Transitioning from Exchange 2007 to Exchange 2010—-Step by Step
Exchange Server 2007 and Exchange Server 2010 are similar in architecture so the transition process is more straightforward. The following procedure illustrates a typical transition from Exchange Server 2007 to Exchange 2010:
Prerequisite:
• Run Dcdiag, Netdiag and check FSMO roles functioning perfect.
• All domains in an existing Active Directory forest have to be running in native mode.
• The Active Directory forest has to be running on a Windows Server 2008 forest functionality level.
• Each site in Active Directory should have at least one PDC, schema master and the Global Catalog server on a Windows Server 2008 SP2 level. It is recommended to have 64-bit type Domain Controllers and Global Catalog Servers for optimal performance preferably Windows Server 2008 x64 SP2 or Windows Server 2008 R2
• All Exchange Server 2007 servers must have Exchange Service Pack 2 installed.
• The Internet facing Active Directory sites must be the first sites that will be migrated to Exchange Server 2010.
• Windows Server 2008 SP2 64 bit or Windows Server 2008 R2.
• Internet Information Server needs to be installed for CAS.
• Web Certificates must be installed in server holding CAS
• Windows Remote Management (WinRM) 2.0
• PowerShell 2.0 (Windows Server 2008 feature if R2 version)
• .NET Framework 3.5 (Windows Server 2008 feature)
• Desktop Experience (Windows Server 2008 feature)
• Net. TCP Services started and set automatic (services.msc)
• Disable TCP/IP6 from Registry (if you use tcp/ip4)
• 2007 Office System Converter
• Better to Prepare a document showing task list and systems build info. Tick one after one when finishing a task accordingly.
Precautions:
1) Backup Active Directory global Catalog servers, Exchange servers and Servers that interoperate with Exchange Server, such as gateway systems or replicated directory servers. It is also a best practice to turn off any replication to other environments during the transition process, such as Forefront Identity Manager (previously named ILM, MIIS, IIFP, and MMS).
2) Please bear in mind that an in-place upgrade to Exchange Server 2010 in any scenario is NOT supported!
3) Please be aware that Win2k8 AD and Exchange 2010 (HT, MT, CAS, ET Role, Unified Messaging) are based on 64 bit architecture.
Migration from Windows 2003 AD Forest to Windows 2008 AD Forest and Forest Preparation
1) Create user with domain admin, schema admin and enterprise admin role from existing AD
2) Log on using new user name
3) Bring the AD forest and domains to Windows Server 2003 Functional Level
4) Insert Win2k8 Server DVD into Win2k3 DC
5) Use elevated command prompt using domain\username (where user name must be above mentioned) Start Menu>Run type runas /user:domain\username cmd.exe
6) Provide Password
7) d:\sources\adprep\adprep.exe /forestprep where d: is DVD ROM
8) d:\sources\adprep\adprep.exe /domainprep /gpprep
9) d:\Setup and select upgrade option to use existing DC
10) Transfer FSMO Roles for a new Win2k8 DC with new Hardware
11) Make one DC as GC
12) Replicate AD database, GPO or wait tomstone to replicate
13) Retire Windows 2003 DC
14) Run DCPROMO (Uncheck this is last remaining DC)
15) Raise new Domain Functional level to Win2k8
16) Insert Exchange 2010 DVD into DC to upgrade AD
17) Open command prompt and change directory to DVD rom
18) Type Setup.com /PrepareSchema
19) Type .\Setup /PrepareAD /OrganizationName:organisation_name
Transition Sequencing:
Once you have finished prerequisite, you have to take the installation order of the Exchange Server 2010 servers into account to minimize the impact:
1) Exchange Server 2010 Client Access Server. The Client Access Server can work with an Exchange Server 2007 Mailbox Server as well as an Exchange Server 2010 Mailbox Server.
2) Exchange Server 2010 Hub Transport Server (New Internal and External Connector). Documents all the policies you have in existing HT and apply same in new HT server.
3) Exchange Server 2010 Mailbox Server. After you have installed the Mailbox Server role and established a proper Public Folder replication between Exchange Server 2007 and Exchange Server 2010, you can start moving mailboxes to the new Exchange 2010 Mailbox Server. Of course, the Public Folder replication needs only be configured when Public Folders are used in Exchange Server 2007.
4) The Edge Transport Server can be installed at any time, since an Exchange Server 2010 Edge Transport Server can be subscribed to an Exchange Server 2007 SP2 Hub Transport Server. Use Export and Import option for all policies applied in previous ET server.
5) Finally Unified Messaging
Transitioning from Exchange Server 2007 to Exchange Server 2010
1. Prepare Windows Server 2008 (RTM or R2) x64 edition server for the first Exchange 2010
2. Install the AD LDIFDE tools on the new Exchange 2010 server (to upgrade the schema).
3. Install necessary prerequisites (WWW for CAS server role) including web certificates.
4. Install CAS server role servers and configure per 2010 design. Validate functionality.
5. Transfer OWA, ActiveSync, and Outlook Anywhere traffic to new CAS servers.
6. Install Hub Transport role and configure per 2010 design.
7. Transfer inbound and outbound mail connector to the new 2010 HT servers.
8. Install mailbox servers and configure Databases (DAG if needed).
9. Create public folder replicas on Exchange 2010 servers using Exchange 2010 Public Folder tool.
10. Move mailboxes to Exchange 2010 using Move Mailbox Wizard.
11. Re-home the Offline Address Book (OAB) generation server to Exchange Server 2010.
12. Transfer all Public Folder Replicas to Exchange Server 2010 Public folder stores.
13. Delete Public and Private Information Stores from Exchange 2007 servers.
14. Remove Exchange 2007 Edge Transport subscription
15. Uninstall all Exchange 2007 servers.
Test Procedure:
1. Double check Exchange Roles and services are started
2. Check event logs
3. Check internal and external connector
4. Test OWA and Email using test user
5. Run BPA
6. Verify with the system build info you created at beginning to check what you might have missed out or not!
Key Factors:
The following key factors differentiate a 2007 to 2010 transition from a 2003 to 2010 transition:
1) Exchange admin groups and routing groups are already out of the picture.
2) The Recipient Update Service is no longer part of the transition process.
3) The public folder hierarchy does not need to be re-homed. Indeed, because public Folders are not required for Exchange Server 2007, they might not even be part of the transition.
One added advantage of transition from Exchange Server 2007 to Exchange Server 2010: if Outlook clients are at 2007 levels or above, the move mailbox process does not result in downtime, making the end user transition experience completely transparent.
Further Study
Transition from Exchange 2003 to Exchange 2010
Watch TechNet Video on Transition from Exchange 2007 to Exchange 2010
Sunil Saunshi
System Engineer
Friday, July 29, 2011
Friday, July 30, 2010
What if my computer is infected?
What if my computer is infected?
Unfortunately, it may happen occasionally that the antivirus installed in your computer with its latest updates is incapable of detecting a new virus, worm or a Trojan. Sadly but true: no antivirus protection software gives you a 100% guarantee of complete security. If your computer does get infected, you need to determine the fact of infection, identify the infected file and send it to the vendor whose product missed the malicious program and failed to protect your computer.
However, users on their own are typically unable to detect that their computer got infected unless aided by antivirus solutions. Many worms and Trojans typically do not reveal their presence in any way. By way of exception, some Trojans do inform the user directly that their computer has been infected – they may encrypt the user’s personal files so as to demand a ransom for the decryption utility. However, a Trojan typically installs itself secretly in the system, often employs special disguising methods and also covertly does its activity. So, the fact of infection can be detected by indirect evidence only.
Symptoms of infection
An increase in the outgoing web traffic is the general indication of an infection; this applies to both individual computers and corporate networks. If no users are working in the Internet in a specific time period (e.g. at night), but the web traffic continues, this could mean that somebody or someone else is active on the system, and most probably that is a malicious activity. In a firewall is configured in the system, attempts by unknown applications to establish Internet connections may be indicative of an infection. Numerous advertisement windows popping up while visiting web-sites may signal that an adware in present in the system. If a computer freezes or crashes frequently, this may be also related to a malware activity. Such malfunctions are more often accounted for by hardware or software malfunctions rather than a virus activity. However, if similar symptoms simultaneously occur on multiple or numerous computers on the network, accompanied by a dramatic increase in the internal traffic, this is very likely caused by a network worm or a backdoor Trojan spreading across the network.
An infection may be also indirectly evidenced by non-computer related symptoms, such as bills for telephone calls that nobody made or SMS messages that nobody sent. Such facts may indicate that a phone Trojan is active in the computer or the cell phone. If unauthorized access has been gained to your personal bank account or your credit card has bee used without your authorization, this may signal that a spyware has intruded into your system.
What to do
The first thing to do is make sure that the antivirus database is up-to-date and scan your computer. If this does not help, antivirus solutions from other vendors may do the job. Many manufacturers of anti-virus solutions offer free versions of their products for trial or one-time scanning – we recommend you to run one of these products on your machine. If it detects a virus or a Trojan, make sure you send a copy of the infected file to the manufacturer of the antivirus solution that failed to detect it. This will help this vendor faster develop protection against this threat and protect other users running this antivirus from getting infected.
If an alternative antivirus does not detect any malware, it is recommended that you disconnect your computer from the Internet or a local network, disable Wi-Fi connection and the modem, if any, before you start looking for the infected file(s). Do not use the network unless critically needed. Do not use web payment systems or internet banking services under any circumstances. Avoid referring to any personal or confidential data; do not use any web-based services that require your screen name and password.
How do I find an infected file?
Detecting a virus or Trojan in your computer in some cases may be a complex problem requiring a technical qualification; however, in other cases that may be a pretty straightforward task – this all depends on the degree of the malware complexity and the methods used to hide the malicious code embedded into the system. In the difficult cases when special methods (e.g. rootkit technologies) are employed to disguise and conceal the malicious code in the system, a non-professional may be unable to track down the infected file. This problem may require special utilities or actions, like connecting the hard disk to another computer or booting the system from a CD. However, if a regular worm or simple Trojan is around, you may be able to track it down using fairly simple methods.
The vast majority of worms and Trojan need to take control when the system starts. There are two basic ways for that:
• A link to the infected file is written to the autorun keys of the Windows registry;
• The infected file is copied to an autorun folder in Windows.
The most common autorun folders in Windows 2000 and XP are as follows:
%Documents and Settings%\%user name%\Start Menu\Programs\Startup\
%Documents and Settings%\All Users\Start Menu\Programs\Startup\
There are quite a number of autorun keys in the system register, the most popular keys include Run, RunService, RunOnce и RunServiceOnce, located in the following register folders:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\]
Most probably, a search at the above locations will yield several keys with names that don’t reveal much information, and paths to the executable files. Special attention should be paid to the files located in the Windows system catalog or root directory. Remember names of these files, you will need them in the further analysis.
Writing to the following key is also common:
[HKEY_CLASSES_ROOT\exefile\shell\open\command\]
The default value of this key is “%1" %*”.
Windows’ system (and system 32) catalog and root directory are the most convenient place to set worms and Trojans. This is due to 2 facts: the contents of these catalogs are not shown in the Explorer by default, and these catalogs host a great number of different system files, functions of which are completely unknown to a lay user. Even an experienced user will probably find it difficult to tell if a file called winkrnl386.exe is part of the operating system or foreign to it.
It is recommended to use any file manager that can sort file by creation/modification date, and sort the files located within the above catalogs. This will display all recently created and modified files at the top of the catalog – these very files will be of interest to the researcher. If any of these files are identical to those occurring in the autorun keys, this is the first wake-up call.
Advanced users can also check the open network ports using netstat, the standard utility. It is recommended to set up a firewall and scan the processes engaged in network activities. It is also recommended to check the list of active processes using dedicated utilities with advanced functionalities rather than the standard Windows utilities – many Trojans successfully avoid being detected by standard Windows utilities.
However, no universal advice can be given for all occasions. Advanced worms and Trojans occur every now then that are quite difficult to track down. In this case, it is best to consult the support service of the IT security vendor that released your antivirus client, a company offering IT assistance services, or ask for help at specialized web forums. Such web resources include www.virusinfo.info and anti-malware.ru (Russian language), and www.rootkit.com and www.gmer.net (English). Similar forums designed to assist users are also run by many antivirus companies.
Unfortunately, it may happen occasionally that the antivirus installed in your computer with its latest updates is incapable of detecting a new virus, worm or a Trojan. Sadly but true: no antivirus protection software gives you a 100% guarantee of complete security. If your computer does get infected, you need to determine the fact of infection, identify the infected file and send it to the vendor whose product missed the malicious program and failed to protect your computer.
However, users on their own are typically unable to detect that their computer got infected unless aided by antivirus solutions. Many worms and Trojans typically do not reveal their presence in any way. By way of exception, some Trojans do inform the user directly that their computer has been infected – they may encrypt the user’s personal files so as to demand a ransom for the decryption utility. However, a Trojan typically installs itself secretly in the system, often employs special disguising methods and also covertly does its activity. So, the fact of infection can be detected by indirect evidence only.
Symptoms of infection
An increase in the outgoing web traffic is the general indication of an infection; this applies to both individual computers and corporate networks. If no users are working in the Internet in a specific time period (e.g. at night), but the web traffic continues, this could mean that somebody or someone else is active on the system, and most probably that is a malicious activity. In a firewall is configured in the system, attempts by unknown applications to establish Internet connections may be indicative of an infection. Numerous advertisement windows popping up while visiting web-sites may signal that an adware in present in the system. If a computer freezes or crashes frequently, this may be also related to a malware activity. Such malfunctions are more often accounted for by hardware or software malfunctions rather than a virus activity. However, if similar symptoms simultaneously occur on multiple or numerous computers on the network, accompanied by a dramatic increase in the internal traffic, this is very likely caused by a network worm or a backdoor Trojan spreading across the network.
An infection may be also indirectly evidenced by non-computer related symptoms, such as bills for telephone calls that nobody made or SMS messages that nobody sent. Such facts may indicate that a phone Trojan is active in the computer or the cell phone. If unauthorized access has been gained to your personal bank account or your credit card has bee used without your authorization, this may signal that a spyware has intruded into your system.
What to do
The first thing to do is make sure that the antivirus database is up-to-date and scan your computer. If this does not help, antivirus solutions from other vendors may do the job. Many manufacturers of anti-virus solutions offer free versions of their products for trial or one-time scanning – we recommend you to run one of these products on your machine. If it detects a virus or a Trojan, make sure you send a copy of the infected file to the manufacturer of the antivirus solution that failed to detect it. This will help this vendor faster develop protection against this threat and protect other users running this antivirus from getting infected.
If an alternative antivirus does not detect any malware, it is recommended that you disconnect your computer from the Internet or a local network, disable Wi-Fi connection and the modem, if any, before you start looking for the infected file(s). Do not use the network unless critically needed. Do not use web payment systems or internet banking services under any circumstances. Avoid referring to any personal or confidential data; do not use any web-based services that require your screen name and password.
How do I find an infected file?
Detecting a virus or Trojan in your computer in some cases may be a complex problem requiring a technical qualification; however, in other cases that may be a pretty straightforward task – this all depends on the degree of the malware complexity and the methods used to hide the malicious code embedded into the system. In the difficult cases when special methods (e.g. rootkit technologies) are employed to disguise and conceal the malicious code in the system, a non-professional may be unable to track down the infected file. This problem may require special utilities or actions, like connecting the hard disk to another computer or booting the system from a CD. However, if a regular worm or simple Trojan is around, you may be able to track it down using fairly simple methods.
The vast majority of worms and Trojan need to take control when the system starts. There are two basic ways for that:
• A link to the infected file is written to the autorun keys of the Windows registry;
• The infected file is copied to an autorun folder in Windows.
The most common autorun folders in Windows 2000 and XP are as follows:
%Documents and Settings%\%user name%\Start Menu\Programs\Startup\
%Documents and Settings%\All Users\Start Menu\Programs\Startup\
There are quite a number of autorun keys in the system register, the most popular keys include Run, RunService, RunOnce и RunServiceOnce, located in the following register folders:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\]
Most probably, a search at the above locations will yield several keys with names that don’t reveal much information, and paths to the executable files. Special attention should be paid to the files located in the Windows system catalog or root directory. Remember names of these files, you will need them in the further analysis.
Writing to the following key is also common:
[HKEY_CLASSES_ROOT\exefile\shell\open\command\]
The default value of this key is “%1" %*”.
Windows’ system (and system 32) catalog and root directory are the most convenient place to set worms and Trojans. This is due to 2 facts: the contents of these catalogs are not shown in the Explorer by default, and these catalogs host a great number of different system files, functions of which are completely unknown to a lay user. Even an experienced user will probably find it difficult to tell if a file called winkrnl386.exe is part of the operating system or foreign to it.
It is recommended to use any file manager that can sort file by creation/modification date, and sort the files located within the above catalogs. This will display all recently created and modified files at the top of the catalog – these very files will be of interest to the researcher. If any of these files are identical to those occurring in the autorun keys, this is the first wake-up call.
Advanced users can also check the open network ports using netstat, the standard utility. It is recommended to set up a firewall and scan the processes engaged in network activities. It is also recommended to check the list of active processes using dedicated utilities with advanced functionalities rather than the standard Windows utilities – many Trojans successfully avoid being detected by standard Windows utilities.
However, no universal advice can be given for all occasions. Advanced worms and Trojans occur every now then that are quite difficult to track down. In this case, it is best to consult the support service of the IT security vendor that released your antivirus client, a company offering IT assistance services, or ask for help at specialized web forums. Such web resources include www.virusinfo.info and anti-malware.ru (Russian language), and www.rootkit.com and www.gmer.net (English). Similar forums designed to assist users are also run by many antivirus companies.
Subscribe to:
Posts (Atom)