We have recently bega the upgrade of our Windows 2003 domain to Windows 2008 R2. We have implemented 3 new W2K8 domain controllers all running DNS. I have transferred the FSMO roles to one of the new DC's. We are still in a Windows 2003 functional level at both the Forest and Domain. The last step is to demote the last two W2K3 DC's. I have two major concerns.1. Creating mail accounts in Exchange.Currently our support staff is running Windows XP and using the AD Users and Computers to create user accounts and manage Exchange task. I understand we cannot install RSAT on XP and am concerned about how mail accounts can be created since there appears to be no option to do this even at the DC. The Exchange features are not available in the User properties. Can Exchange System Manager be installed on the W2K8 R2 64BIT DC to add these?2. I have been keeping an eye on the Exchange server and it does not appear to be sending any LDAP request to the new DC's. All DC's are showing in the Exchange properties and it has connected ot one of them as the Configuration DC. If we demote the other two 2K3 DC's will LDAP still work?I have been planning this conversion for several months and thought I did all my homework, but have not seen anything on any issues with Exchange 2003 in this new environment. I will be implementing two new Windows 7 computers that will take care of the Help Desk issues with managing user accounts, but since you cannot add mail accounts from Exchange System Manager, I am not sure how to deal with that. We have been successful at using the current tool set in adding user accounts since implementing th enew DC's, but I don't know if that will continue to work when we remove the two remaining DC's.Any suggestions or assistance is appreciated.Thank you,Nick Laurino

Quote: “The Exchange features are not available in the User properties” Without the Exchange Management Tools, you cannot use Active Directory Users and Computers to add an SMTP Address, as the E-mail Addresses tab is not present. And, the management tools can’t be installed on the 64bit machine How to Set Up a Management Station Using Windows XP Professional SP1 or Later Please run the commands below on the exchange server to test the AD connectivity NLTEST /DSGETSITE NLTEST /DSGETDC: Domain Name /GC Please run "DCdiag.exe /v" and 'Netdiag.exe /v" command on the GC and check if there is any failed tests in the result Please run ExBPA against the exchange servers for health checkJames Luo TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx) If you have any feedback on our support, please contact tngfb@microsoft.com

I was able to run the DCdiag /v and only one failure on all test.Starting test: NCSecDesc * Security Permissions check for all NC's on DC DC-1. The forest is not ready for RODC. Will skip checking ERODC ACEs. * Security Permissions Check for DC=DomainDnsZones,DC='domain name',DC=local (NDNC,Version 3) Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=DomainDnsZones,DC='domain name',DC=local * Security Permissions Check for DC=ForestDnsZones,DC='domain name',DC=local (NDNC,Version 3) Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=ForestDnsZones,DC='domain name',DC=local * Security Permissions Check for CN=Schema,CN=Configuration,DC='domain name',DC=local (Schema,Version 3) * Security Permissions Check for CN=Configuration,DC='domain name',DC=local (Configuration,Version 3) * Security Permissions Check for DC=domain name,DC=local (Domain,Version 3) ......................... DC-1 failed test NCSecDescThe Netdiag command is not available in W2K8 R2.The NLTEST /DSGETDC: Domain Name /GC shows the old DC. My concern here is that since I cannot see any LDAP request from Exchange being made to any of the new DC's, will it start using them when I demote the old ones?I am going to restart the Exchange server tonight to make sure it authenticates to the new DC's and see what happens. I need to make sure Exchange will continue to work after the old DC's are demoted.Thanks,Nick Laurino

How' the result after the the old DC's is demoted?James Luo TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx) If you have any feedback on our support, please contact tngfb@microsoft.com