Deployment Features of Exchange Server 2003
Whether you are installing a new Exchange organization or upgrading an existing organization, Microsoft® Exchange Server 2003 introduces several new features that make deployment easier. Aside from summarizing these new features (including the new deployment tools and setup features), this chapter provides information about required prerequisites for deploying Exchange 2003. Furthermore, you will learn how to perform the basic steps necessary for deploying or upgrading to Exchange Server 2003. For more information about deploying Exchange 2003 in your organization, see the Exchange Server 2003 Deployment Guide.
New Exchange 2003 Deployment Features
To help you successfully deploy Exchange in your organization, Exchange 2003 provides the following new or improved features (each of these features is discussed later in this section):
Exchange Server 2003 Deployment Tools
Active Directory Connector (ADC) Tools
Microsoft Exchange Public Folder Migration Tool
Exchange 2003 Setup improvements
Running Exchange System Manager from computers running Microsoft Windows®
Along with these new or improved features, Exchange 2003 also takes advantage of Microsoft Windows Server™ 2003 improvements, such as Microsoft Active Directory® directory service and memory allocation enhancements.
Exchange Server Deployment Tools
Exchange Server 2003 is designed to coexist with Microsoft Exchange 2000 Server and Microsoft Exchange Server version 5.5. Establishing coexistence between Exchange 2003 and Exchange 2000 is fairly straightforward, simplified by the fact that both Exchange 2000 and Exchange 2003 rely on the Microsoft Active Directory directory service for directory services. However, Exchange 5.5 contains its own directory service, which means that you must synchronize the Exchange 5.5 directory with Active Directory, and then ensure that objects continue to properly replicate between the two directories.
A new Exchange 2003 feature, the Exchange Server Deployment Tools, significantly eases the process of upgrading from Exchange 5.5 to Exchange Server 2003. The Exchange Server Deployment Tools consist of a series of tools and documentation that lead you through the following process:
Planning your deployment
Preparing Active Directory by using ForestPrep and DomainPrep
Installing Active Directory Connector (ADC) and running ADC Tools (described in the next section)
Completing deployment and moving mailboxes and public folders
The tools, which you can run directly from the documentation, check such things as naming consistency, permissions conversion, and directory replication. Because some of the Exchange Server Deployment Tools run automatically during Exchange setup, you may not be able to install Exchange unless these tools have been run successfully. By running the tools in advance, you can identify and correct problems before you run Setup.
New in SP1: Exchange Site Consolidation Tools
Exchange 2003 Service Pack 1 (SP1) provides several features and deployment tools that allow you to move Exchange out of remote sites and consolidate data onto an Exchange 2003 server in a central site.
During Exchange 2003 deployment, you may want to consolidate your Exchange services by moving Exchange content from several remote sites to one central site. If you are running Exchange in native mode, there are no special considerations when consolidating sites; you can follow the standard process for consolidating Exchange 2000 administrative groups. However, if you are running Exchange in mixed mode (meaning that coexistence is established between Exchange Server version 5.5 and Exchange 2000 or Exchange 2003), use the Exchange Deployment Tools to help you migrate mailboxes, distribution lists, custom recipients (contacts), and public folders to the central site.
The Active Directory Connector (ADC) management console now contains an ADC Tools option. ADC Tools is a collection of wizards and tools that help you set up connection agreements. Specifically, ADC Tools scans your current Active Directory and Exchange 5.5 directory and organization, and then automatically creates the recommended connection agreements. The following wizards are included in ADC Tools.
- Resource Mailbox Wizard
This wizard identifies Active Directory accounts that match more than one Exchange 5.5 mailbox. Using this wizard, you can match the appropriate primary mailbox to the Active Directory account and stamp other mailboxes with the NTDSNoMatch attribute, which designates the mailboxes as resource mailboxes. You can either make these changes online or export a comma-separated value (.csv) file that you can update and import into the Exchange 5.5 directory.
- Connection Agreement Wizard
This wizard recommends public folder connection agreements and recipient connection agreements based on your Exchange 5.5 directory and Active Directory configuration. You can review the list of recommended connection agreements and select those you want the wizard to create.
The Exchange Server Deployment Tools lead you through the process of installing Active Directory Connector and running ADC Tools.
Microsoft Exchange Public Folder Migration Tool
The Microsoft Exchange Public Folder Migration Tool (pfMigrate) is a new tool that allows you to migrate both system folders and public folders to the new server. You can use the tool to create system folder and public folder replicas on the new server and, after the folders have replicated, remove replicas from the source server. Unlike Exchange 5.5, you do not need to set a home server for a public folder in Exchange Server 2003. Any replica acts as the primary replica of the data it contains, and any public folder server can be removed from the replica list.
To determine how many system folders or public folders need to be replicated, you can use the Microsoft Exchange Public Folder Migration Tool to generate a report before you run the tool. To determine whether the folders replicated successfully, you can generate the same report after you run the tool. For detailed instructions, see "How to Run the Public Folder Migration (PFMigrate) Tool" in the Exchange Server 2003 Deployment Guide.
After you run pfMigrate, only the hierarchy of the system folders and public folders is migrated immediately. You must wait for replication to occur before the contents of the system folders and public folders are migrated. Depending on the size and number of system and public folders, as well as your network speed, replication could take a considerable amount of time.
New in SP1: Exchange 2003 Migration Wizard
Exchange 2003 SP1 Migration Wizard provides several new feature enhancements. Migration Wizard now supports merging mailboxes for Exchange migrations and includes support for the Profile Update Tool, which runs on a user's computer and updates their Microsoft Office Outlook® profile after a cross-site or cross organization move. Mailbox access control lists (ACLs) or delegate permissions are now preserved during a cross-forest move.
Exchange Server 2003 Setup Improvements
The following new Exchange 2003 Setup features make it easier for you to install and upgrade Exchange.
- **Identical schema files in ADC and Exchange **
In Exchange 2000, ADC schema files were a subset of the Exchange 2000 core schema files. In Exchange 2003, the schema files that are imported during the upgrade of Active Directory Connector are identical to the core Exchange Server 2003 schema; therefore, you only need to update the schema once.
- Exchange Setup does not require full organization permissions
In Exchange 2000, the user account that was used to run Setup was required to have Exchange Full Administrator rights at the organization level. In Exchange 2003, although a user who has Exchange Full administrator rights at the organization level must install the first server in a domain, you can now install additional servers if you have Exchange Full Administrator rights at the administrative group level.
- Exchange Setup no longer contacts the schema FSMO role
In Exchange 2000, the Setup or Update program contacted the schema Flexible Single Master Operations (FSMO) role each time it ran. In Exchange Server 2003, Setup does not attempt to contact the schema FSMO role.
- ChooseDC Switch in Setup
Exchange 2003 Setup includes the new /ChooseDC switch. You can enter the fully qualified domain name of an Active Directory domain controller to force Setup to read and write all data from the specified domain controller. When installing multiple Exchange 2003 servers simultaneously, forcing each server to communicate with the same Active Directory domain controller ensures that replication latencies do not interfere with Setup and cause installation failures.
- Default permissions at the organization level are only stamped once
Exchange 2003 Setup stamps default permissions on the Exchange Organization object once (during the first server installation or upgrade) and does not re-stamp permissions during subsequent installations. Previously, Exchange 2000 Setup re-stamped Exchange Organization permissions during each server installation. This action overwrote any custom changes to the permissions structure; for example, if you allowed all users to create top-level public folders, these permissions were removed.
- Warning message appears if Exchange Groups are moved, deleted, or renamed
Exchange 2003 Setup ensures that the Exchange Domain Servers and Exchange Enterprise Servers groups are intact. If the administrator moves, deletes, or renames these groups, Setup stops, and a warning message appears.
- Permissions to access mailboxes
Exchange 2003 Setup locks down security on the database objects; therefore Exchange administrators cannot open other user's mailboxes.
Outlook Mobile Access and Microsoft Exchange Server ActiveSync® components installed by Setup
By default, Exchange 2003 includes support for mobile devices. The services that enable these devices are called Outlook Mobile Access and Exchange ActiveSync. Previously, to use these services, you had to install Microsoft Mobile Information Server. Now, the built-in mobile device support in Exchange 2003 supersedes the Mobile Information Server product.
Outlook Mobile Access is part of the typical Setup and is therefore installed on all servers. This component also requires the .NET Framework to be installed.
- Automatic installation of required Windows Server 2003 services on Microsoft Windows 2000
If you are installing Exchange 2003 on a server running Windows 2000, Exchange Setup automatically installs and enables .NET Framework and ASP.NET.
- Automatic configuration of Internet Information Services (IIS) 6.0
In Windows Server 2003, IIS 6.0 introduces a new "worker process isolation mode," which offers greater reliability and security to Web servers. Worker process isolation mode ensures that all of the authentication, authorization, Web application processes, and ISAPI extensions that are associated with a particular application are isolated from all other applications. To take advantage of these benefits, when you install Exchange Server 2003 on Windows Server 2003, Exchange Setup automatically sets IIS 6.0 to worker process isolation mode. Exchange Setup also enables certain ISAPI extensions. By default, during Windows Server 2003 installation, ISAPI extensions are not allowed to load. However, Exchange 2003 requires certain ISAPI extensions for features such as Microsoft Outlook Web Access, WebDAV, and Exchange Web Forms; therefore, Exchange 2003 enables the required ISAPI extensions during setup. No action is necessary; Exchange Setup automatically configures the ISAPI extensions. The IsapiRestrictionList metabase key controls the ISAPI extension behavior. Exchange Setup sets the metabase key appropriately so that the ISAPI extensions can load; however, if the key is modified after Exchange is installed, certain parts of Exchange may not function correctly.
- Automatic IIS 6.0 Configuration during Windows 2000 to Windows Server 2003 upgrade
If you install Exchange 2003 on Windows 2000 and subsequently upgrade to Windows Server 2003, Exchange System Attendant automatically sets the IIS 6.0 mode to worker process isolation mode. Event Viewer will contain an event indicating that this mode change has occurred. After the upgrade, you may find that some of the ISAPI extensions for other applications do not function properly in worker process isolation mode. Although you can set the IIS 6.0 mode to "IIS 5 isolation mode" to ensure compatibility with your ISAPI extensions, it is recommended that you continue to run IIS 6.0 in worker process isolation mode; Exchange 2003 features such as Outlook Web Access, WebDAV, and Web forms, will not work in IIS 5 isolation mode.
- New in SP1: Support for Device Update 4 (DU4)
Exchange 2003 SP1 now includes support for additional world-wide devices. DU4 updates the list of supported mobile devices for Outlook Mobile Access and ensures that the mobile devices on the list have been tested and work well with Outlook Mobile Access.
- New in SP1: Security Enhancement for Outlook Web Access
Exchange Setup adds new file extensions to the Outlook Web Access Level1 and Level2 block/force "safe lists" to prevent the running of unsafe code within the browser for certain MIME types. This update provides a list of known content types that are allowed to start within the browser.
Installing Exchange System Management Tools Only
To administer Exchange servers from a computer running Windows XP, Windows Server 2003, or Windows 2000 Server SP3, you can use Exchange Setup to install only Microsoft Exchange System Management Tools. For detailed instructions, see "How to install the Exchange System Management Tools" in the Exchange Server 2003 Administration Guide.
If you have not installed an Exchange 2003 server in your organization, you must first run ForestPrep. ForestPrep extends the Active Directory schema to include Exchange-specific classes and attributes and creates the container object for the Exchange organization in Active Directory.
You must ensure that the computer meets the following requirements:
The computer is running Windows XP, Windows Server 2003, Windows 2000 Professional, or Windows 2000 Server SP3.
The computer name does not contain unsupported characters.
The language version matches any previous installation of Exchange 2000 System Management Tools (except for upgrades from English to Korean, Traditional Chinese, or Simplified Chinese).
Also, depending on the version of Windows that is running on the computer, you will need to install the required services.
Required services for Windows
|Windows version||Required services|
Windows XP Service Pack 1 (SP1)
Windows XP SP2
Windows Server 2003
Internet Information Services Manager component
Windows 2000 Professional SP3
Windows 2000 Server SP3
Windows Server 2003 Benefits
Exchange Server 2003 takes advantage of the following new Windows Server 2003 features, which greatly improve administration and performance:
Active Directory Improvements
Exchange Server 2003 benefits from the following improvements to Active Directory in Windows Server 2003:
Reduced traffic between replicas
Ability to create a branch office replica from CD
Ability to roll back Active Directory changes
- Memory Allocation
Exchange Server 2003 benefits from an improved memory allocator in Windows Server 2003, which decreases the likelihood of running into situations that result in Virtual Machine (VM) fragmentation. In addition, Exchange customers who have more than 1 GB of memory no longer need to purchase the Advanced Server SKU, which previously supported the /3GB switch.
Before you install or upgrade to Exchange Server 2003, ensure that your network and servers meet the prerequisites described in this section.
The following are the minimum hardware requirements for computers running Exchange Server 2003:
Intel Pentium or compatible 133 MHz or faster processor
256 MB of RAM recommended minimum; 128 MB supported minimum
500 MB of available disk space on the drive on which you install Exchange
200 MB of available disk space on the system drive
VGA or higher-resolution monitor
File Format Requirements
To install Exchange Server 2003, disk partitions must be formatted for NTFS and not FAT. This requirement applies to the following:
Partition that stores Exchange binaries
Partitions containing transaction log files
Partitions containing database files
Partitions containing other Exchange files
Operating System Requirements
Exchange Server 2003 is supported on the following operating systems:
Windows 2000 Service Pack 3 (SP3) or later
Windows Server 2003
Windows 2000 Server
If you intend to install Exchange Server 2003 on a server running Windows 2000, you must download and install Windows 2000 SP3 or later. Otherwise, the Exchange Server 2003 Setup program will stop the installation.
Windows 2000 SP3 or later is also a prerequisite for running the Exchange Server 2003 Active Directory Connector.
For more information about Windows 2000 service packs, see the Windows 2000 Service Packs Web site.
Upgrading the Operating Systems
If you plan to upgrade your Exchange 2000 servers running Windows 2000 SP3 or later to Windows Server 2003, you must first upgrade those servers to Exchange 2003. This upgrade sequence is required because Exchange 2000 is not supported on Windows Server 2003.
Exchange 2003 Setup must be able to contact at least one Active Directory server running Windows 2000 SP3 or later, or Windows Server 2003 within the local Active Directory Site. Domain controllers and global catalog servers must be running Windows 2000 SP3 or later or Windows Server 2003 for Exchange Server 2003 to recognize them.
In Exchange 2000, the user account that was used to run Setup was required to have Exchange Full Administrator rights at the organization level. In Exchange Server 2003, although a user with Exchange Full administrator rights at the organization level must install the first server in a domain, you can now install additional servers if you have Exchange Full Administrator rights at the administrative group level.
Although this change allows for a more decentralized administrative model, there are still instances where higher-level permissions are required. A domain administrator with the appropriate privileges must manually add the machine account for the server on which you plan to install Exchange Server 2003 to the Exchange Domain Servers group. In addition, an administrator with Exchange Full Administrator rights at the organization level must still perform the following installations and upgrades:
The first Exchange 2003 server in the organization.
The first Exchange 2003 server in an Active Directory domain.
Exchange 2000 servers acting as bridgehead servers for Directory Replication Connectors.
Exchange 2003 servers with Site Replication Services (both installation and removal).
The first instance of a Lotus Notes or Novell GroupWise connector.
The Exchange administrator roles in Exchange Server 2003 are equivalent to those in Exchange 2000. For example, anyone to whom you have delegated Exchange Full Administrator permissions in Exchange 2000 can install and fully administer Exchange 2003 servers.
In addition, if you are upgrading an Exchange 5.5 organization to Exchange Server 2003, you are no longer required to be an Exchange 5.5 Administrator; this is because the option to join an existing Exchange 5.5 organization occurs during Setup instead of during ForestPrep.
The following table lists the permissions required to run ForestPrep and DomainPrep and to install Exchange 2003.
Permission requirements for Setup tasks
|Task||Required permissions or roles|
Run ForestPrep for the first time in the forest (updates the schema)
Run ForestPrep thereafter
Install Exchange Server 2003 on the first server in a domain
Install Exchange Server 2003 on additional servers in the domain
Install Exchange Server 2003 on a server with SRS enabled
Upgrading Front-End Servers
You must upgrade all front-end servers in an Administrative Group before you can upgrade or install Exchange Server 2003 on any other servers in the Administrative Group. Setup ensures that front-end servers are upgraded before back-end servers, such as bridgehead servers, public folder servers, and mailbox servers. Otherwise, Setup stops.
Exchange 2003 servers are compatible with Exchange 2000. Therefore, users can access information that is located on Exchange 2000 servers through an Exchange 2003 front-end server.
In addition, ensure that the required services are running before you upgrade. For Exchange 2003 Setup to run, you must install and enable the following services:
Network News Transfer Protocol (NNTP) service (NntpSvc)
Simple Mail Transfer Protocol (SMTP) service (SMTPSVC)
World Wide Web Publishing Service (W3SVC)
IIS Admin Service (IISADMIN)
If the following services are disabled, Setup still runs; however, Setup enables these services automatically:
Microsoft Exchange MTA Stacks service (MSExchangeMTA)
Microsoft Exchange IMAP4 service (IMAP4SVC)
Microsoft Exchange POP3 service (POP3SVC)
Microsoft Exchange Information Store service (MSExchangeIS)
Upgrading Active Directory Connector
You must upgrade all versions of Active Directory Connector (ADC) in the organization to the version provided with Exchange Server 2003. Setup retrieves information about the ADC versions that are running in the organization. If all ADC versions have been upgraded to the Exchange 2003 version, Setup will proceed. However, if older versions of ADC exist, Setup will stop and identify the servers that are running the older ADC versions.
Removing Mobile Information Server Components
If you previously installed the Microsoft Mobile Information Server Exchange Event Sink component on an Exchange 2000 server, you must remove the component before you can install or upgrade to Exchange Server 2003. If you want to retain Mobile Information Server functionality, do not upgrade the Exchange 2000 servers that are running Mobile Information Server. Instead, upgrade to Exchange 2003 on other servers in your organization. For detailed instructions, see How to Remove Mobile Information Server Components from a Server.
Required Components for Mobility Support
The Outlook Mobile Access component included with Exchange Server 2003 requires .NET Framework. Because the Outlook Mobile Access component is part of the typical server installation, you must install .NET Framework on the server before running Setup.
Removing Instant Messaging, Chat, ccMail, MSMail, and Key Management Service Components
The Instant Messaging service, Chat service, Key Management Service, MSMail connector, and ccMail connector components are not supplied with Exchange Server 2003. If you want to upgrade an existing Exchange 2000 server to Exchange 2003, and one or more of these components are installed, you must use Exchange 2003 Setup to remove the components before upgrading.
If you want to retain these services in your organization, you should not upgrade the Exchange 2000 servers running these components. Instead, you should install Exchange Server 2003 on other servers in your organization.
As part of your planning, you should ensure that all third-party software you want to use is compatible with Exchange Server 2003. Specifically, you should determine whether any compatibility issues could result from the following new Exchange 2003 features:
Exchange-aware Antivirus Software New features have been added to the Exchange Virus Scanning Application Programming Interface (VSAPI) in Exchange 2003.
Exchange-aware Backup and Restore Software New features have been added to Backup (such as Restore Groups and Snapshot) in Exchange 2003.
Exchange-aware Enterprise Management New features and WMI providers have been added in Exchange 2003.
Installing Exchange 2003 or Upgrading from Exchange 2000
After planning your installation or upgrade and ensuring that your environment meets all of the prerequisites listed in this chapter, you can run the Exchange Server Deployment Tools to install Exchange 2003 on a new server or upgrade an Exchange 2000 server. The Exchange Server Deployment Tools consist of tools and documentation that lead you through the entire installation or upgrade process, including running ForestPrep and DomainPrep and ensuring that all of the required tools and services are installed and run properly.
For information about upgrading from an Exchange 5.5 organization, see "Upgrading from Exchange 5.5 to Exchange 2003" later in this topic.
For detailed instructions, see "How to Start the Exchange Server Deployment Tools" in the Exchange Server 2003 Deployment Guide. After you complete the Exchange Server Deployment Tools, Exchange 2003 is installed on the server.
Upgrading from Exchange 5.5 to Exchange 2003
Unlike Exchange 2000 servers, Exchange 5.5 servers cannot be directly upgraded to Exchange 2003. However, you can join a new Exchange 2003 server to an existing Exchange 5.5 organization. As part of this upgrade process, you must set up Active Directory Connector (ADC) and ensure that objects replicate properly between the Exchange 5.5 directory and Active Directory. To simplify this process, use the Exchange Server Deployment Tools, which consists of tools and documentation that lead you through the entire upgrade process, including running ForestPrep and DomainPrep, installing ADC, creating connection agreements, and installing Exchange 2003.
The Exchange Server Deployment Tools are a prerequisite for Setup when you are joining a server to an Exchange 5.5 organization. When you choose to join an existing Exchange 5.5 organization, Setup checks Active Directory for markers that indicate that the deployment tools have been run.
You can use the Exchange Server Deployment Tools to ensure that all of the required tools have been run. First, install the Exchange 2003 version of ADC. Then start the Exchange Server Deployment Tools. For detailed instructions, see "How to Start the Exchange Server Deployment Tools" in the Exchange Server 2003 Deployment Guide. After you complete the Exchange Server Deployment Tools, Active Directory Connector is set up, and Exchange 2003 is installed on the server.