During our TechNet Briefing in Chicago last week, a gentleman asked me a very interesting question, which he also sent as a followup email:
“As I stated what I would like to do is take an existing nt 4.0 domain (which can not be upgraded because of legacy apps, citrix XP). Create a two way trust between a new Windows 2003 AD domain and install Exchange 2003 on the new domain.
Then I would run Exchange 2003 in mixed mode from now until the money becomes available to upgrade the citrix clients.
What I want to do is use the new domain exclusively for email right now for my NT 4.0 users.
This should work or am I way off base?
Is this not just a restructure upgrade approach with a long time frame. I should not even have to move any users off of the NT 4.0 domain because of the two way trust, correct?”
I took this question as a challenge to try it out myself. So.. taking the VPCs I used for our Exchange Migration session TNT1–100, but I also created a workstation and user who used Outlook to connect to his Exchange 5.5–hosted mailbox, so I could verify that later, even after moving his mailbox to the 2003 server, he could still log in with his NT account. (I really didn’t logically see a reason why this wouldn’t work, due to the trusts established and the ADC Connection Agreements configured properly.)
Also, I found the following text within the Deployment Tools concerning “Exchange 5.5 Coexistence”:
Active Directory and Windows NT 4.0 Accounts
Before you install Exchange 2003, you should already have Active Directory deployed within your organization, but it is not necessary to upgrade all of your Windows NT 4.0 domains or user accounts to Windows 2000 Server or Windows Server 2003. Even if your accounts are contained in Microsoft Windows NT 4.0 domains or external forests, you can move mailboxes associated with these accounts to Exchange 2003. During the deployment process, Active Directory Connector creates placeholder accounts in Active Directory for Microsoft Windows NT 4.0 accounts. Each placeholder account associates the mailbox with the Microsoft Windows NT 4.0 account so that the user can access his or her Exchange 2003 mailbox.
So…After making sure my workstation and user (Aaron) were NT-domain joined and Outlook was up and running, I walked through the deployment tools on the new Exchange-server-to-be; prepping the environment with the two-way trusts, administrative rights, Forest and Domain Prep, the ADC installation and configuration, and the Exchange 2003 installation (including the upgrade to SP1). Notice that one step I left out was the use of the ADMT (Active Directory Migration Tool) to create the users as new Active Directory domain users. We’re still going to use our NT account here.
Now I was ready for the mailbox move. Unlike the case where I was migrating users, I didn’t have any new AD accounts to run Exchange Tasks against in the Active Directory Users and Computers tool, I tried to use the System Manager to move the mailboxes. I could use this to move the one mailbox that actually had data in it (my test user Aaron), but in our demo environment, the rest of the defined mailboxes had never been connected to – so they hadn’t actually been created yet.
“But.. didn’t the ADC create dummy accounts for you in Active Directory?”
Yes! It created a “Recipients” container and populated it with disabled user accounts. (It even duplicated and populated Distribution Lists that existed on the old Exchange Server, too!) I selected these, performed “Exchange Tasks” on them in order to do the Move Mailbox wizard. And this worked just fine for moving all of my NT users mailboxes over to the new server.
Because Aaron’s mailbox was moved within the same “site” (as far as my Outlook profile was concerned), the he was able to re-open Outlook and the profile was automagically tweaked to point to the mailbox now on the new server.
“So.. that’s it? It just works?”
Basically, yeah! But… I’m not done yet. I wonder what happens if I now remove the old Exchange Server…
We’ll save that for Part 2.
PS – Feel free to comment or question further by clicking on the “Feedback” Link immediately below this post.