Exchange Server 2007 can be installed into an existing Exchange 2000/2003 (hereafter called Exchange 2003, except where there's something particular about Exchange 2000) organization as one step in the migration process. Once Exchange 2007 has been introduced into the Exchange 2003 organization, the organization is considered to be in a co-existence or "Interop" (interoperability) state so long as both versions are present in the Exchange organization.

While in this co-existence mode, Exchange 2003 and Exchange 2007 each have some management behaviors that you should keep in mind. This blog post will detail some of these behaviors.

Mailbox Management

Exchange 2003 mailbox management is done through the Active Directory Users and Computers (ADUC) snap-in extension for Exchange. Exchange 2007 mailbox management is done through the Exchange 2007 Exchange management shell or the Exchange management console GUI. Separately there is no confusion. However, when you're in a co-existence state, both management tools will be present. Although Exchange 2007 will not install the Exchange extensions for ADUC, any remaining Exchange 2003 servers or "admin-only" installations will still have this snap-in available for use.

So which tools to use on which objects? Here's the easy list to remember:

-           Exchange 2007 mailboxes must be managed with Exchange 2007 management console or shell.

-           Exchange 2007 mailboxes MUST NOT be managed with Exchange 2003 tools. Note that this is not blocked, but mailboxes managed from Exchange 2003 ADUC will not be fully functional.

-           Exchange 2003 mailboxes can be edited or removed with Exchange 2007 tools, but cannot be created by Exchange 2007 tools.

-           Exchange 2003 mailboxes can be managed with Exchange 2003 tools.

-           Both Exchange 2003 and Exchange 2007 mailboxes can be moved (in either direction) with the Exchange 2007 tools. Exchange 2003 move mailbox cannot be used to move mailboxes to or from Exchange 2007 mailbox server.

Recipient Management (contacts, groups, etc)

Since these other recipient objects (contacts, groups, etc) are not tied to a particular server version in the way a mailbox is, these objects can be managed successfully from either side. Because Exchange 2007 tools have knowledge of the full set of Exchange 2007 properties and validation rules, it is recommended to consistently use the Exchange 2007 tools for this recipient management for best results.

The one exception to this rule is Dynamic Distribution Lists (DDL or sometimes called Dynamic Distribution Group, so DDG). Since DDLs created with Exchange 2007 tools store their RecipientFilter in an OPATH format and those created with Exchange 2003 tools store the filter as LDAP, it makes these edits incompatible. Be sure that after you've set a DDL filter through Exchange 2007 you only edit this DDL through Exchange 2007 tools from that point forward.

Global Objects (Address lists, EmailAddressPolicy, etc)

There are also a number of global configuration objects shared between Exchange 2003 and Exchange 2007 when running in a co-existence state. Examples of these objects are: Address Lists, Email Address Policies, Offline Address Book, etc.

These global objects generally follow the pattern that if they are created in Exchange 2003, they can be fully edited only in Exchange 2003 until they are upgraded to Exchange 2007 version. Once upgraded to Exchange 2007 format (and for objects created in Exchange 2007), they can no longer be edited by Exchange 2003 (and Exchange 2003 system manager will actively block you making edits after the object is upgraded).

Also, as mentioned in the "Goodbye RUS" post, you should not configure an Exchange 2007 server to serve as the "Exchange Server" for a Recipient Update Service. Doing so will cause that RUS to cease to function.

Other Miscellaneous Objects

In Exchange 2003 system manager there are a number of other objects that are visible. For instance, the Exchange 2007 administrative and routing groups (and their embedded GUID) are visible to Exchange 2003 while the entire AG/RG concept is hidden in Exchange 2007.

Similarly, the Exchange 2007 server object (and storage groups, databases, protocols, etc) are also visible in Exchange 2003. Where possible, these Exchange 2007 objects are "blocked" from editing through the Exchange 2003 tools. In all cases, you should not use the Exchange 2003 tools to manage Exchange 2007 servers or Exchange 2007 versioned objects.

Some items in the Exchange 2003 are not hidden or blocked, but are simply non-functional. Deprecated items like monitoring administration and Exchange 2003 queue viewer remain visible and will produce an error connecting to the interface if you attempt to access them.

Finally, some items in the Exchange 2003 ESM will remain the appropriate GUI way to manage certain objects until replacement GUI is established in Exchange 2007. Two such items that fit this mold are the Public Folder GUI (which will remain functional and supported, so long as an Exchange 2003 server is the targeted public folder store) and the Address/Details template customization GUI. In both of these cases, the Exchange 2003 GUI is anticipated to be replaced by updated Exchange 2007 GUI at some point in the future.

Exchange 2000 and object blocking

Exchange 2003 ESM automatically includes support for "blocking" edits against Exchange 2007 objects, as described above. Exchange 2000, however, requires a post-SP3 hotfix to provide this same behavior. Although Exchange 2000 SP3 is the prereq'd version required by Exchange 2007 setup, you must make sure that all Exchange 2000 servers and Exchange 2000 admin-tools-only consoles are updated with both Exchange 2000 SP3 and the 6603+ roll-up hotfix – KB.870540 (also known as the August 2004 roll-up hotfix). Note that if this hotfix is not present on an Exchange 2000 admin console used to manage your Exchange 2007 objects, it is possible that Exchange 2007 objects can be modified incorrectly from this legacy console.

Reservations are a critical feature in the DHCP server. Reservations are generally used for centralized static IP address assignment for critical machines. This way the IP address of the critical machines which serves critical functions in the network will not have a dynamically assigned IP address which can change over time. The reservation manager is a tool which will help solve typical reservation-related problems which the network admins might face.

Here is an article which introduces the usage of the Reservation Manager tool：

Reservation Manager - A tool to manage reservations

Recently, the MS PSS team received some reports regarding issues happening on the Windows Vista computers located in a domain. The typical symptom sounds like:

-Indefinite delay (hang) when opening the Certificate Services snap-in

-Slow (sometimes no) group policy application

-Trying to select a domain user in order to add that principal to a local security group (the object picker) would hang indefinitely

-Instant Messaging was not working well (sometimes not at all)

-Access to local file servers was slow and sometimes did not succeed at all (appears to hang).

In some scenarios, users cannot copy files from a network share to the Vista box from Windows 2000/2003 shares. The error is:

"You do not have permissions to perform this action" 

"access is denied."

 With intensive testing, we can copy a .txt type of file (text, log, etc) as long as it is less than 4K, while any other type of file (.doc, .xls) fails regardless of size.

This issue is finally determined to be linked to a new feature included with the Vista -TCP Auto Tuning, which uses a scaling factor communication between the server and client, to negotiate a bigger window size during connection establishment so that more traffic can be transported in less time. Windows XP and earlier versions do not have this feature.

Here’s a bit more on that:

http://www.microsoft.com/technet/community/columns/cableguy/cg1105.mspx

Note: Some Internet gateway devices and firewalls block packet flows because they do not correctly interpret the scaling factor used in TCP connections. Because of this, Internet Explorer in Windows Vista uses an initial scaling factor of 2. Other applications use a default initial scaling factor of 8. Microsoft is investigating changing the initial scaling factor for Internet Explorer-based connections to 8 in a future update of Windows Vista. Microsoft is working with the manufacturers of these devices so that they can be updated for compliance with TCP window scaling.

To see if this issue applies to you, first see if the criteria and symptoms mentioned above apply. If they do, please take some traces.  The TCP Auto Tuning can be seen in the packets like these truncated samples:

Working (no problem seen):

...TCP\Window: 8192 (scale factor 0) = 8192

...TCP\TCPOptions

......WindowsScaleFactor not listed

Failing (problem supremely evident and most annoying):

...TCP\Window: 8192 (scale factor 8) = 2097152

...TCP\TCPOptions

......WindowsScaleFactor:

......type: Windows scale factor. 3(0x3)

......Length: 3 (0x3)

......ShiftCount: 8 (0x8)

If the above symptom appears, we can try disabling this feature as a workaround and this will certainly tell the tale on what the problem is if the issue no longer happens afterward.  From a command prompt:

netsh interface tcp set global autotuninglevel=disabled

If the issue no longer occurs, this reveals that you have a network device in your environment that doesn’t support RFC 1323 “TCP Extensions for High Performance”.   

In Outlook 2003, some customers may meet the “Calendar items missing” issue. There are several factors that can cause this problem and therefore, the whole troubleshooting process may be time consuming.

At this stage, we’d like to provide some tips to help you prevent such issues. The following tips are from analyzing many “Calendar items missing” issues:

1.     Keep your BlackBerry and GoodLink server updated

2.     Keep your Outlook and Exchange server updated

3.     Keep the manager and the delegate using the same version of Outlook

4.     If possible, make the manager and delegate’s mailboxes in the same store

5.     Avoid sending meeting request to a Distribution List (we can expand the DL first)

Additional best practices can be found in the following articles:

Outlook meeting requests: Essential do’s and don’ts

http://office.microsoft.com/en-us/help/HA011276781033.aspx

Considerations when you use the Delegate Access feature in Microsoft Outlook

http://support.microsoft.com/?id=829217

Also, we’d like to provide some troubleshooting guides for “Calendar items missing” issue. Please refer to the following useful articles when this issue occurs.

How to troubleshoot missing and duplicate appointments in Outlook

http://support.microsoft.com/?id=890436

Description of common scenarios in which Calendar information may be removed from the Calendar or may be inaccurate

http://support.microsoft.com/?id=899704

Finally, in Outlook 2007, we have redesigned the calendar portion; our goal is for no one to ever miss a meeting. With the spread of Office 2007, the “Calendar items missing” issue will disappear once and for all.

Have ever encountered the following scenarios? 

• User accounts, groups, computers, OUs or other objects in domain accidentally deleted.
• No system state backup available for authoritative restoration.
• No other DC's available.

 When an object is deleted from Active Directory, it isn't actually removed but
is instead marked as deleted by an internal marker called a tombstone. 
If you have valid system state backup, you can refer to the following knowledge 

base article to restore the object: 

How to restore deleted user accounts and their group memberships in 
Active Directory
http://support.microsoft.com/?id=840001 

 In case you don’t have any system state backup, you can use ADRestore 
to restore tombstoned objects. ADRestore is a command-line utility that lists 
and lets you restore deleted Windows Server 2003 AD objects. 
You can use ADRestore to restore tombstoned objects without 
performing an authoritative backup restore. You can download the utility at:

 http://www.microsoft.com/technet/sysinternals/utilities/ADRestore.mspx 

 After you install ADRestore, you can restore an object by running 
the command ADRestore –r. ADRestore removes the 'isDeleted' TRUE attribute 
from tombstoned accounts and changes the RDN back to the previous path, 
effectively resurrecting it. 

 The -r tells ADRestore to prompt the user before restoring the AD objects
to their original location. When you run the command, 
you'll see messages similar to the following: 

ADRestore v1.1
by Mark Russinovich
Sysinternals - www.sysinternals.com

 Enumerating domain deleted objects:

 cn: mytest1
DEL:d7076a72-8020-44c8-b562-0c5b9132d7a5
distinguishedName: CN=mytest1\0ADEL:d7076a72-8020-44c8-b562-0c5b9132d7a5,
                             CN=Deleted Objects,DC=PYM1,DC=COM
lastKnownParent: OU=mytest\0ADEL:657cde20-9d7e-43f2-8700-ad72029d2aec,
                          CN=Deleted Objects,DC=PYM1,DC=COM

Do you want to restore this object (y/n)? y

 Restore succeeded.

 distinguishedName: OU=mytest\0ADEL:657cde20-9d7e-43f2-8700-ad72029d2aec,
                              CN=Deleted Objects,DC=PYM1,DC=COM
 lastKnownParent: DC=PYM1,DC=COM

 Do you want to restore this object (y/n)? y

 Restore succeeded.

 Found 2 items matching search criteria.

 Notes: 

•  By default, users are disabled and user passwords are empty after the above method is performed. Note that if you try to bulk enable objects and some of them have passwords which do not meet complexity/length requirements, you will not be able to re-enable them. Selecting one of them will show a more verbose error message in 2003. Your option then is to change their password or lower your password policy requirements.
•  ADRestore cannot restore the group membership for a user. Meanwhile, not all attribute data can be restored.
•    ADRestore is the last choice and we may use this method only when valid system state backup does not exist. Furthermore, ADrestore does not aim to substitute System state backup of domain controllers. It’s highly recommended to perform regular system state backup on domain controllers.
• Also note that you can provide simple filters based on object names.  This command enumerates all objects with the string "comp" in the name (from ADRestore /?): 

                     ADRestore -r comp

Adding support for French, German, and Japanese, SMS 2003 R2 International Version has been released to manufacturing. SMS 2003 R2 brings additional functionality to SMS 2003 including system vulnerability assessments and 3rd party/custom updating.

Inventory Tool for Custom Updates (ITCU)

ITCU allows ISV’s & customers to create and publish catalogs containing updates using the same schema used for Microsoft updates. SMS can now scan these catalogs, saving administrators’ time & effort for deploying updates for all of their lines of business applications.  This function has been particularly well received by customers as they struggle with numerous processes and a lack of for centralized updates of their non-Microsoft applications.

Scan Tool for Vulnerability Assessment (STVA)

Based on MBSA 2.0, STVA scans around 100 configuration settings for identifying potential vulnerabilities, reporting on settings out of compliance with internal configuration policies.  STVA helps keep customers’ environments safer and more secure.

SMS 2003 R2 will be available for French, German, and Japanese in January price list while simplified Chinese will RTM next week meaning it will not be available until the February price list. 

For download and more information on R2 capabilities, visit http://www.microsoft.com/smserver/evaluation/2003/r2.mspx

With Microsoft Exchange Server 2007, deployment is easier than it's ever been. However, there are still a few things you should know before you install Exchange Server 2007. The following article presents the top 10 issues that our very first Exchange Server 2007 customers have discussed, stumbled upon, and requested guidance about.

Exchange Server 2007 Deployment: 10 Tips When Installing

http://www.microsoft.com/technet/prodtechnol/exchange/articles/

Remote Desktop Connection 6.0 client helps you use the new Terminal Services features. These features are introduced in Windows Vista and in the Microsoft Windows Server Code Name “Longhorn" operating system from a computer that is either running Microsoft Windows Server 2003 with Service Pack 1 (SP1) or Microsoft Windows XP with Service Pack 2 (SP2).

The Remote Desktop Connection 6.0 client can be used to connect to legacy terminal servers or to remote desktops as before, but the new features that are mentioned in this article are available only when the remote computer is running Windows Vista or Windows Server Code Name "Longhorn."

Here are existing new features:

a.     Network Level Authentication

b.     Server authentication

c.     Resource redirection

d.     TS Gateway servers

e.     Terminal Services Remote Programs

f.      Monitor spanning

g.  Visual improvements

Please refer to the article to get its download location and more detailed information: http://support.microsoft.com/kb/925876/en-us

Storage configuration is the key part of a successful cluster deployment. This white paper introduce the storage types, storage features in Windows 2003, hardware based storage, storage tools and services, backup and restore, storage management and the existing Knowledge Base articles for storage. Reading the white paper before deploying a cluster will help reduce the chances for misconfiguration and the potential issues during future operation.

Server Clusters: Storage Best Practices for Windows 2000 and Windows Server 2003

http://technet2.microsoft.com/WindowsServer/en/library/23c38c4c-d898-44b8-af4d-fe515e3017781033.mspx?mfr=true

In response to customer feedback, and in order to give customers more time to migrate off SUS 1.0, Microsoft has extended support to Tuesday, July 10, 2007. Microsoft will no longer support SUS 1.0 after this date.

SUS 1.0 will no longer synchronize new update content after July 10, 2007. Therefore, SUS will no longer help provide new updates after this date.

We recommend that you upgrade to Windows Server Update Services before July 10, 2007.

http://support.microsoft.com/kb/905682

The Group Policy team has published installation packages that distribute ADM files (below) for use with Windows XP SP2 and Windows Server 2003 SP1.

Administrative Templates for Internet Explorer 7 for Windows
Download from: http://go.microsoft.com/fwlink/?LinkId=77998

Administrative Template file for PowerShell for Windows.
Download from: http://go.microsoft.com/fwlink/?LinkId=77999

Symptom:

========

During the installation of Internet Explorer 7.0, one must go through the 
Windows Genuine Advantage check.

 The Internet Explorer 7.0 installation is going to try and update the validation 
status of your system and this is going to cause problems for systems configured
with a proxy that does basic authentication or transparent proxy servers that 
prompt for authentication. Automated installations of IE7 are going to stop dead 
in their tracks waiting on someone to enter a user name and password for 
the proxy connection being made by WGA.

 Solution:

=======

This is a known situation. As of Nov 15, 2006 a release of Internet Explorer 7.0 has been published to correct the situation with the prompt for Authentication. You will need to download the new standalone packages.

If doing IEAK you will need to synchronize your IEAK package to get the new update.

Here is the link to download latest IE7.0:

http://www.microsoft.com/windows/ie/downloads/default.mspx