Contents Overview 1 Lesson 1: Deployment Tools 2 Lesson 2: ADC Tools 39 Lab 6.1 Exchange 2003 ADC replication featuring Deployment and ADC Tools 71 Appendix A: Sample log files 86 Appendix B: Learning Measure Answers 107 Acknowledgments 107 Module 6: Deployment Tools and ADC Tools Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2003 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Active Directory, ActiveX, Excel, Exchange Server 5.5, Exchange 2000 Server, Exchange Server 2003, Internet Explorer, Internet Information Server, Word are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein (Groupwise, Lotus cc:Mail, Lotus Notes) may be the trademarks of their respective owners. Module 6: Deployment Tools and ADC Tools 1 Overview For this module, we will discuss the new deployment features available with Exchange Server 2003 and differentiate the deployment process from Exchange 2000. Topic 1 Deployment Tools Topic 2 Active Directory Connector (ADC) Tools Topic 3 Appendix Prerequisites 1) Experience with installing Exchange 2000 into Exchange 5.5 sites 2) Prior usage of Virtual PC or Virtual Server 2 Module 6: Deployment Tools and ADC Tools Lesson 1: Deployment Tools Basic Overview History: Customers that installed Exchange 2000 experienced a paradigm shift in the complexity of the underlying operating system. With Windows 2000 introducing several new concepts, installers were burdened with learning the differences in how Active Directory uses Domain Name System (DNS), Lightweight Directory Access Protocol (LDAP), and a variety of new server roles for establishing suitable infrastructures for Exchange 2000. Microsoft Product Support Services learned that these infrastructures failed too often, or were never configured correctly at their inception. Although many of the support calls were caused by platform-level mishaps (such as improper DNS configurations, Active Directory permission-misconfigurations, and lack of connectivity to operations masters), more daunting challenges existed for migrations from Exchange 5.5. These Exchange 5.5 migration challenges were often  discouraging customers from deploying Exchange 2000. (For example, a customer might find it extremely difficult to roll back after a failed disaster recovery scenario following a failed in-place upgrade.)  completely ignored or skipped by customers. For example, NTDSNoMatch is supposed to be written on Exchange 5.5 objects, yet customers didn’t know of the existence of NTDSNoMatch due to delayed documentation when Exchange 2000’s retail version shipped. Additionally, many customers skipped configuration of Connection Agreements due to their complexity, or even worse…  improperly configured through guesswork. (Installers who were new to Exchange 2000 were accustomed to “Install first, configure later” methodologies, yet Exchange 2000 deviated from other server applications Module 6: Deployment Tools and ADC Tools 3 by requiring tremendous configuration changes to their current topology before installing. This approach occurred most often with small to medium- sized companies who lacked the time or manpower to research the deployment process, and would take a simple approach to running the setup process without reviewing the appropriate pre-setup steps.) By not meeting those challenges, what resulted were problems ranging from unintended standalone orgs incompatible with Exchange 5.5 orgs, to creating thousands of duplicate Active Directory objects that were improperly replicated due to no NTDSNoMatching, to disaster recovery on Exchange 5.5 directories where customers unintentionally created (and then mistakenly deleted) mismatched accounts, to non-functional transports. These large percentages of failed or blocked deployments rapidly cost Microsoft Product Support Services a high price because there was no easy corrective path. Instead, Microsoft Product Support Services would occasionally clean up corrupted Exchange 5.5 and Active Directories, and then re-deploy Exchange 2000 for customers. Even today, where installers are armed with a great deal of knowledge that gradually became publicly available, they are still prone to encountering problems, simply because of the sheer quantity and complexity of deployment steps. Even administrators who were simply migrating, who may not be concerned with Exchange 5.5/2000 interoperability, are required to fumble through the various coexistence measures because migrations require temporary interoperability with Exchange 5.5. So a process was needed to improve customer education and ensure the structural integrity of Exchange 5.5 and Active Directory topologies, leading to improving deployment success rates. The solution: Efforts to prevent Exchange 2000 deployment mistakes of the past have culminated into the creation of the Exchange 2003 deployment tools. A multipurpose effort, the deployment tools not only avoids the huge gap in customer education when Exchange 2003 ships; it also proactively scans the Active Directory and Exchange 5.5 infrastructures for possible problems that may prevent successful Exchange 2003 deployments. The customer education effort is achieved through a comprehensive help file/installation guide, which takes into consideration four major deployment scenarios and provides prescriptive deployment steps for each. A picture of the help file is shown in figure 1.1: 4 Module 6: Deployment Tools and ADC Tools Figure 1.1: An example of the deployment tools step-by-step deployment guide, in the form of a compiled HTML help file. (pre-release version) Although the user-education portion may appear informational at first glance, there are ActiveX controls embedded within each HTML page that, when clicked, will spawn scripts to proactively check for problems on the local system, within Exchange 5.5 directory, within Active Directory, or all of the above. Technically, the scripts call upon the deployment tools, but the collection of tools plus help file is most commonly-referred as the “Deployment Tools.” Module 6: Deployment Tools and ADC Tools 5 Tool Execution There are three ways to call upon the Deployment Tools: Method 1 – From the help file (most common): The Deployment Tools’ step- by-step guide is a compiled HTML help file. In other words, it is a collection of Web pages that are combined into a single file with a .CHM extension. For customers to execute the help file, they must launch the HTML application (exdeploy.hta), which then renders the Exdeploy.chm contents within its frame. The CHM/HTA file may be navigated just like a collection of Web pages within a Web site. (See the “Process flow” heading for information about HTML applications). The CHM file may be decompiled into separate HTML pages using Visual Studio, though that is outside the scope of this discussion. Although you could launch the exdeploy.CHM file, and click on “Home” to get to the starting point of the deployment steps, it is not recommended because of Internet Explorer browsing problems. Thus, it is recommended to launch exdeploy.HTA instead. While browsing through a page that contains a script, users launch each Deployment Tool by entering-in servername information onto the Web page. When they hit “run <toolname> now”, a script takes the user input as parameters to execute the tool(s) in a separate command window, shown by the bottom portion of figure 1.2: 6 Module 6: Deployment Tools and ADC Tools Figure 1.2: Tool execution through the help file spawns the exdeploy.exe command line tool with a hidden switch. Under the hood, the CHM is running “exdeploy.exe /s:racecar /gc:palindromes /t:orgprepcheck” The command window disappears when the exdeploy tool has finished execution. However, during execution, the tools will log success and failure information into exdeploy.log file, typically located in c:\exdeploy logs. Log files are appended-to, not overwritten, when tools are run more than once. Although exdeploy.chm contains links to launch the tools, the tools themselves may not be launched without the existence of binaries (DLLs and EXEs) within the same directory as the CHM file. The deployment tools help file and binaries are located on the Exchange 2003 CD, underneath the \support\exdeploy directory. Method 2 – From the command prompt: The error-checking tools may also be launched from the command line by running exdeploy.exe. Exdeploy.exe is an executable that can launch various deployment tools depending upon the switches used. In fact, all of the deployment tools may be launched using exdeploy.exe, without requiring the CHM file. However, none of the tools may be launched from the CHM/HTA file if the CHM/HTA exists in a directory without exdeploy.exe supporting it. Using Method 2 to manually execute a deployment tool should only be used when troubleshooting, or when someone is already familiar with the ordering of the help file (since some tools will fail unless you have performed certain steps only mentioned in the CHM file). Here is an example of running a deployment tool from the command prompt: D:\SUPPORT\EXDEPLOY>exdeploy /s:55server /gc:gc01 /t:adcusercheck Results of these tools will be logged to 'exdeploy.log'. Exchange Deployment Tools documentation provides information on how to solve encountered issues. Calling ADCUserCheck ADCUserCheck completed successfully. Module 6: Deployment Tools and ADC Tools 7 Like Method 1, tools will still create/append-to logfiles located in the logging path (c:\exdeploy logs by default). Some tools will even write their own logfile, named after the tool itself. Often, installers will attempt to run the tools comprehensively (using the /c switch), so that all of the tools will be run with one command line execution. Comprehensively running the tools is not useful for the customer before setup because many of the deployment tools tests will fail when it checks for existence of Active Directory objects that only exist post-setup. However, it is useful to Microsoft Product Support Services for troubleshooting an installation that has already completed, since a low level of information gathering (i.e. list of server names, sites, list of unreplicated users) is readily available in c:\exdeploy logs. Deployment tools may also be launched in tool groups. For instance, when you run “/t:DSScopescan” you actually launch five deployment tools contained within that group: DSConfigSum, DSObjectSum, UserCount, VerCheck, and OrgNameCheck. Tool groupings are documented within exdeploy.exe usage (simply by typing exdeploy /?) and also within the exdeploy.chm reference topics. Method 3 – from the Exchange 2003 setup wizard: The user has no control here, as setup.exe will automatically launch a few of the deployment tools to perform some basic pre-requisite checking before continuing setup. In Exchange 2000, there were fewer checks prior to the file-copy/register phase, so when setup proceeded to the latter stages, it would often fail catastrophically. The Exchange 2003 setup program is now improved with additional pre- requisite checks, some of which look for completion of certain deployment tools before allowing itself to proceed to file-copy/registry modification phases of setup. Since setup.exe employs the use of the same tools as exdeploy.exe, we will discuss the glue DLL that is utilized by both. Figure 1.3: Exchange 2003 Glue DLL has multiple interfaces, since it is called by exdeploy and Exchange 2003 setup. The Exchange 2000/2003 setup program runs through prerequisite checks upon launch, and if any prerequisite checks fail, their associated errors (possible 8 Module 6: Deployment Tools and ADC Tools reasons/recommended actions) are displayed as a popup on the setup wizard’s component selection screen. [10:44:03] ********** Beginning Exchange Deployment Tools ********** [10:44:03] Starting Exchange 6851 Deployment Tools on Windows 5.0.2195 at 10:44:03 01/13/2003 [10:44:03] Entering HrDirPreReq_Initialize [10:44:03] Init called with Domain Controller tilab-dc and Exchange 5.5 server root55. Setup's language ID is 0 [10:44:03] Entering HrRegisterAXDLL [10:44:03] Leaving HrRegisterAXDLL [10:44:03] Entering HrRegisterAXDLL [10:44:03] Leaving HrRegisterAXDLL [10:44:03] Leaving HrDirPreReq_Initialize [10:44:21] Entering HrDirPreReq_ConfigInit [10:44:55] Leaving HrDirPreReq_ConfigInit [10:44:55] Entering HrDirPreReq_ObjectInit [10:45:46] Leaving HrDirPreReq_ObjectInit [10:45:46] Entering HrDirPreReq_UserInit [10:46:20] Leaving HrDirPreReq_UserInit [10:46:20] Entering HrDSConfigSum [10:46:21] Leaving HrDSConfigSum [10:46:21] Entering HrDSObjectSum [10:46:21] Leaving HrDSObjectSum [10:46:21] Entering HrUserCount [10:46:21] Leaving HrUserCount [10:46:21] Entering HrVerCheck [10:46:21] VerCheck verifies if your Exchange 5.5 servers can be upgraded to Exchange 2000. Details are logged in vercheck.log. [10:46:21] Leaving HrVerCheck [10:46:21] Entering HrRunNetdiag [10:46:21] Entering HrGetDSILog [10:46:21] Leaving HrGetDSILog [10:46:36] Entering HrMapFileName [10:46:36] Entering HrMapFileHandle [10:46:36] Leaving HrMapFileHandle [10:46:36] Leaving HrMapFileName [10:46:36] Entering HrFindPrintErrorMessage [10:46:36] Warning: Possible error string '. . . : Failed' detected in netdiag output. [10:46:36] Leaving HrFindPrintErrorMessage [10:46:36] HrRunNetdiag (f:\df6851\dsa\src\deploy\dsintegchk\netdiag.cpp:888). Error code 0X80040001(1). [10:46:36] Leaving HrRunNetdiag [10:46:36] Entering HrOrgNameCheck [10:46:37] Leaving HrOrgNameCheck [10:46:37] Entering HrDirPreReq_Terminate [10:46:37] Leaving HrDirPreReq_Terminate The exdeploy-progress.log can be opened using logparser.exe. However, its filters for logging levels do not work, so leave the setting on maximum (log level 3). The only benefit to opening in logparser is to use logparser’s ability to [...]... KB article Q291170) 28 Module 6: Deployment Tools and ADC Tools Module 6: Deployment Tools and ADC Tools 29 Validation Tools Validation Tools These are a series of tools used to check on the success of the server installation The output of these tests should give customers a better idea of what problems exist that are not normally seen by any existing GUI administration tool ADCConfigCheck – verifies... resdc01 succeeded Module 6: Deployment Tools and ADC Tools 19 In the output above, the entries “TestEXConnect” and “TestNTConnect” are the result of the additional debug logging Enabling this environment variable also causes exdeploy.log to be produced with debug output whenever Exchange 2003 setup.exe calls upon the deployment tools glue DLL 20 Module 6: Deployment Tools and ADC Tools DCDiag/NetDiag... an installer and for the purposes of saving time, you could manually insert the ADCUserCheck marker using ADSIEdit and skip all of the deployment tools However, normal customers should not utilize this shortcut since you want them to utilize deptools/adctools Module 6: Deployment Tools and ADC Tools 13 Process Flow The deployment process begins when customers insert their Exchange 2003 CD or run setup.exe... certain condition (ADCUserCheck marker) is satisfied by the deployment tools Note The backdoor executable (\CD ROOT\setup\i386\setup.exe) may still run the setup wizard, but this path is less discoverable for unexperienced installers ADCUserCheck, along with other markers, are illustrated in figure 1.4 below: Module 6: Deployment Tools and ADC Tools 11 Figure 1.4: The deployment tools completion markers,... only choose the deployment tools link 14 Module 6: Deployment Tools and ADC Tools Figure 1.5: The introductory splash screen, no longer allows on-demand Exchange installations The splash screen link to the deployment tools actually points to \support\exdeploy\exdeploy.hta, which is a simple HTML application that calls upon exdeploy.chm Framed within the HTA, the CHM file’s content and ordering is... the right-hand side of figure 1.3, the glue DLL will call into the actual tools themselves The tools are EXEs, DLLs, or even scripts If the individual tool is a script or separate EXE (such as policytest.exe), then the glue DLL makes a call to CreateProcess 9 10 Module 6: Deployment Tools and ADC Tools Markers: Before discussing the process flow, consider that several phases of the deployment tools will... successfully [17:43:03] #*** Policy Check finished: ***# Install Active Directory Connector and Run ADC Tools The next step in the deployment process is for the deployment administrator/consultant to install the Exchange 2003 ADC Service, and then use the ADC tools to prepare for and then create connection agreements The ADC Tools process is somewhat lengthy, so we will discuss its internals in more detail... deptools examines the existing Exchange 5.5 and Active Directory infrastructure for Exchange 2003 suitability Note that interorganizational (cross-forest) migrations or deployments of multiple Exchange organizations are too advanced and are not discussed by exdeploy.chm Crossforest deployments is discussed in another training module Module 6: Deployment Tools and ADC Tools 17 DSScopeScan Since the “Coexistence... the behavior 22 Module 6: Deployment Tools and ADC Tools OrgPrepCheck Once these actions are completed, the user is prompted to run the OrgPrepCheck tool group - comprised of the following tools: OrgCheck: verifies the Exchange extensions to the Active Directory schema, checks the existence and membership of the Exchange Domain Servers group and Exchange Enterprise servers group, and checks that a... Warning: ADC Tools detected that some users were not replicated from the Exchange 5.5 directory to Active Directory [00:12:08] Leaving HrDirPreReq_Test [00:12:08] Entering HrDirPreReq_Terminate [00:12:08] Leaving HrDirPreReq_Terminate 26 Module 6: Deployment Tools and ADC Tools In the above sample output, the ADCUserCheck marker exists, but not all of the objects have been replicated between Exchange 5.5 and . the deployment tools, but the collection of tools plus help file is most commonly-referred as the Deployment Tools. ” Module 6: Deployment Tools and ADC. the deployment tools link. 14 Module 6: Deployment Tools and ADC Tools Figure 1.5: The introductory splash screen, no longer allows on-demand Exchange