I recently had an interesting project come my way, something I hadn't done in quite awhile: migrate an existing Exchange environment to a newer version. The existing environment was running Exchange 2003 SP2 and using standard Outlook 2003 clients, OWA clients, and Activesync Windows Mobile 5 clients and had a need to move to Exchange 2007. Here are some thoughts on what to expect when setting up and migrating an Exchange 2003 environment to Exchange 2007.

First things first: backup your AD schema and your Exchange 2003 server. That should be obvious, but many people feel the need to wing it and get burned. If nothing else, use ntbackup; it's not perfect, but it's better than nothing.

The first thing to note is that Exchange 2007 runs only on Windows Server 64 bit, so you need a 64 bit machine. That means if you want to run an Edge role Exchange 2007 server to leverage features like spam filtering, built in antivirius, etc. you need two 64 bit machines - Edge role Exchange 2007 servers can only host one role, the Edge role. Not a big deal for some environments, but many environments I see still are mostly (if not totally) 32 bit.

Also be aware that installing Exchange 2007 is pretty easy; removing it can be pretty hard. The reason for this is it will refuse to be uninstalled as long as certain things are still around, such as public folders - even if said folders are empty. Getting rid of public folders and their replicas can be difficult in some environments. Major annoyance if you're just experimenting with Exchange 2007 and want to remove it from a test server.

If the Exchange 2007 server is going into a child domain (such as big.company.com), make sure to join it to the root domain first (company.com) and run from the Exchange CD setup.com /prepareAD with an account that has Schema Admins and Enterprise Admins group membership in the root domain so it can add Exchange 2007 specific Active Directory objects to the Schema. Doing this will save you time later as well since it also does the equivalent of a few other setup parameters all in one.

Be aware that as of me writing this, SP1 for Exchange 2007 is still in beta (ie, don't use it if you are doing this in a production environment since most beta service packs can't be removed, ever) so the product is buggy. For example, in my experience (two large 2003 to 2007 migrations as of me writing this) both times two critical services (the System Attendant and Information Store) fail to start when the Exchange 2007 server is rebooted; they have to be manually started after the server throws up the generic 'service failed to start' message, and the server works without any problems. It's not a show stopper for many environments, but it's something to be very aware of.

If you're using the Client Access role and don't want to break OWA, stay out of IIS. All changes to OWA are made through the Exchange Management Console or the Exchange Management Shell - doing anything in IIS will break it horribly, such as turning on Integrated Authentication in IIS on the OWA virtual directory. Use the Exchange tools and all will be well.

A fairly obscure problem I ran into was with accounts that had any kind of elevated privileges or ever had elevated privileges. OWA would throw up a fairly cryptic error. Buried in the details of this error, seen on the client side:

Inner Exception
Exception type: Microsoft.Exchange.Data.Directory.ADOperationException
Exception message: Active Directory operation failed on DC.somecompany.com. This error is
not retriable. Additional information: Insufficient access rights to perform the operation. Active
directory response: 00002098: SecErr: DSID-03150A45, problem 4003
(INSUFF_ACCESS_RIGHTS), data 0

Turns out the mechanism for Exchange 2003 that was notorious for breaking such services as Blackberry and Goodlink also broke OWA in Exchange 2007. Funny stuff. To fix this is fairly easy however; in ADUC find the account in question, under the Security tab, Advanced, and see if Inheritance is turned on - odds are good it's off. Simply check the box to turn it on and hit OK a few times and the problem should go away.

Be aware that Activesync doesn't exactly work like Microsoft says it does when migrating from an Exchange 2003 to Exchange 2007. I say this due to the problem I ran into with mobile devices syncing up with the new server, with this gem in the Event Viewer:

An exception occurred and was handled by Exchange ActiveSync. This may have been caused by an outdated or corrupted Exchange ActiveSync device partnership. This can occur if a user tries to modify the same item from multiple computers. If this is the case, Exchange ActiveSync will re-create the partnership with the device. Items will be updated at the next synchronization. 

Bzzt. It never worked - at all. The fix was simple, but depending on the environment, problematic: blow away the server configuration on the device and recreate it. In this scenario, the ISA 2006 rules for Activesync were simply repointed to the new Exchange 2007 server and in theory they should have worked (the devices trust the root CA of the company), but it didn't. In this environment, re-establishing the association with the server wasn't that big a deal, but if you have clueless users that can barely dial their phone let alone modify the Activesync configuration (even though it is just a few steps) that are distant, it could be a headache.

Anyway, consider these some lessons learned on migrating Exchange from 2003 to 2007.