335 XADM: Using Ldp to View Directory Tree and Exchange
Container
• Q239762 XADM: Exchange 2000 Services Run Under LocalSystem

• Q252486 XADM: Removing the First Exchange 2000 Server from the Site
• Q257415 XADM: Running a Disaster Recovery Setup

• Q258967 XADM: Setup Fails on a Member Server Because of DNS

Settings
• Q260371 Troubleshooting Common Active Directory Issues in Windows

2000
• Q260378 XADM: How to Manually Remove an Exchange 2000 Installation

• Q262068 XADM: How to Set Up Exchange 2000

• Exchange 2000 Setup Troubleshooter

http://support.microsoft.com/support/tshoot/exch2ksetup.asp
Useful Knowledge Base Articles for Upgrades from Exchange 5.5

• Q237442 XADM: Exchange 2000 Setup Cannot Locate an ADC
• Q258799 XADM: Error 0xC103FC93 when joining Exchange 2000 to 5.5

Site
• Q272998 XADM: Setup fails with 0XC103FC93 in Function

ScFindLDAPPortNumb
• Q255256 XADM: Upgrade Fails When Exchange 5.5 LDAP Port Is

Reconfigured
• Q259712 XADM: Upgrading to Exchange 2000--the Move Mailbox Method

• Q264879 XADM: Upgrading to Exchange 2000--the Swing Upgrade

Method
• Q264309 XADM: How to Roll Back a Failed Upgrade to Exchange 2000

• Q282309 XADM: Upgrading Exchange Server 5.5 SP4 to Exchange 2000

• Q156705 XADM: Site Tear-Down Causes Public Folders to be Re-homed

Additional Resources
Microsoft Exchange White Papers

• Microsoft Exchange 2000 Internals: Group Objects
http://www.microsoft.com/exchange/techinfo/deployment/2000/E2KGroup
s.asp
• Microsoft Exchange 2000 Internals: Permissions Guide

http://www.microsoft.com/exchange/techinfo/administration/2000/e2kper
mmisions.asp
• ForestPrep and DomainPrep Utilities

http://www.microsoft.com/exchange/techinfo/deployment/2000/PrepUtilit
y.asp

In-Place Upgrade From Microsoft Exchange 5.5 To Microsoft Exchange 2000

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

In-Place Upgrade From Microsoft Exchange 5.5 To Microsoft Exchange 2000

Încărcat de

Drepturi de autor:

Formate disponibile

In-Place Upgrade from Microsoft®

Exchange 5.5 to Microsoft®

 2001 Microsoft Corporation. All rights reserved.

Upgrade Overview ................................................................................................ 4

Prepare Your Exchange 5.5 Organization .................................................................. 5

Prepare Your Microsoft Active Directory Directory Services........................................ 11

Upgrade Your Exchange 5.5 Server ....................................................................... 19

For the latest information, please see http://www.microsoft.com/exchange/.

• Q259712 XADM: Upgrading to Exchange 2000--the Move Mailbox Method

• Q264879 XADM: Upgrading to Exchange 2000--the Swing Upgrade

1. Prepare your Exchange 5.5 organization

2. Prepare your Microsoft Active Directory™ directory services

3. Upgrade your Exchange 5.5 server

Prepare Your Exchange 5.5 Organization

2. Ensure that at least one domain in the forest is in native mode.

3. Verify the service pack level of your Exchange 5.5 server.

4. Check the LDAP port.

6. Set permissions so that the server can be upgraded.

7. Use the NTDSAtrb utility.

8. Run the MTACheck utility.

9. Run the Knowledge Consistency Checker.

10. Remove unused access control entries.

11. Verify available disk space.

12. Perform an online backup.

Install Windows 2000 Service Pack 2 on All Domain Controller

• Windows 2000 Service Pack 2

Ensure That At Least One Domain in the Forest Is in Native Mode

In most enterprise organizations, the root domain normally consists of Windows

Verify the Service Pack Level of Your Exchange 5.5 Server

An in-place upgrade is only supported if the Exchange 5.5 server is running

Check the LDAP Port

If Exchange 5.5 is installed on a domain controller, you must change the

Remove Invalid Characters from the Organization and Site

Set Permissions So That the Server Can Be Upgraded

Use the NTDSAtrb Utility

It is not uncommon for Exchange 5.5 administrators to create resource mailboxes

• Conference Room 2 (Video)

To run the tool, use the following steps:

1. Unzip the files to a new folder.

2. Run the Setup program.

4. Type the following line at the command prompt:

ntdsatrb <Exchange 5.5 server name>: <LDAP port number (if

• Q274173 XADM: Documentation for the NTDSNoMatch Utility

Run the MTACheck Utility

Run the Knowledge Consistency Checker

1. Open the Exchange Server Administrator program, and connect to the

2. Click to expand the Organization container, click to expand the Site

Remove Unused Access Control Entries

Additional information about public folder permissions is available in the

• Q156705 XADM: Site Tear-Down Causes Public Folders to be Re-homed

Verify Available Disk Space

Perform an Online Backup

Prepare Your Microsoft Active Directory Directory

1. Install the Windows 2000 Support Tools.

2. Use the NLTEST Utility.

3. Install the first instance of the ADC service.

4. Create ADC connection agreements.

5. Verify that all connection agreements have replicated.

6. Prepare the forest with the setup /ForestPrep command.

7. Wait for the Exchange 2000 schema extensions to replicate.

8. Prepare each domain with the setup /DomainPrep command.

9. Wait for DomainPrep replication.