exchange migration
TRANSCRIPT
Upgrading from Exchange Server 2003 to Exchange Server 2010
Padman De Silva
A birds eye view on the scenario
• Prepare your environment
• Prepare AD
• Install Exchange Server 2010 Server
• Establish Coexistence
• Migrate Users/Data
• Cleaning up Exchange Server 2003 Servers
• Uninstall Exchange Server 2003 Servers
• Cleanup Environment
Upgrade versus Migration
Exchange Server 2010 DOES not Support IN-Place Upgrades from Previous Versions of Exchange!
• Upgrade Upgrade of an existing Exchange organization to Exchange Server 2010 in which you move data and functionality from the existing Exchange servers to new Exchange Server 2010 servers
• Migration Replacing a non-Exchange messaging system with Exchange Server 2010 or replacing an existing Exchange organization with a new Exchange organization, without retaining any of the configuration data
Keep in mind…
• Exchange 2010 doesn‘t use – Administrative Groups (AG)
– Routing Groups (RG)
– Link State Routing
• During AD Preparation, a new Administrative Group and Routing Group will be created – Only there for Interoperability
– ALL Exchange 2010 Servers will be members in this AG/RG
PREPARING THE ENVIRONMENT
Active Directory Prereqs
• Schema Master must be Windows Server 2003 SP2 or higher
• Global Catalogs must be Windows Server 2003 SP2 or higher
• Forest Functional Level must be Windows Server 2003 or higher
Exchange Prereqs
• Exchange Server 2003 SP2 minimum
• NO Support for Exchange 2000
• Can upgrade from a mixed Exchange 2003/2007 Organization
Fix-up Object names
• Exchange 2007 and 2010 are very strict when it comes to object naming for – Aliases and Display names
• Beware of – Special characters (@, space, etc.)
– Leading and trailing spaces in Public Folder Displaynames
• Use Powershell or Scripting for fixup – Need Exchange Management Shell installed!
– FIXALIAS.PS1 to replace special characters
– TRIMPFNAMES.PS1 to delete leading and trailing spaces on Public Folder Names
Maintain connectivity for Outlook 2003
• Exchange 2010 by default requires MAPI encryption
• In Outlook 2003 it is not enabled by default!
• Either – Disable the requirement on the serverside
– Enable encryption on the client RECOMMENDED!
• Use GPO to rollout the change – Use an ADM Template
http://support.microsoft.com/kb/2006508
– Use GPO Preferences (recommended)
Step 1: PrepareLegacyExchangePermissions!
• Upgrade needed before Schema Extension
– Failure to do so would break RUS!
• Use „Setup /PrepareLegacyExchangePermissions“ or „Setup /pl“ to prepare ALL Domains!
– Specify „Domain FQDN“ to prepare only one Domain
– Need to be member of Enterprise Admins for this!
• Will automatically be done by the next step if you forgot…
Step 2: Extend the Schema
• Exchange 2010 Setup will import differences to Exchange 2003 schema only
• Use „setup /PrepareSchema“ or „setup /ps“
– Need to be Schema and Enterprise Admin!
• Manual import of LDIF Files not supported!
• Will automatically be done by the next step if you forgot…
Step 3: Preparing AD for Exchange 2010
• Preparation will – Create a new Administrative Group and Routing Group
• Exchange Administrative Group (FYDIBOHF23SPDLT) • Exchange Routing Group (DWBGZMFD01QNBJR)
– Create some other containers… – Create the „Microsoft Exchange Security Groups“ OU
in the Root Domain • Create Groups inside this OU
– Prepare the local domain
• Use „Setup /PrepareAD“ or „Setup /p“ – Need to be Enterprise Admin!
Step 4: Preparing Domains
• Need to prepare a Domain if you plan to – Want to create recipients in that domain
– Install Exchange Servers in that domain
• Will Assigns permissions at the domain level
• Use „Setup /PrepareDomain“ or „Setup /pd“ – Need to specify „Domain FQDN“
– Need to be Domain Admin
– Use /PrepareAllDomains to prepare all Domains in one step…
Order for Installing Exchange Server 2010 Roles
• Deploy Exchange Server 2010 Servers in the following order – Client Access
– Hub Transport
– Mailbox Server
– Unified Messaging
• Deploy Edge Transport at any time
• Upgrade Internet accessible Sites first
• Implement one Active Directory site at a time
Installing the first HUB/CAS Server
• Need to specify Exchange 2003 Source Server
– Setup will create a Routing Group Connector between 2003<->2010 Routing Groups
• Can specify external Name of CAS Services
– E.g. FQDN used to access OWA, ActiveSync, etc.
After the installation of HUB/CAS…
• Inbound Mail Routing – Exchange 2003 -> RGC -> Exchange 2010
• Outbound Mail Routing – Exchange 2010 -> RGC -> Exchange 2003
• Client Access – Not completely established yet
• Create a Client Access Array – Even if you don’t plan for HA, it’s an investment in the
future… – Databases on all newly installed MBX Servers will use
the CASARRAY as endpoint
LAB
-Install HUB and CAS Role on HC1
-Creating a CASARRAY
Installing the first Mailbox Server
• Setup will create two new Databases – Mailbox Database
– Public Folder Database
• Possible to specify the Path and Name of these Databases – Must run Setup from the command line to be able
to do so…
• If you created a CASARRAY before, DB’s will point to it…
LAB
-Install MBX Role on MBX1
-Fixup Contacts and Public Folders
ESTABLISHING COEXISTENCE
Coexistence?
• Is about
– SMTP Routing
– Client Access (OWA, AS, etc.)
– Free/Busy Interoperability
– Cross Version Mailbox Access
– Use Administrative Tools
– Rebuilding Mailboxmanager Policies
Establishing Inbound Mail connectivity
• Inbound Mails still routed via 2003
• Can be switched at any time during migration
• Steps:
– If no EDGE, enable ANONYMOUS on receive connectors of receiving HUBs
– Reconfigure Firewall/Mail Gateway for delivery to HUBs
Establishing Outbound Mail connectivity
• Outbound Mails still routed via 2003 • Can be switched at any time during migration • Need to recreate all SMTP Connectors from 2003! • Steps:
– Duplicate SMTP Connectors on 2010 Side – Reconfigure Firewall to enable HUBs to send Mail – Reconfigure Mail Gateway(s) to accept Mail from
HUBs
• As a best practice, disable connectors as long as you don‘t switch over to 2010
What about Relaying?
• In Exchange 2003 relaying is allowed for authenticated users and (anonymous) IP addresses you specify
• Exchange 2010 behaves nearly the same
– Authenticted Users are allowed to relay
– To allow anonymous users to relay you need to create a dedicated receive connector: http://technet.microsoft.com/en-us/library/bb232021.aspx
Migrating Relaying-Settings
• If you have a large number of IP Addresses, adding them by hand is cumbersome and error prone
• Use EXIPSECURITY.EXE to export IP Addresses
• Then use Powershell to read the file and use the IP Addresses when creating the relaying receive connector
LAB
-Configuring Inbound Mail Flow
-Duplicating Connectors
-Migrating Relaying Settings
Using new Transport Features
• Exchange 2010 introduces a several new features
– Transport Rules
– Moderated Transport
– Etc.
• If you want to use them during coexistence, there might be unpredictable results…
– Exchange 2003 doesn‘t know of new features
– Use “Expansion Server” Property for this
Client Access coexistence
• CAS 2010 will be the primary endpoint
• Will redirect OWA users to 2003 – Need to specify a redirection URL
– Use „Set-OWAVirtualDirectory –Identity „HC1\owa (Default Web Site)“ –Exchange2003URL https://legacy.domain.com/exchange“
– Need to install a new certificate for redirection url
• Will proxy traffic for ActiveSync and Outlook Anywhere
• Configure DNS with new(legacy) Name
• Remove the Exchange 2003 from the RPC over HTTP configuration
CAS coexistence: How it all works
Outlook Anywhere client
Exchange 2003 front-end server
Outlook Web Access client
Exchange Server 2010
Exchange Server 2003
HTTP
Outlook RPC
Exchange ActiveSync client
Exchange Server 2010
RPC
https://legacy.domain.com External URL:
https://mail.domain.com
HTTP
LAB
-Establishing Client Access Coexistence
-Request a new Certificate
-Configure OWA Redirection URL
Free/Busy Interop
• Exchange 2003 provides F/B via System Public Folders
• Exchange 2010 provides F/B via WebServices
• In coexistence, CAS will provide 2010 Mailboxes with F/B data data from 2003 Servers
– Done via WEBDAV
– Make sure Exchange 2003 „/Public“ VDIR is accessible
• Integrated Windows Authentication turned on!
Cross Version Mailbox Access
• Mailboxes on different Exchange Server versions can be opened in Outlook
• Best Practice is to move both at the same time
– Manager & Delegate, etc.
Administrative Coexsistence
• Exchange 2010 lacks AD Users & Computers Integration – EVERYTHING must be done from Powershell or EMC
• Best Practice – Use Exchange 2010 Tools for 2010 Admin Tasks
– Use Exchange 2003 Tools for 2003 Admin Tasks
• If you accidentialy (?) create new mailboxes on 2010 with 2003 Tools… – Attributes are missing
– Use –ApplyMandatoryAttributes in Powershell
Offline Address Books
• Exchange 2010 introduces some new features for the OAB
• If you want to use them, move the OAB Generation to a 2010 MBX Server – Make sure you have Public Folder Store on this
Server to support Outlook 2003 users!
• As long as the OAB generation is on 2003, Outlook 2007+ will use Public Folders for OAB access
Rebuilding Mailboxmanager Policies
• Exchange 2010 don‘t have Mailboxmanager Policies – The replacement is Managed Folders Mailbox
Policies
• Recreate Mailboxmanager Policies as Managed Folder Mailbox Policies(MFMP) in 2010 – Keep in mind that if you apply a MFMP to a
mailbox you cannot enable the archive!
– MFMP and Retention Policies are mutually exclusive!
LAB
-Move Offline Address List Generation to Exchange Server 2010
-Recreating Mailboxmanager Policies
REPLICATING PUBLIC FOLDERS AND MOVING MAILBOXES
Public Folder Replication
• Hierarchy Replication should automatically start as soon as you install a mailbox server
• Content Replication must be manually set
– Use MoveAllReplicas.PS1 for Single-Phase upgrades
– Use AddReplicaToPfRecursive.PS1 for Multi-Phase upgrades
• Possible to use ESM for the Job
– Work in Batches – don‘t replicate all folders at the same time
Moving Mailboxes
• Move Mailbox has changed in 2010
– We use „Move Requests“
• CAS is responsible of moving the data
– No more scheduling
– Reports a generated by CAS and stored in a special Mailbox
• Keep in mind that the Dumpster is not retained!
– If you move Mailboxes from 2010 to 2010, dumpster will be retained!
Move Mailbox Best Practices
• Check for Store Quotas on both sides
– A Mailbox won‘t move if it doesn‘t „fit“ into the target store…
• Test Mailbox Move
– Use –ValidateOnly Switch in Powershell
• Move in Batches
• Have a look at transaction logs
– SIS is no longer there!
LAB
-Add Public Folder Replicas to Exchange Server 2010
-Move all Mailboxes
CLEANING UP EXCHANGE SERVER 2003 SERVERS
Cleanup Servers?
• Before you can uninstall Exchange 2003, you need to move everything associated with the specific server to another server
– Recipient Update Service
– Public Folders
– Connectors
– Inbound Mail Routing(if not already done)
– Move Public Folder Hierarchy
Prior to moving Public Folders
• First compare the contents! – Use the „Export List…“ Function in ESM to get a
CSV File of Public Folders on 2003 Server
– Use Powershell to get a CSV File of Public Folders on a Exchange 2010 Server
– Then use EXCEL to normalize the data and compare the ITEM COUNT! • Size is not comparable…
– There are also a lot of scripts out there for this task
Move Public Folders
• To move all at a time either use
– ESM „Move All Replicas“ on the 2003 PF Store
– Use „MoveAllReplicas.PS1“ Script on 2010
• To move in batches use the same technique as you used to add replicas…
– Powershell Scripts in $EXSCRIPTS Folder
– ESM
LAB -Remove Public Folder Replicas from Exchange Server 2003
Remove/Move Recipient Update Services
• Domain RUS
– If you need to keep the RUS, just change the Exchange 2003 Server it points to…
– If it is save to remove, delete the RUS
• Enterprise RUS can‘t be deleted in ESM
– Use ADSIEDIT – at the END OF THE UPGRADE PROCESS!
LAB -Remove Domain Recipient Update Services
Delete Connectors…
• As soon as you switched your Inbound/Outbound Mail Routing to 2010
– Analyze Mailflow before deleting Connectors
• Remove RCG only if you plan to remove the corresponding servers
• Also might need to designate a new Routing Group Master…
LAB
-Remove SMTP Connectors
-Remove RGC
Move Public Folder Hierarchy
• The „Public Folders“ Object needs to be moved to the Exchange 2010 Administrative Group
– Use ESM to create a „Folders“ Container
– Drag & Drop the Hierarchy Object
UNINSTALL/REMOVE EXCHANGE SERVER 2003 SERVERS
Order for Uninstalling
• Remove/Uninstall Exchange Server 2003 Servers in the following order
– Backend Server
– Bridgehead Server
– Frontend Server
Removing Exchange Server 2003 Servers
• Either use Uninstall from the Control Panel – Requires E2003 Sources (CD)
• Use the „Remove Server“ Option in ESM – Need to stop all Services/Shutdown Machine
• To remove a Cluster – Take all Exchange Resources except Networkname
and IP offline
– Select “Remove Exchange Virtual Server” in CLUADMIN
Issues when removing Exchange 2003
• Public Folders don‘t replicate correctly
– Instances left over in PF Store
– If the data is consistent on both sides, use ADSIEDIT to remove the PF Store(dismount first)
• Users are still having mailboxes on the server
– Although you moved all of them…
– Search for „msExchHomeServerName=*<Name of Exchange 2003 Server> in AD Users & Computers
• Use „Remove Exchange Attributes“ to clean it up
Making sure Outlook gets redirected to the new Server
• Everyone‘s Outlook will connect to the old Server first – Will get redirected to the new server
• When you remove the server before everyone‘s outlook is updated this wont happen so either: – Leave the server in place until all clients are updated
– Create an Alias in DNS for the old server name an point it to a 2010 CAS(!)
– Use Scripting to update client profiles
– Put on your sneakers and…
LAB -Removing Exchange Server 2003 Servers BE1, BE2 and FE
CLEANUP THE ENVIRONMENT
Converting LDAP Filters in Objects
• Exchange 2010 use OPATH format in Administrative Tools instead of LDAP
• Need to convert Objects to be able to edit them
– Address Lists
– Recipient Policies
– Dynamic Distribution Groups
• Convert it with the Shell…
• When Converting Recipient Policies, you need to deactivate Mailboxmanager settings in ESM
Removing Exchange Server 2003 Permissions and Groups
• After you finished the upgrade, remove Exchange Server 2003 Permissions in the domain
– Remove Permission for „Exchange Enterprise Servers“ from the Root of the Domain
– Then safely delete the group
• Delete the „Exchange Domain Servers“ Group