Upgrading from Windows 2000 AD to 2003 when Exchange 2003 is installed on the Domain Controller – Part 1…

I was thinking about the semantics of doing this the other day, and after a little research on the web it became apparent that there is not a lot of information in regard to it – so I thought that I would write a little article about how you can go about upgrading your Windows 2000 domain to Windows 2003 when you have Exchange 2003 installed on the Windows 2000 domain controller.

As you are aware Exchange 2003 is supported on servers running Windows 2000 Server Service Pack 1 and above therefore it is possible (although not recommended) to run Exchange 2003 on a Windows 2000 domain controller (running SP 1) – those of you that run SBS server will know that this configuration generally works quite well, but it should also be noted that the SBS team have made small modifications SBS to make this configuration more stable.

What I would like to do in this article is take you through upgrading your Windows 2000 domain controller running Exchange 2003 to Windows 2003 SP2 (which would include an Active Directory upgrade from schema version 13 to 30).

Essentially this article is for people that;

  • Have a single domain controller that is running Windows 2000 SP1 and Exchange 2003
  • Have a Windows 2000 domain where you have more than one domain controller, but Exchange 2003 is resident on one of the DC’s
  • People that are looking for some scripts that will make it easier to upgrade from a Windows 2000 Domain to a Windows 2003 domain

Step 1 – Backups;

Before we do anything it is important that we have a FULL system state backup of the Domain Controller / Exchange server – (if you have more than one Domain Controller then you should backup ALL domain controllers) this should also include a backup of the Exchange databases – but you would all be doing that already – right?

Go to Start->Programs->Accessories->System Tools->Backup when it opens, click on the “Backup” tab to be taken to a screen like the following:

In the backup Window – tick the following items:

  • SystemState
  • Microsoft Exchange Server -> -> Microsoft Information Store

By ticking the above items you will backup Active Directory and Exchange.

For the purposes of this backup – I am going to Backup to Disk rather than tape as it will be quicker from both a backup and (hopefully not needed) restore point of view) you can choose to backup to tape – or, when the backup to disk has completed – copy the backup file to a local machine or server – you will need to ensure that this has enough space for the backup file.

Click on the “Browse” and navigate to a location that will have enough space for the System State and the Exchange Data – give the backup file an appropriate name.

You can roughly work out how much space will be required by considering that SystemState backups can be up to 500MB on a seasoned Exchange Server / Domain Controller which then added to the overall size of your Exchange databases then add on about 5% for error and you should be ok.

When you are ready to begin the backup click on the “Start Backup” button which will open up the following dialog box:

Check the “Replace the data on the media with this backup” radio box then click on the “Start Backup” button which will prompt you with the following question:

Click on the “Yes” button and you will be presented with the backup progress dialog box which looks like the following:

When the backup has completed exit the Windows Backup utility and then ensure that either the tape of the backup file is stored in a safe location.

Step 2 – Preparing the Exchange Installation for the domain upgrade;

As you will be aware Exchange is totally Dependant on Active Directory to function, therefore as we are about to perform a major upgrade to Active Directory and the core operating system I consider it best practice to close down Exchange and then disable all of the core Exchange services before we begin to upgrade (this also protects Exchange against the reboots that the process will instigate).

The simplest way to do this is to stop all of the Exchange services which are enabled by default is to use the Computer Management MSC or the Services MSC – however this can be time consuming – so I have written a script which can be downloaded from the link below

Script-icoExchange2003-DomainUpgradePrep.vbs

This script is designed to perform 2 functions which are as follows;

  • Just before you upgrade your domain controller which is running Exchange 2003 it will disable and STOP the System Attendant, Information Store, MTA Stacks, Exchange Management, and Routing Engine services.
  • When the upgrade is completed it will enabled and start the above services

In order to use the script – download it from the above location and place it in a Directory called C:\Upgrd\ then go to START->RUN and type in CMD then type cscript.exe c:\upgrd\Exchange2003-DomainUpgradePrep.vbs ExchangePREP and press enter.

When you run the script and it has completed you will see the following message:

If you then take a look at the services manager on your Domain Controller / Exchange Server you will see the following:

This mean that Exchange is now closed down, and we are ready to proceed with the upgrade on the domain controller.

Step 3 – Avoid “Mangled Attributes in AD”;

Right this can be a complicated choice to make when upgrading to a Windows 2003 domain and some of you might be wondering “what are mangled attributes and do they apply to me?”

The Windows 2000 domain controller schema with Exchange 2000 installed defines 3 RFC attributes: houseIdentifyer, Secertary, and labeledURI – however When you run Windows 2003 adprep /ForestPrep the attributes modified – issues can occur for example in the case that Exchange 2000 created these attributes (for example if your domain was Windows 2000 and you installed Exchange 2000) the attributes can become un-readable (or mangled).

The following table explains in simple terms what action you will need to take depending on how your domain was Initially constructed:

In simple terms if you have a Windows 2000 domain controller with Exchange 2000 installed – then you will need to run InetOrgPersonPrevent script (which has been available from Microsoft for sometime) however I have found the instructions for running this script somewhat complicated – therefore I written a script that will generate the LDF file for your domain and also create a batch file all with the correct syntax – all you have to do is run my script and then run it – if you wish to look at the original article by Microsoft it is available here: KB325379.

It is important for me to point out here that I did not derive the LDFIDE changes, there were suggested by Microsoft, all I have done it create a script that builds a file with all of the values related to your domain configured.

In order to prevent “Mangled Attributes” – please complete the following:

  • Ensure that the Windows 2000 schema is writable on your Domain Controller / Exchange Server – to do this logon to the machine in question and then download and merge the following REG file into the DC’s registry:

reg-icoSchemaUpdatesAllowed.reg

If you look inside the file you will see the following syntax:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters]
“Schema Update Allowed”=dword:00000001

When you double click on this file you will be asked if you are sure that you wish to merge the information in to the Registry – ensure that you click on the “Yes” button – the script changes the following registry value from 0 to 1 which makes the schema writable (this needs to be the case of the InetOrgPersonPervent script to work, and also for the Windows 2003 upgrade process to run):

You should also note, that you do not need to reboot the server after this change has been made, the directory service notices the change dynamically.

We are now in a position to run the required updates to the schema that will prevent the “Mangled Attributes” scenario – firstly download my script from here:

Script-icoCreate-InetOrgPersonPrevent-Script.vbs

When you have downloaded it place it in a Directory called LDF on a drive on your DOMAIN CONTROLLER / EXCHANGE SERVER.

Double click on the “Create-InetOrgPersonPrevent-Script.vbs” file which will open the following Dialog box:

Type in “Inet.ldf” (do not provide a path, just a file name) and click on the “OK” button – which will bring up the following dialog box:

Here type in the name like “Run.bat” – again do not type a path – just a filename – when you are happy with the choices click on the “OK” button, after a brief pause you will see the following dialog box:

If you now check the folder where you placed the script you will see two new files – the LDF File and a batch file that will execute LDFIDE.exe against your LDF file and fix the attributes issue. The beauty of this is you do not have to configure the command line, or edit the LDF file – the script has done it for you (which is cool as I have heard of many a person that has had problems running the LDF file) – below is an example of what your directory should look like:

Double click on the “Run.bat” file which will open a command window – you should see output like the following:

When you are happy with the above press any key to finish.

In the next part of this series (which should be out before I go on Holiday) I will go through the following:

  • Pre-checks before updating the Schema
  • The Process to update the schema and domain
  • Installation of the Windows 2003 binaries on the DC
  • Testing the installation post upgrade.
Sharing is caring!:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.