Upgrading from Exchange Server 2003 to Exchange Server 2010

Padman De Silva

A birds eye view on the scenario

• Prepare your environment

• Prepare AD

• Install Exchange Server 2010 Server

• Establish Coexistence

• Migrate Users/Data

• Cleaning up Exchange Server 2003 Servers

• Uninstall Exchange Server 2003 Servers

• Cleanup Environment

Upgrade versus Migration

Exchange Server 2010 DOES not Support IN-Place Upgrades from Previous Versions of Exchange!

• Upgrade Upgrade of an existing Exchange organization to Exchange Server 2010 in which you move data and functionality from the existing Exchange servers to new Exchange Server 2010 servers

• Migration Replacing a non-Exchange messaging system with Exchange Server 2010 or replacing an existing Exchange organization with a new Exchange organization, without retaining any of the configuration data

Keep in mind…

• Exchange 2010 doesn‘t use – Administrative Groups (AG)

– Routing Groups (RG)

– Link State Routing

• During AD Preparation, a new Administrative Group and Routing Group will be created – Only there for Interoperability

– ALL Exchange 2010 Servers will be members in this AG/RG

PREPARING THE ENVIRONMENT

Active Directory Prereqs

• Schema Master must be Windows Server 2003 SP2 or higher

• Global Catalogs must be Windows Server 2003 SP2 or higher

• Forest Functional Level must be Windows Server 2003 or higher

Exchange Prereqs

• Exchange Server 2003 SP2 minimum

• NO Support for Exchange 2000

• Can upgrade from a mixed Exchange 2003/2007 Organization

Fix-up Object names

• Exchange 2007 and 2010 are very strict when it comes to object naming for – Aliases and Display names

• Beware of – Special characters (@, space, etc.)

– Leading and trailing spaces in Public Folder Displaynames

• Use Powershell or Scripting for fixup – Need Exchange Management Shell installed!

– FIXALIAS.PS1 to replace special characters

– TRIMPFNAMES.PS1 to delete leading and trailing spaces on Public Folder Names

Maintain connectivity for Outlook 2003

• Exchange 2010 by default requires MAPI encryption

• In Outlook 2003 it is not enabled by default!

• Either – Disable the requirement on the serverside

– Enable encryption on the client RECOMMENDED!

• Use GPO to rollout the change – Use an ADM Template

http://support.microsoft.com/kb/2006508

– Use GPO Preferences (recommended)

Step 1: PrepareLegacyExchangePermissions!

• Upgrade needed before Schema Extension

– Failure to do so would break RUS!

• Use „Setup /PrepareLegacyExchangePermissions“ or „Setup /pl“ to prepare ALL Domains!

– Specify „Domain FQDN“ to prepare only one Domain

– Need to be member of Enterprise Admins for this!

• Will automatically be done by the next step if you forgot…

Step 2: Extend the Schema

• Exchange 2010 Setup will import differences to Exchange 2003 schema only

• Use „setup /PrepareSchema“ or „setup /ps“

– Need to be Schema and Enterprise Admin!

• Manual import of LDIF Files not supported!

• Will automatically be done by the next step if you forgot…

Step 3: Preparing AD for Exchange 2010

• Preparation will – Create a new Administrative Group and Routing Group

• Exchange Administrative Group (FYDIBOHF23SPDLT) • Exchange Routing Group (DWBGZMFD01QNBJR)

– Create some other containers… – Create the „Microsoft Exchange Security Groups“ OU

in the Root Domain • Create Groups inside this OU

– Prepare the local domain

• Use „Setup /PrepareAD“ or „Setup /p“ – Need to be Enterprise Admin!

Step 4: Preparing Domains

• Need to prepare a Domain if you plan to – Want to create recipients in that domain

– Install Exchange Servers in that domain

• Will Assigns permissions at the domain level

• Use „Setup /PrepareDomain“ or „Setup /pd“ – Need to specify „Domain FQDN“

– Need to be Domain Admin

– Use /PrepareAllDomains to prepare all Domains in one step…

Order for Installing Exchange Server 2010 Roles

• Deploy Exchange Server 2010 Servers in the following order – Client Access

– Hub Transport

– Mailbox Server

– Unified Messaging

• Deploy Edge Transport at any time

• Upgrade Internet accessible Sites first

• Implement one Active Directory site at a time

Installing the first HUB/CAS Server

• Need to specify Exchange 2003 Source Server

– Setup will create a Routing Group Connector between 2003<->2010 Routing Groups

• Can specify external Name of CAS Services

– E.g. FQDN used to access OWA, ActiveSync, etc.

After the installation of HUB/CAS…

• Inbound Mail Routing – Exchange 2003 -> RGC -> Exchange 2010

• Outbound Mail Routing – Exchange 2010 -> RGC -> Exchange 2003

• Client Access – Not completely established yet

• Create a Client Access Array – Even if you don’t plan for HA, it’s an investment in the

future… – Databases on all newly installed MBX Servers will use

the CASARRAY as endpoint

LAB

-Install HUB and CAS Role on HC1

-Creating a CASARRAY

Installing the first Mailbox Server

• Setup will create two new Databases – Mailbox Database

– Public Folder Database

• Possible to specify the Path and Name of these Databases – Must run Setup from the command line to be able

to do so…

• If you created a CASARRAY before, DB’s will point to it…

LAB

-Install MBX Role on MBX1

-Fixup Contacts and Public Folders

ESTABLISHING COEXISTENCE

Coexistence?

• Is about

– SMTP Routing

– Client Access (OWA, AS, etc.)

– Free/Busy Interoperability

– Cross Version Mailbox Access

– Use Administrative Tools

– Rebuilding Mailboxmanager Policies

Establishing Inbound Mail connectivity

• Inbound Mails still routed via 2003

• Can be switched at any time during migration

• Steps:

– If no EDGE, enable ANONYMOUS on receive connectors of receiving HUBs

– Reconfigure Firewall/Mail Gateway for delivery to HUBs

Establishing Outbound Mail connectivity

• Outbound Mails still routed via 2003 • Can be switched at any time during migration • Need to recreate all SMTP Connectors from 2003! • Steps:

– Duplicate SMTP Connectors on 2010 Side – Reconfigure Firewall to enable HUBs to send Mail – Reconfigure Mail Gateway(s) to accept Mail from

HUBs

• As a best practice, disable connectors as long as you don‘t switch over to 2010

What about Relaying?

• In Exchange 2003 relaying is allowed for authenticated users and (anonymous) IP addresses you specify

• Exchange 2010 behaves nearly the same

– Authenticted Users are allowed to relay

– To allow anonymous users to relay you need to create a dedicated receive connector: http://technet.microsoft.com/en-us/library/bb232021.aspx

Migrating Relaying-Settings

• If you have a large number of IP Addresses, adding them by hand is cumbersome and error prone

• Use EXIPSECURITY.EXE to export IP Addresses

• Then use Powershell to read the file and use the IP Addresses when creating the relaying receive connector

LAB

-Configuring Inbound Mail Flow

-Duplicating Connectors

-Migrating Relaying Settings

Using new Transport Features

• Exchange 2010 introduces a several new features

– Transport Rules

– Moderated Transport

– Etc.

• If you want to use them during coexistence, there might be unpredictable results…

– Exchange 2003 doesn‘t know of new features

– Use “Expansion Server” Property for this

Client Access coexistence

• CAS 2010 will be the primary endpoint

• Will redirect OWA users to 2003 – Need to specify a redirection URL

– Use „Set-OWAVirtualDirectory –Identity „HC1\owa (Default Web Site)“ –Exchange2003URL https://legacy.domain.com/exchange“

– Need to install a new certificate for redirection url

• Will proxy traffic for ActiveSync and Outlook Anywhere

• Configure DNS with new(legacy) Name

• Remove the Exchange 2003 from the RPC over HTTP configuration

CAS coexistence: How it all works

Outlook Anywhere client

Exchange 2003 front-end server

Outlook Web Access client

Exchange Server 2010

Exchange Server 2003

HTTP

Outlook RPC

Exchange ActiveSync client

Exchange Server 2010

RPC

https://legacy.domain.com External URL:

https://mail.domain.com

HTTP

LAB

-Establishing Client Access Coexistence

-Request a new Certificate

-Configure OWA Redirection URL

Free/Busy Interop

• Exchange 2003 provides F/B via System Public Folders

• Exchange 2010 provides F/B via WebServices

• In coexistence, CAS will provide 2010 Mailboxes with F/B data data from 2003 Servers

– Done via WEBDAV

– Make sure Exchange 2003 „/Public“ VDIR is accessible

• Integrated Windows Authentication turned on!

Cross Version Mailbox Access

• Mailboxes on different Exchange Server versions can be opened in Outlook

• Best Practice is to move both at the same time

– Manager & Delegate, etc.

Administrative Coexsistence

• Exchange 2010 lacks AD Users & Computers Integration – EVERYTHING must be done from Powershell or EMC

• Best Practice – Use Exchange 2010 Tools for 2010 Admin Tasks

– Use Exchange 2003 Tools for 2003 Admin Tasks

• If you accidentialy (?) create new mailboxes on 2010 with 2003 Tools… – Attributes are missing

– Use –ApplyMandatoryAttributes in Powershell

Offline Address Books

• Exchange 2010 introduces some new features for the OAB

• If you want to use them, move the OAB Generation to a 2010 MBX Server – Make sure you have Public Folder Store on this

Server to support Outlook 2003 users!

• As long as the OAB generation is on 2003, Outlook 2007+ will use Public Folders for OAB access

Rebuilding Mailboxmanager Policies

• Exchange 2010 don‘t have Mailboxmanager Policies – The replacement is Managed Folders Mailbox

Policies

• Recreate Mailboxmanager Policies as Managed Folder Mailbox Policies(MFMP) in 2010 – Keep in mind that if you apply a MFMP to a

mailbox you cannot enable the archive!

– MFMP and Retention Policies are mutually exclusive!

LAB

-Move Offline Address List Generation to Exchange Server 2010

-Recreating Mailboxmanager Policies

REPLICATING PUBLIC FOLDERS AND MOVING MAILBOXES

Public Folder Replication

• Hierarchy Replication should automatically start as soon as you install a mailbox server

• Content Replication must be manually set

– Use MoveAllReplicas.PS1 for Single-Phase upgrades

– Use AddReplicaToPfRecursive.PS1 for Multi-Phase upgrades

• Possible to use ESM for the Job

– Work in Batches – don‘t replicate all folders at the same time

Moving Mailboxes

• Move Mailbox has changed in 2010

– We use „Move Requests“

• CAS is responsible of moving the data

– No more scheduling

– Reports a generated by CAS and stored in a special Mailbox

• Keep in mind that the Dumpster is not retained!

– If you move Mailboxes from 2010 to 2010, dumpster will be retained!

Move Mailbox Best Practices

• Check for Store Quotas on both sides

– A Mailbox won‘t move if it doesn‘t „fit“ into the target store…

• Test Mailbox Move

– Use –ValidateOnly Switch in Powershell

• Move in Batches

• Have a look at transaction logs

– SIS is no longer there!

LAB

-Add Public Folder Replicas to Exchange Server 2010

-Move all Mailboxes

CLEANING UP EXCHANGE SERVER 2003 SERVERS

Cleanup Servers?

• Before you can uninstall Exchange 2003, you need to move everything associated with the specific server to another server

– Recipient Update Service

– Public Folders

– Connectors

– Inbound Mail Routing(if not already done)

– Move Public Folder Hierarchy

Prior to moving Public Folders

• First compare the contents! – Use the „Export List…“ Function in ESM to get a

CSV File of Public Folders on 2003 Server

– Use Powershell to get a CSV File of Public Folders on a Exchange 2010 Server

– Then use EXCEL to normalize the data and compare the ITEM COUNT! • Size is not comparable…

– There are also a lot of scripts out there for this task

Move Public Folders

• To move all at a time either use

– ESM „Move All Replicas“ on the 2003 PF Store

– Use „MoveAllReplicas.PS1“ Script on 2010

• To move in batches use the same technique as you used to add replicas…

– Powershell Scripts in $EXSCRIPTS Folder

– ESM

LAB -Remove Public Folder Replicas from Exchange Server 2003

Remove/Move Recipient Update Services

• Domain RUS

– If you need to keep the RUS, just change the Exchange 2003 Server it points to…

– If it is save to remove, delete the RUS

• Enterprise RUS can‘t be deleted in ESM

– Use ADSIEDIT – at the END OF THE UPGRADE PROCESS!

LAB -Remove Domain Recipient Update Services

Delete Connectors…

• As soon as you switched your Inbound/Outbound Mail Routing to 2010

– Analyze Mailflow before deleting Connectors

• Remove RCG only if you plan to remove the corresponding servers

• Also might need to designate a new Routing Group Master…

LAB

-Remove SMTP Connectors

-Remove RGC

Move Public Folder Hierarchy

• The „Public Folders“ Object needs to be moved to the Exchange 2010 Administrative Group

– Use ESM to create a „Folders“ Container

– Drag & Drop the Hierarchy Object

UNINSTALL/REMOVE EXCHANGE SERVER 2003 SERVERS

Order for Uninstalling

• Remove/Uninstall Exchange Server 2003 Servers in the following order

– Backend Server

– Bridgehead Server

– Frontend Server

Removing Exchange Server 2003 Servers

• Either use Uninstall from the Control Panel – Requires E2003 Sources (CD)

• Use the „Remove Server“ Option in ESM – Need to stop all Services/Shutdown Machine

• To remove a Cluster – Take all Exchange Resources except Networkname

and IP offline

– Select “Remove Exchange Virtual Server” in CLUADMIN

Issues when removing Exchange 2003

• Public Folders don‘t replicate correctly

– Instances left over in PF Store

– If the data is consistent on both sides, use ADSIEDIT to remove the PF Store(dismount first)

• Users are still having mailboxes on the server

– Although you moved all of them…

– Search for „msExchHomeServerName=*<Name of Exchange 2003 Server> in AD Users & Computers

• Use „Remove Exchange Attributes“ to clean it up

Making sure Outlook gets redirected to the new Server

• Everyone‘s Outlook will connect to the old Server first – Will get redirected to the new server

• When you remove the server before everyone‘s outlook is updated this wont happen so either: – Leave the server in place until all clients are updated

– Create an Alias in DNS for the old server name an point it to a 2010 CAS(!)

– Use Scripting to update client profiles

– Put on your sneakers and…

LAB -Removing Exchange Server 2003 Servers BE1, BE2 and FE

CLEANUP THE ENVIRONMENT

Converting LDAP Filters in Objects

• Exchange 2010 use OPATH format in Administrative Tools instead of LDAP

• Need to convert Objects to be able to edit them

– Address Lists

– Recipient Policies

– Dynamic Distribution Groups

• Convert it with the Shell…

• When Converting Recipient Policies, you need to deactivate Mailboxmanager settings in ESM

Removing Exchange Server 2003 Permissions and Groups

• After you finished the upgrade, remove Exchange Server 2003 Permissions in the domain

– Remove Permission for „Exchange Enterprise Servers“ from the Root of the Domain

– Then safely delete the group

• Delete the „Exchange Domain Servers“ Group