Cross-AG moves and ADC version upgrades

If you've tried to do Exchange 2003 SP1 cross-AG mixed-mode moves, you've (hopefully!) realized that you need to meet a bunch of prereqs before you can proceed. The Site Consolidation Overview KB (KB.843104) lists these various prereqs, but here is the short version again for reference:

• Upgrade all ADCs to Exchange 2003 SP1 (earlier blog posting)
• Apply DS/IS hotfix to all 5.5 (KB.841765 and earlier blog posting)
• Ensure your "target" server is running Exchange 2003 SP1

The second one has been covered pretty extensively in my earlier blog posting, and the third one is sort of a no-brainer. That leaves the first one: Upgrade your ADCs to SP1.

In the earlier blog posting, I said you had to do this ADC upgrade. But what if you are fairly certain you've upgraded them all and the cross-AG moves are still blocking you with an error message like: "Your organization has at least one Active Directory Connector that is not Exchange 2003 SP1 or later. Cross administrative groups moves will be blocked until all Active Directory Connectors have been upgraded to Exchange 2003 SP1 or later."

Let's talk about what is really being checked during this prerequisite process. First of all, the info we check regarding the ADCs installed and their version may have very little to do with what's really up and running in your environment. This info is all stored in the AD. For example, say you install an ADC on a test server in your production environment and then fdisk this server when you're done. Poof, lingering ADC object in the AD that most likely does not identify itself as an E2k3 SP1 version.

Each ADC defined in the AD is stored at a location like this:

CN=Active Directory Connector (SERVER),CN=Exchange Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAIN

You can find your way to the ADCs defined in your organization by using AD Sites and Services snap-in, or perhaps (and carefully!) with ADSIedit snap-in. But the easiest way may be to use the LDIFDE tool to simply scan the whole configuration naming context for these objects.

Use a syntax like this (you'll have to change the domain info in red for your environment, of course):
LDIFDE -f out.txt -d "cn=configuration,dc=domain,dc=com" -r "(objectClass=msExchActiveDirectoryConnector)" -l versionNumber

This will find all instances of msExchActiveDirectoryConnector objects underneath the configuration container and will return their versionNumber.

In many cases, at this point it'll be very easy to see that this out.txt file lists ADCs that you weren't expecting or that no longer exist. If this is the case, either upgrade them to E2k3 SP1 version or remove them from the AD.

But suppose there are only ADCs at this point that you think have been upgraded. The prerequisite for cross-AG moves checks this versionNumber value to see if it indicates that it's an SP1 version, so here are the two most common versions you'll see listed:

16973842 = Exchange 2003 ADC RTM (initial release of 2003)
16973843 = Exchange 2003 ADC SP1 version

If it's the RTM version, clearly it wasn't upgraded successfully. Have another look at my earlier blog posting to make sure you followed the correct steps. If all of the ADCs listed show the SP1 versionNumber, then you've probably got an AD replication problem and the prereq is talking to a different DC than your LDIFDE process.