SUMMARY

Important The recommended upgrade path from Microsoft Exchange Server 5.5 to Microsoft Exchange 2000 Server is to bring up the Exchange 2000 Server computer in the current organization, and then to migrate mailboxes from the Exchange Server 5.5 computer to the Exchange 2000 Server computer whenever possible. You should not perform an in-place upgrade of an Exchange 5.5 computer to Exchange 2000 Server, except in situations where there is no alternative, such as a small business that does not have the hardware available to install Exchange 2000 Server separately.

This step-by-step article describes how to migrate from Exchange Server 5.5 to Exchange 2000 by using the in-place upgrade method. Microsoft recommends that you use caution when you migrate e-mail data; if you do not adhere to all of the prerequisites or if other unknown preexisting issues occur, your e-mail users may experience downtime and you may have to either rebuild your Exchange Server 5.5 computer or restore the data from a backup.

For additional information about using the Move Mailbox method to upgrade from Exchange Server 5.5 to Exchange 2000, click the following article number to view the article in the Microsoft Knowledge Base:

NOTE: The Move Mailbox method is the preferred method for upgrading Exchange Server 5.5 to Exchange 2000.

back to the top

Prepare Microsoft Windows 2000 Active Directory for the Exchange 2000 Installation

NOTE: Before you migrate mailboxes from Exchange Server 5.5 to Exchange 2000, you must migrate the user accounts to Windows 2000 Active Directory first. To do so, use any of the following three methods:

• Method 1: Use the Active Directory Migration Tool (ADMT) to migrate user accounts by using security identifier (SID) history to retain permissions. To obtain this utility, visit the following Microsoft Web site:

  http://www.microsoft.com/downloads/details.aspx?familyid=788975B1-5849-4707-9817-8C9773C25C6C&displaylang=en

• Method 2: Use the Active Directory Connector (ADC) to create new disabled user accounts that are related to Exchange Server 5.5 mailboxes. This method is the least preferred method to create new Windows 2000 Active Directory users because if you use this method, the accounts are new user accounts that are disabled, and that do not have an SID history. As a result, you must manually assign the accounts that you created by using the ADC permissions to the existing mailbox, and then manually enable these accounts. For more information about Method 3, click the following article numbers to view the articles in the Microsoft Knowledge Base:

  278966 You cannot move or log on to an Exchange resource mailbox

  316047 Addressing problems that are created when you enable ADC-generated accounts

For you to run an in-place upgrade from Exchange Server 5.5 to Exchange 2000, the server that you want to upgrade must already be running Windows 2000. Make sure that the following software is installed on the Exchange Server 5.5 computer that you are going to upgrade to Exchange 2000:

• Windows 2000 Service Pack 2 (SP2) or later
• Simple Mail Transfer Protocol (SMTP)
• Network News Transfer Protocol (NNTP)

Additionally, make sure that Windows 2000 Service Pack 2 (SP2) or later is installed on all domain controllers. You must also update the Exchange Server 5.5 computer to Exchange Server 5.5 Service Pack 3 (SP3) or later.

Verify That Your DNS Configuration Is Properly Updating Your Active Directory

1. Run Netdiag.exe on the Exchange Server 5.5 computer that you want to host Exchange 2000, and then make sure that all of the tests are passed without warnings.
   
   Pay close attention to the DNS test and the Lightweight Directory Access Protocol (LDAP) test. (If you receive a warning during SPN registration, you can still upgrade Exchange Server 5.5 successfully.)
2. Run Dcdiag.exe and Netdiag.exe on all domain controllers, and then make sure that all of the tests are passed.
3. From the Exchange Server 5.5 computer on which you want to host Exchange 2000, run the nltest /dsgetsite command.
   
   A site name that does not contain errors is returned. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

   259427 'SETUP /FORESTPREP' does not work when Windows 2000 sites are incorrectly defined

4. From the Exchange Server 5.5 computer, use the ping command with the short (NetBIOS) name of computer on which you want to install Exchange 2000 (the Exchange Server 5.5 computer).
   
   The Fully Qualified Domain Name (FQDN) of the server is returned. For example, if you run the ping e2k command, the following data appears:

   pinging e2k.addomain.internal [192.168.1.10] with 32 bytes of data

   However, the following data that contains the NetBIOS name may also appear:

   pinging e2k [192.168.1.10] with 32 bytes of data

   If the FQDN does not appear, configure the proper name resolution for the Exchange Server 5.5 computer. To do so, you may have to point the Exchange Server 5.5 computer that you are migrating from to your Windows 2000 DNS server for DNS. Other configurations are possible.

NOTE: Because Exchange 2000 is typically the first program that is installed in a Windows 2000 domain that requires Active Directory to be properly updated by DNS dynamically with server resource records, you must confirm that DNS is properly configured. The DNS server that is referenced by the Exchange 2000 computer must be an internal DNS server. External DNS servers cannot be referenced, except for servers that act as forwarders in your internal DNS server's settings.

For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

back to the top

Prepare Exchange Server 5.5 for Migration by Using the In-Place Upgrade Method

When you use Exchange 2000, you must have a one-to-one ratio of user accounts to mailboxes. If you do not have a one-to-one ratio, the first time that you replicate an ADC recipient Connection Agreement, Exchange 2000 creates disabled users in Active Directory by default if it cannot match a mailbox to a user.

To avoid the possibility of a user account and mailbox mismatch, use the NTDSNoMatch utility (also known as NTDSATRB) to identify any mailboxes that are not associated with a specific user account by the ADC. If you have a very large number of mailboxes that require an update, you can use the .csv file that is created by NTDSNoMatch to set Custom Attribute 10 to NTDSNoMatch for the mailboxes that are not associated with active user accounts. Alternatively, if you have a smaller number of mailboxes that require an update, you can manually create new user accounts and associate them with mailboxes as appropriate to create a one-to-one ratio (this method is preferred). After you do so, run the NTDSNoMatch utility again to verify your work.

For the latest version of the NTDSNoMatch utility, download the latest Exchange 2000 service pack, and then view the Support\Utils\i386\Ntdsatrb folder to find the executable file and the instructions to use this utility.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

On the Exchange Server 5.5 computer, run the DS/IS Consistency Adjustment utility on the public folder store and on the mailbox store to remove "zombie" Access Control Entries (ACEs). To run DS/IS Consistency Adjustment:

1. Using the Microsoft Exchange Server Administrator program, select an Exchange Server 5.5 computer that contains a public information store.
2. On the File menu, click Properties, and then click the Advanced tab.
3. Click Consistency Adjuster.
4. Under DS/IS Consistency Adjustment, click to select the Remove unknown user accounts from public folder permissions check box, click to select the Remove unknown user accounts from mailbox permissions check box, and then click All inconsistencies.
   

IMPORTANT: Clear all other check boxes.

For additional information about public folder permissions issues, click the following article number to view the article in the Microsoft Knowledge Base:

Make sure that you use only valid characters (alpha, numeric, or hyphen) for the organization name and the site name, and then change the display name as appropriate.

For additional information about valid characters in Exchange Server, click the following article number to view the article in the Microsoft Knowledge Base:

The Exchange Server 5.5 organization directory name and site directory name must not contain characters that Exchange 2000 and Exchange 2003 do not support. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

Finally, verify that all distribution lists (DLs) are configured for "Any Server in Site" for DL Expansion. You can either perform this procedure manually or you can use a "best effort" utility named XChangeXS, which is available from Microsoft Product Support Services. back to the top

Prepare Active Directory for the Installation of Exchange 2000

NOTE: Microsoft recommends that you use a Windows 2000 native-mode domain to host your Windows 2000 distribution groups before you configure ADC Connection Agreements. Exchange 2000 uses Universal Security Groups (USGs) instead of distribution groups to access public folders, and USGs are only available in Windows 2000 native-mode domains. If you do not replicate your DLs to a Windows 2000 native-mode domain, the public folders may be inaccessible unless you reassign all client permissions to public folders without the use of DLs. Use any of the following methods to prevent this situation from occurring:

• Method 1: Convert the domain that is hosting your Windows 2000 DLs to Windows 2000 native mode by upgrading all Windows NT 4.0 domain controllers to Windows 2000 or by removing them from use so that only Windows 2000 domain controllers remain. This method is the preferred method.
• Method 2: Create a temporary Windows 2000 native-mode child domain. You can do so by using one server, but Microsoft recommends that you use two servers. After you do so, you can configure a recipient Connection Agreement for DLs to this native-mode domain. As soon as you are able to convert your domain to Windows 2000 native mode, you can replicate your DLs to this domain and remove the temporary native-mode domain.
• Method 3: Remove all distribution groups that have access to all public folders before you replicate DLs with your recipient Connection Agreement, and then replace them with the individual user accounts that were in the DL. This method is the least preferred method and the most labor-intensive. In situations where you have few public folders, you can use this method as a temporary workaround until you can convert your domain to Windows 2000 native mode. To perform this method on each public folder:
  1. Start the Exchange Server Administrator program.
  2. Locate the Exchange Server 5.5 computer object.
  3. Expand Public Information Store, and then expand Public Folder Resources.
  4. Double-click the first public folder, and then click Properties.
  5. On the General tab, click Client Permissions.
  6. Check for any DLs that have client permissions to this public folder. Remove any DLs, and then replace them with the individual user accounts that were in the DL.
  7. Repeat steps 4 to 6 for all the public folders.

For additional information about this procedure, click the following article number to view the article in the Microsoft Knowledge Base:

To prepare Active Directory for the installation of Exchange 2000:

1. Install the Exchange 2000 ADC from the Exchange 2000 CD-ROM or install the latest version of the Exchange 2000 ADC from the latest Exchange 2000 service pack (the latter method is preferred).
   
   ADC Setup is located at Server\Adc\I386\Setup.exe in Exchange 2000 SP2. Microsoft recommends that you install both the ADC and the management components. The ADC works best if you install it on a global catalog server.
2. Configure a two-way ADC recipient Connection Agreement. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

   296260 How to configure a two-way Recipient Connection Agreement for Exchange Server 5.5 users

3. Run Exchange 2000 Setup with the /forestprep switch and the /domainprep switch.
   
   The account that you use to run the /forestprep switch must have Schema Admin, Enterprise Admin, and Domain Admin rights in your Windows 2000 domain, and at least view-only permissions on the site containers and configuration containers in the existing Exchange Server 5.5 organization. However, Microsoft strongly recommends that you give this account the role of Service Account Admin at the Exchange Server 5.5 organization level, the site level, and the configuration levels in the Exchange Server Administrator program. You must restart your Exchange Server 5.5 services for this update to take effect.
4. After you run setup /forestprep, verify that the Exchange Server Organization object is present in Active Directory Sites and Services.
   
   NOTE: If you cannot see the Services node, click View, click Show Services Node, expand Services, and then expand Microsoft Exchange to locate the Organization object.
   
   For more information about the /forestprep and /domainprep switches, visit the following Microsoft Web site:

   ForestPrep and DomainPrep white paper

5. Configure a two-way ADC public folder Connection Agreement. For additional information about public folder Connection Agreements, click the following article number to view the article in the Microsoft Knowledge Base:

   264889 Public folder Connection Agreements

back to the top

Perform Final Pre-Installation Tasks

Perform the following final preinstallation tasks before you begin to upgrade your Exchange Server 5.5 computers:

1. Remove any server or link monitors from the Exchange Server 5.5 computer.
   
   Exchange 2000 Setup stops the Exchange Server 5.5 services and problems may occur if a server monitor tries to restart those services automatically.
2. Disable any third-party software that may interfere with the upgrade process, such as Backup Software.
   
   Some remote administration software can also interfere with the upgrade process.
3. Remove any antivirus software on the computer before you start the upgrade process.
   
   Antivirus software may cause complications during the upgrade. After the upgrade is completed, you can install antivirus software that is compatible with Exchange 2000.
4. Remove any connectors that do not upgrade or that you must reconfigure after the upgrade occurs, such as Internet Mail Service.
   
   NOTE: Internet Mail Service is not used in Exchange 2000; Exchange 2000 can send and receive Internet mail without using any connector by using the default SMTP virtual server. If you do not remove Internet Mail Service from Exchange Server 5.5, the upgrade procedure may not be successful if your Exchange Server 5.5 organization or site directory names contain any invalid characters.
   
   When you remove Internet Mail Service, write down any custom configuration information you may have added, such as smart host, address spaces, or delivery restrictions, click Internet Mail Service in the Connections container, and then click Delete. If your environment must use an SMTP connector, you can add and configure this connector for Internet mail. For additional information about removing connectors, click the following article number to view the article in the Microsoft Knowledge Base:

   294736 When to create SMTP connectors in Exchange 2000 and later

back to the top

Install Exchange 2000 on the Existing Exchange Server 5.5 Computer

NOTE: If you are installing an Exchange 2000 cluster in an existing Exchange Server 5.5 organization, the Exchange 2000 cluster may not be the first Exchange 2000 cluster in a site and the cluster may not be a bridgehead server. This behavior occurs because the Exchange 2000 Site Replication Service (SRS) is not currently supported in a clustered environment. Exchange 2000 requires SRS to exist in a mixed Exchange 2000 and Exchange Server 5.5 environment.

1. Run the Setup.exe program for Exchange 2000.
2. After Setup completes, verify that the Microsoft Exchange Server services have started, and that the information store is mounted.
   
   To test functionality, create a new Active Directory user account that has a mailbox on the Exchange 2000 computer.
3. Apply any Exchange 2000 service packs.
   
   Exchange 2000 SP2 was released at the time this article was written. For more information about installing Exchange 2000 SP2, refer to Exchange 2000 SP2 Deployment Guide
   
   A recipient policy is automatically created in Exchange System Manager under Organization\Recipients\Recipient Policies.
4. Look for a default policy that has a priority setting of Lowest and a policy that is marked with a higher priority for the Exchange Server site in which you just installed Exchange 2000.
5. Right-click the highest priority policy, click Properties, click the Email Addresses(Policy) tab, and then verify that the primary SMTP address (in bold) is correct.
   
   If this address is not correct, you can create an additional SMTP address, and then designate this address as a primary address.
6. Select the recipient policy that is designated as the highest or if you only have a default recipient policy, create a new recipient policy that has a higher priority, and then modify the E-mail addresses. If you create a new recipient policy, make sure that the filter rules on the General tab are correct.
   
   NOTE: Do not remove or modify the default recipient policy. If you must, you can modify the alias name that is created by the recipient policy. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

   285136 How to customize the SMTP e-mail address generators through recipient policies

7. Verify that a Recipient Update Service is automatically created for the domain in which you installed Exchange 2000.
   
   If you have any other domains that have user accounts that are to be mailbox-enabled (parent or child domain), you must create and configure a Recipient Update Service for each of those additional domains. To do so:
   1. Start Exchange System Manager.
   2. Right-click Recipient Update Service, point to New, click Recipient Update Service, and then click Browse.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

If you view the Application event log on the Exchange 2000 computer, you may see event ID 9318 message from the message transfer agent (MTA) and event ID 1025 messages from the MSExchangeIS private information store after you apply these changes. These event ID messages are warnings that may occur if Name Resolution using cached DNS naming information in Active Directory fails. These event ID messages are typically removed in three to six days. To remove these warnings more quickly, restart the global catalog servers.

back to the top