[ExchangeList] Re: Problem installing Exch2k7 to coexist with Exch2k3 with a lot of LDAP search filters in recipient policies
- From: "Michael B. Smith" <michael@xxxxxxxxxxxxxxxxxxxxxxxx>
- To: <exchangelist@xxxxxxxxxxxxx>
- Date: Thu, 10 Sep 2009 10:15:58 -0400
I think those articles do answer your question.
You test in a lab environment, resolve any issues THERE, and then deploy
into your live environment.
Exchange 2000 and 2003 used an LDAP query stored in the purportedSearch
attribute of a recipient policy object. Exchange 2007 and above have
switched to using a somewhat more versatile and certainly more readable
syntax known as OPATH.
There are scripts, programs, tutorials, examples, etc. etc. for making that
change. If you are saying "I don't want to make that change", well, I can't
help you. If you are going to upgrade, you have to change over.
I've moved two hosted Exchange ASPs from 2003 to 2007. In both cases, I
stood up parallel forests. If you think that OPATH is the biggest issue in a
ASP/SaaS migration from 2003 to 2007 - well, you haven't done your homework
or testing yet.
For 95%+ of companies, the transition from LDAP to OPATH was seamless. You
find yourself in the 5% where it isn't. You can bring someone in to help
you, or work through the issues in a test environment. I don't recommend
that you use your production environment as a lab environment. As you've
already pointed out, when working with these types of objects, it's easy to
break things.
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Jabber Wock
Sent: Thursday, September 10, 2009 9:23 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: Problem installing Exch2k7 to coexist with
Exch2k3 with a lot of LDAP search filters in recipient policies
Thanks those were useful and interesting links. However they do not address
the basic issue I am facing: in order to install a new Exchange 2007 server
in an existing Exchange 2003 environment without being forced to upgrade or
damage any existing live Exchange 2003 servers, we are forced to convert all
recipient policies and anything involving LDAP queries to OPATH. For most
situations this might not be a big deal but for us (in a multi-hosted
environment) we have literally hundreds of recipient policies and LDAP
search queries which, if touched, could seriously break existing users. I
am trying to understand if there is a cean, seamless, safe way to install a
new Exchange 2007 server in an existing Exchange 2003 environment and if
not, WHY NOT?? Was co-existence with Exchange 2003 not part of the plan for
Exchange 2007?
It was bad enough that the Exchange 2007 install process forces one to do
all those heart-stopping steps to prep the forest and domain but now this
...
Best regards
JW
On Thu, Sep 3, 2009 at 8:16 AM, Michael B. Smith
<michael@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
You can probably find everything you need in one of the top five articles
returned here:
http://msexchangeteam.com/search/SearchResults.aspx?q=opath
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Jabber Wock
Sent: Thursday, September 03, 2009 7:56 AM
To: [ExchangeList]
Subject: [ExchangeList] Problem installing Exch2k7 to coexist with Exch2k3
with a lot of LDAP search filters in recipient policies
Hi,
I have an interesting issue installing a new Exchange 2007 server into an
existing environment which has Exchange 2003 servers in it. One thing to
note is that we have a *LOT* of recipient policies with LDAP search filters
in the existing Exchange 2003 environment (by necessity).
I have gone through the steps of updating the domain and AD, and I have
successfully loaded the following roles on the new Exchange 2007 server:
Client Access, and Hub Transport. However, I cannot load the Mailbox role
as I run across the following error:
An unexpected error has occurred and a Watson dump is being generated: The
Exchange server address list service failed to respond. This could be
because of an address list or email address policy configuration error. It
was running command '$error.Clear(); $count=0; $ExchangeServers =
Get-ExchangeServer -DomainController $RoleDomainController; foreach($server
in $ExchangeServers) { if(($server.AdminDisplayVersion.Build -gt 641) -and
($server.IsMailboxServer -eq $true)) { $count++; } } if( $count -eq 1) {
Set-OrganizationConfig -DomainController $RoleDomainController; }'.
The problem is caused apparently because the install process does not like
any recipient policy which has an ampersand or a paren (!). One solution I
found involves is listed in the attached webpage below:
<http://blog.shijaz.com/2008/01/when-setup-fails-exchange-server-2007.html>
http://blog.shijaz.com/2008/01/when-setup-fails-exchange-server-2007.html
It involves removing the search filter for every recipient policy, then
rerunning the installation. For a small list of domains, this would be easy
to do,
but with our large list of recipient policies, we would break every user for
the duration of the installation, and I have not found an answer on the
proper way to restore the recipient policies (LDAP or OPATH). It is
important that Exchange 2003 be able to read the recipient policies in order
to determine accepted e-mail domains, or else all the 2003 servers will
start rejecting e-mail for valid users.
How can I get arond this LDAP issue and install the Mailbox role without
having to remove all my LDAP search filters and then having to re-install
them (a process which could take hours and could be highly error prone).
I find it hard to believe that Exchange 2003 cannot coexist with Exchange
2007, yet this issue seems to imply that this is the case!
TIA!
JW
Other related posts:
