ADC Before or After the User Migration

by Santhosh Sivarajan [Published on 28 July 2005 / Last Updated on 28 July 2005]

Do you install and configure Active Directory Connector (ADC) before or after the user migration? The answer to this “complicated” question is either you can install and configure ADC and Connection Agreements (CAs) before or after the user migration. Here are my explanations for both scenarios.

Do you install and configure Active Directory Connector (ADC) before or after the user migration? Good question, right? Yes, I know we have all heard or at least thought about this question during an Active Directory or Exchange migration. The answer to this “complicated” question is either you can install and configure ADC and Connection Agreements (CAs) before or after the user migration. I remember having this conversation with a few migration specialist but some believe you have to configure ADC before the user migration and some believe you can only do it after the user migration. Here are my explanations for both scenarios.

ADC Before the User Migration

When performing an Active Directory and Exchange migration, it is required to install Active Directory Connector (ADC) and configure the Connection Agreements (CAs) between Exchange 5.5 and the Active Directory Domain(s). When you configure a CA before the user migration, it will populate all the Exchange attributes and create accounts or contacts (depending on the CA configuration) in the Active Directory. When performing a user account migration using ADMT or a third party migration tool, you can merge those accounts. Make sure to select the merge account option. If the migration tool finds a matching existing user account in Active Directory, it will automatically merge both accounts. Let’s say the migration tool cannot find a match for a user, you can use the ADCLEAN utility to merge migrated users and ADC created users together. After the user migration, there will be only one account in Active Directory. This account will have all the Exchange attributes preserved from Exchange 5.5. 

ADC After the User Migration

In this scenario, you are performing the user migration first. That means all the user accounts are currently in Active Directory before the ADC installation and the CA configuration. What will happen when you configure CA between Exchange 5.5 and Active Directory?  If ADC can find a user match in Active Directory, it will automatically merge both accounts. Otherwise, it will create a new contact or account according to your CA configuration. Once the ADC completes the account population, you can run the ADCLEAN utility to merge those accounts.

I know the next question will be, “what do I need to do to prepare for an in-place upgrade?” The answer is to follow the “ADC After the User Migration” procedure and configure ADC after the in-place upgrade. If ADC can find a user match in Active Directory, it will automatically merge both accounts. Otherwise, you can run the ADCLEAN utility to merge those accounts to avoid the duplicate accounts.

Note:  
The Active Directory Account Cleanup Wizard utility (ADCLEAN) can be installed by installing the Exchange 2003 Admin pack or copying the required file to a folder and running ADCLEAN.EXE file. The following files are required to run ADCLEAN and are in the SETUP\I386\EXCHANGE\BIN folder on the Exchange 2003 CD:

Adclean.exe
Dsclean.dll
Exchmem.dll

ADCLEAN will automatically create a log file called ADCLEAN.LOG in the installation folder.

As you can see, both methods will bring the same result. ADC can be installed and configured before or after the user migration. We need to ensure that there won’t be any duplicate accounts in the Active Directory after the user migration and Active Directory Connector configuration. As long as we can take care of that issue, there is no hard rule regarding when to configure the Active Directory Connector.  I hope this article will provide a better understanding of the Active Directory Connector when dealing with a migration. If you have any questions regarding this article, feel free to email me or post a comment on the newsgroup.

***

Santhosh Sivarajan is an Infrastructure and Security Architect in Houston, Texas. His certifications include MCSE (W2K3/W2K/NT4), MCP+I, MCSA (W2K3/W2K/MSG), CCNA, and Network+. He has worked for large networking project companies for the past 10 years.  His expertise includes Active Directory, Exchange, Migrations, Microsoft Security, ISA Server, etc.

Featured Links