Presentation on theme: "Upgrading from Exchange Server 2003 to Exchange Server 2010 Christian Schindler Senior Consultant Microsoft Certfied Master – Exchange Server 2007 NTx."— Presentation transcript:
Upgrading from Exchange Server 2003 to Exchange Server 2010 Christian Schindler Senior Consultant Microsoft Certfied Master – Exchange Server 2007 NTx BackOffice Consulting Group Austria
A birds eye view on the scenario Prepare your environment Prepare AD Install Exchange Server 2010 Server Establish Coexistence Migrate Users/Data Cleaning up Exchange Server 2003 Servers Uninstall Exchange Server 2003 Servers Cleanup Environment
Upgrade versus Migration Exchange Server 2010 DOES not Support IN-Place Upgrades from Previous Versions of Exchange! Upgrade Upgrade of an existing Exchange organization to Exchange Server 2010 in which you move data and functionality from the existing Exchange servers to new Exchange Server 2010 servers Migration Replacing a non-Exchange messaging system with Exchange Server 2010 or replacing an existing Exchange organization with a new Exchange organization, without retaining any of the configuration data
Single Phase versus Multi Phase Replaces existing messaging system Moves required data and functionality to the new system without configuring integration between the two systems Has no period of coexistence or interoperability Upgrades one server or site at a time Enables an incremental upgrade spread over a longer period of time Decreases risk for the organization
Keep in mind… Exchange 2010 doesn‘t use – Administrative Groups (AG) – Routing Groups (RG) – Link State Routing During AD Preparation, a new Administrative Group and Routing Group will be created – Only there for Interoperability – ALL Exchange 2010 Servers will be members in this AG/RG
PREPARING THE ENVIRONMENT
Active Directory Prereqs Schema Master must be Windows Server 2003 SP2 or higher Global Catalogs must be Windows Server 2003 SP2 or higher Forest Functional Level must be Windows Server 2003 or higher Do I have to mention that DNS needs to work?
Exchange Prereqs Exchange Server 2003 SP2 minimum NO Support for Exchange 2000 Can upgrade from a mixed Exchange 2003/2007 Organization
Fixup Objectnames Exchange 2007 and 2010 are very strict when it comes to object naming for – Aliases and Displaynames Beware of – Special characters (@, space, etc.) – Leading and trailing spaces in Public Folder Displaynames Use Powershell or Scripting for fixup – Need Exchange Managment Shell installed! – FIXALIAS.PS1 to replace special characters – TRIMPFNAMES.PS1 to delete leading and trailing spaces on Public Folder Names
Disable Link State Routing Required if you have more than one Routing Group Failure to do so may result in routing loops Must be done on every Exchange 2003 Server Use instructions in this Article to disable it: http://technet.microsoft.com/en- us/library/aa996728.aspx http://technet.microsoft.com/en- us/library/aa996728.aspx
Create additional Routing Group Connectors (RGC) Only applicable if you have more than one Routing Group Introduce additional RGCs as a shortcut for message routing Beware of Linkstate Islands!
Maintain connectivity for Outlook 2003 Exchange 2010 by default requires MAPI encryption In Outlook 2003 it is not enabled by default! Either – Disable the requirement on the serverside – Enable encryption on the client RECOMMENDED! Use GPO to rollout the change – Use an ADM Template http://support.microsoft.com/kb/2006508 http://support.microsoft.com/kb/2006508 – Use GPO Preferences (recommended)
Kerberos Client Connectivity with CASARRAYS… CASARRAYS don‘t support KERBEROS authentication (at least for now) If you plan to use CASARRAYS, make sure Outlook Clients use Negotiation or NTLM – Use GPO to rollout the change
LAB -Disable Link State Routing -Enable MAPI Encryption for Outlook 2003 -Configure Outlook Client authentication Methods
PREPARING ACTIVE DIRECTORY
In General… All of the following tasks need to – Be run on a x64 machine – Require Windows Powershell 2.0 – Be run on a machine which is in the same site and the same domain as the Schema Master – As always, wait for replication to finish before you start the next step… For detailed information about what happens, visit http://technet.microsoft.com/en- us/library/bb125224.aspxhttp://technet.microsoft.com/en- us/library/bb125224.aspx
Step 1: PrepareLegacyExchangePermissions! Upgrade needed before Schema Extension – Failure to do so would break RUS! Use „Setup /PrepareLegacyExchangePermissions“ or „Setup /pl“ to prepare ALL Domains! – Specify „Domain FQDN“ to prepare only one Domain – Need to be member of Enterprise Admins for this! Will automatically be done by the next step if you forgot…
Step 2: Extend the Schema Exchange 2010 Setup will import differences to Exchange 2003 schema only Use „setup /PrepareSchema“ or „setup /ps“ – Need to be Schema and Enterprise Admin! Manual import of LDIF Files not supported! Will automatically be done by the next step if you forgot…
Step 3: Preparing AD for Exchange 2010 Preparation will – Create a new Administrative Group and Routing Group Exchange Administrative Group (FYDIBOHF23SPDLT) Exchange Routing Group (DWBGZMFD01QNBJR) – Create some other containers… – Create the „Microsoft Exchange Security Groups“ OU in the Root Domain Create Groups inside this OU – Prepare the local domain Use „Setup /PrepareAD“ or „Setup /p“ – Need to be Enterprise Admin!
Step 4: Preparing Domains Need to prepare a Domain if you plan to – Want to create recipients in that domain – Install Exchange Servers in that domain Will Assigns permissions at the domain level Use „Setup /PrepareDomain“ or „Setup /pd“ – Need to specify „Domain FQDN“ – Need to be Domain Admin – Use /PrepareAllDomains to prepare all Domains in one step…
LAB -Prepare AD for Exchange Server 2010 (All Steps)
INSTALLING EXCHANGE SERVER 2010 SERVERS
Order for Installing Exchange Server 2010 Roles Deploy Exchange Server 2010 Servers in the following order – Client Access – Hub Transport – Mailbox Server – Unified Messaging Deploy Edge Transport at any time Upgrade Internet accessible Sites first Implement one Active Directory site at a time
Installing the first HUB/CAS Server Need to specify Exchange 2003 Source Server – Setup will create a Routing Group Connector between 2003 2010 Routing Groups Can specify external Name of CAS Services – E.g. FQDN used to access OWA, ActiveSync, etc.
After the installation of HUB/CAS… Inbound Mail Routing – Exchange 2003 -> RGC -> Exchange 2010 Outbound Mail Routing – Exchange 2010 -> RGC -> Exchange 2003 Client Access – Not completely established yet Create a Client Access Array – Even if you don’t plan for HA, it’s an investment in the future… – Databases on all newly installed MBX Servers will use the CASARRAY as endpoint
LAB -Install HUB and CAS Role on HC1 -Creating a CASARRAY
Installing the first Mailbox Server Setup will create two new Databases – Mailbox Database – Public Folder Database Possible to specify the Path and Name of these Databases – Must run Setup from the command line to be able to do so… If you created a CASARRAY before, DB’s will point to it…
LAB -Install MBX Role on MBX1 -Fixup Contacts and Public Folders
Coexistence? Is about – SMTP Routing – Client Access (OWA, AS, etc.) – Free/Busy Interoperability – Cross Version Mailbox Access – Use Administrative Tools – Rebuilding Mailboxmanager Policies
Establishing Inbound Mail connectivity Inbound Mails still routed via 2003 Can be switched at any time during migration Steps: – If no EDGE, enable ANONYMOUS on receive connectors of receiving HUBs – Reconfigure Firewall/Mail Gateway for delivery to HUBs
Establishing Outbound Mail connectivity Outbound Mails still routed via 2003 Can be switched at any time during migration Need to recreate all SMTP Connectors from 2003! Steps: – Duplicate SMTP Connectors on 2010 Side – Reconfigure Firewall to enable HUBs to send Mail – Reconfigure Mail Gateway(s) to accept Mail from HUBs As a best practice, disable connectors as long as you don‘t switch over to 2010
What about Relaying? In Exchange 2003 relaying is allowed for authenticated users and (anonymous) IP addresses you specify Exchange 2010 behaves nearly the same – Authenticted Users are allowed to relay – To allow anonymous users to relay you need to create a dedicated receive connector: http://technet.microsoft.com/en- us/library/bb232021.aspx http://technet.microsoft.com/en- us/library/bb232021.aspx
Migrating Relaying-Settings If you have a large number of IP Addresses, adding them by hand is cumbersome and error prone Use EXIPSECURITY.EXE to export IP Addresses Then use Powershell to read the file and use the IP Addresses when creating the relaying receive connector
Using new Transport Features Exchange 2010 introduces a several new features – Transport Rules – Moderated Transport – Etc. If you want to use them during coexistence, there might be unpredictable results… – Exchange 2003 doesn‘t know of new features – Use “Expansion Server” Property for this
Client Access coexistence CAS 2010 will be the primary endpoint Will redirect OWA users to 2003 – Need to specify a redirection URL – Use „Set-OWAVirtualDirectory –Identity „HC1\owa (Default Web Site)“ –Exchange2003URL https://legacy.domain.com/exchange“ https://legacy.domain.com/exchange – Need to install a new certificate for redirection url Will proxy traffic for ActiveSync and Outlook Anywhere Configure DNS with new(legacy) Name Remove the Exchange 2003 from the RPC over HTTP configuration
CAS coexistence: How it all works Outlook Anywhere client Outlook Anywhere client Exchange 2003 front-end server Exchange 2003 front-end server Outlook Web Access client Outlook Web Access client Exchange Server 2010 Exchange Server 2010 Exchange Server 2003 Exchange Server 2003 HTTP Outlook RPC Outlook RPC Exchange ActiveSync client Exchange ActiveSync client Exchange Server 2010 Exchange Server 2010 RPC https://legacy.domain.com External URL: https://mail.domain.com External URL: https://mail.domain.com HTTP
LAB -Establishing Client Access Coexistence -Request a new Certificate -Configure OWA Redirection URL
Free/Busy Interop Exchange 2003 provides F/B via System Public Folders Exchange 2010 provides F/B via WebServices In coexistence, CAS will provide 2010 Mailboxes with F/B data data from 2003 Servers – Done via WEBDAV – Make sure Exchange 2003 „/Public“ VDIR is accessible Integrated Windows Authentication turned on!
Cross Version Mailbox Access Mailboxes on different Exchange Server versions can be opened in Outlook Best Practice is to move both at the same time – Manager & Delegate, etc.
Administrative Coexsistence Exchange 2010 lacks AD Users & Computers Integration – EVERYTHING must be done from Powershell or EMC Best Practice – Use Exchange 2010 Tools for 2010 Admin Tasks – Use Exchange 2003 Tools for 2003 Admin Tasks If you accidentialy (?) create new mailboxes on 2010 with 2003 Tools… – Attributes are missing – Use –ApplyMandatoryAttributes in Powershell
Offline Address Books Exchange 2010 introduces some new features for the OAB If you want to use them, move the OAB Generation to a 2010 MBX Server – Make sure you have Public Folder Store on this Server to support Outlook 2003 users! As long as the OAB generation is on 2003, Outlook 2007+ will use Public Folders for OAB access
Rebuilding Mailboxmanager Policies Exchange 2010 don‘t have Mailboxmanager Policies – The replacement is Managed Folders Mailbox Policies Recreate Mailboxmanager Policies as Managed Folder Mailbox Policies(MFMP) in 2010 – Keep in mind that if you apply a MFMP to a mailbox you cannot enable the archive! – MFMP and Retention Policies are mutually exclusive!
LAB -Move Offline Address List Generation to Exchange Server 2010 -Recreating Mailboxmanager Policies
REPLICATING PUBLIC FOLDERS AND MOVING MAILBOXES
Public Folder Replication Hierarchy Replication should automatically start as soon as you install a mailbox server Content Replication must be manually set – Use MoveAllReplicas.PS1 for Single-Phase upgrades – Use AddReplicaToPfRecursive.PS1 for Multi-Phase upgrades Possible to use ESM for the Job – Work in Batches – don‘t replicate all folders at the same time
Moving Mailboxes Move Mailbox has changed in 2010 – We use „Move Requests“ CAS is responsible of moving the data – No more scheduling – Reports a generated by CAS and stored in a special Mailbox Keep in mind that the Dumpster is not retained! – If you move Mailboxes from 2010 to 2010, dumpster will be retained!
Move Mailbox Best Practices Check for Store Quotas on both sides – A Mailbox won‘t move if it doesn‘t „fit“ into the target store… Test Mailbox Move – Use –ValidateOnly Switch in Powershell Move in Batches Have a look at transaction logs – SIS is no longer there!
LAB -Add Public Folder Replicas to Exchange Server 2010 -Move all Mailboxes
CLEANING UP EXCHANGE SERVER 2003 SERVERS
Cleanup Servers? Before you can uninstall Exchange 2003, you need to move everything associated with the specific server to another server – Recipient Update Service – Public Folders – Connectors – Inbound Mail Routing(if not already done) – Move Public Folder Hierarchy
Prior to moving Public Folders First compare the contents! – Use the „Export List…“ Function in ESM to get a CSV File of Public Folders on 2003 Server – Use Powershell to get a CSV File of Public Folders on a Exchange 2010 Server – Then use EXCEL to normalize the data and compare the ITEM COUNT! Size is not comparable… – There are also a lot of scripts out there for this task
Move Public Folders To move all at a time either use – ESM „Move All Replicas“ on the 2003 PF Store – Use „MoveAllReplicas.PS1“ Script on 2010 To move in batches use the same technique as you used to add replicas… – Powershell Scripts in $EXSCRIPTS Folder – ESM
LAB -Remove Public Folder Replicas from Exchange Server 2003
Remove/Move Recipient Update Services Domain RUS – If you need to keep the RUS, just change the Exchange 2003 Server it points to… – If it is save to remove, delete the RUS Enterprise RUS can‘t be deleted in ESM – Use ADSIEDIT – at the END OF THE UPGRADE PROCESS!
LAB -Remove Domain Recipient Update Services
Delete Connectors… As soon as you switched your Inbound/Outbound Mail Routing to 2010 – Analyze Mailflow before deleting Connectors Remove RCG only if you plan to remove the corresponding servers Also might need to designate a new Routing Group Master…
LAB -Remove SMTP Connectors -Remove RGC
Move Public Folder Hierarchy The „Public Folders“ Object needs to be moved to the Exchange 2010 Administrative Group – Use ESM to create a „Folders“ Container – Drag & Drop the Hierarchy Object
UNINSTALL/REMOVE EXCHANGE SERVER 2003 SERVERS
Order for Uninstalling Remove/Uninstall Exchange Server 2003 Servers in the following order – Backend Server – Bridgehead Server – Frontend Server
Removing Exchange Server 2003 Servers Either use Uninstall from the Control Panel – Requires E2003 Sources (CD) Use the „Remove Server“ Option in ESM – Need to stop all Services/Shutdown Machine To remove a Cluster – Take all Exchange Resources except Networkname and IP offline – Select “Remove Exchange Virtual Server” in CLUADMIN
Issues when removing Exchange 2003 Public Folders don‘t replicate correctly – Instances left over in PF Store – If the data is consistent on both sides, use ADSIEDIT to remove the PF Store(dismount first) Users are still having mailboxes on the server – Although you moved all of them… – Search for „msExchHomeServerName=* in AD Users & Computers Use „Remove Exchange Attributes“ to clean it up
Making sure Outlook gets redirected to the new Server Everyone‘s Outlook will connect to the old Server first – Will get redirected to the new server When you remove the server before everyone‘s outlook is updated this wont happen so either: – Leave the server in place until all clients are updated – Create an Alias in DNS for the old server name an point it to a 2010 CAS(!) – Use Scripting to update client profiles – Put on your sneakers and…
LAB -Removing Exchange Server 2003 Servers BE1, BE2 and FE
CLEANUP THE ENVIRONMENT
Converting LDAP Filters in Objects Exchange 2010 use OPATH format in Administrative Tools instead of LDAP Need to convert Objects to be able to edit them – Address Lists – Recipient Policies – Dynamic Distribution Groups Convert it with the Shell… When Converting Recipient Policies, you need to deactivate Mailboxmanager settings in ESM
Removing Exchange Server 2003 Permissions and Groups After you finished the upgrade, remove Exchange Server 2003 Permissions in the domain – Remove Permission for „Exchange Enterprise Servers“ from the Root of the Domain – Then safely delete the group Delete the „Exchange Domain Servers“ Group