Thank you much for your help. I will let you know how things go in the lab! Thanks again, Chris Wall Sr. Exchange Administrator MCSE, MCSA Chris.Wall@xxxxxxxxxxxxxxxxxxx T - 919.460.3236 F - 919.468.4889 Global Knowledge Network LEARNING. To Make a Difference http://www.globalknowledge.com -----Original Message----- From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx] Sent: Tuesday, February 15, 2005 11:02 AM To: [ExchangeList] Subject: [exchangelist] RE: ADC Question... http://www.MSExchange.org/ Based on this, and the understanding that Migrating accounts from the remote domains is not an option - I assume that the ADC's will create 'Contacts' in AD for the accounts on the remote Exchange 5.5 servers. >>> No, not contacts, but disabled user objects by default With that information, I need to know what to look out for... My biggest concern is how permissions will be affected with public folders. I will re-home corporate Public folders to the Exchange 2003 servers. Some of the remote Exchange 5.5 accounts have permissions to these folders and vice-versa. >>> Take a look at the documents at http://www.microsoft.com/exchange/library for information on how this looks. In your lab, you want to watch for this. To make sure that Public folder permissions do not break since I know of no way to assign 'Contacts' permissions to Public Folders, I will have to leave an Exchange 5.5 server in the Corporate domain that contains replicas of the Exchange 2003 Public Folders. This way, permissions will remain in tact for accounts in remote 5.5 servers... Does this make sense? >>> No, you won't need a 5.5 server per se, but you will need the SRS and you will need to move/keep the directory replication and X.400 connectors. 5.5 will still need to talk to a 5.5 server. In your case, it will just be a 2003 server running SRS and X.400 connectors. >>> Article of interest: http://support.microsoft.com/kb/328287 -ajm -----Original Message----- From: Chris Wall [mailto:Chris.Wall@xxxxxxxxxxxxxxxxxxx] Sent: Tuesday, February 15, 2005 10:20 AM To: [ExchangeList] Subject: [exchangelist] RE: ADC Question... http://www.MSExchange.org/ Al, Thanks for the reply, your info does reinforce my knowledge - I understand the idea of Agreements vs. instances. I also realize the ability to create redundant agreements and the need to verify one of the duplicate agreements are marked a primary to prevent synch errors. Currently, we have discussed the domain design as it regards to AD and we have decided to have the remote NT4 domains join our Forest in the future (during the AD upgrade process). However, due to reasons I will not go into now - we can not upgrade their domains to AD at this time. Our first goal is to implement Exchange 2003 in our Corporate AD Domain and upgrade the current Exchange 5.5 servers in the Corporate domain. Based on this, and the understanding that Migrating accounts from the remote domains is not an option - I assume that the ADC's will create 'Contacts' in AD for the accounts on the remote Exchange 5.5 servers. With that information, I need to know what to look out for... My biggest concern is how permissions will be affected with public folders. I will re-home corporate Public folders to the Exchange 2003 servers. Some of the remote Exchange 5.5 accounts have permissions to these folders and vice-versa. To make sure that Public folder permissions do not break since I know of no way to assign 'Contacts' permissions to Public Folders, I will have to leave an Exchange 5.5 server in the Corporate domain that contains replicas of the Exchange 2003 Public Folders. This way, permissions will remain in tact for accounts in remote 5.5 servers... Does this make sense? Also my last question... When the ADC Agreements are created for the remote Exchange 5.5 servers (in an NT 4 Domain for the time) can I remove the Directory Replication and X.400 connectors from the Corporate Exchange 5.5 bridgehead, ore will they have to remain in tact? There are 3 Exchange 2003/Exchange 5.5 connections that I am trying to decide upon. They are: 1. Create ADC Agreements to each Exchange 5.5 remote site and use the Exchange 2003 X.400 connector as discussed in article http://www.msexchange.org/tutorials/X400-Connector-Exchange-Server-2003.html 2. Create ADC Agreements to each Exchange 5.5 remote site and keep the x.400 connectors on the Corporate Exchange 5.5 Bridgehead server so that info is replicated into Exchange 2003 from the Corporate Exchange 5.5 Bridgehead 3. Use Site Connectors to Exchange 5.5 remote servers without the Exchange 2003 X.400 connector. I appreciate your opinions so that I can test in a lab environment.... Regards, Chris Wall -----Original Message----- From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx] Sent: Tuesday, February 15, 2005 9:05 AM To: [ExchangeList] Subject: [exchangelist] RE: ADC Question... http://www.MSExchange.org/ A few things to keep in mind when dealing with the ADC. 1) Keep it simple; this is a simple tool and any attempts to make it do complex things will make you sad <G> 2) ADC Connection Agreements (CA's) and ADC instances are separate entities; Numerous CA's can be run from the same instance. 3) Each CA needs an AD target to write to; you'll always use two-way sync for the CA's when dealing with Exchange 4) Each CA is going to need a writeable copy of the Exchange 5.5 directory; writeable copies are at the site level in 5.5 5) Each CA is capable of using it's own credentials for the situation you describe. 6) Keep it simple; this is a simple tool and any attempts to make it do complex things will make you sad <G> You will likely need one instance of the ADC depending on bandwidth. You will need at least one CA for each site in the 5.5 ORG and you will not need to have the individual NT domains upgraded *depending on your migration plans*. What I mean by that, is that if you don't want to have the 5.5 accounts migrate to the 2003 HQ domain, then you'll want to upgrade the existing domains into the forest. In which case, you'll want to upgrade those to 2003 before installing the ADC just to make it easier. You don't have to, but it often makes things simpler and less chaotic. It's recommended to use as few domains as you can when deploying Active Directory. That's because there's not a lot of particular benefits to multiple domains vs. sites and OU's. A few, but many don't need those particular benefits when deploying. Depending on the overall migration strategy, you would then deploy the ADC accordingly remembering the rules above. Does that help? -ajm -----Original Message----- From: Chris Wall [mailto:Chris.Wall@xxxxxxxxxxxxxxxxxxx] Sent: Monday, February 14, 2005 5:29 PM To: [ExchangeList] Subject: [exchangelist] ADC Question... http://www.MSExchange.org/ Hello all, Have a quick ADC design question for you all before running in a test environment... Environment Info: I am currently running Exchange 5.5 in one Exchange Organization with 3 different Exchange sites. Each Site is in a different NT 4.0 Domain, which are connected by trusts to our Corporate Domain... We have currently upgraded the 'Corporate' domain to Win 2003 AD. This 'Corporate' 2003 AD domain has the internal Exchange 5.5 server that acts as a bridgehead with x.400 and Directory Replication Connectors to the other two Exchange 5.5 Sites. Each of those trusted Domains have only 1 Exchange 5.5 server in their Exchange site. Question: When configuring the ADC in the Corporate AD domain, I assume that I can only connect it to the local Exchange 5.5 Site (Since AD is not running in the other two domains). 1. Should each site have its own ADC connector for Replication? If so, that means that each NT 4 Domain must be upgraded to 2003 AD first... 2. Or can I setup one ADC connection to the local 5.5 site that contains the Bridgehead? If so, I assume this ADC connection will update Corporate AD with 'contacts' for accounts in the remote Exchange 5.5 sites. Will this cause any issues with Public folder permissions since the 5.5 accounts will appear as contacts? If #2 is a viable option, and I hope it is, then what happens when I have migrated all Exchange 5.5 accounts, public folders, contacts, etc to the new Exchange 2003 servers... Will I need to keep the Exchange 5.5 Bridgehead running until I can upgrade the other 2 domains to AD so they can have their own ADC's and not have to rely on updates from the Exchange 5.5 Bridgehead? Kind of confusing, but none of Microsoft's books or white papers really address this scenario. They all seem to assume that all Exchange 5.5 are in an AD environment prior to introducing the ADC. Thanks for any information or thoughts... Regards, Chris Wall Sr. Exchange Administrator MCSE, MCSA Chris.Wall@xxxxxxxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: al.mulnick@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: Chris.Wall@xxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx