0989714

Module 14: Migrating Users
from Exchange Server 5.5

to Exchange Server 2003
Contents
Overview 1
Lesson: Populating Active Directory with
Windows NT 4.0 User and Group Accounts 3
Lesson: Connecting the Exchange 5.5
Directory to Active Directory 21
Lesson: Moving Mailbox and Public Folder
Contents into an Exchange Server 2003
Organization 40
Discussion: Migrating Users from
Exchange Server 5.5 to
Exchange Server 2003 57
Course Evaluation 61
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part
of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted
in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or
for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
 2003 Microsoft Corporation. All rights reserved.
Microsoft, MS-DOS, Windows, Windows NT, Windows Server, ActiveSync, ActiveX, Active
Directory, Hotmail, MSDN, MSN, Outlook, PowerPoint, Visual Basic, and Windows Media are
either registered trademarks or trademarks of Microsoft Corporation in the United States and/or
other countries.
The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.
Module 14: Migrating Users from Exchange Server 5.5 to Exchange Server 2003 iii
Instructor Notes
Presentation: Because it is common for companies to merge, many messaging administrators
40 minutes must implement messaging deployment plans to support the merging of
established messaging systems. This module teaches students how to migrate
Practices: the Microsoft® Exchange Server 5.5 messaging system of a company running a
115 minutes Microsoft Windows NT® 4.0 domain into the Microsoft Exchange Server 2003
messaging system of another company running Microsoft
Windows Server™ 2003 and the Microsoft Active Directory® directory service.
After completing this module, students will be able to:
! Populate Active Directory with Windows NT 4.0 user and group objects.
! Connect Exchange 5.5 to Active Directory.
! Move mailboxes and public folders into an Exchange 2003 organization.
Required materials To teach this module, you need the following materials:
! Microsoft PowerPoint® file 2400B_14.ppt
! Module 14 video file 2400B_14_v05.wmv
! The Northwind Traders/Contoso, Ltd. Exchange Deployment Plan (file
name deploymentplan.doc) in the Module 14 practices folder on the Student
Materials compact disc
Important It is recommended that you use PowerPoint 2002 or later to display

the slides for this course. If you use PowerPoint Viewer or an earlier version of
PowerPoint, all the features of the slides may not be displayed correctly.
Preparation tasks To prepare for this module:

! Read all of the materials for this module.
! Complete the practices and review the discussions and assessment
questions. Where possible, anticipate alternate answers that students may
suggest and prepare responses to those answers.
! Complete the demonstration that shows students how to use Connectix
Virtual PC, which is in the Introduction module of this course. All students
must watch you perform this demonstration. It is crucial that students
become familiar with the virtual environment that is used in the practices
before they attempt to complete the first practice in this module on their
own.
! Review the links and suggested additional readings for this module.
Document your own suggested additional readings to share with the class.
Classroom setup The classroom should be set up to use Connectix Virtual PC software, as
discussed in the Manual Classroom Setup Guide. No additional classroom setup
is needed.
iv Module 14: Migrating Users from Exchange Server 5.5 to Exchange Server 2003
How to Teach This Module

This section contains information that will help you to teach this module.
Instructor notes have been written only for the topics that required them.
If no student practice is included in a How-to topic, consider demonstrating the
task for students.
How to start Start this module by telling students that there are three steps to complete to
migrate users from Exchange 5.5 to Exchange 2003:
1. Populating Active Directory with Windows NT 4.0 user and group objects.
2. Connecting Exchange 5.5 to Active Directory.
3. Moving mailboxes and public folders into an Exchange 2003 organization.
The three lessons in this module map to the three steps in the process. Students
get to perform all of these steps and will actually complete a migration. Also,
let students know that at the beginning of the first practice they will receive a
deployment plan from their team lead, Samantha Smith, which they can use to
help them implement the migration. The practices in the module provide the
detailed steps, and the deployment plan provides the high-level migration tasks.
After you have discussed the tasks on the module overview slide, show the brief
video from a Northwind Trader’s employee before you continue with the
module. To start the video, click the video button on the overview slide, or open
the Web page on the Student Materials compact disc, click Multimedia, and
then click the title of the video. In this video, students will be given overall
instructions for tasks from their team lead or co-worker at Northwind Traders.
You can play this video again at the beginning of the first practice in the
module if you think it will help motivate students.
Time to teach this Students should use the majority of the time in this module completing the
module hands-on practices and discussions. We anticipate that total hands-on time for
the students will be about 1 hour and 55 minutes. Total time for your
presentation should be no more than 40 minutes.
Tip When this icon appears on the lower- right corner of a slide, it indicates
that students must complete an inline practice before you move on to the next
slide:
Practices Some practices in this module require initial startup time. Consider having
students perform the initial step in these practices before you begin the lecture
on the related content. If a practice begins with a procedure titled “To prepare
for this practice,” then it requires initial startup time.
Module 14: Migrating Users from Exchange Server 5.5 to Exchange Server 2003 v
Lesson: Populating Active Directory with Windows NT 4.0 User and

Group Objects
This section describes the instructional methods for teaching this lesson.
What Is ADMT? Discuss what the Active Directory Migration Tool (ADMT) is used for and the
system requirements that are necessary to run it. Students should be familiar
with the terms target domain and source domain, but if they do not know these
terms, use this slide to explain the difference. Also, explain that the reason they
should leave user accounts active in both the source and target domains is to be
prepared for a migration failure. If something unexpected happens, students
might need users to be able to continue to log on to the Windows NT 4.0
domain.
What is SIDHistory? Use the animated slide to show how the SIDHistory attribute works. The text
in the student notes maps to the steps in this slide and provides an even more
detailed explanation.
The Process of Use this slide to show the high-level process for this lesson. Tell students that in
Populating Active the five topics that follow, students will complete each of the steps in this
Directory Using ADMT process. When this lesson is over, consider coming back to this slide to review
the process to help students distinguish it from the processes in the other two
lessons.
How to Create a Two- Use this slide to explain why this task is needed and to discuss the high-level
Way Trust Between a steps of the task that students are about to perform. Then have the students
Windows NT Server 4.0 complete the inline practice and answer any questions that they have.
Domain and an Active
Directory Domain
How to Install ADMT Use this slide to explain why this task is needed and to discuss the high-level
steps of the task that students are about to perform. Then have the students
complete the inline practice and answer any questions that they have.
How to Migrate User and Use this slide to explain why this task is needed and to discuss the high-level
Group Objects Using steps of the task that students are about to perform. Then have the students
ADMT complete the inline practice and answer any questions that they have.
How to Migrate Use this slide to explain why this task is needed and to discuss the high-level
Exchange Server 5.5 steps of the task that students are about to perform. Then have the students
Mailbox ACLs Using complete the inline practice and answer any questions that they have.
ADMT
How to Verify a Use this slide to explain why this task is needed and to discuss the high-level
Successful User and steps of the task that students are about to perform. Then have the students
Group Account complete the inline practice and answer any questions that they have.
Migration
vi Module 14: Migrating Users from Exchange Server 5.5 to Exchange Server 2003
Lesson: Connecting the Exchange 5.5 Directory to Active Directory

What Is Active Directory As you explain what Active Directory Connector (ADC) is, make sure that you
Connector? mention the difference between Exchange Server 2003 ADC and
Windows Server 2003 ADC. This information is not on the slide. Be sure to
explain why the ADC is needed for this migration scenario.
Students may ask why they needed to use ADMT if ADC can be used to create
accounts. One good reason to use ADMT is that ADMT will preserve the
Windows NT 4.0 access control lists (ACLs). If the migration fails, and you
have used ADMT to migrate user accounts, users will be able to log on to
Active Directory and continue to access Exchange 5.5 mailboxes. If the ADC is
used to migrate user accounts, ACLs are not preserved and users will not be
able to log on to Active Directory and also be able to access their Exchange 5.5
mailboxes.
What Is a Connection As you explain what a connection agreement is, make sure that you describe
Agreement? what the connection agreement object contains.
What Is NTDSNoMatch? Use the graphic on the slide to explain what NTDSNoMatch does. The graphic
makes what sounds complicated much easier to understand. Be sure to explain
why NTDSNoMatch is needed for most migrations.
The Process of Use this slide to show the high-level process for this lesson. Remind students
Connecting the that before connecting Exchange to Active Directory, they should have already
Exchange 5.5 Directory successfully run ADMT. Tell students that in the five topics that follow, they
to Active Directory will complete each of the steps in this process. When this lesson is over,
consider coming back to this slide to review the process to help students
remember it and keep it distinct in their minds from the processes in the other
two lessons.
How to Install ADC Use this slide to explain why this task is needed and to discuss the high-level
steps of the task that students are about to perform. Then have the students
How to Configure Use this slide to explain why this task is needed and to discuss the high-level
Resource Mailbox steps of the task that students are about to perform. Then have the students
Properties complete the inline practice and answer any questions that they have.
How to Configure an Use this slide to explain why this task is needed and to discuss the high-level
Inter-Organizational steps of the task that students are about to perform. Then have the students
Connection Agreement complete the inline practice and answer any questions that they have.
to Populate Active
Directory
How to Verify Use this slide to explain why this task is needed and to discuss the high-level
Synchronization steps of the task that students are about to perform. Then have the students
How to Organize Objects Use this slide to explain why this task is needed and to discuss the high-level
in Active Directory steps of the task that students are about to perform. Then have the students
Module 14: Migrating Users from Exchange Server 5.5 to Exchange Server 2003 vii
Lesson: Moving Mailboxes and Public Folder Contents into an

Exchange Server 2003 Organization
The Process of Moving Use this slide to show the high-level process for this lesson. Tell students that in
Mailboxes and Public the topics that follow, they will learn what they need to know to complete each
Folders of the steps in this process. When this lesson is over, consider coming back to
this slide to review the process to help students distinguish it from the processes
in the other two lessons.
Guidelines for Choosing The guidelines are pretty simple, so they are combined with the methods in this
a Mailbox Move Method topic. You might want to describe the methods first and then discuss the
guidelines.
What You Can Do Using Make sure that students understand what can and cannot be done with this
the Exchange Server wizard before they move on to do the practices. You may want to mention that
Migration Wizard editing migration files allows you to modify properties such as user display
names, aliases, and Simple Mail Transfer Protocol (SMTP) addresses.
How to Move Mailboxes Use this slide to explain why this task is needed and to discuss the high-level
from Exchange 5.5 to steps of the task that students are about to perform. Then have the students
Exchange 2003 complete the inline practice and answer any questions that they have.
How to Replicate Public Mention that students are using the InterOrg Replication utility in this practice
Folders from Exchange because they are replicating public folders between different Exchange
5.5 to Exchange 2003 organizations. Point out the note to the students and mention that if the server
running Exchange 5.5 was in the same organization as the Exchange 2003
server, they should use the Microsoft Exchange Public Folder Migration Tool,
called pfMigrate, to migrate both system folders and public folders to the new
server. You may also want to mention that only users with mailboxes in the
Exchange 2003 organization will be automatically connected to the
Exchange 2003 instance of replicated public folders.
Use this slide to discuss the high-level steps of the task that students are about
to perform. Then have the students complete the inline practice and answer any
questions that they have.
Discussion: Migrating Users from Exchange Server 5.5 to

Exchange Server 2003
The scenarios in this discussion were designed to allow students to reflect on
what they did in the module and to give them an opportunity to ask any
remaining questions that they have. Use the discussion scenarios to provide a
summary of the module content. You can also return to the module overview
slide and use it to help summarize the lessons covered in this module.
You can do this activity with the entire class. Or, if you have time, have
students work in small groups to come up with solutions to the problems in the
scenarios and then present and discuss their ideas with the class.
Before taking part in the discussion, students should have completed all of the
practices. Students who have not completed the practices may have difficulty
taking part in the discussion.
viii Module 14: Migrating Users from Exchange Server 5.5 to Exchange Server 2003
Assessment
Assessment questions for this module are located on the Student Materials
compact disc. You can use the assessment questions in whatever way you think
is best for your students. For example, you can use them as pre-assessments to
help students identify areas of difficulty, or you can use them as post-
assessments to validate learning. Consider using the questions to reinforce
learning at the end of the day or at the beginning of the next day. If you choose
not to use the assessment questions during class, show students where the
questions are so that they can use them to assess their own learning outside of
class.
Module 14: Migrating Users from Exchange Server 5.5 to Exchange Server 2003 1
Overview
*****************************ILLEGAL FOR NON-TRAINER USE******************************

Introduction Because it is common for companies to merge, many messaging administrators
must implement messaging deployment plans to support the merging of
established messaging systems. This module teaches how to migrate the
Microsoft® Exchange Server 5.5 messaging system of a company running a
Microsoft Windows NT® 4.0 domain into the Exchange Server 2003 messaging
system of another company running Microsoft Windows Server™ 2003 and the
Microsoft Active Directory® directory service. These same steps can also be
used to merge two organizations that use either Exchange 2000 or
Exchange 2003.
Implementing a Migrating users from Exchange 5.5 and Windows NT 4.0 to Exchange 2003
deployment plan and Active Directory involves four primary tasks: populating Active Directory
with Windows NT 4.0 accounts, connecting the Exchange 5.5 directory to
Active Directory to replicate Exchange 5.5 mailbox properties to Active
Directory, verifying that any connections from the Exchange 5.5 organization to
other messaging systems are either replaced by equivalent connectors in the
Exchange Server 2003 organization or are no longer necessary, and moving
mailbox and public folder contents into an Exchange 2003 organization.
This module includes a deployment plan to help you implement the migration
of data from an Exchange 5.5 organization into your Exchange 2003
organization. The practices in this module include the detailed steps for the
migration, and the deployment plan provides the high-level steps.
Important This module does not teach how to administer an Exchange

organization in which both Exchange 5.5 and Exchange 2003 coexist, nor does
it teach how to administer long-term inter-organizational coexistence. For more
information about administering Exchange in a coexistence environment, search
for “Exchange Server 5.5 Interoperability and Migration” on the Exchange
Server page of the Microsoft Web site at http://www.microsoft.com/exchange.
2 Module 14: Migrating Users from Exchange Server 5.5 to Exchange Server 2003
Objectives After completing this module, you will be able to:

! Populate Active Directory with Windows NT 4.0 user and group accounts.
! Connect the Exchange 5.5 directory to Active Directory.
! Move mailbox and public folder contents into an Exchange Server 2003
organization.
Lesson: Populating Active Directory with Windows NT 4.0

User and Group Accounts

Introduction This lesson describes how to populate Active Directory by copying user and
group accounts from a Windows NT 4.0 domain to an Active Directory domain.
This is the crucial first step of an Exchange migration. Until you copy these
accounts, you will not be able to move the corresponding data in the Exchange
5.5 information stores into Exchange 2003. This lesson teaches the concepts
that you must understand and the tasks that you must perform to populate
Active Directory.
Lesson objectives After completing this lesson, you will be able to:
! Explain the purpose of the Active Directory Migration Tool (ADMT).
! Explain the purpose of the SIDHistory attribute.
! Explain the process of populating Active Directory by using ADMT.
! Create a trust between a Windows NT 4.0 domain and an Active Directory
domain.
! Install ADMT.
! Migrate user and group accounts by using ADMT.
! Migrate Exchange 5.5 mailbox access control lists (ACLs) by using ADMT.
! Verify that accounts were migrated successfully.
What Is ADMT?

The Active Directory Migration Tool (ADMT) is a wizard-based utility that
simplifies the migration and reconfiguration of user and group accounts to a
Windows Server 2003 Active Directory domain. ADMT copies information; it
does not alter the original accounts.
Different companies can use ADMT to implement migration processes that suit
their individual needs. For example, depending on what your company needs,
you could use ADMT to:
! Copy user permissions assigned in the source domain (the domain from
which you are migrating accounts) to the target domain (the domain to
which you are migrating accounts).
! Copy groups along with their members to the target domain.
! Leave user accounts active in both the source and target domains.
! Copy roaming profiles to the target domain for selected user accounts.
Note For information about the features and benefits of ADMT, search for the
article “Active Directory Migration Tool Overview” on the Microsoft
Windows® 2000 page of the Microsoft Web site at http://www.microsoft.com/
windows2000/. For more information about using ADMT to migrate from
Windows NT 4.0 to Windows 2003, search for article 325851, “HOW TO: Set Up
ADMT for a Windows NT 4.0-to-Windows Server 2003 Migration” on the Product
Support Services page of the Microsoft Web site at http://support.microsoft.com.
For information about the new Password Migration feature and the process for
setting it up, browse to \I386 \Admt on the Windows Server 2003 CD.
ADMT system The ADMT can run on any computer in the source or target domain that runs
requirements Windows NT 3.51 with Service Pack 5 or later or Windows NT 4.0 with
Service Pack 4 or later. To run ADMT, verify that at least one domain
controller in the target and source domains meet the system requirements that
are shown in the following table.
Domain System requirement
Target Any computer running the Windows 2000 or Windows 2003 operating
domain systems
Source Windows 2003, Windows 2000, or Windows NT 4.0 SP4 or later
domain
What Is SIDHistory?

SIDHistory is an attribute (the name of a property) in the Active Directory
database. The SIDHistory attribute makes it possible for your users to retain
their pre-migration access to resources (such as files, shares, and applications)
during the migration. The target domain must be Windows 2000 native
functional level or Windows Server 2003 functional level to use SIDHistory.
How SIDHistory works When you migrate a user account to a new domain, the account is assigned a
new Security ID (SID). However, all of the ACLs on existing resources in the
old Windows NT 4.0 domain continue to refer to the account’s old SID.
Without the SIDHistory attribute, the migrated user account would lose access
to all resources on the original Windows NT 4.0 network. SIDHistory retains
the SID from the user’s previous domain in Active Directory and includes the
SID in the user’s access token.
Suppose that Samantha’s domain, NT4Domain, was migrated to ADDomain.
ADDomain\Samantha has a different SID than NT4Domain\Samantha did.
When Samantha logs on as ADDomain\Samantha, she cannot access the
resources that she could access when she was logged on as
NT4Domain\Samantha.
However, if ADDomain uses SIDHistory, when ADDomain\Samantha requests
access to \\ServerA\PrinterB in NT4Domain, ADDomain will generate an
access token that contains both the SID for ADDomain\Samantha and any
groups that she belongs to in ADDomain and also SIDs for
NT4Domain\Samantha.
Note For more information about SIDHistory, search for “Domain Migration
Cookbook – Chapter 1: Security” on the TechNet page of the Microsoft Web
site at http://www.microsoft.com/technet/.
The Process of Populating Active Directory Using ADMT

The process Populating Active Directory with user and group accounts is the first step in an
Exchange migration. The overall process for using ADMT to populate Active
Directory with Windows NT 4.0 user and group accounts includes these tasks:
1. Create a two-way trust between a Windows NT 4.0 domain and an Active
Directory domain. You create this two-way trust so that accounts in each
domain can be assigned permission to access resources in the remote
domain.
2. Install ADMT.
3. Migrate user and group accounts by using ADMT. You use ADMT to
migrate these accounts so that users can be authenticated by domain
controllers in the Active Directory domain.
This procedure can involve using ADMT to migrate user and group
accounts incrementally from the Windows NT 4.0 accounts domain to an
organizational unit in the Active Directory domain. In the practice, you will
migrate all users simultaneously.
4. Migrate Exchange 5.5 mailbox ACLs by using ADMT. You use ADMT to
migrate these mailbox ACLs so that the migrated user accounts will
continue to be able to access resources in the original Windows NT 4.0
domain.
5. Verify that user and group accounts were migrated.
In the five topics that follow, you will practice these five tasks.
How to Create a Two-Way Trust Between a Windows NT Server 4.0

Domain and an Active Directory Domain

Your first task in populating Active Directory with Windows NT user and
group accounts is to create a two-way trust between the Windows NT Server
4.0 domain and the Active Directory domain. You must create a two-way trust
so that you can read information out of the Windows NT Security Accounts
Manager (SAM) database and then write that information into Active Directory.
By using a two-way trust, you can assign permissions to administrators in each
domain to access resources in the remote domain.
To create a trust The high-level steps for creating a two-way trust between a Windows NT
between a Windows NT domain and an Active Directory domain are as follows:
domain and an Active
Directory domain 1. From the Windows NT domain, add the Active Directory domain as a
trusted domain and a trusting domain.
2. From the Active Directory domain, create a two-way trust with the
Windows NT domain.
3. Add the Active Directory administrator account to the local administrators
group of the Windows NT domain. If your Windows NT domain
administrator will need to access resources that are defined in your Active
Directory domain, you must also add the administrator account of the
Windows NT domain to the Active Directory domain local administrators
group.
The detailed steps for creating a two-way trust between a Windows NT domain
and an Active Directory domain are included in the practice that follows.
Practice: Creating a In this practice, you will create a two-way trust between the Windows NT
trust between a Server 4.0 domain and the Active Directory domain.
Windows NT domain
and an Active Directory
domain Important To complete these practices, you must have one computer running
Windows 2003 and Exchange Server 2003 in one domain and a second
computer running Windows NT 4.0 and Exchange 5.5 in a separate domain that
is not part of the Active Directory forest.
! To prepare for this practice

1. Start 2400_Vancouver-Virtual PC, if it is not already started.
2. Log on as Contoso\Administrator with a password of P@ssw0rd.
3. Start 2400_London-Virtual PC, if it is not already started.
4. Log on as NWTraders\LondonAdmin with a password of P@ssw0rd.
5. From 2400_London-Virtual PC, run the script entitled
“2400B_14_Setup.vbs” located in the C:\MOC\2400\practices\Mod14
folder.
6. If it is not already open, open Microsoft Outlook® Web Access by using
Microsoft Internet Explorer to open the URL http://london/exchange/
londonadmin. When prompted for credentials, use nwtraders\londonadmin
with a password of P@ssw0rd.
7. Read the message with the subject “Merger with Contoso” from your team
lead, Samantha Smith. To read the attachment, save the attachment to your
hard disk, and then open the attachment from your host computer by using
Microsoft WordPad.
Note This procedure may take five minutes to complete before you can
continue.
! To create a trust between a Windows NT Server 4.0 domain and an

Active Directory domain
1. From the Vancouver desktop, click Start, point to Programs, point to
Administrative Tools (Common), and then click User Manager for
Domains.
2. In User Manager for Domains, click Policies, and then click Trust
Relationships.
3. In the Trust Relationships dialog box, in the Trusted Domains area, click
ADD.
4. In the Domain box, type NWTRADERS and in the Password box, type
P@ssw0rd and then click OK.
5. When a dialog box appears warning you that the trust could not be verified,
click OK.
6. In the Trust Relationships dialog box, in the Trusting Domains area, click
ADD.
7. In the Trusting Domain box, type NWTRADERS
8. In the Initial Password and Confirm Password boxes, type P@ssw0rd

and then click OK.
9. Click Close to close the Trust Relationship window.
! To create a trust between a Windows Server 2003 Active Directory

domain and a Windows NT Server 4.0 domain
1. From 2400_London-Virtual PC, from your desktop, click Start, point to
Administrative Tools, and then click Active Directory Domains and
Trusts.
2. Right-click nwtraders.msft, and then click Properties.
3. In the nwtraders.msft Properties dialog box, click the Trusts tab, and then
click New Trust.
4. When the New Trust Wizard starts, click Next.
5. In the New Trust Wizard, on the Trust Name page, type CONTOSO and
then click Next.
6. In the Direction of Trust window, verify that Two-way is selected, and then
click Next.
7. On the Ongoing Trust Authentication Level page, verify that Domain-
wide authentication is selected, and then click Next.
8. On the Trust Password page, in the Trust Password and Confirm trust
password boxes, type P@ssw0rd and then click Next.
9. On the Trust Selections Complete page, click Next.
10. On the Trust Creation Complete page, read the status window to verify
that the trust was created successfully, and then click Next.
11. On the Confirm Outgoing Trust page, click Yes, confirm the outgoing
trust, and then click Next.
12. On the Confirm Incoming Trust page, click Yes, confirm the incoming
trust, in the User name box, type contoso\administrator and in the
Password box, type P@ssw0rd and then click Next.
13. On the Completing the New Trust Wizard page, read the status window to
verify that the trust was successfully created and confirmed, and then click
Finish.
14. In the Active Directory dialog box, read the information about SID
filtering, and then click OK.
15. In the nwtraders.msft Properties dialog box, click OK.
16. Close Active Directory Domains and Trusts.
! To add the NWTRADERS\LondonAdmin to the Windows NT

Server 4.0 Administrators group
1. From 2400_Vancouver-Virtual PC, in User Manager-Contoso, in the
Groups area, double-click Administrators.
2. In the Local Group Properties dialog box, click Add.
3. In the Add Users and Group window, in the List Names From box, click
NWTRADERS.
4. In the Names box, click LondonAdmin, click Add, and then click OK.
5. In the Local Group properties dialog box, click OK, and then close User
Manager - CONTOSO.
Why was it necessary to create a two-way trust between NWTraders

and Contoso?
To grant permissions for an account in a remote domain to access
resources in the local domain, you must create a trust relationship
with the remote domain. Because both domains require access to
resources in the other domain, you must create a two-way trust for
each domain.
How to Install ADMT

After you have created a two-way trust, you must install ADMT. Installing
ADMT is the second task in populating Active Directory with Windows NT
user and group accounts.
To install ADMT The high-level steps for installing ADMT are as follows:
1. Open the Active Directory Migration Tool Setup Wizard from the
Windows 2003 installation CD in the I386\ADMT folder.
2. Follow the steps of the wizard to install ADMT.
The detailed steps for installing ADMT are included in the practice that follows.
Practice: Installing In this practice, you will install ADMT on London. To install ADMT:
ADMT
1. From 2400_London-Virtual PC, close all Windows programs that are
currently open.
2. From your desktop, click Start, click Run, type c:\moc\2400\practices\
Mod14\admt\admigration.msi and then click OK.
3. In the Active Directory Migration Tool Setup Wizard, on the Welcome to
the Active Directory Migration Tool Setup Wizard page, click Next.
4. On the License Agreement page, click I accept the License Agreement,
and then click Next.
5. On the Installation Folder page, click Next.
6. On the Start Installation page, click Next.
7. When Setup is complete, click Finish.
How to Migrate User and Group Accounts Using ADMT

After you have ADMT installed, you can migrate user and group accounts. You
must migrate user and group accounts to Active Directory before you can move
their mailboxes to Exchange 2003. Using ADMT to migrate user and group
accounts is the third task in populating Active Directory.
To migrate user and The high-level steps for migrating user and group accounts by using ADMT are
group accounts using as follows:
ADMT
1. Open Active Directory Migration Tool and use the shortcut menu to start
the User Account Migration Wizard.
2. Follow the wizard prompts to migrate user accounts to Active Directory.
3. Use the shortcut menu to start the Group Account Migration Wizard.
4. Follow the wizard prompts to migrate group accounts to Active Directory.
Note You can also migrate user passwords by using ADMT. For more
information about migrating user passwords, search for article 326480, “How to
Use Active Directory Migration Tool Version 2 to Migrate from Windows 2000
to Windows Server 2003,” on the Product Support Services page of the
Microsoft Web site at http://www.support. microsoft.com/.
The detailed steps for migrating user and group accounts by using ADMT are
included in the two practices that follow.
Practice 1: Migrating In this practice, you will migrate Windows NT Server 4.0 user accounts from
user accounts using the Windows NT Server 4.0 domain to the Active Directory domain by using
ADMT the User Account Migration Wizard in ADMT. To migrate user accounts using
ADMT:
1. From 2400_London-Virtual PC, from your desktop, click Start, point to
Administrative Tools, and then click Active Directory Migration Tool.
2. In the Active Directory Migration Tool, in the console tree, right-click
Active Directory Migration Tool, and then click User Account Migration
Wizard.
3. In the User Account Migration Wizard, on the Welcome to the User
Account Migration Wizard page, click Next.
4. On the Test or Make Changes page, click Migrate now?, and then click
Next.
5. On the Domain Selection page, in the Source Domain list, click contoso,
and in the Target Domain list, click nwtraders, and then click Next.
6. On the User Selection page, click Add.
7. In the Select Users dialog box, click Advanced.
8. In the Select Users dialog box, click Find Now.
9. In the Search Results box, use the SHIFT key to select all user accounts
that have user names that begin with user (User1 through User40), and then
click OK.
10. In the Select Users dialog box, click OK, and on the User Selection page,
click Next.
11. On the Organizational Unit Selection page, click Browse.
12. In the Browse for Container dialog box, under Select a target container,
click Migrated Objects, and then click OK.
Note The organizational unit Migrated Objects was created for this lab
and is not a default container
13. Verify that the Target OU box contains the following:

LDAP://nwtraders.msft/OU=Migrated Objects,DC=nwtraders,
DC=msft
14. On the Password Options page, verify that Complex passwords is
selected, and then click Next.
15. On the Account Transition Options page, verify that Enable target
accounts is selected, select the Migrate user SIDs to target domain check
box, and then click Next.
16. When prompted to enable auditing on the source domain, click Yes.
17. When prompted to enable auditing on the target domain, click Yes.
18. When prompted to create a local group, click Yes.
19. When prompted to add a TcpipClientSupport registry key, click Yes.
20. When prompted to reboot the source domain primary domain controller to
assure that changes take effect, click Yes.
21. On 2400_London-Virtual PC, after Vancouver has finished rebooting, in the

Warning dialog box, click OK.
22. On the User Account page, in the User name box, type administrator and
in the Password box, type P@ssw0rd, and then click Next. This may take a
few minutes.
Important The account credentials that you use here must have
administrative rights in the source domain.
23. On the User Options page, click Next.

24. On the Naming Conflicts page, click Next.
25. On the Completing the User Account Migration Wizard page, click
Finish.
The Migration Progress dialog box appears and shows the status of the
migration operation. This process will take several minutes.
26. When the status shows Completed, read the status window to verify that no
errors were encountered during the operation.
27. Click Close to close the Migration Progress dialog box and the User
Account Migration Wizard.
You are migrating users from a domain that will be decommissioned

immediately after migration. There are no resources in the original
domain that users will require access to after migration. What might
you do differently when migrating user accounts in this scenario?
You might choose to not migrate SIDHistory. SIDHistory is only
needed if users will continue to require access to resources in their
original domain. Because there are no resources in that domain
that users will require access to, you can migrate those users
without their SIDs.
Practice 2: Migrating In this practice, you will use the Group Account Migration Wizard in ADMT to
group accounts using migrate Windows NT Server 4.0 group accounts from the Windows NT
ADMT Server 4.0 domain to the Active Directory domain. To migrate group accounts:
1. In the Active Directory Migration Tool, in the console tree, right-click
Active Directory Migration Tool, and then click Group Account
Migration Wizard.
2. In the Group Account Migration Wizard, on the Welcome to the Group
Account Migration Wizard page, click Next.
3. On the Test or Make Changes page, click Migrate now?, and then click
Next.
4. On the Domain Selection page, in the Source Domain list, verify that
contoso is selected, and in the Target Domain list, verify that
nwtraders.msft is selected, and then click Next.
5. On the Group Selection page, click Add.
6. In the Select Groups dialog box, click Advanced.
7. In the Select Groups dialog box, click Find Now.

8. In the Search Results box, click NT4Group, and then click OK.
9. In the Select Groups dialog box, click OK, and on the Group Selection
page, click Next.
10. On the Organizational Unit Selection page, verify that Migrated Objects
is identified in the Lightweight Directory Access Protocol (LDAP) query,
11. On the Group Options page, click Next.
12. On the User Account page, in the User name box, type administrator and
in the Password box, type P@ssw0rd and then click Next.
Important The account credentials that you use here must have
administrative rights in the source domain.
13. On the Naming Conflicts page, click Next.

14. On the Completing the Group Account Migration Wizard page, click
Finish.
The Migration Progress dialog box appears and shows the status of the
migration operation.
15. When the status shows Completed, read the status window to verify that no
errors were encountered during the operation.
16. Click Close to close the Migration Progress dialog box and the User
Account Migration Wizard.
How to Migrate Exchange Server 5.5 Mailbox ACLs Using ADMT

After you migrate user and group accounts, you migrate the Exchange 5.5
mailbox ACLs by using ADMT. This is the fourth task in populating Active
Directory.
You must migrate the Exchange 5.5 mailbox ACLs if you need your migrated
users to continue to have access to their Exchange 5.5 mailbox for any period of
time after the user account migration is completed. For example, if more than a
weekend will pass between the user account migration and the Exchange
mailbox move, your users will require continued access to their Exchange 5.5
mailboxes. Also, if the move mailbox process fails, you will want users to be
able to continue to use their Exchange 5.5 mailboxes.
To migrate Exchange 5.5 The high-level steps for migrating Exchange 5.5 mailbox ACLs are as follows:
mailbox ACLs using
ADMT 1. Open Active Directory Migration Tool and use the shortcut menu to start
the Exchange Directory Migration Wizard.
2. Follow the wizard prompts to migrate Exchange 5.5 mailbox ACLs to
Active Directory.
The detailed steps for migrating Exchange 5.5 mailbox ACLs are included in
the practice that follows.
Practice: Migrating In this practice, you will migrate Exchange 5.5 mailbox ACLs by using ADMT.
Exchange 5.5 mailbox To migrate Exchange 5.5 mailbox ACLs:
ACLs using ADMT
1. In Active Directory Migration Tool, in the console tree, right-click Active
Directory Migration Tool, and then click Exchange Directory Migration
Wizard.
2. In the Exchange Directory Migration Wizard, on the Welcome to the
Exchange Directory Migration Wizard page, click Next.
3. On the Test or Make Changes page, click Migrate now, and then click
Next.
4. On the Domain Selection page, in the Source Domain list, verify

CONTOSO is selected, and in the Target Domain list, verify
nwtraders.msft is selected, and then click Next.
5. On the Security Translation Options page, click Add, and then click Next.
6. On the Exchange Server page, type VANCOUVER and then click Next.
7. On the User Account page, in the User Name box, type Administrator
and in the Password box, type P@ssw0rd and then click Next.
8. On the Completing the Exchange Directory Migration Wizard page,
click Finish.
9. The Migration Progress dialog box appears and shows the status of the
migration operation. When the status shows Completed, click Close.
10. Close the Active Directory Migration Tool.
What does migrating Exchange 5.5 ACLs enable your users to do?
Migrating the Exchange 5.5 ACLs allows your users to continue to
access their Exchange 5.5 mailboxes after their accounts have been
moved to Active Directory. If you do not move Exchange 5.5 ACLs,
users will no longer be able to access their mailboxes on the
Exchange 5.5 server.
How to Verify a Successful User and Group Account Migration

Your final task in populating Active Directory with Windows NT user and
group accounts is to verify that the user and group accounts were migrated
successfully and that their Exchange 5.5 mailbox access was preserved.
To verify a successful To verify that the user and group account migration succeeded, you must verify
user and group account that the migrated user and group accounts exist in the target domain and that the
migration Exchange 5.5 mailboxes are now associated with the Active Directory accounts.
The detailed steps for verifying a successful user and group account migration
are included in the practice that follows.
Practice: Verifying a In this practice, you will verify that the migrated user and group accounts exist
successful user and in Active Directory in the target domain and that Exchange 5.5 mailboxes are
group account migration now associated with accounts that are defined in Active Directory. To verify
successful user and group account migration:
1. From 2400_Vancouver-Virtual PC, log on as Contoso\Administrator with
a password of P@ssw0rd.
2. From the desktop, click Start, point to Programs, point to Microsoft
Exchange, and then click Microsoft Exchange Administrator.
3. If prompted to connect to a server, type Vancouver and select the Set as
default check box, and then click OK.
4. In Microsoft Exchange Administrator, in the console tree, expand Site1, and
then click Recipients.
5. In the details pane, double-click User1.
6. Confirm that the Primary Windows NT Account has been changed to
NWTRADERS\User1. Account migration was not successful if the Primary
Windows NT Account reflects CONTOSO\User1.
7. Click Cancel to close User1 mailbox properties.
8. From 2400_London-Virtual PC, open Active Directory Users and
Computers.
9. In Active Directory Users and Computers, in the Migrated Objects

organizational unit, verify that User1 through User40 exist, and that
NT4Group exists.
10. Close Active Directory Users and Computers.
While confirming that your user accounts were migrated successfully,

you notice that the primary Windows NT account on some of the
Exchange 5.5 mailboxes continues to reflect the source domain rather
than the target domain. What does this mean?
If the primary Windows NT account on the Exchange 5.5 mailbox
reflects the original source domain, the migration has not been
completed. You should perform the migration process on those
accounts that appear to not have been migrated.
Lesson: Connecting the Exchange 5.5 Directory to Active

Directory

Introduction After you populate Active Directory with Windows NT 4.0 user and group
accounts, the next step in the migration is to connect the Exchange 5.5 directory
to Active Directory. You must do this to add Exchange 5.5 mailbox attributes to
the Active Directory users and groups that you copied to Active Directory by
using ADMT. This lesson teaches the concepts that you must understand to
connect the Exchange 5.5 directory to Active Directory and the tasks that you
must perform to do this.
! Describe the purpose of Active Directory Connector (ADC).
! Explain the purpose of connection agreements.
! Describe the purpose of the NTDSNoMatch attribute.
! Describe the purpose of ADC Tools.
! Explain the process for connecting the Exchange 5.5 directory to Active
Directory.
! Install the ADC.
! Configure resource mailbox properties.
! Configure an inter-organizational connection agreement to populate Active
Directory.
! Verify synchronization.
! Organize objects in Active Directory.
What Is Active Directory Connector?

Because Exchange Server 2003 uses Active Directory as its directory, you must
synchronize Active Directory with the Exchange 5.5 directory during the
migration process. Active Directory Connector (ADC) is a synchronization
agent that updates object changes between the Exchange 5.5 directory and
Active Directory. ADC synchronizes current mailbox and distribution list
information from the Exchange 5.5 directory to Active Directory user accounts
and groups, eliminating the need for re-entering this data in Active Directory.
By default, when you run ADC, it performs directory synchronization and maps
all objects from Exchange Server 5.5 to Active Directory.
The ADC will create accounts in Active Directory during synchronization if an
account does not already exist in Active Directory. This account creation will
occur if you do not use ADMT to migrate accounts before you use the ADC.
However, if you use the ADC to create accounts in Active Directory, the
Windows NT 4.0 ACLs that allow access to Exchange 5.5 mailboxes will not
be preserved. This loss of ACLs means that if your migration fails, users must
continue to log on to their Windows NT 4.0 domain by using their
Windows NT 4.0 credentials to continue to access their Exchange 5.5
mailboxes.
Note For more information about Exchange migrations, see the Microsoft
Exchange 2000 Server Upgrade Series Deployment guide available for
download from the Microsoft TechNet page of the Microsoft Web site at
http://www.microsoft.com/technet.
Tip If you plan to have your Exchange 2003 organization co-exist for a period
of time with an Exchange 5.5 organization, you must keep your directories
synchronized. Although the ADC can be used to maintain synchronization
between two organizations, it is not recommended for more complex migrations
involving several organizations. For complex migration scenarios, use
Microsoft Metadirectory Services (MMS). Even if you do not plan to have your
organizations co-exist, consider including the ADC or MMS as part of your
migration plan. Maintaining synchronization will help you be more prepared if
the Exchange migration fails and you have an unplanned coexistence period.
What Is a Connection Agreement?

You must configure a connection agreement to establish a relationship between
an existing Exchange 5.5 organization and Active Directory. A connection
agreement is an object that defines what will be synchronized and how
synchronization will occur between Exchange 5.5 and Active Directory,
including:
! The directory or directories to be synchronized.
! Windows 2003 synchronization objects.
! Exchange 5.5 synchronization objects.
! The source and target directories, which determine the direction in which
synchronization takes place.
! The synchronization schedule.
! The method for deleting objects.
Connection agreements that connect two Exchange organizations are referred to

as inter-organizational connection agreements. Use Active Directory Connector
Manager to create and manage connection agreements.
Types of connection There are three types of connection agreement.

agreements
This connection
agreement type Does this
Configuration Replicates Exchange 5.5 configuration container information to

Active Directory. Configuration information includes
information about organizations, connectors, and routing.
Configuration connection agreements are used only when
synchronizing directories within the same organization.
Recipient Defines which recipient objects in Active Directory and in the
Exchange 5.5 directory will be synchronized and where each
synchronized object will be replicated in the directory with
which it is synchronized.
Public folder Replicates public folder properties between the Exchange 5.5
directory and Active Directory when both directories are in the
same forest. You can view these connection agreements in the
Active Directory Connector Manager. You can create public
folder connection agreements only where a recipient connection
agreement exists.
Note For more information about connection agreements, search for

“Chapter 20 - Synchronizing Active Directory with Exchange Server Directory
Service” on the TechNet page of the Microsoft Web site at
http://www.microsoft.com/technet/.
What Is NTDSNoMatch?

In Exchange 5.5 you can associate multiple mailboxes with the same
Windows NT user account. If you have multiple Exchange 5.5 mailboxes that
have the same Windows NT account as their primary account, you can use
NTDSNoMatch to control how the ADC matches the mailboxes to Active
Directory user accounts in the target domain.
NTDSNoMatch is an Active Directory attribute that designates certain
mailboxes—those that have a duplicate primary Windows NT 4.0 account that
is not the same name as the mailbox—as resource mailboxes. This attribute is
necessary because, although Exchange 5.5 allowed a single Windows NT user
account to own more than one mailbox, Active Directory and Exchange 2003
do not. You must use NTDSNoMatch to migrate mailboxes that have the same
owner as another mailbox.
Why use Any mailboxes that were identified as resource mailboxes must have the value
NTDSNoMatch? of their Custom Attribute 10 attribute set to NTDSNoMatch for the ADC to
correctly synchronize them to the target domain. The NTDSNoMatch attribute
can be set by manually editing Custom Attribute 10 of resource mailboxes in
the Exchange 5.5 directory, by running the Resource Mailbox Wizard in Active
Directory Connector Tools, or by using the NTDSNoMatch utility. If you do
not configure NTDSNoMatch in the Custom Attribute 10 of your resource
mailboxes, the ADC will create a new, disabled account in the target Active
Directory, and you will have to manually configure permissions for the resource
owner to access the migrated information.
Note For more information about the NTDSNoMatch utility, including system
requirements, search for article Q274173, “XADM: Documentation for the
NTDSNoMatch Utility” on the Product Support Services page of the Microsoft
Web site at http://support.microsoft.com/.
What Are ADC Tools?

ADC Tools is a collection of wizards and utilities that help you set up
connection agreements. The tools scan your current Active Directory and
Exchange 5.5 directory and, if both directories are in the same forest, the tools
automatically create the recommended connection agreements. The tools are
most useful when you are connecting Active Directory to an Exchange 5.5
directory that is part of the same forest.
Wizards in ADC Tools ADC Tools include the wizards described in the following table.
Wizard Purpose
Resource Identifies Active Directory accounts that match more than one
Mailbox Exchange 5.5 mailbox. Use this wizard to match the appropriate primary
Wizard mailbox to the Active Directory account and to configure Custom
Attribute 10 on other mailboxes with the NTDSNoMatch attribute.
Connection Recommends connection agreements based on your Exchange 5.5
Agreement directory and Active Directory configuration. Review the recommended
Wizard connection agreements, and select those that you want the wizard to
create. If your Exchange 5.5 server is not part of the Active Directory
forest, you cannot use this wizard.
ADC Tools are included as an option in the ADC management console. The
Exchange Server Deployment Tools lead you through the process of installing
Active Directory Connector and running ADC Tools.
The Process of Connecting the Exchange 5.5 Directory to Active

Directory

The process To connect your Exchange 5.5 directory to Active Directory, you will complete
the following steps:
1. Install ADC. ADC helps you synchronize Exchange 5.5 object properties
with Active Directory objects.
2. Configure resource mailbox properties. This enables the resource owner to
continue to access the resource mailbox.
3. Configure an inter-organizational connection agreement to populate Active
Directory. This synchronizes Exchange 5.5 object properties with Active
Directory objects.
4. Verify synchronization.
5. Organize objects in Active Directory according to your Active Directory
organizational structure.
In the five topics that follow, you will practice these five tasks.
How to Install ADC

Your first task in connecting the Exchange 5.5 directory to Active Directory is
to install ADC.
To install ADC The high-level steps to install ADC are as follows:
1. Use Exchange Server Deployment Tools (the ExDeploy tool) to choose a
deployment scenario.
2. Start the Exchange 2003 Active Directory Connector Setup Wizard.
3. Follow the wizard steps to complete the installation.
The detailed steps to install ADC are included in the practice that follows.
Practice: Installing ADC In this practice, you will install ADC:
1. From 2400_London-Virtual PC, click Start, click Run, type
c:\moc\2400\practices\Mod14\exdeploy\exdeploy.chm and then click OK.
2. In Microsoft Exchange Server Deployment Tools, in the Getting Started
area, click Deploy the first Exchange 2003 server.
3. In the Deploy the First Exchange 2003 Server window, in the Follow this
process column in the table, click Coexistence with Exchange 5.5.
4. In Microsoft Exchange Server Deployment Tools, under the Coexistence
with Exchange 5.5 heading, click Phase 2.
5. In Phase 2: Prepare Active Directory, locate Step 6.
6. In the Path to ADC Setup box, type C:\Moc\2400\practices\Mod14\
adc\Setup.exe and then click Run ADC Setup Now.
7. If prompted with a Microsoft ActiveX® warning, click Yes.
8. In the Microsoft Active Directory Connector Setup Wizard, on the
Welcome to the Active Directory Connector Installation Wizard page,
click Next.
9. On the End-User License Agreement page, click I accept the terms of the
license agreement, and then click Next.
10. On the Component Selection page, select the Microsoft Active Directory
Connector Service component check box and the Microsoft Active
Directory Connector Management components check box, and then click
Next.
11. On the Install Location page, click Next.
12. On the Service Account page, click Browse.
13. In the Add User dialog box, click Administrator, click Add, and then click
OK.
14. On the Service Account page, verify that the Account name is
NWTRADERS\Administrator, and in the Account password box, type
P@ssw0rd and then click Next.
Note Because several Active Directory object changes must be made

during installation, installation may take several minutes.
15. After Setup is complete, click Finish.

16. From 2400_Vancouver-Virtual PC, in Microsoft Exchange Administrator,
in the console tree, click Contoso, and then click the Properties icon on the
toolbar.
17. In the Contoso Properties dialog box, click Permissions.
18. On the Permissions tab, click Add.
19. In the Add Users and Groups dialog box, in the List Names From box,
click NWTRADERS, and in the Names box, click Administrator and then
click Add, and in the Names box, click LondonAdmin and then click Add,
and then click OK.
20. In the Contoso Properties dialog box, for Nwtraders\administrator, in the
Roles box, click Service Account Admin, and for
Nwtraders\londonadmin, click Permissions Admin, and then click OK.
21. Repeat steps 16 through 20 for the Site1 container and the Configuration
container.
What is the purpose of using ExDeploy to install ADC?

You should use ExDeploy.chm for all installation and migration
tasks because information that you may need is provided within the
tool. Because it is easy to perform tasks incorrectly, you should
become accustomed to using ExDeploy before installing or
migrating objects into Exchange 2003. This can help prevent the
need to troubleshoot or re-do steps in your installation or
migration.
How to Configure Resource Mailbox Properties

After you have installed the ADC, you can configure the resource mailbox
properties in preparation for synchronization. This is the second task in
connecting the Exchange 5.5 directory to Active Directory.
To configure resource The high-level steps for configuring resource mailbox properties are as follows:
mailbox properties
1. Open Active Directory Connector from the Administrative Tools folder.
2. Run the Resource Mailbox Wizard to configure Custom Attribute 10 to
equal NTDSNoMatch for all the mailboxes that have aliases that do not
match the aliases of their owners.
3. Verify that NTDSNoMatch completed successfully by viewing the custom
attributes of one resource mailbox.
4. Use ExDeploy to verify that NTDSNoMatch completed without errors.
The detailed steps for configuring resource mailbox properties are included in
the practice that follows.
Practice: Configuring In this practice, you will configure resource mailbox properties and verify that
resource mailbox the configuration was successful.
properties
! To run ADC Tools
1. From 2400_London-Virtual PC, in Microsoft Exchange Server Deployment
Tools, read Step 7, and then perform the steps the identified in Step 7 of the
Exchange Server Deployment Tools by completing the remainder of this
procedure.
2. From London-Virtual PC, click Start, point to Administrative Tools, and
then click Active Directory Connector.
3. In Active Directory Connector, in the console tree, click ADC Tools.
4. In the details pane, in the Tool Settings area, click Set.
5. In the Tool Settings dialog box, in the Server box, type Vancouver and
then click Browse.
6. In the Browse For Folder dialog box, set the Folder box to
C:\Windows\Temp, and then click OK.
7. In the Tool Settings dialog box, click OK.
8. In the ADC Tools details pane, in the Data Collection box, click Run. In
the Information box, verify that no problems are found that have no
resolutions suggested.
9. In ADC Tools, in the Resource Mailbox Wizard box, click Run.
10. On the Welcome to the Resource Mailbox Wizard page, click Next.
11. On the Select Primary and Resource Mailboxes page, expand
NWTRADERS\User1, verify that the primary mailbox for User1 is bold,
12. On the Site Credentials page, click Set Credentials.
13. In the Set Credentials dialog box, in the Connect As box, type
Nwtraders\Administrator and in the Password box, type P@ssw0rd and
then click OK.
14. In the Sites box, verify that the Password State appears as Validated, and
then click Next.
15. On the Summary page, review the summary settings, and then click Next.
16. On the Completing Resource Mailbox Wizard page, click Finish.
Why is it important to run the Resource Mailbox Wizard before you

migrate users to Exchange 2003?
The Resource Mailbox Wizard identifies Exchange 5.5 mailboxes that
are associated with more than one Windows NT account and marks
Custom Attribute 10 with NTDSNoMatch. This allows those mailboxes
to be migrated to Exchange 2003 and associated with the correct
primary Active Directory account. If you do not run the Resource
Mailbox Wizard prior to migration, the migration wizard may not
associate mailboxes with the correct Active Directory account.
! To manually verify NTDSNoMatch

1. On 2400_Vancouver-Virtual PC, from the Exchange Administrator, click
the Recipients container.
2. In the details pane, double-click Resource1.
3. In the Resource1 Properties dialog box, click the Custom Attributes tab,
and verify that Custom Attribute 10 is set to NTDSNoMatch.
4. Close the Resource1 properties page.
! To use ADC Tools to verify NTDSNoMatch

1. On 2400_London-Virtual PC, in Active Directory Connector Services, in
the ADC Tools container, in the details pane, under the Resource Mailbox
Wizard, click Verify.
2. Read the Information box to verify that NTDSNoMatch completed without
errors.
How to Configure an Inter-Organizational Connection Agreement to

Populate Active Directory

After you have migrated the resource mailboxes, you can configure an inter-
organizational connection agreement to populate Active Directory objects with
Exchange 5.5 properties. This is the third task in connecting the Exchange 5.5
directory to Active Directory. Because this is an inter-organizational connection
agreement, you cannot use the wizard in the ExDeploy tool.
Note To minimize potential problems with mappings between recipient

containers in the source organization and organizational units in the target
forest, configure the organizational unit structure in the target domain before
you configure the connection agreements.
To configure an inter- The high-level steps for configuring an inter-organizational connection

organizational agreement that connects two organizations are as follows:
connection agreement
1. Use Active Directory Connector Services to create a new recipient
connection agreement.
2. Configure the connection agreement to be an inter-organizational
connection agreement.
3. Verify the results by viewing the status in ADC Tools.
The detailed steps for configuring an inter-organizational connection agreement

are included in the practice that follows.
Practice: Configuring an In this practice, you will create an inter-organizational connection agreement
inter-organizational between the Exchange 5.5 directory and Active Directory. To create the
connection agreement connection agreement:
1. From 2400_London-Virtual PC, in Active Directory Connector Services, in
the console tree, right-click Active Directory Connector (LONDON),
point to New, and then click Recipient Connection Agreement.
2. In the Properties dialog box, on the General tab, in the Name box, type
Recipient CA and in the Replication direction area, verify that From
Exchange to Windows is selected, and then click the Connections tab.
3. On the Connections tab, in the Windows Server information area, click
Modify.
4. In the Connect as (Windows Server) dialog box, in the Connect as box,
type nwtraders\administrator and in the Password box, type P@ssw0rd
and then click OK.
5. On the Connections tab, in the Exchange Server information area, in the
Server box, type Vancouver and then click Modify.
6. In the Connect as (Exchange Server) dialog box, in the Connect as box,
type nwtraders\administrator and in the Password box, type P@ssw0rd
and then click OK.
7. In the Recipient CA Properties dialog box, click the Schedule tab.
8. On the Schedule tab, click Always, select the Replicate the entire
directory the next time the agreement is run check box, and then click
the From Exchange tab.
9. On the From Exchange tab, click Add.
10. In the Choose a container dialog box, expand Site1, click Recipients, and
then click OK.
11. On the From Exchange tab, click Modify.
12. In the Choose a container dialog box, click Migrated Objects, and then
click OK.
13. In the Recipient CA Properties dialog box, click Advanced.
14. On the Advanced tab, select the This is an Inter-Organizational
Connection Agreement check box, and then click OK.
The Active Directory Connector tool includes a wizard for creating

recipient connection agreements. Why did you not use the wizard to
create this connection agreement?
The wizard only allows you to create connection agreements within
a single Exchange organization. Because this practice requires you
to connect two Exchange organizations, you must create the
recipient connection agreement manually.
How to Verify Synchronization

After you verify that the inter-organizational connection agreements are
working, you must verify the synchronization. This is the fourth task in
connecting the Exchange 5.5 directory to Active Directory.
To verify The high-level steps for verifying synchronization are as follows:
synchronization
1. Verify that Exchange 5.5 mailbox properties are synchronized to Active
Directory.
2. Verify that Exchange 5.5 distribution lists are synchronized as contacts to
Active Directory.
3. Run ExDeploy tools and verify that the output indicates a successful
synchronization.
The detailed steps for verifying synchronization are included in the practice that
follows.
Practice: Verifying In this practice, you will verify that the synchronization between Exchange
synchronization Server 5.5 and Active Directory is working properly.
! To view synchronized data in Active Directory

1. On 2400_London-Virtual PC, in Active Directory Users and Computers, in
the console tree, click Migrated Objects.
2. In the details pane, double-click User1.
3. In User1 Properties dialog box, click the Address tab, and then confirm
that the City and State attributes have synchronized from the Exchange
Server 5.5 directory.
4. In User1 properties, click the Exchange General tab, and then verify that
User1 has a Simple Mail Transfer Protocol (SMTP) address in
contoso.msft.
5. Close the User1 Properties dialog box.
! To verify Exchange 5.5 DL objects are Active Directory contacts

1. In Active Directory Users and Computers, in the Migrated Objects
container, double-click the contact DL1.
2. In the DL1 Properties dialog box, click the Exchange General tab, and
verify that the contact has an SMTP address of DL1@contoso.msft.
3. Close the DL1 Properties dialog box.
! To verify ADC Synchronization with ExDeploy tools

1. In Microsoft Exchange Server Deployment Tools in Phase 2, Prepare
Active Directory, at the bottom of the page, click Next.
2. On the Phase 3. Installing Exchange Server 2003 on the Initial Server
page, scroll to Step 5, and then click Go to the validation tools now.
3. On the Tools for Validating Exchange 5.5 and Exchange 2003
Coexistence page, in the first step:
• In the Exchange 5.5 server box, type Vancouver
• In the Global Catalog Server box, type London
• In the Log file path box, type C:\Windows\Temp
4. In the second step, click Run ADCConfigCheck now.
5. Click Yes to allow ActiveX interaction.
6. Open the file C:\Windows\Temp\ExDeploy.log, review ADCConfigCheck
output, and then close the ExDeploy.log file. Note that the configuration
container is not replicated to the Exchange 2003 organization.
7. In Microsoft Exchange Server Deployment Tools, repeat Steps 4 and 6 for
all tools listed in ExDeploy. This includes running the following tools:
ConfigDSInteg, RecipientDSInteg, and PrivFoldCheck.
8. In Microsoft Exchange Server Deployment Tools, at the bottom of the
Tools for Validating Exchange 5.5 and Exchange 2003 Coexistence
page, click the link to Return to Phase 3. Installing Exchange
Server 2003 on the Initial Server.
What is the purpose of the RecipientDSInteg tool?

The RecipientDSInteg tool runs checks on each recipient object
including User, Group, Contact, and Public Folder objects in
Active Directory. These checks are designed to detect problems in
Active Directory after Active Directory Connector has been
configured.
How to Organize Objects in Active Directory

After you verify that a successful synchronization has occurred, you must
organize objects in Active Directory. This is the final task in connecting the
Exchange 5.5 directory to Active Directory.
To organize objects in The high-level steps for organizing objects in Active Directory are as follows:
Active Directory
1. Move synchronized objects into your existing organizational structure.
2. Verify that synchronization works from the Exchange 5.5 directory to
Active Directory after the objects have been moved.
The detailed steps for organizing objects in Active Directory are included in the
practice that follows.
Practice: Organizing In this practice, you will organize the migrated objects in Active Directory.
objects in Active
Directory ! To organize synchronized objects in the existing organizational unit
structure
the console tree, click Migrated Objects.
2. In the details pane, select all User accounts (not including the disabled
accounts, the contact, or NT4Group), right-click the selection, and then
click Move.
3. In the Move dialog box, expand Managed Objects, click Users, and then
click OK.
4. In Migrated Objects, in the details pane, right-click DL1, and then click
Move.
5. In the Move details pane, expand Managed Objects, click Distribution
Groups, and then click OK.
6. In Migrated Objects, in the details pane, right-click NT4Group, and then
click Move.
7. In the Move dialog box, expand Managed Objects, click Security Groups,
and then click OK.
8. In Migrated Objects, in the details pane, right-click Resource1, and then
click Move.
9. In the Move dialog box, expand Managed Objects, click Resources, and
then click OK.
! To verify that synchronization works from Exchange Server 5.5 to

Active Directory after the objects have been moved
1. On 2400_Vancouver-Virtual PC, in Microsoft Exchange Administrator, in
the Recipients container, double-click User1.
2. In the Phone field, type 425-555-0199 and then click OK.
3. On 2400_London-Virtual PC, in Active Directory Connector Services, in
the console tree, click Active Directory Connector (LONDON).
4. In the details pane, right-click Recipient CA, and then click Replicate
Now.
5. In Active Directory Users and Computers, expand Managed Objects, and
then click Users.
6. In the console tree, double-click User1, and on the General tab, verify that
the telephone phone number was synchronized.
Lesson: Moving Mailbox and Public Folder Contents into

an Exchange Server 2003 Organization

Introduction After you populate Active Directory with Windows NT 4.0 objects and connect
the Exchange 5.5 directory to Active Directory, the final migration task is to
move mailbox and public folder contents into the Exchange 2003 organization.
This lesson describes the concepts that you must understand to move mailbox
and public folder contents and the tasks that you must perform to move them
from Exchange 5.5 to Exchange 2003.
! Describe the process for moving mailbox and public folder contents.
! Describe the guidelines for choosing a mailbox move method.
! Explain what you can do by using the Exchange Server Migration Wizard.
! Move Exchange Server 5.5 mailboxes to Exchange 2003 by using the
Exchange Server Migration Wizard.
! Describe the purpose of the InterOrg Replication Utility.
! Replicate public folders from Exchanger Server 5.5 to Exchange 2003 by
using the InterOrg Replication Utility.
The Process of Moving Mailboxes and Public Folders

The process After you have successfully synchronized your Exchange 5.5 directory with
Active Directory, you can begin moving mailboxes. You move mailboxes from
Exchange 5.5 to Exchange 2003 as follows:
1. Identify the method that you will use for moving mailboxes. The method that
you choose is based on whether you need to modify the migration files and
whether your network supports a one-step migration.
2. Identify the user accounts to migrate. This makes it possible for users who
work together and communicate frequently to be migrated at the same time.
3. Identify the container where new user accounts will be created, if needed. If
you used ADMT and ADC prior to moving mailboxes, no new accounts
should be created.
4. Verify that the information for all of the user accounts is correct.
5. Verify connectivity from the Exchange 2003 organization to any messaging
systems with which the Exchange 5.5 organization communicated. You may
need to create connectors from the Exchange 2003 organization to these
messaging systems.
6. Move the mailboxes from a server running Exchange 5.5 to a server running
Exchange 2003. After mailboxes are moved, all user messaging information
will be stored in an Exchange 2003 mailbox store, and users will be able to
log on and use Exchange 2003.
7. After the mailboxes are moved, move public folder contents to your existing
Exchange 2003 organization. After you move public folder contents, all
information that users accessed on the Exchange 5.5 server will be relocated
to Exchange 2003, and you can decommission the Exchange 5.5 server.
Note Always move managers and their delegates (anyone to whom a manager
has delegated permissions to their mailbox) at the same time. If you fail to do
this, the delegates will not be able to access the mailboxes of their managers.
The rest of this lesson describes the steps in this process in detail. You can use
the Exchange Server Migration Wizard to help perform Tasks 2 through 5 and
the InterOrg Replication Utility to help perform Task 6.
Guidelines for Choosing a Mailbox Move Method

The first step in moving mailboxes is choosing which method to use.
Methods of moving The following table describes the two methods that you can use.
mailboxes
Method Description
The one-step Extract the e-mail data from the server running Exchange Server 5.5 by
move using the Exchange Server Migration Wizard, and import the data
immediately to the server running Exchange 2003, without modifying
the import files.
The two-step 1. Run the Exchange Server Migration Wizard once to extract the
move migration files from the server running Exchange Server 5.5. If
necessary, modify the directory import and messaging files to
prepare them for the import.
2. Run the wizard a second time to import those migration files to the
server running Exchange 2003. When you run the Exchange Server
Migration Wizard for the second time, you must click Import from
Migration Files on the Migration screen.
Guidelines for choosing When you move mailboxes, you move all of the content of the mailbox, and the
a method mailboxes that you move may be very large. Which method you choose
depends on the network connection that you have between the two servers:
! If you have a high-bandwidth connection, you can use the one-step move.
! If your servers cannot reliably communicate across the network, you must
use the two-step move. Also, if you want to be able to review and edit the
extracted migration files between the first and second steps, choose the two-
step method.
Regardless of which of these two methods that you use, you can move all of the
mailboxes out of the existing organization at once, or you can move them out in
logical groups.
What You Can Do Using the Exchange Server Migration Wizard

After you choose a method for moving mailboxes, you must identify the user
accounts that you want to migrate and then identify the container where any
new user accounts will be created. You can use Exchange Server Migration
Wizard to accomplish these tasks and to migrate mailboxes.
What is the Exchange The Exchange Server Migration Wizard is a wizard that was designed to make
Server Migration it easy for administrators to perform migrations to Exchange. The wizard
Wizard? extracts data from other messaging systems and imports that data into Active
Directory and the Exchange store. The wizard also adds new users to Active
Directory if you migrate mailboxes that do not already have a corresponding
user account in Active Directory, and it adds new e-mail and calendar data to
the Exchange store for any new user accounts that are created during migration.
What you can do with You can use the wizard to perform these tasks:
the wizard
! Identify which messaging system elements to move. For example, you can
decide to move the mailboxes of some user accounts and not those of others
to reduce the amount of e-mail data that you migrate. And if you choose the
two-step move method, you have the option of editing the migration files
between the extracting step and the importing step.
! Migrate all mailbox data to the new Exchange 2003 mailboxes. Include the
following data: inbox, drafts, sent items, calendar, tasks, custom folders
created by the mailbox owner, and contacts.
! Create new Active Directory users based on Exchange 5.5 mailboxes in the
source organization. This is necessary if matching users do not already exist
in Active Directory.
! Migrate Exchange, MSMail, Lotus cc:Mail, Lotus Notes, Novell GroupWise
4.x, Novell GroupWise 5.x, LDAP, and Internet Message Access Protocol
version 4, revision 1 (IMAP4) e-mail into the Exchange 2003 mailbox store.
What you cannot do with You cannot use the wizard to perform the following tasks:
the wizard
! Clean up mailboxes on the source server after migration. Old mailboxes
continue to receive e-mail after migration unless you delete or disable the
old mailboxes.
! Migrate custom recipients. Exchange 2003 does not use custom recipients.
This functionality is retained in mail-enabled contacts. When migrating
custom recipients, the wizard creates contacts from the custom recipients.
! Preserve access to other mailboxes or public folders. For example, after
migration, if a mailbox owner updates his or her profile to reference the new
mailbox, the owner will not be able to access any e-mail resources in the old
Exchange 5.5 organization. To preserve access, use ADMT to migrate
Exchange 5.5 ACLs, as discussed earlier in this module.
! Migrate mailboxes within an organization. The source server running
Exchange must be in a different organization from the target server running
Exchange 2003.
Note You can use Exchange Server Migration Wizard to migrate

mailboxes if the source Exchange 5.5 organization is located in the same
forest as the target Exchange 2003 organization but it has not yet joined the
Exchange 2003 organization. For example, the source Exchange 5.5 servers
may be running on Windows 2003 in an Active Directory forest that also
contains the target Exchange 2003 organization. In this scenario, if the
Exchange 5.5 organization and the Exchange 2003 organization have
different organization names, you can still use the Exchange Server
Migration Wizard to migrate the mailboxes.
! Migrate personal e-mail archives or personal address books.
Note For information about methods for migrating personal e-mail archives
or personal address books, see the Exchange 2003 online documentation.
! Migrate distribution lists.

! Migrate Inbox rules. After migration, mailbox owners must re-create their
Inbox rules in Microsoft Outlook.
! Migrate public folders.
How to Move Mailboxes from Exchange 5.5 to Exchange 2003

After you have identified the user accounts that you want to migrate and the
organizational unit where any new user accounts will be created, you can move
the mailboxes.
To move mailboxes The high-level steps for moving mailboxes to a new Exchange 2003
organization are as follows:
1. Use Exchange Server Migration Wizard to move mailboxes.
2. Verify that the mailboxes were moved.
3. Verify that Exchange 5.5 resource mailboxes are synchronized to Active
Directory.
Detailed steps for moving mailboxes are included in the practice that follows.
Practice: Moving In this practice, you will prepare and move mailboxes from a server running
mailboxes from Exchange 5.5 to a server running Exchange 2003, and then verify that the
Exchange 5.5 to mailboxes were moved.
Exchange 2003
! To move the mailboxes
1. On 2400_London-Virtual PC, click Start, point to All Programs, point to
Microsoft Exchange, point to Deployment, and then click Migration
Wizard.
2. In the Exchange Server Migration Wizard, on the Welcome to the
Exchange Server Migration Wizard page, click Next.
3. On the Migration page, click Migrate from Microsoft Exchange, and then
click Next.
4. On the Exchange Server Migration page, click Next.
5. On the Migration Destination page, in the Information store box, click
Mailbox Store (LONDON) (First Storage Group), and then click Next.
6. On the Source Exchange Server page:

a. In the Exchange server name box, type Vancouver
b. In the Administrator account box, type contoso\administrator
c. In the Password box, type P@ssw0rd and then click Next.
7. On the Migration Information page, click Next.
8. On the Account Migration page, click Select All, press CTRL, click to
clear Administrator, and then click Next.
9. On the Container for New Windows Accounts page, expand
nwtraders.msft, click Migrated Objects, and then click Next.
10. On the Windows Account Creation and Association page, click Next.
11. When the migration is complete, on the Migration Progress page, click
Finish. This operation will take several minutes.
12. In the Exchange Server Migration Wizard dialog box, click OK.
! To confirm that the mailboxes were moved

1. On 2400_London-Virtual PC, start Exchange System Manager.
2. In Exchange System Manager, in the console tree, browse to
Administrative Groups\First Administrative Group\Servers\LONDON\
First Storage Group\Mailbox Store (LONDON), and then click Mailboxes.
3. In the details pane, verify that the migrated mailboxes User1 through
User40 and Resource1 are listed.
4. Open Event Viewer.
5. In the Application log, in the column header, click Source to sort by
source, and then click any event that has a source that is MSExchangeMig.
6. Verify that no stop or warning errors exist for MSExchangeMig.
7. Close Event Viewer.
! To verify resource mailbox object synchronization

1. In Active Directory Users and Computers, click View, and then click
Advanced Features.
2. In the console tree, in the Managed Objects\Resources organizational unit,
double-click the resource mailbox Resource1.
3. In the Resource1 Properties dialog box, click the Security tab, and review
the permissions for User1.
Note User1 is the primary Microsoft Windows NT account associated with

Resource1.
4. In the Resource1 Properties dialog box, click the Exchange Advanced

tab, and then click Mailbox Rights.
5. In the Permissions for Resource1 dialog box, in the Group or user names
box, click User1.
6. In the Permissions for User1 box, confirm that User1 has Full Mailbox
Access, and then click OK.
7. Close the Resource1 Properties dialog box.
As a resource mailbox, Resource1 has more than one Windows NT

account associated with it. What caused the migration wizard to
associate this account with User1?
When you ran the resource mailbox wizard previously, you chose
User1 as the primary account that this mailbox should be
associated with.
What Is the InterOrg Replication Utility?

After you move mailboxes, you can replicate public folders. To replicate public
folders between different Exchange organizations, you use the InterOrg
Replication Utility. This allows the coordination of meetings, appointments,
contacts, and public folder information between Exchange organizations. A
LAN connection between different Exchange organizations is required to use
the InterOrg Replicator Utility.
Programs in the InterOrg The tool consists of two programs: the Configuration program (Exscfg.exe) and
Replicator Utility the Replication Service program (Exssrv.exe). These programs are described in
the following table.
Program Description
Configuration Creates a configuration file for setting the replication frequency,

logging options, folders to be replicated, and accounts to be used.
This configuration file is used by the Replication Service program.
Replication Uses a configuration file created by the Configuration program to
Service continuously update information from one server (designated as the
Publisher) to one or more Exchange servers (designated as
Subscribers). Public folders can be replicated from Publisher to
Subscriber or bidirectionally. You can configure the replication
frequency, the logging of message and folder replication, and the
amount of processing power that you want to provide to the
replication process.
Note For more information about how to use the InterOrg Replication Utility,
see Article 238573, “XADM: Installing, Configuring, and Using the InterOrg
Replication Utility” on the Product Support Services page of the Microsoft Web
site at http://support.microsoft.com/.
How to Replicate Public Folders from Exchange 5.5 to

Exchange 2003

After you have moved mailboxes, you can replicate public folders. This is the
final task in the entire migration process.
To replicate public The high-level steps for replicating public folders from Exchange 5.5 to
folders Exchange 2003 are as follows:
1. Prepare the Exchange 5.5 and Exchange 2003 servers for the InterOrg
Replication Utility.
2. Install the InterOrg Replication Utility from the Exchange 5.5 SP6
installation media.
3. Create a replication configuration file on the Exchange 5.5 server.
4. Configure the replication service on the Exchange 5.5 server.
5. Use Outlook to verify that public folders and their content are replicating
correctly.
6. Remove the instances of the public folders from the server running
Exchange 5.5.
When migrated users next attempt to access the public folders, users are
automatically connected to the Exchange 2003 instance.
The detailed steps for replicating public folders are included in the practice that
follows.
Note If the Exchange 5.5 server is in the same organization as the

Exchange 2003 server, you should use the Microsoft Exchange Public Folder
Migration Tool, called pfMigrate, to migrate both system folders and public
folders to the new server. Use pfMigrate to create system folder and public
folder replicas on the new server and, after the folders have replicated, remove
replicas from the source server. The pfMigrate tool is part of the Exchange
Server Deployment Tools located under Support Tools in the ExDeploy folder
on the Exchange Server 2003 CD.
Practice: Replicating In this practice, you will replicate public folders from an Exchange 5.5
public folders from organization to a different Exchange 2003 organization by using the InterOrg
Exchange 5.5 to Replication Utility.
Exchange 2003
! To prepare the Publisher (Vancouver) server for InterOrg Replication
1. On 2400_Vancouver-Virtual PC, in User Manager for Domains, click
User, and then click New User.
2. In the New User dialog box:
a. In the Username box, type VanPFRepl
b. In the Password and Confirm Password boxes, type P@ssw0rd
c. Clear the User Must Change Password at Next Logon check box, and
then click Add.
3. If prompted to connect to a server, type Vancouver and then click OK.
4. In the VanPFRepl Properties dialog box, click OK.
5. In the New User dialog box, click Close.
6. In User Manager-Contoso, click Policies, and then click User Rights.
7. In the User Rights Policy dialog box, set the Right box to Log on locally,
and then click Add
8. In the Add Users and Groups dialog box, click Show Users, click
VanPFRepl, click Add, and then click OK.
9. In the User Rights Policy dialog box, select the Show Advanced User
Rights check box, set the Right box to Log on as a service, and then click
Add
10. In the Add Users and Groups dialog box, click Show Users, click
VanPFRepl, click Add, and then click OK.
11. Click OK to close User Rights Policy.
12. Close User Manager-Contoso.
13. From the desktop, click Start, point to Programs, and then click Microsoft
Outlook.
14. In Outlook, in the Folder List, expand Public Folders, and then expand
All Public Folders.
15. Right-click PF1, and then click Properties.
16. In the PF1 Properties dialog box, click Permissions.
18. In the Add Users dialog box, click VanPFRepl, click Add, and then click
OK.
19. In the PF1 Properties dialog box, click VanPFRepl, set the Roles box to
Owner, and then click OK.
20. Repeat steps 15 through 19 for folders PF1.1 and PF2.
21. In the folder list, right-click All Public Folders, and then click New Folder.
22. In the Create New Folder dialog box, type ExchsyncSecurityFolder and
then click OK. If prompted to add a shortcut to the Outlook Bar, click No.
23. In the folder list, right-click ExchsyncSecurityFolder, and then click
Properties.
24. In the ExchsyncSecurityFolder Properties dialog box, click Permissions.
26. In the Add Users dialog box, click VanPFRepl, click Add, and then click
OK.
27. In the ExchsyncSecurityfolder Properties dialog box, click VanPFRepl,
and then set the Roles box to Owner.
28. In the ExchsyncSecurityFolder Properties dialog box, click Default, and
then click Remove.
29. Repeat the previous step for Anonymous and Administrator. Verify that the
only account with any permissions on the folder is VanPFRepl and that
VanPFRepl has Owner permissions.
30. In the ExchsyncSecurityFolder Properties dialog box, click OK.
31. Close Outlook.
32. In Windows Explorer, create a folder on drive C named PFMigrate, and
then close Windows Explorer.
! To configure LMHOSTS on the Publisher (Vancouver)

1. Use Windows Explorer to open the C:\winnt\system32\drivers\etc folder.
2. In the etc folder, right-click Lmhosts, and then click Open With.
3. In the Open With dialog box, click Notepad, and then click OK.
4. In Lmhosts-Notepad, scroll to the end of the file, and add a new line that
reads as follows: 192.168.1.1 LONDON #PRE
5. Make sure that there are five spaces between the IP address and the
computer name, and between the computer name and #PRE.
6. Delete all information in LMhosts except for the line that you just added.
7. In Lmhosts, click File, click Save As, type LMHOSTS and then click
Save. When prompted to replace the existing LMHOSTS.SAM, click Yes.
8. Close Microsoft Notepad.
9. In Windows Explorer, click View, and then click Options.
10. In the Options dialog box, click View.
11. On the View tab, clear the Hide file extensions for known file types check
box, and then click OK.
12. In the etc folder, rename LMHOSTS.SAM to LMHOSTS. Click Yes to
verify that you want to change the file extension.
13. From the desktop, click Start, click Run, type cmd and then click OK.
14. In the command prompt window, type nbtstat –R and then press ENTER.
15. In the command prompt window, type nbtstat –C and press ENTER, and
verify that London is listed in the NetBIOS Remote Cache Name Table with
an IP address of 192.168.1.1.
16. In the command prompt window, type exit and then press ENTER.
Why do you need an LMHosts file?

Although Windows 2003 and Exchange 2003 use fully qualified
domain names and DNS for name resolution, Windows NT 4.0 and
Exchange 5.5 use NETBIOS and WINS for host name resolution. If
you do not have a LMHOSTS file, you must have a WINS server
for the Exchange 5.5 server to communicate with the
Exchange 2003 server.
! To prepare the Subscriber (London) server for InterOrg Replication

the console tree, in the Managed Objects\Users organizational unit, in the
console tree, right-click Users, point to New, and then click User.
2. In the New Object-User dialog box, in the First name and User logon
name boxes, type LonPFRepl and then click Next.
3. In the New Object-User dialog box:
a. In the Password and Confirm password boxes, type P@ssw0rd
b. Clear the User must change password at next logon check box, and
then click Next.
4. In the New Object-User dialog box, in the Mailbox Store box, click First
Storage Group/Mailbox Store (LONDON), and then click Next.
5. In the New Object-User dialog box, click Finish.
6. In Exchange System Manager, browse to Administrative Groups\
First Administrative Group\Folders\Public Folders.
7. Right-click Public Folders, point to New, and then click Public Folder.
8. In the Properties dialog box, type ExchsyncSecurityFolder and then click
OK.
9. In the console tree, right-click ExchsyncSecurityFolder, and then click
Properties.
10. In the ExchsyncSecurityFolder Properties dialog box, click Permissions.
11. On the Permissions tab, click Client permissions
12. In the Client Permissions dialog box, click Add.
13. In the Add Users dialog box, click LonPFRepl, click Add, and then click
OK.
14. In the Client Permissions dialog box, click LonPFRepl, and then set the
Roles box to Owner.
15. In the Client Permissions dialog box, click Default, and then click
Remove.
16. Repeat the previous step for Anonymous and London Admin. Verify that
the only account with any permissions on the folder is LonPFRepl and that
LonPFRepl has Owner permissions, and then click OK.
17. In the ExchsyncSecurityFolder Properties dialog box, click OK.
18. In the console tree, right-click Public Folders, point to New, and then click
Public Folder.
19. In the Properties dialog box, type PF1 and then click OK.
20. In the console tree, right-click PF1, and then click Properties.
21. In the PF1 Properties dialog box, click Permissions.
22. On the Permissions tab, click Client permissions.
23. In the Client Permissions dialog box, click Add.
24. In the Add Users dialog box, click LonPFRepl, click Add, and then click
OK.
25. In the Client Permissions dialog box, click LonPFRepl, set the Roles box
to Publishing Editor, and then click OK.
26. In the PF1 Properties dialog box, click OK.
27. Repeat steps 18 through 26 to create and configure the PF2 public folder.
28. Switch to 2400_Vancouver-Virtual PC.
29. Log off 2400_Vancouver-Virtual PC and log back on as VanPFRepl with a
password of P@ssw0rd.
30. In the Welcome dialog box, click Close.
! To install the InterOrg replicator utility files

1. On 2400_Vancouver-Virtual PC, click Start, click Run, type \\london\c$
and then click OK. When prompted for credentials, type
nwtraders\administrator with a password of P@ssw0rd.
2. In \\london\c$, browse to \moc\2400\practices\Mod14\exchsync\I386 .
3. Copy all the files in the I386 folder to C:\pfmigrate.
4. Close the \\london\c$\moc\2400\practices\Mod14\exchsync\I386 folder.
5. In C:\pfmigrate, double-click Exscfg.exe.
! To create a configuration file for public folder replication

1. In Untitled – Exchange Replication Configuration, on the Session menu,
click Add.
2. In the Add Session dialog box, verify that Public Folder Replication is
selected, and then click OK.
3. In the Public Folder Session Configuration dialog box, in the Title box,
type PFSync to NWTraders and then click Schedule.
4. In the Session Schedule Configuration dialog box, in the Repeat area, in
the minutes box, type 5 and then click OK.
5. In the Public Folder Session Configuration dialog box, click Logging.
6. In the Session Logging Configuration dialog box, select the Enable check
box, select the Log access warnings check box, and then click OK.
7. In the Public Folder Session Configuration dialog box, in the Publisher
Organization area:
a. In the Server box, type Vancouver
b. In the Mailbox box, type VanPFRepl and then click Advanced.
8. In the Advanced Information dialog box:
a. Select the Use alternate NT account check box.
b. In the User name box, type VanPFRepl
c. In the Password box, type P@ssw0rd
d. In the Domain box, type Contoso and then click OK.
9. In the Public Folder Session Configuration dialog box, in the Subscriber
Organization area:
a. In the Server box, type London
b. In the Mailbox box, type LonPFRepl and then click Advanced.
10. In the Advanced Information dialog box:
a. Select the Use alternate NT account check box.
b. In the Username box, type LonPFRepl
c. In the Password box, type P@ssw0rd
d. In the Domain box, type Nwtraders and then click OK.
11. In the Public Folder Session Configuration dialog box, click Folder List.
12. In the Session Folder List dialog box, in the Publisher Public Folders
area, click Logon, and then in the Subscriber Public Folders area, click
Logon.
13. In the Publisher Public Folders box, expand Public Folders.
14. In the Subscriber Public Folders box, expand Public Folders.
15. In the Publisher Public Folders box, click PF1, and in the Subscriber
Public Folders box, click PF1, and then click Add.
16. In the Publisher Public Folders box, click PF2, and in the Subscriber
Public Folders box, click PF2, and then click Add.
17. In the Session Folder List dialog box, click OK.
18. In the Public Folder Session Configuration dialog box, click OK.
19. In Untitled-Exchange Replication Configuration, on the toolbar, click Save.
20. In the Save As dialog box, in the File name box, type PF2nwtraders and
then click Save.
21. Log off 2400_Vancouver-Virtual PC and log back on as Administrator
with a password of P@ssw0rd.
! To set up the replication service

1. On Vancouver, in C:\PFMigrate, double-click Exssrv.exe.
2. In Exchange Replication, click Install.
3. In the Installation dialog box:
a. In the Account box, type CONTOSO\ VanPFRepl
b. In the Password box, type P@ssw0rd
c. In the Configuration File box, type C:\pfmigrate\pf2nwtraders.esc
d. In the Startup Options area, select the Automatic start at system boot
check box, and then click OK.
4. Close Exchange Replication.
5. Open Control Panel, open Services, and open the Exchange Replication
Service Startup properties. In the Service dialog box, in the Log On As
area, click the ellipsis button, select the VanPFRepl account, click Add,
and then click OK. Re-enter the password as P@ssw0rd, click OK, and
then start the service.
! To verify public folder synchronization

1. On 2400_London-Virtual PC, in Exchange System Manager, in the console
tree, expand Public Folders, and then click PF1.
2. Verify that PF1.1 appears as a subfolder and use the Content tab to verify
that items are in each replicated folder. This will take a few minutes, and
you may need to refresh the view periodically. If prompted for credentials,
enter nwtraders\londonadmin with a password of P@ssw0rd.
! To decommission the server running Exchange 5.5

• Shut down Vancouver.
Discussion: Migrating Users from Exchange Server 5.5 to

Exchange Server 2003

Instructions Read the following scenarios and discuss possible solutions with the class.
Scenario 1 Your company just decided to move from Windows NT 4.0 to
Windows Server 2003 and Active Directory. You must migrate your user and
group accounts from your existing Windows NT domain to a Windows 2003
domain. What tasks must you perform to complete the migration of your user
and group accounts?
The overall process for using ADMT to populate Active Directory with
Windows NT 4.0 user and group accounts includes these tasks:
1. Create a trust between the Windows NT 4.0 domain and the Active
Directory domain.
2. Install ADMT.
3. Migrate user and group accounts by using ADMT. This involves using
ADMT to migrate user and group accounts incrementally from the
Windows NT 4.0 accounts domain to an organizational unit in the
Windows 2003 domain.
4. Migrate Exchange 5.5 mailbox ACLs lists by using ADMT.
5. Verify that the accounts were migrated.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
Scenario 2 You have just installed the Exchange 2003 version of the Active Directory
Connector to allow your Exchange 5.5 directory to co-exist with Active
Directory while you migrate from Exchange 5.5 to Exchange 2003. You had no
problems installing the utility, but you noticed that none of the new mail-
enabled users that you created in Active Directory are appearing in
Exchange 5.5, nor can you see any of your Exchange 5.5 users in Active
Directory. What step did you miss in configuring Exchange 5.5 to share
directory information with Active Directory?
To establish a relationship between an existing Exchange 5.5 directory and
Active Directory, you must configure a connection agreement. A
connection agreement is an object that defines what will be synchronized
and how synchronization will occur between Exchange 5.5 and Active
Directory. In this scenario, the synchronization must be configured to
occur from Active Directory to Exchange 5.5 to cause objects to be created
in Exchange 5.5.
A recipient connection agreement defines which recipient objects in Active
Directory and the Exchange 5.5 directory will be synchronized and where
each synchronized object will be replicated in the directory with which it is
synchronized.
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Scenario 3 You are the messaging administrator for an Exchange 5.5 organization. Your
Exchange organization leveraged the use of resource mailboxes for many types
of resources, including conference rooms, multimedia equipment, and company
delivery trucks. Most of these resources were managed by the company’s
executive assistant. Now that you are migrating to Exchange 2003 and Active
Directory, you are concerned because Exchange 2003 allows each user to own
only one mailbox. What steps must you perform to migrate your resource
mailboxes to Exchange 2003?
The process for migrating resource mailboxes is as follows:
1. Open Exchange 2003 Active Directory Connector from the
Administrative Tools folder.
2. Run the Resource Mailbox Wizard to migrate all mailboxes that have
aliases that do not match their owners’.
3. Verify that NTDSNoMatch completed successfully by viewing the
custom attributes and permissions of one resource mailbox.
4. Use ExDeploy to verify that NTDSNoMatch completed without errors.
NTDSNoMatch is an attribute in Active Directory that designates

mailboxes as resource mailboxes. This is necessary because although
Exchange 5.5 allowed a single Windows NT user account to own more than
one mailbox, Exchange 2003 does not. So you must use NTDSNoMatch to
migrate mailboxes that have the same owner as another mailbox.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
Scenario 4 Your company has decided to contract outside help for the migration from
Exchange 5.5 to a new Exchange 2003 organization. To be sure that the
personnel who will perform the migration understand what they must do, you
have decided to create a task list for them. They will use the list when they
reach the part of the migration where they need to move public folders from
Exchange 5.5 to Exchange 2003. What items should be on the list?
The steps for moving public folders from Exchange 5.5 to Exchange 2003
are as follows:
1. Prepare the Exchange 5.5 and Exchange 2003 servers for the InterOrg
Replication Utility.
2. Install the InterOrg Replication Utility from the Exchange 5.5 SP6
installation media.
3. Create a replication configuration file on the Exchange 5.5 server.
4. Configure the replication service on the Exchange 5.5 server.
5. Use Outlook to verify that public folders and their content are
replicating correctly.
6. Remove the instances of the public folders from the server running
Exchange 5.5.
When users next attempt access the public folders, users are
automatically connected to the Exchange 2003 instance.
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Course Evaluation

Your evaluation of this course will help Microsoft understand the quality of
your learning experience.
To complete a course evaluation, go to http://www.CourseSurvey.com.
Microsoft will keep your evaluation strictly confidential and will use your
responses to improve your future learning experience.
THIS PAGE INTENTIONALLY LEFT BLANK

0989714

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

0989714

Transféré par

Droits d'auteur :

Formats disponibles

Module 14: Migrating Users

from Exchange Server 5.5

 2003 Microsoft Corporation. All rights reserved.

Important It is recommended that you use PowerPoint 2002 or later to display

Preparation tasks To prepare for this module:

How to Teach This Module

Lesson: Populating Active Directory with Windows NT 4.0 User and

Lesson: Connecting the Exchange 5.5 Directory to Active Directory

Lesson: Moving Mailboxes and Public Folder Contents into an

Discussion: Migrating Users from Exchange Server 5.5 to

*****************************ILLEGAL FOR NON-TRAINER USE******************************

Important This module does not teach how to administer an Exchange

Objectives After completing this module, you will be able to:

Lesson: Populating Active Directory with Windows NT 4.0

*****************************ILLEGAL FOR NON-TRAINER USE******************************

*****************************ILLEGAL FOR NON-TRAINER USE******************************

*****************************ILLEGAL FOR NON-TRAINER USE******************************

The Process of Populating Active Directory Using ADMT

*****************************ILLEGAL FOR NON-TRAINER USE******************************

How to Create a Two-Way Trust Between a Windows NT Server 4.0

*****************************ILLEGAL FOR NON-TRAINER USE******************************

! To prepare for this practice

! To create a trust between a Windows NT Server 4.0 domain and an

8. In the Initial Password and Confirm Password boxes, type P@ssw0rd

! To create a trust between a Windows Server 2003 Active Directory

! To add the NWTRADERS\LondonAdmin to the Windows NT

Why was it necessary to create a two-way trust between NWTraders

How to Install ADMT

*****************************ILLEGAL FOR NON-TRAINER USE******************************

How to Migrate User and Group Accounts Using ADMT

*****************************ILLEGAL FOR NON-TRAINER USE******************************

13. Verify that the Target OU box contains the following:

21. On 2400_London-Virtual PC, after Vancouver has finished rebooting, in the

23. On the User Options page, click Next.

You are migrating users from a domain that will be decommissioned

7. In the Select Groups dialog box, click Find Now.

13. On the Naming Conflicts page, click Next.

How to Migrate Exchange Server 5.5 Mailbox ACLs Using ADMT

*****************************ILLEGAL FOR NON-TRAINER USE******************************

4. On the Domain Selection page, in the Source Domain list, verify

How to Verify a Successful User and Group Account Migration

*****************************ILLEGAL FOR NON-TRAINER USE******************************

9. In Active Directory Users and Computers, in the Migrated Objects

While confirming that your user accounts were migrated successfully,

Lesson: Connecting the Exchange 5.5 Directory to Active

*****************************ILLEGAL FOR NON-TRAINER USE******************************

What Is Active Directory Connector?

*****************************ILLEGAL FOR NON-TRAINER USE******************************

What Is a Connection Agreement?

*****************************ILLEGAL FOR NON-TRAINER USE******************************

Connection agreements that connect two Exchange organizations are referred to

Types of connection There are three types of connection agreement.

Configuration Replicates Exchange 5.5 configuration container information to

Note For more information about connection agreements, search for

*****************************ILLEGAL FOR NON-TRAINER USE******************************

What Are ADC Tools?

*****************************ILLEGAL FOR NON-TRAINER USE******************************

The Process of Connecting the Exchange 5.5 Directory to Active

*****************************ILLEGAL FOR NON-TRAINER USE******************************

How to Install ADC

*****************************ILLEGAL FOR NON-TRAINER USE******************************

Note Because several Active Directory object changes must be made

15. After Setup is complete, click Finish.

What is the purpose of using ExDeploy to install ADC?

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**