Exchange 2003 to Exchange 2010 Intra-Organization migration
Exchange 2003 to Exchange 2010 migration path |
||
Step |
Step Title |
Details (migration from Exchange 2003) |
Step 1 |
Certificate |
Acquire new commercial certificate for external client coexistence with CAS 2010 (legacy.contoso.ca namespace required for former CAS2007 for silent redirect). It will neet at minimum 3 SAN values : - mail.contoso.ca (primary OWA/EAS/OA URL) - autodiscover.contoso.ca - legacy.contoso.ca (OWA/EAS legacy mailbox access) Subject name should be mail.contoso.ca, should match the "Certificate Principal Name" in Outlook profile for Outlook Anywhere |
Step 2 |
Service pack level and AD version |
Use ExPDA (https://www.microsoft.com/downloads/en/details.aspx?FamilyID=88B304E7-9912-4CB0-8EAD-7479DAB1ABF2) to : a- Ensure all Exchange 2003 servers are SP2 b- Ensure all Forest/Domain match Exchange 2010 prerequisites Note : One of the prerequisites is the link state minor changes suppression. The procedure to deactivate it is on Step 8.1 |
Step 3 |
Prepare AD |
|
Step 3.1.1 |
1 |
Preparing Legacy Exchange Permissions (Exchange 2003 coexistence only) |
1.1 |
Setup /PrepareLegacyExchangePermissions |
|
1.2 |
Wait AD changes to replicate-track the progress using REPLMON tool |
|
Step 3.1.2 |
2 |
Preparing schema |
2.1 |
Run on a DC in schema master domain (forest root domain) Memberships required: Schema Admins group & Enterprise Admins |
|
2.2 |
Setup /PrepareSchema (Schema Admins group + Enterprise Admins) |
|
2.3 |
Wait AD changes to replicate-track the progress using REPLMON tool |
|
Step 3.1.3 |
3 |
Preparing AD |
3.1 |
Run on a DC in schema master domain (forest root domain) Memberships required: Enterprise Admins |
|
3.2 |
Setup /PrepareAD (Enterprise Admins) |
|
3.3 |
Wait AD changes to replicate-track the progress using REPLMON tool |
|
Step 3.1.4 |
4 |
Preparing All Domains |
4.1 |
Setup /PrepareAllDomains or setup /pad (Enterprise Admins) |
|
4.2 |
Verify the AD changes |
|
Step 3.1.5 |
5 |
Repeatable Task:Preparing Domains (If Preparing All Domains not run-See notes) |
5.1 |
If Preparing All Domains task was run, skip this task |
|
5.2 |
Memberships required: If domain created BEFORE prepareAD: Domain Admins If domain created AFTER prepareAD: Domain Admins & Exchange Organization Administrators |
|
5.3 |
Setup /PrepareDomain (see notes) |
|
5.4 |
Verify the AD changes |
|
Step 4 |
Install CAS2010 |
Install CAS 2010 and configure it - specify the external namespace (e.g. mail.contoso.ca) - install RPC over HTTP proxy component - Configure OWA settings (FBA vs Basic auth) - Configure EAS authentication (Basic vs Certificate Auth) - Enable OA (Enable-OutlookAnywhere -Server:ServerName -ExternalHostName:mail.contoso.ca -SSLOffLoading $false) |
Step 4.1 |
Configure CAS2010 ExternalURLS |
If the Step 4 above - enter the external namespace - has not been done, configure it on this step: •Offline Address Book: Set-OABVirtualDirectory OAB* -ExternalURL https://mail.contoso.com/OAB •Web Services: Set-WebServicesVirtualDirectory EWS* -ExternalURL https://mail.contoso.com/ews/exchange.asmx •ActiveSync: Set-ActiveSyncVirtualDirectory -Identity Microsoft-Server-ActiveSync -ExternalURL https://mail.contoso.com/Microsoft-Server-ActiveSync |
Step 5 |
Configure CAS2010 OWA |
Configure OWA on CAS2010 appropriately : - Outlook Web Access: . For environments with Exchange 2003 mailbox servers: Set-OWAVirtualDirectory OWA* -ExternalURL https://mail.contoso.com/OWA -Exchange2003URL https://legacy.contoso.com/exchange - Exchange Control Panel : . Set-ECPVirtualDirectory ECP* -ExternalURL https://mail.contoso.com/ECP |
Step 7 |
Configure CAS2010 Array (LB + DNS + PowerShell) |
For Outlook clients, you can configure the CAS2010 servers as an RPC Client Access Service array, which is highly recommended even if you have only one CAS2010 you start with : - Create a LB array for CAS2010 (Step-by-step guide / installation template : https://technet.microsoft.com/en-us/library/cc742379(EXCHG.80).aspx) - Create a DNS entry in your INTERNAL DNS that resolves the LB Array name to the Virtual IP Address (VIP) of the CAS LB (e.g. CASArray01.Contoso.ca) - Configure the LB array to load-balance the MAPI RPC ports : TCP 135 and TCP 1024 - 65 535 - Create the CAS Array AD object : New-ClientAccessArray -Name CASArray01.contoso.ca -FQDN CASArray01.contoso.ca -Site "Site1" |
Step 8 |
Install HUB2010 and MBX2010 |
Install the HUB2010 and MBX2010 roles in the "Internet Facing AD Site" and configure them: - You can change the OAB generation server and enable Web Distribution on CAS2010 : > Move the OAB : Move-OfflineAddressBook "Default Offline Address List" -Server Server_Name > add the CAS2010 server as a Web Distribution Point : ■$OABVDir=Get-OABVirtualDirectory -Server ■$OAB=Get-OfflineAddressBook "Default Offline Address List" ■$OAB.VirtualDirectories += $OABVdir.DistinguishedName ■Set-OfflineAddressBook "Default Offline Address List" -VirtualDirectories $OAB.VirtualDirectories |
Step 8.1 |
Suppress Link State Updates on Exchange 2003 |
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesRESvcParameters 1. Right-click Parameters and select New | DWORD value. Name the new DWORD value SuppressStateChanges. 2. Double-click SuppressStateChanges. 3. In the Value data field, enter 1. |
Step 9 |
External DNS : create legacy.contoso.ca namespace |
Create the legacy host record (legacy.contoso.com) in your EXTERNAL DNS infrastructure and associate it either with the FE2003 infrastructure (less likely) or your proxy infrastructure (more likely). |
Step 10 |
Environment without Exchange 2007 autodiscover |
You will configure EXTERNAL DNS and/or your reverse proxy infrastructure's publishing rules to have the autodiscover.contoso.com namespace point to CAS2010 |
Step 11 |
Publish legacy.contoso.ca to point to CAS2007 on reverse proxy |
If utilizing a reverse proxy infrastructure, you will publish the legacy namespace to the FE2003 infrastructure so that at this point the FE2003 infrastructure can be accessed either via mail.contoso.com or legacy.contoso.com namespaces |
Step 11.1 |
Autodiscover setting to use NLB |
Set CAS property AutoDiscoverServiceInternalUri to the Load balanced FQDN : Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri:"https://loadbalancerFQDN/Autodiscover/Autodiscover.xml" Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -InternalUrl:"https://loadbalancerFQDN/Autodiscover/Autodiscover.xml" |
Step 11.2 |
Internet connectivity downtime (reconfigure 2003 FEs URLs to legacy.contoso.ca) |
Schedule the internet protocol client downtime (should be small enough time to make change and validate the configurations) during which we'll perform the following steps : - Reconfigure External DNS and/or your reverse proxy infrastructure's publishing rules to have the mail.contoso.com namespaces point to CAS2010. |
Step 11.3 (Exchange 2003 EAS) |
Internet connectivity downtime (for Exchange 2003 EAS clients) |
Exchange 2003 mailboxes : EAS client will try to connect through CAS2010 and will receive an error. SOLUTION : enable Integrated Windows Authentication on the Microsoft-Server-ActiveSync vDir on Exchange 2003. > Install https://support.microsoft.com/?kbid=937031 and then use the Exchange System Manager to adjust the authentication settings of the ActiveSync virtual directory. > OR, set the msExchAuthenticationFlags attribute to a value of 6 on the Microsoft-Server-ActiveSync object within the configuration container on each Exchange 2003 mailbox server. An example script is provided at https://technet.microsoft.com/en-us/library/cc785437.aspx. Note: DO NOT use IIS Manager to change the authentication setting on the Microsoft-Server-ActiveSync virtual directory as the DS2MB process within the System Attendant will overwrite the settings that are stored in Active Directory. |
Step 11.4 (OA) |
Internet connectivity downtime (disable Exchange 2007 OA) |
Disable Outlook Anywhere by utilizing the Exchange System Manager and selecting the "Not part of an Exchange managed RPC-HTTP topology" radial button on the RPC-HTTP tab of the Front-End server's properties. Optionally, you can also remove the RPC over HTTP proxy component (refer to your Windows Server documentation for more information). Important: This requires an up-front investment in CAS2010 architecture as all Outlook Anywhere clients will utilize CAS2010 once you transition the Outlook Anywhere endpoint. Be sure to follow all proper scalability planning documentation when deploying CAS2010 to ensure that you do not create a bottleneck in your CAS infrastructure due to Outlook Anywhere clients. |
Step 11.6 (test) |
Test |
Test all client scenarios |
Step 12 |
Production launch |
Complete downtime and enable Internet protocol client usage |
Step 13 |
HUB |
Install the Hub Transport server role |
Step 14 |
UM (optional) |
Install the Unified Messaging server role This step is optional. It's only necessary if you want to use Unified Messaging in your organization. |
Step 15 |
UM Config (Optional) |
Configure Unified Messaging This step is optional. It's only necessary if you want to use Unified Messaging in your organization. |
Step 16 |
MAILBOX |
Install the Mailbox server role |
Step 17 |
EDGE (Optional) |
Install the Edge Transport server role This step is optional. It's only necessary if you want to use the Edge server role in your organization. |
Step 18 |
Internet Mail Flow configuration |
Move Internet mail flow from Exchange 2003 to Exchange 2010 (DNS MX records changes and SMTP forwarder change - Ironport, ISS or whichever SMTP smarthost server is used in the perimeter network) |
Step 19 |
Move Mailbox |
Move mailboxes from Exchange 2003 to Exchange 2010 |