[ExchangeList] Re: Problem installing Exch2k7 to coexist with Exch2k3 with a lot of LDAP search filters in recipient policies

  • From: Jabber Wock <jabberwock99@xxxxxxxxx>
  • To: exchangelist@xxxxxxxxxxxxx
  • Date: Thu, 17 Sep 2009 12:31:52 -0400

Hello Michael,

Thanks for your email.  Your first email was helpful, your second email a little less so, if I may say :-)

If you read my email you will note that nowhere in my email did I state that I am using my production environment for this.  Nor did I say "oh this is too hard / difficult I dont want to do this".  The issue is real, whether in a test environment or not (the test environment is badly broken as a result of this issue, RUS has had to be switched off and we are working with paid Microsoft tech support, so far without a good solution, and our production environment is fine). It is not an issue related to sloppiness or laziness.  Sorry you jumped to such conclusions.

In an environment such as this mailng list, where everyone is a stranger to everyone else, it is easy to assume that one is the only true professional around and everyone else posting questions is a numbskull so I am not too surprised at your comments.  Next time please pay a little more attention.  I was pondering whether to reply at all, but in the end I decided to do so, just so that in the future perhaps someone else will be a little less disrespectful of someone else's post.

Nevertheless thank you for your email.

best regards
JW


On Thu, Sep 10, 2009 at 10:15 AM, Michael B. Smith <michael@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:

I think those articles do answer your question.

 

You test in a lab environment, resolve any issues THERE, and then deploy into your live environment.

 

Exchange 2000 and 2003 used an LDAP query stored in the purportedSearch attribute of a recipient policy object. Exchange 2007 and above have switched to using a somewhat more versatile and certainly more readable syntax known as OPATH.

 

There are scripts, programs, tutorials, examples, etc. etc. for making that change. If you are saying “I don’t want to make that change”, well, I can’t help you. If you are going to upgrade, you have to change over.

 

I’ve moved two hosted Exchange ASPs from 2003 to 2007. In both cases, I stood up parallel forests. If you think that OPATH is the biggest issue in a ASP/SaaS migration from 2003 to 2007 – well, you haven’t done your homework or testing yet.

 

For 95%+ of companies, the transition from LDAP to OPATH was seamless. You find yourself in the 5% where it isn’t. You can bring someone in to help you, or work through the issues in a test environment. I don’t recommend that you use your production environment as a lab environment. As you’ve already pointed out, when working with these types of objects, it’s easy to break things.

 

From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Jabber Wock
Sent: Thursday, September 10, 2009 9:23 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: Problem installing Exch2k7 to coexist with Exch2k3 with a lot of LDAP search filters in recipient policies

 


Thanks those were useful and interesting links.  However they do not address the basic issue I am facing:  in order to install a new Exchange 2007 server in an existing Exchange 2003 environment without being forced to upgrade or damage any existing live Exchange 2003 servers, we are forced to convert all recipient policies and anything involving LDAP queries to OPATH. For most situations this might not be a big deal but for us (in a multi-hosted environment) we have literally hundreds of recipient policies and LDAP search queries which, if touched, could seriously break existing users.  I am trying to understand if there is a cean, seamless, safe way to install a new Exchange 2007 server in an existing Exchange 2003 environment and if not, WHY NOT??  Was co-existence with Exchange 2003 not part of the plan for Exchange 2007?

It was bad enough that the Exchange 2007 install process forces one to do all those heart-stopping steps to prep the forest and domain but now this ...

Best regards
JW

On Thu, Sep 3, 2009 at 8:16 AM, Michael B. Smith <michael@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:

You can probably find everything you need in one of the top five articles returned here:

 

http://msexchangeteam.com/search/SearchResults.aspx?q=opath

 

From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Jabber Wock
Sent: Thursday, September 03, 2009 7:56 AM
To: [ExchangeList]
Subject: [ExchangeList] Problem installing Exch2k7 to coexist with Exch2k3 with a lot of LDAP search filters in recipient policies

 

Hi,

 

I have an interesting issue installing a new Exchange 2007 server into an existing environment which has Exchange 2003 servers in it.  One thing to note is that we have a *LOT* of recipient policies with LDAP search filters in the existing Exchange 2003 environment (by necessity).

 

I have gone through the steps of updating the domain and AD, and I have successfully loaded the following roles on the new Exchange 2007 server:  Client Access, and Hub Transport.  However, I cannot load the Mailbox role as I run across the following error:

 

An unexpected error has occurred and a Watson dump is being generated: The Exchange server address list service failed to respond. This could be because of an address list or email address policy configuration error. It was running command '$error.Clear(); $count=0; $ExchangeServers = Get-ExchangeServer -DomainController $RoleDomainController; foreach($server in $ExchangeServers) { if(($server.AdminDisplayVersion.Build -gt 641) -and ($server.IsMailboxServer -eq $true)) { $count++; } } if( $count -eq 1) { Set-OrganizationConfig -DomainController $RoleDomainController; }'.

 

The problem is caused apparently because the install process does not like any recipient policy which has an ampersand or a paren (!).  One solution I found involves is listed in the attached webpage below:

 

http://blog.shijaz.com/2008/01/when-setup-fails-exchange-server-2007.html

 

It involves removing the search filter for every recipient policy, then rerunning the installation.  For a small list of domains, this would be easy to do,
but with our large list of recipient policies, we would break every user for the duration of the installation, and I have not found an answer on the proper way to restore the recipient policies (LDAP or OPATH).  It is important that Exchange 2003 be able to read the recipient policies in order to determine accepted e-mail domains, or else all the 2003 servers will start rejecting e-mail for valid users.

 

How can I get arond this LDAP issue and install the Mailbox role without having to remove all my LDAP search filters and then having to re-install them (a process which could take hours and could be highly error prone).

 

I find it hard to believe that Exchange 2003 cannot coexist with Exchange 2007, yet this issue seems to imply that this is the case!

 

TIA!

JW

 

 

 


Other related posts: