Planning and Migrating a Small Organization from Exchange 2003 to Exchange 2013 (Part 5)

If you would like to read the other parts in this article series please go to:

Getting the environment ready for the upgrade

Before we set up our staging server for Exchange 2010, or indeed the Exchange 2013 server itself, we’ll need to make a number of changes to the existing environment to make sure that we are able to migrate, and to ensure that it’s as smooth as possible.

Exchange Server Patching

We’ll start with the basics. Exchange 2003 is now out of extended support, but you can still make sure Exchange 2003 and the underlying Windows Server is up to date with the latest service pack available along with essential fixes. We’ll start by ensuring the environment is up to date with Exchange 2003 Service Pack 2, which can be downloaded and installed from the Microsoft download site.

We won’t cover the steps required to install Exchange 2003 Service Pack 2 – as it’s fairly unlikely that your Exchange organization won’t be at this level. If you aren’t at Exchange 2003 SP2 then there’s probably some bigger questions worth asking and you might want to consider whether you will be able to keep up with Exchange 2013’s Cumalative Update cycle.

In addition to Exchange 2003 Service Pack 2, we will also need an additional hotfix, KB937031, to help better support the transition of mobile devices using Exchange ActiveSync. Just to recap, we’ll be looking to move the HTTPS namespace used for services like OWA straight over to Exchange 2010 and not provide a coexistence namespace. This will be fine for clients like Outlook, cause temporary disruption for OWA users, but assuming we apply this hotfix and configure Exchange accordingly this should be a non-disruptive change for ActiveSync users and allow them to continue to access email without issue.

In particular this hotfix allows us to change authentication settings in Exchange 2003’s metabase to allow the ActiveSync virtual direcotry to support Integrated Windows Authentication, which allows Exchange 2010 to proxy ActiveSync requests for Exchange 2003 servers whilst mailboxes await move.

Although it’s possible to make that change directly in Internet Information Services (IIS) Manager the change will be overwritten by Exchange, therefore we need this patch to make the change via this route.

If you aren’t sure whether the Exchange 2003 environment already has the hotfix we can verify this by opening the Exchange System Manager and navigating to one of the servers, then expanding Protocols>HTTP>Exchange Virtual Server and then right clicking Microsoft-Server-ActiveSync, and choosing Properties, as shown below:

Figure 1

After opening the properties window for Microsoft-Server-ActiveSync, select the Access tab. In the Authentication Settings section, look for the Authentication button. If this is greyed out, as shown below, you will need to apply the hotfix.

Figure 2

After registration and download of the hotfix, run the self-extractor and extract the contents to a convenient location. You’ll need to, at a minimum, install the Hotfix on one server that you will run the Exchange System Manager from. That’s because effectively what this hotfix does is light up the above Authentication button so we can make the change in the Exchange metabase. Once the change is made via the Exchange System Manager, Exchange can do the rest.

Installation of the hotfix is fairly straightforward and usually does not require a reboot, and does not stop or restart any services:

Figure 3

After installation, open the Exchange System Manager again and revisit the properties for the Microsoft-Server-ActiveSync virtual directory. You should now see the Authentication button is available:

Figure 4

Use the Exchange System Manager to update authentication settings on each Exchange 2003 Back-End server (or if you’ve just one server, make the change on that server). You’ll need to ensure that Integrated Windows Authentication is selected in addition to Basic Authentication, as shown below:

Figure 5

Removing Public Folders

As part of our planning we decided that removal of Public Folders in preparation for a simplified move to Exchange 2013 was a suitable approach for our smaller organization. Therefore in advance, we’ll have migrated content away from Public Folders and replaced those Public Folders with Shared Mailboxes or similar.

If you now have read-only copies of the original Public Folders, ensure these are removed to ensure that clean-up of the environment prior to later decommissioning is straightforward:

Figure 6

The normal caveat applies though – before deleting any data from your environment, make sure you have a backup.

After deleting user public folders that are no longer needed you can navigate to the server note and view Public Folder instances (the actual replicas of each Public Folder) on each server. You’ll find this under the server node, within the Storage Group and it’s associated Public Folder store, listed as Public Folder Instances:

Figure 7

Don’t be surprised to see addition public folders here that you were not aware of. These are Exchange’s System Public Folders. We won’t touch these at the moment as they will become obsolete once all users are migrated to Exchange 2010.

Active Directory Forest and Domain Level Changes

Before we can begin to upgrade the schema and prepare the Active Directory Forest and Domain for Exchange 2010, and subsequently Exchange 2013 we need to ensure that the Functional levels of both the domain and forest are raised to a minimum of Windows 2003, or higher.

As a pre-requisite this means that any domain controllers present that aren’t running Windows 2003 or below are removed from the domain first, so that means any Windows 2000 Domain Controllers must be demoted, if they still exist, and replaced.

It’s also important to remember that Windows 2003 Server is no longer supported by Microsoft, so bear in mind an upgrade to a new version of Windows Server on domain controllers should be on your list. If you are using Windows Server 2003 R2, then you have a reprieve as through 2014 this remains in support.

We’ll start first by raising the Domain Functional Level for each domain within the environment before finally raising the Forest Functional Level. The option to raise the Domain Functional Level can be found within Active Directory Users and Computers. Navigate to the domain name, then right click and choose Raise Domain Functional Level:

Figure 8

You’ll then be shown the current domain functional level, which will indicate whether you need to make any changes. In our example below, we see that the Domain Functional Level is Windows 2000 Mixed, therefore we’ll need to select Windows Server 2003 then choose Raise:

Figure 9

You will then be asked to confirm if you really want to perform the change, as it can’t be rolled back. If you are sure, press OK:

Figure 10

In our example organization, we only have one domain within the forest. If you have multiple domains within your forest you’ll now need to make the same change across those domains too.

After raising the Domain Functional Level we’ll then be able to raise the Forest Functional Level to complete to DFL and FFL upgrade.

Logged in with Enterprise Administrator credentials, open Active Directory Domains and Trusts. Right click on the root node, and then choose Raise Forest Functional Level:

Figure 11

Assuming the Domain Functional Level required upgrade we’ll then be presented with the option to move from Windows 2000 level to Windows Server 2003 or higher. Choose Raise to continue with the change:

Figure 12

After confirmation and waiting for replication to occur, Active Directory should be ready to support Exchange 2010 and later on, Exchange 2013.


In this part of the series we’ve patched our Exchange 2003 servers and installed necessary hotfixes to ensure they will function properly when mixed with Exchange 2010. We’ve also removed our legacy Public Folder infrastructure and after removing old Domain Controllers, raised the Forest and Domain Functional Levels ready for newer versions of Exchange. In the next part we’ll ensure our clients are ready and move onto our new Servers.

If you would like to read the other parts in this article series please go to:

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top