Forgot your password?
typodupeerror
Unix Operating Systems Software

Converting an Exchange Userbase to Unix? 54

Posted by Cliff
from the can-we-not-do-this-by-hand...please dept.
Jwfulcher asks: "This is kind of backwards from what normal people do, which is why i'm having problems finding any documentation on it, but I have around 150 users on exchange, with distribution lists and a few custom recipients as well. The CEO wants to switch to a Unix based POP/IMAP mail solution for licensing reasons (we don't use the groupware functions anyway), I was wondering if anyone knew of a method to convert the exchange userbase and add the users on a FreeBSD system and possibly point to our Radius server (which is capable of doing NT authentication) for authentication on those accounts."
This discussion has been archived. No new comments can be posted.

Converting an Exchange Userbase to Unix?

Comments Filter:
  • but if you're using exchange 2000 you could use adduser.exe from the nt/2000 server resource kit to dump the usernames to a text file, then hack something together to parse it and add the users. to wit, it doesn't dump the passwords so you'll have to enter those back in or create new ones :O
  • by trentfoley (226635) on Thursday July 11, 2002 @08:11PM (#3868007) Homepage Journal
    So, you want to exchange Exchange with little change for no change? Sorry I couldn't be more help...
  • Some suggestions (Score:4, Informative)

    by Geek Boy (15178) on Thursday July 11, 2002 @08:32PM (#3868082)
    KMail (part of KDE) can import Outlook address books and folders. I'm sure that Evolution can help you too, but I don't know if that runs on FreeBSD very well.

    You should be able to use PAM to do authentication to the Radius server. As for converting the users, you will probably have to write a script to do that. If there are tools to convert from unix to exchange, then I'm sure you can use those as a reference to do the inverse.

    • Re:Some suggestions (Score:3, Informative)

      by Lazaru5 (28995)
      Neither KMail nor Evolution or any MUA will help in anyway. These are end user applications. The Question is how do you convert an Exchange Mail Store (a broken DB based binary storage of everyone's mail) into 150 mbox or Maildir style Unix mailboxes, AND get their passwords out of Windows and into FreeBSD (if they're not kept in clear text in any billing software already.)

      Your answer would be right if the question was "How do I switch from Outlook [Express] on Windows to some other mail program on FreeBSD?"
  • by treat (84622)
    Users consider Exchange's calendaring to be a critical feature. While there are many free competetitors, they are all of extremely poor - unusable, really - quality.
    • Users consider Exchange's calendaring to be a critical feature. While there are many free competetitors, they are all of extremely poor - unusable, really - quality.

      While I would agree that finding a direct replacement for Exchange calendaring would be difficult, I wouldn't agree that the alternatives are unusable. Even using KOrganizer and KMail to mail around iCal files can pass as a reasonable scheduling system.

      If they've already chosen to move away from Exchange, they must've considered this and found and alternative they considered better than "extremely poor."
    • (we don't use the groupware functions anyway)

      I don't suppose the above is relevant to your remark in any way, is it?

  • One thing most people don't consider is that Exchange 5.5 and 2000 run their own LDAP services.

    One method would be to setup OpenLDAP as a slave to the exchange server to pull all the DLs and so forth to your unix platform. From there (with redhat at least) it is pretty strait forward to use Sendmail's integration with LDAP to use that OpenLDAP store.

    If you don't want to leave OpenLDAP running you can use the MigrateTools from padl.com to see how you can convert that OpenLDAP store back to something usable. Or just export the sections you need via GQ.
  • Well.. (Score:4, Insightful)

    by cmowire (254489) on Thursday July 11, 2002 @09:28PM (#3868327) Homepage
    I'm not speaking from experience here, but here's a suggestion:

    You can open an IMAP server in Outlook and open your Exchange server at the same time and just drag the mail across. For 150 people, you might need a little help to do this, but with a few helpers, it's not totally insurmountable.
    • Then you can use Mozilla [mozilla.org] as an IMAP client and you're done with Microsft. If you take long enough to start using a calendar, there's a very promising calendar module [mozilla.org] for Mozilla. It's standards-based and the newsgroup shows developer interest in multiuser or workgroup funtionality.

      I've used Mozilla 1.0 as a mail client in a Fortune 500 company. It works juuuust fine. Calendaring functions aside, it's as good a mail client as Outlook, without the evil.

      And if you're lucky enough to be on OS X, grab a copy of Mozilla 1.0a right away. The smoothed text is strikingly beautiful on a good monitor (I'm using Futura Book at work and it looks great).

      For what it's worth, Mail.app is a fine mail client, but the original questioner is not planning on buying Macs.

    • I have done this earlier but that was a project so I dont have IPR for it. I can help you with this if I can find time this weekend [or if you pay my company :)] but essentially you need to do the following:
      - fix a platform. Since you only care for IMAP/POP and not calendering then sendmail/cyrus IMAP/qpop makes a good combination. There are others and your choice will at least be partly dictated by your religeous beliefs :)
      - now BACKUP your exchange store.. This is important in case anything goes bad at any stage.
      - write a script to migrate your windows/exchange users to freebsd+samba (if you want to include this - which you should, if you are worried about licensing). There is a good script inside samba distribution if you are on Exchange2000 but its not very difficult to write your own. If you do want to use RADIUS, there is a PAM available for that as well.
      - Beta test it. Users should be able to log-in with their older passwords and send/recieve mails.
      - write another script to transfer your mail stores from Exchange to IMAP. Since Exchange supports IMAP, this is not terrribly difficult. Your script should download files from Exchange over IMAP and copy them to your local FreeBSD mailstore (WITH THE SAME TIMESTAMP).
      - Beta test it again.
      - Open it to public.
      - Got it working !! Good!! Return that Exchange box and buy two small boxes to run more services on FreeBSD !!!
    • Re:Well.. (Score:2, Interesting)

      by Skuggan (88681)
      You *cannot* have IMAP and Exchange accounts at the same time on the same computer.

      You have to choose between Internet mode (POP and/or IMAP) or Workgroup mode (POP and/or Exchange).

      But there is no problem to create a Personal Folders file and save all info into.

      Then you can reconfigure mailsupport in Outlook and and change to Internet mode, open the previously created .pst file and copy all mail to the IMAP server.
      • by Chang (2714)
        This is no longer true. Outlook 2002 can have and IMAP account and Exchange open at the same time. I used this to convert several people to IMAP from Exchange.
    • I have wrote a 3-layer script to copy entire exchange message store to maildir-style folders a couple of years ago. Pretty easy, once you get around exchange's folder name conventions. Setup was as follows:
      • create special user in exchange with read access to all folders
      • write a script (storemessage) which would store a message in maildir folder
      • write script, fetchmailbox, which, using fetchmail, opens user's mailbox and reads it, message by message; use -s option to start a local delivery agent; use storemessage script above
      • write third script, listmailboxes, which would fetch mailbox list from imap protocol; read map RFC for details
      • do listmailboxes | xargs -n1 fetchmailbox
      • now that you have messages on your file system, use your favourite maildir-capable server like courier-imap to serve them
      Pay attention to attachments; those can require special processing (I have used mimetools for that; you can probably use perl.) As for calendar/meeting data, it actually fetches as some kind of messages too.
  • LDAP + Cyrus + PAM (Score:4, Informative)

    by maeglin (23145) on Thursday July 11, 2002 @09:46PM (#3868409)
    The site here [ibiblio.org] describes how to create an Exchange replacement. If you want to use RADIUS you can probably find a PAM-RADIUS module to substitute for PAM-LDAP, or conversely replace your Radius server with a FreeRADIUS [freeradius.org] instance which can be backed by the LDAP server.

    For moving users, enable the LDAP directory service on the Exchange server and you should be able to script (or find) some LDAP-to-LDAP migration tools. At worst, do a full directory search and massage the data into an LDIF file to be imported. Moving the mail data would be harder but I imagine something could be rigged up using the Exchange IMAP service, fetchmail, procmail and the Cyrus deliver command.

    If you can find a BackOffice resource CD you should be able to create a way to access the Exchange store without even going through the LDAP and IMAP services.
    • For moving users, enable the LDAP directory service on the Exchange server and you should be able to script (or find) some LDAP-to-LDAP migration tools.

      The biggest problem is that the Outlook schema isn't totally documented (at least that I've found when I on and off look for it) -- the LDIF won't give that to you so you will have trouble importing it.

      • The biggest problem is that the Outlook schema isn't totally documented (at least that I've found when I on and off look for it) -- the LDIF won't give that to you so you will have trouble importing it.

        You don't need all of the details from the tree. You really only need the dn, cn, firstname, surname and SMTP address. Pull those out, tweak the dn to match your tree and put it into the LDIF. Disable schema check on the LDAP server and import the data.
  • Sourceforge.. (Score:1, Informative)

    by Anonymous Coward
    ..has a listing for a script that converst Exchange .psts to some unix format. Look there.

    Between that and the import utility that someone mentioned in KMAIL, there's probably a reasonable solution in here.

    Also, Bob's mail server (if I remember correctly) purports to be an Exchange replacement, too.
  • You could also look into finding an Intranet Groupware [hotscripts.com] program. One benefit of using a program like this is that you can make it easy to access via the web from anywhere, calendar, e-mail and all.

  • Split it into two problems.

    One is moving all the data; the other is configuring the new server with all the account and address book information.

    Assuming it is still proper Outlook, you can use exmerge (avaialable from Microsoft) to dump all the mail from the server into .PST files, distribute them to the users.

    Failing that, (and assuming Exchange 5.5 or later)as other users have suggested, configure IMAP on the server and have the users suck the data down into their IMAP clients. (IMAP, rather than POP, so you can get folders other than just the inbox)

    Also you can do a directory export to get a .csv file with all the account info in, use that to make your new mail server accounts. Easier than fiddling with LDAP etc. You can get the directory export any field associated with a mailbox - hint: run exchadmin/raw to get raw properties of a mailbox, then you can find out what the fields you want are called.
  • Exchange, Outlook or both?

    If it's Exchange you could do Outlook front-end to POP/SMTP/LDAP backend and go the cheap route. Or look into some of the offerings Oracle is going to have coming up which target to use Outlook as the front end with Oracle backend and save you money and give more security than Exchange.

    If it's Outlook, good luck. Your choices of widely accepted front-ends are pretty much Outlook and Notes and any change requires training the userbase on the new software.

    If it's both RUN! Conceptually it's not a bad thing, but in a Corporate environment someone wanting to do this is just suicide unless you're a very small shop with very educated users. And management will be looking for scapegoats when it fails.
  • There should be plenty of documentation about setting up Mail servers on UNIX, getting the data from exchange to the UNIX system may be a little harder though.

    You best bets are fetchmail, A UNIX mail transport agent, this can pull all the mail accross (hopefully).

    op failing that, setup you mail servers on UNIX and write some VB script (in outlook coes you have it already) to transfer the data/accounts accross using MAPI.
  • I guess the first question is:

    Do you mind using windows for authentication?

    You could use pam/radius or pam/ldap to talk from freebsd to windows, and do the login thing. You would have to use virtual mailboxes, and no real logins to the freebsd box. You probably want that last bit anyway. Webmail/imap can be good with this kind of setup.

    Otherwise, AFAICT, you're going to have to force everyone to change their passwords. Best bet is to take a weekend. Friday, have everyone archive their email, and turn off exchange so incoming mail gets queued. Do your transition, and monday when they come in, they'll use webmail/pop/imap.
  • by Nailer (69468) on Friday July 12, 2002 @09:06AM (#3870196)
    • Open Outlook on each PC, and use the Outlook export wizard to export your mail from the Exchange message store (what you're looking at on your Exchange system) to a pDo whatever conversion is necessary to view such items in Evo if that's what you're usingersonal store (also known as a .PST file)
    • Import this into Unix mbox format, for use with Evolution (or Kmail, but I'd use Evo, with Out 2 Unix. [active-com.de]
    • Export your contacts to a Personal Address book (.PAB file)
    • Use LookOut to import the .PAB file ( to KAB or Gnomecard format). You might need additional conversion depending on your mail client.
    • Think about paying a local software development house with QT or GTK programmers to make a little GUI wizard application to automate this process. It'll save you and your users time. Since the app isn't giving you any competitive advantage, Open Source it.
    • use Exmerge a nifty exchange exporting tool that comes on the exchange install CD its under /tools/utilities/ Batch export all users folders to PST files from the Exchange database then follow his suggestion to import.
  • You only have 150 users, if worse comes to worse you can just recreate accounts. As all of the others have suggested you can use LDAP. The big thing is the user data.

    I don't know if outlook does this. But, using mozilla I was able to copy from one account to another by just highlighting all of the messages and then right clicking and doing a copy to.

    My suggestion is setup up the new box with sendmail, imap, ldap enabled. Setup imap on the exhange box and give them a mail reader that do the move. I would think that Outlook would work. Then during the night redirect all incoming e-mail from to the new box. Turn off sending e-mail and receiving e-mail on exchange if it can be done.

    One possibility is to setup a front line box and have it redirect mail for only certain users so that you can do a few users at a time. You may have to do some hand holding to them to move their e-mail.

    Just a suggestion.

  • Hmmmm....

    Well....
    1) Export the exchange directory so you have a list of all the mailboxes you need.
    2) You could write a script to parse the file and create user accounts on the Unix box

    3) It would probably be best if you stuck with the Outlook client (unless you just have to switch), so get Exmerge and export everyones mailbox to PST files and give to them. Those will become the default delivery point (in Outlook) for incomming email.

    I'm not sure how you'd handle passwords, etc, unless theres some way you can authenticate against NT (or whatever MS OS you are using).

    Just my thoughts (being an Exchange admin).
  • There's a Texas company that makes a plugin for Outlook, called InsightConnector, that allows it to do all its groupware features over any IMAP4 server with ACL support. It's not OSS, and it's not free, but it's supposed to be cheaper than MS Exchange.

    You can find a review of it here. [linuxplanet.com]
    The company's website is here [bynari.net].

    The practically have to have experience in moving servers like this to have any business. You might try contacting them and seeing what they cost.
    • ...and I'm all out of mod points.

      I'll second the comment on Bynari's InsightConnector and I'll add a plug for InsightServer. Much of what they offer is based on open source and open protocols. After checking into it, I found a few more tempting pluses;

      * They respond to email! Yep, real people and reasonable answers -- no BS. Also, when one employee reciently went on vacation, his boss followed up instead of waiting a few more days for him to return. Excellent.

      * Bynari provides a 1 month trial version with free support during the trial. (Smart, because if it works well you'll be more likely to buy it and won't likely need support after the first 30 days.)

      * A new InsightServer licence is about the same price as upgrading from Exchange 5.5 to 2000.

      * They have both low end (x86 PC) and high end (IBM mainframe) versions so either scaling up or testing the waters with a PC first are both options.

      * Feature-for-feature mapping of Exchange vs. InsightServer so that Outlook clients that you do have (including calendering) work the same.
  • I went through this not too long ago at an internet startup. Here's what I found..

    Mail servers - sendmail, postfix, qmail all have or can have the ability to use an LDAP directory that specifies where the mail is going to. It gets rid of the use of alias lists to forward mail around.

    pop/imap servers - there's quite a few pop servers that can authenticate off LDAP but only a few imap servers worth mentioning. Cyrus is the best free one that I have tried. At the time I tested it there was a bug in the code that caused certain outlook clients to not see which mails were read and unread correctly. I'm sure this has likely been fixed now. The mail store for Cyrus is nice and in my opinion a bit faster than the mbox or maildir formats (YMMV). UW Imap is great as long as you don't need to do any virtual hosting support, there's some hacks and patches to provide virtual hosting support but they aren't what I'd consider production quality. UW Imap does however have the best support for MS Outlook of any imap server I have tested (I've tested a lot). Courier is also nice but because the author deviated from the standards somewhat I wasn't very comfortable with it and was told by the CTO it was not an option. Mirapoint Messaging servers are a commercial "version" of cyrus. It's basically cyrus on freebsd with ldap capabilities minus all the good stuff. No ability to really customize it, it's fairly idiotproof, however I disliked the fact that it felt underpowered and the anti-spam features was not what I considered very good. I used a gateway to filter spam before it got to the mirapoint otherwise I had load issues on the mirapoint. (Using a bastion host/ gateway to filter spam outside a firewall is a good idea no matter what mail server you run)

    LDAP Directories - OpenLDAP is free but it's not what I'd call "for beginners". It takes a fair understanding of the ldap schemas before you can create a schema which can be used by Outlook. iPlanet is great but isn't free. The gui is very nice and the replication is probably the easiest to configure out of all the ones I tried. Active Directory is fairly good (don't kill me) but it doesn't conform to some of the standard schemas. Exchange has it's own pseudo directory server built in and the later versions can use active directory but I dislike how for some of the givenName and surName fields you can't have a multi record field unlike what the standards says should be allowed.

    Calendar - MS Outlook CAN have calendar support without the use of Exchange. You have to set the system up for publishing the calendars to a web page and it's a little bit of a pain. It took me a bit of scripting to get outlook to automate the process of actually publishing the calendars and times.

    Radius server - I actually wrote code for a radius server to authenticate off the LDAP directory. The server I used was XTRadius. I published the source for the extension so I'm sure it's available somewhere.

    As for pulling users out of exchange and onto a unix server. I never did find an easy way of doing it. I did it by hand for 130 employees but we weren't running exchange 2000 with active directory. If you are using active directory then you can pull the schema and do lookups. I'm sure I could write a tool in perl without much trouble that's capable of doing that. If you'd like it, I don't have much to do right now so email me personally wh@perlhacker.net and we'll work on it.

    As far as a web client.. I've tried everything and I can definitely say without a doubt the horde.org project is *the best*. They're the only thing I've seen that really pulls email, calendar, to-do, etc like exchange into a very useable GUI.

    Gotta run.. going fishin'

    WH
  • I've set up an email system for our student foundation, Overflow [overflow.nl], which is located at http://www.overflowers.nl [overflowers.nl]. It was built from scratch, but I suggest you look into qmail/LDAP [nrg4u.com].

    If I remember correctly, Exchange is capable of serving LDAP, so you _could_ just do a ldap search on it and import that in the LDAP system. If you use the qmail/LDAP system, you don't need local accounts. Plus, it's all opensource, so you can pass the authentication towards another system if you like.
    1. Analyse the data models you are importing to and from. Map fields across. This will probably amount to about 8 mappable fields over two tables. Identity, (username, password, full name parts) and Email Address (username, email alias) for the users, and some more for the recipients. I know of no easy way to map the passwords, nor to keep them synchronised between the two systems. You may be able to achieve the same ends using PAM for your POP3 authentication, delegating to your DC, but I can't tell you how, I am afraid.
    2. Write some custom VB or Perl (using the ActiveState Win32 modules) to dump this info to a portable format (I suggest delimited text). Then import it into Unix by writing out suitable entries into /etc/passwd (or use useradd) and in /etc/mail/virtusertable or equivalents. More perl, in other words. Now you have migrated the users. You can do a similar process for the lists.
    3. First make sure all users have the new POP3/SMTP services set up, and set as defaults. You can do this by hand, by sending them instructions (yeah, right) or more Perl and VBScript deployed using a group policy or as signed code using the scripting stuff in the resource kit.

      This includes setting up Personal Folders (outlook.pst) files for each user.

      My recommendation for POP3 settings is (advanced tab):

      • Leave a copy of the messages on the server.
      • Remove after 14 days.
      • Remove after you permanently delete them (not in Outlook2K).
    4. Now point the incoming mail at the new POP3 server and wait for MX records to expire. You will want to wait at least 2xTTL because AOL tend to cache for longer than TTL. If you are foresighted (or have read ahead) you will have cut the progressively down to about five minutes, to enable you to do a rapid cutover (and, if necessary, a rollback). When you are happy all is OK, you can raise the TTL to a reasonable level again.
    5. Users will now be getting their mail directly from the POP3 server, and sending via SMTP.

    Do you need to take the current contents of their mailboxes too?

    If so, the easiest way is to tell them you will be turning Exchange off, and that they must copy any mails they want to keep to their personal folders file. After some time has passed, and you have reminded everyone several times, turn Exchange off and wait to see if you get any complaints. If you do, you can turn it back on temporarily to let them do the copy.

    Finally, I really suggest something like Netmeeting or SMS (or PCAnywhere or VNC... but I tend to go with vendor products, particularly when they are free, as Netmeeting is) to allow you to assist users who can't do it themselves.

    Good luck!

  • I've a set of perl script, procedures and stuff to do exactly this.... Did it for a 400 ppl network, from exchange to vpopmail/qmail/phpgw ...

    Ive not realesed this stuff but will do it as part of axisgroupware [www.axisgroupware.org]....
  • If you can get the account info out of the domain/ad via LDAP etc, your halfway there.

    Given that IMAP can be enabled for Exchange 5.5/2k, you should then be able to automate the moving of data from Exchange into your new IMAP server (throughly recommend Cyrus [cmu.edu]), atleast for mail anyways, contacts & calendar info is next to useless outside exchange (but retrievable via IMAP).
  • and know an outstanding programmer that works with a number of OS platforms that I would call an expert on OCR, forms recognition, etc. Check out http://www.microimagesys.com and contact Mr. Lunglhofer. Also, look at Kofax for your Image and OCR retrieval from scanned documents. I am not 100% sure Adobe has a *nix version; but I create a considerable number of e-forms in Adobe (and learned this from Mr. Lunglhofer). These forms are used in an enormous variety of electronic, web-based, and non-web applications. Ask him what he would suggest and see what kind of product he could provide for you.

Memory fault -- brain fried

Working...