Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2009-03-16

This topic explains how to add a Microsoft Exchange Server 2007 resource forest to an existing Exchange Server 2003 or Exchange 2000 Server organization.

When performing this procedure, you create disabled user accounts in the Exchange resource forest, and move existing mailboxes from the Exchange 2003 or Exchange 2000 servers to these disabled user accounts. The enabled user accounts for these mailboxes remain in your existing Exchange 2003 or Exchange 2000 forest.

After you have moved some mailboxes from the Exchange 2003 or Exchange 2000 servers to the Exchange 2007 server in a separate forest, you will be in a combined resource and cross-forest scenario. This is called a hybrid forest scenario.

Important:
Microsoft supports Exchange in a hybrid forest environment.

After you move all mailboxes from the Exchange 2003 or Exchange 2000 servers to the Exchange 2007 servers, and then remove the Exchange 2003 and Exchange 2000 servers, you will be in a resource forest scenario.

GAL Synchronization and MIIS 2003

If you use Microsoft Identity Integration Server (MIIS) 2003 to synchronize the global address lists (GALs), you must perform additional steps to finish provisioning the recipients that are created by the MIIS GAL synchronization (GALSync) process. GALSync in MIIS 2003 is designed to work with Exchange 2003 or Exchange 2000 Server. In these versions of Microsoft Exchange, the Recipient Update Service performs the tasks that are required to finish provisioning recipients. The Recipient Update Service is not available in Exchange 2007. Therefore, you must manually finish provisioning the mail-enabled contacts that are created by the MIIS 2003 GALSync process.

Additionally, Exchange 2007 recipients have some attributes that are not present in recipients from previous versions of Exchange. GALSync in MIIS 2003 does not synchronize these new attributes. As a result, if you use GALSync in MIIS 2003 to synchronize recipients across forests, you will experience the following limitations:

  • If a user is delegated access to another user's mailbox, and then that mailbox or the mailbox of the delegate is moved to another forest, delegation is lost.

  • The contact that represents the room or equipment mailbox in the other forest will not have the detailed information about these resources.

  • Microsoft Office Outlook does not recognize that a synchronized contact represents a mailbox in another Exchange forest. Office Outlook displays the contact as a normal contact.

Note:
Synchronizing Exchange 2007 GALs by using MIIS 2003 is supported only as a custom solution. The recommended solution for synchronizing Exchange 2007 GALs is to use Exchange 2007 Service Pack 1 (SP1) and Identity Lifecycle Manager (ILM) 2007 Feature Pack 1

New in Exchange 2007 SP1

Microsoft Exchange 2007 SP1 provides the Update-Recipient cmdlet to finish provisioning recipients that are created by GALSync.

To synchronize the GALs in Exchange 2007 SP1, we recommend that you use ILM 2007 Feature Pack 1 instead of MIIS 2003. The GAL synchronization management agent in ILM 2007 Feature Pack 1 will call the Update-Recipient cmdlet automatically. To finish provisioning recipients that are created by ILM 2007 Feature Pack 1 GAL synchronization, you do not need to perform additional steps.

Note:
To use ILM 2007 Feature Pack 1 to synchronize GALs, you must have Exchange 2007 SP1 installed.

If you use ILM 2007 Feature Pack 1, all the recipient attributes for Exchange 2007 recipients are synchronized. As a result, you will not experience limitations regarding:

  • Cross-forest delegation.

  • Synchronization of room and equipment information.

  • Outlook failing to recognize contacts as synchronized contacts.

To learn more about ILM 2007, see Microsoft Identity Lifecycle Manager 2007 Product Overview.

Before You Begin

Before you perform the following procedure, you must perform the actions in one of the following sections based on whether you are working with the release to manufacturing (RTM) version of Exchange 2007 or Exchange 2007 SP1.

Permissions and Prerequisites Exchange 2007 SP1

To perform the following procedure in Exchange 2007 SP1, confirm the following:

  • You have read the topic Planning for a Complex Exchange Organization.

  • Both your Exchange 2007 forest and your Exchange 2003 forest are at the Microsoft Windows Server 2003 forest functional level.

  • All multiple forest topologies containing Exchange 2007 require directory servers in each forest running Windows Server 2003 with Service Pack 1 or later.

  • If you will continue to use any features from Exchange 2003 that are not supported in Exchange 2007, you have planned to keep at least one Exchange 2003 server in your organization. The following Exchange 2003 features are not supported in Exchange 2007:

    • Novell GroupWise connector

    • Network News Transfer Protocol (NNTP)

  • If you will continue to use any features from Exchange 2000 that are not supported in Exchange 2007, you have planned to keep at least one Exchange 2000 server in your organization. The following Exchange 2000 features are not supported in Exchange 2007:

    • Microsoft Mobile Information Server

    • Instant Messaging service

    • Exchange Chat Service

    • Exchange 2000 Conferencing Server

    • Key Management Service

    • cc:Mail connector

    • MS Mail connector

  • You have installed ILM 2007 Feature Pack 1. For information about deploying ILM 2007 Feature Pack 1, see Identity Lifecycle Manager.

  • If you are using Microsoft Office Outlook 2007 to access e-mail, you can use the Availability service to share free/busy data across forests. The Availability service is supported only with Outlook 2007 clients. If you are using earlier versions of Outlook, you must use the Inter-Organization Replication tool to synchronize free/busy data across multiple forests. It is supported to install the Inter-Organization Replication tool on a computer that has the Exchange 2007 management tools installed without any other Exchange 2007 server roles, or on an Exchange 2003 or Exchange 2000 server. If you install the tool on a computer that has the Exchange 2007 management tools installed, you must also install the Exchange MAPI client libraries. For more information about the Inter-Organization Replication tool, see Microsoft Exchange Server Inter-Organization Replication. For more information about downloading the Exchange MAPI client libraries, see Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1.

Permissions and Prerequisites for Exchange 2007 RTM

To perform the following procedures in Exchange 2007 RTM, confirm the following:

  • You have read the topic Planning for a Complex Exchange Organization.

  • Both your Exchange 2007 forest and your Exchange 2003 forest are at the Microsoft Windows Server 2003 forest functional level.

  • If you will continue to use any features from Exchange 2003 that are not supported in Exchange 2007, you have planned to keep at least one Exchange 2003 server in your organization. The following Exchange 2003 features are not supported in Exchange 2007:

    • Novell GroupWise connector

    • Network News Transfer Protocol (NNTP)

  • If you will continue to use any features from Exchange 2000 that are not supported in Exchange 2007, you have planned to keep at least one Exchange 2000 server in your organization. The following Exchange 2000 features are not supported in Exchange 2007:

    • Microsoft Mobile Information Server

    • Instant Messaging service

    • Exchange Chat Service

    • Exchange 2000 Conferencing Server

    • Key Management Service

    • cc:Mail connector

    • MS Mail connector

  • If you will synchronize recipients across forests, you have installed MIIS 2003 or Identity Integration Feature Pack for Microsoft Windows Server Active Directory with Service Pack 2 (SP2). For more information about deploying MIIS 2003, see the Microsoft Identity Integration Server 2003 TechCenter. For more information about downloading Identity Integration Feature Pack for Microsoft Windows Server Active Directory with SP2 see Identity Integration Feature Pack for Microsoft Windows Server Active Directory with Service Pack 2 (SP2).

  • If you are using MIIS 2003, you have installed SP2 for MIIS 2003. For more information about deploying MIIS 2003 SP2, see Microsoft Identity Integration Server 2003 SP2 Update.

  • If you are using Microsoft Office Outlook 2007 to access e-mail, you can use the Availability service to share free/busy data across forests. The Availability service is supported only for Office Outlook 2007 clients. If you are using earlier versions of Outlook, you must use the Microsoft Exchange Inter-Organization Replication tool to synchronize free/busy data across multiple forests. It is supported to install the Inter-Organization Replication tool on a computer that has the Exchange 2007 management tools installed without any other Exchange 2007 server roles, or on an Exchange 2003 or Exchange 2000 server. If you install the tool on a computer that has the Exchange 2007 management tools installed, you must also install the Exchange MAPI client libraries. For more information about the Inter-Organization Replication tool, see Microsoft Exchange Server Inter-Organization Replication. For more information about downloading the Exchange MAPI client libraries, see Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1.

Procedure

To transition from an existing single-forest Exchange organization to an Exchange 2007 resource forest

  1. Create a new Active Directory forest (into which you will install Exchange 2007 in a later step). For more information about creating a Windows Server 2003 forest, see Deploying the Windows Server 2003 Forest Root Domain.

Note:
You do not have to create an outgoing forest trust from the Exchange 2007 resource forest to the Exchange 2003 or Exchange 2000 forest.
  1. In the Exchange 2007 forest, install Exchange 2007. Install Exchange the same way that you would in a single-forest scenario. For detailed steps about how to install Exchange 2007, see one of the following topics:

  2. Move mailboxes from the Exchange 2003 or Exchange 2000 forest to the Exchange 2007 forest. For detailed steps, see How to Move a Mailbox Across Forests.

    Note:
    In this scenario, if you do not move all mailboxes to the Exchange 2007 resource forest, you will be in a hybrid forest scenario. This is a supported Exchange environment. By default, GALSync in ILM or MIIS does not synchronize recipients in both forests in a hybrid forest scenario. However, you can create a customized ILM or MIIS solution so that GALSync will synchronize recipients in both forests.
    Note:
    You can use the SourceMailboxCleanupOptions parameter and specify either MailEnableSourceAccount or DeleteSourceMailbox. You should specify MailEnableSourceAccount to mail-enable the source user account so that the user can receive e-mail messages from users in the original forest that you have not yet moved to the new Exchange forest. This is a hybrid forest scenario. You should specify DeleteSourceMailbox if you are moving all of the mailboxes to the new Exchange forest and will completely remove Exchange from the source forest.
    Note:
    To move contacts or distribution groups from one forest to another, you must use a tool such as the Active Directory Migration Tool version 3.0 (ADMT v3). For more information about ADMT v3, see Active Directory Migration Tool v3.0.
    Note:
    If you have any Exchange 2003 or Exchange 2000 recipient policies that have not been applied, moving the mailboxes to an Exchange 2007 server will force the recipient policies to be evaluated again and applied. Before you move mailboxes, make sure that you want to apply all of the existing recipient policies. If you have an existing recipient policy that you do not want to apply, clear the Automatically update e-mail address based on e-mail address policy check box in Active Directory Users and Computers. For more information, see the Exchange Server Team Blog article Yes, Exchange 2007 really enforces Email Address Policies. (Note: The content of each blog and its URL are subject to change without notice.)
  3. (Optional) Remove your old Exchange 2003 or Exchange 2000 servers from the Exchange 2003 or Exchange 2000 forest. For more information about how to remove Exchange 2003 servers, see How to Uninstall Exchange Server 2003 in the Exchange Server 2003 Deployment Guide. For more information about how to remove Exchange 2000 servers, see How to Uninstall Exchange 2000 Server in the Exchange Server 2003 Deployment Guide.

    Note:
    To remove the last Exchange 2003 or Exchange 2000 server from an organization, you must perform special steps to move public folder replicas, remove the public folder database, move the public folder hierarchy, move the offline address book (OAB) generation server, delete routing group connectors, delete the Recipient Update Service, and verify mail flow, protocols, and recipient policies. For detailed steps, see How to Remove the Last Legacy Exchange Server from an Organization.

For More Information

For more information about Windows Server 2003 trusts, see Administering Domain and Forest Trusts.

For more information about how to administer Exchange 2007 in one forest by using an account in a different forest, see How to Configure Cross-Forest Administration.