Table of Contents 1. Lab Environment... 2 2. Request and Configure Exchange Server 2013 Certificate... 3 2.1 Testing Outlook Web App (OWA), Outlook and Exchange Control Panel (ECP)... 14 3. Public Folder Migration... 20 3.1 Running Public Folder Scripts and Gathering Data... 20 3.2 Creating Public Folder Mailbox and Public Folder Migration Script... 21 3.3 Migrate Public Folder from Exchange 2010 to Exchange 2013... 22 4. Exchange 2010 Mailbox Migration to Exchange 2013... 24 4.1 Move User Mailbox... 24 5. Configure Mail Flow on Exchange Server 2013... 36 5.1 Send Connector... 36 5.2 Receive Connector... 38 6. Important Notes... 41
1. Lab Environment This guide will provide you end to end solution for migrating exchange server 2010 to 2013. Lab environment: 1 Domain Controller 1 Exchange Server 2010 with Rollup Update 7 1 Exchange Server 2013 CU 6 Exchange Server 2010 is also acting as Certificate Authority Server One Public Folder Database on Exchange Server 2010 Exchange 2010 and 2013 Co-existence, Cutover, Pre-migration and Migration Figure 1 : Lab Design
2. Request and Configure Exchange Server 2013 Certificate Login into Exchange Admin Center (EAC) and click on Servers > Click on Certificate and then click on + sign Figure 2 Click on Next
Figure 3 Mention the friendly name of the certificate and click on Next. Figure 4
Click on Next on this window as we are not going to use Wild Card Certificate. Microsoft recommends using UC certificate and not the Wild Card Certificate. Figure 5 Click on Browse button to select the Client Access Server for which you are requesting the certificate and select the server and click Next Figure 6
On this window you will specify the URL for all the virtual directories you are going to use. Like OWA, ECP, EWS, Autodiscover, POP, IMAP, Active Sync and Outlook Anywhere. Once it s done, click on Next. Figure 7 Here you will see the entire CN name which will be part of the certificate. If you missed any of the name in previous step, you can click on the (+) sign to add them. Click Next Figure 8
Mention your company information in the above page and click on next. Make sure you mention the correct name of the company without.com,.net,.local and click Next Figure 9 Before you start mentioning anything in the above window make sure you have a share created on any one of the server in the environment where this request file can be saved. In my case I have created it on one of my Exchange 2010 Server. Click finish after providing the file name. Figure 10
Now are requesting the certificate, next part is to complete it to complete it as status is showing Pending Request we have 2 option. 1: Internal Certificate Authority Server 2: Third Party Certificate Authority likes GoDaddy, VeriSign, EnTrust, Comodo etc. It always recommended using third party Certificate Authority in production environment. As it s a LAB environment I will be using internal CA Server. Go to CA Server which happens to be my Exchange Server 2010. Open IIS and Expand it and go to Default Web Site (In your case it may be different). Click on CertSrv and in the Actions pan click on Browse :443 (https) Figure 11 Figure 12 Click on Continue to this website (note recommended).
Figure 13 Click on Request a certificate. Figure 14 Click on advanced certificate request. Figure 15 Got the that shared folder where you saved the.req file, open it with Notepad and copy everything in it and paste it here in Based-64-encoded certificate request. Under Certificate Template click on the drop down and select Web Server and click on Submit.
Figure 16 Choose Base 64 encoded and click on Download certificate and save the certificate in the shared folder. Figure 17
Go to Exchange Admin Center and click on Complete Figure 18 Figure 19 Specify the location including the file name with extension and click on OK. Once you click on OK, status will change to Valid from Pending Completion.
Figure 20 It not over yet, there are few other things which needs to done before we consider it complete. 1. Assign the services to the certificate. 2. Configure all the virtual directories which are in the certificate like OWA, ECP, EWS etc. 3. Check SSL settings on Virtual directory. 4. Test OWA, ECP, Active Sync and Outlook. Assign the services to the certificate by click on the Pen sign after you select the correct certificate. Figure 21 Your Outlook, OWA, Active Sync, ECP and EWS to work properly, you need to enable the IIS service at least. Run all the below command in Exchange Management Shell to configure these virtual directories. Note: Outlook Web App: Get-OwaVirtualDirectory -Server "ExchangeServerName" Set-OwaVirtualDirectory -InternalURL https://webmail.exchangeranger.net/owa -ExternalURL https://webmail.exchangeranger.net/owa
Exchange Control Panel: Get-ecpVirtualDirectory -Server "ExchangeServerName" Set-ecpVirtualDirectory -InternalURL https://webmail.exchangeranger.net/ecp -ExternalURL https://webmail.exchangeranger.net/ecp EWS (Exchange Web Services): Get-WebservicesVirtualDirectory -Server "ExchangeServerName" Set-WebservicesVirtualDirectory - InternalURL https://webmail.exchangeranger.net/ews/exchange.asmx -ExternalURL https://webmail.exchangeranger.net/ews/exchange.asmx Autodiscover: Set-ClientAccessServer "ExchangeServerName" -AutodiscoverServiceInternalUri https://webmail.exchangeranger.net/autodiscover/autodiscover.xml ActiveSync: Get-ActiveSyncVirtualDirectory -Server "ExchangeServerName" Set-ActiveSyncVirtualDirectory - InternalURL https://webmail.exchangeranger.net/microsoft-server-activesync -ExternalURL https://webmail.exchangeranger.net/microsoft-server-activesync Offline Address Book: Get-OABVirtualDirectory -Server "ExchangeServerName" Set-OABVirtualDirectory -InternalUrl https://webmail.exchangeranger.net/oab -ExternalURL https://webmail.exchangeranger.net/oab OutlookAnywhere: Set-OutlookAnywhere -Identity "ExchangeServerName\Rpc (Default Web Site)" -InternalHostname webmail.exchangeranger.net -ExternalHostName webmail.exchangeranger.net - InternalClientAuthenticationMethod ntlm -InternalClientsRequireSsl:$True - ExternalClientAuthenticationMethod Basic -ExternalClientsRequireSsl:$True If you try to open https://webmail.domain.com/owa in my case it s https://webmail.exchangeranger.net/owa it will fail with the below error. The reason it s failing because SSL required on OWA virtual directory is checked. You need to uncheck it as it should not enabled if you are using SSL offloading. I am not using SSL Offload in the LAB but still I need to disable it.
Figure 22 Click on Apply in the Actions Pan section after unchecking it. Figure 23 Also, you need to create A record with webmail or mail name which on certificate in DNS which points to your CAS Server or your Load Balancer VIP if you are using Load Balancer. Figure 24 2.1 Testing Outlook Web App (OWA), Outlook and Exchange Control Panel (ECP)
Now it s time to check if everything has been done/configured properly or not by logging in to OWA, Outlook and ECP. Figure 25 Figure 26 OWA and ECP is working fine with certificate prompt that means you have done and followed all steps correctly. In my environment I have exchange server 2010 also and I am able to connect to OWA without any issue at all.
Figure 27 Figure 28
Figure 29 Check if Autodiscover is working fine using Outlook Figure 30
Figure 31
Now let s check what is the configuration of Virtual Directories on Exchange 2010 and 2013 Figure 32 Figure 33
3. Public Folder Migration Migrating (Replicating) Public folder to Exchange Server 2013 is very different as compare to all legacy exchange servers. There are few scripts which we need to run on legacy Exchange Server as well as Exchange Server 2013. You can download those scripts from here Figure 34 Use these scripts to migrate public folders from Exchange 2010 or 2007 to Exchange 2013. In order to migrate Exchange 2010 or 2007 Public Folders to Exchange 2013 on O365, we need to analyze the existing Public Folder hierarchy for size to figure out the number of Public Folder mailboxes that are required on O365 and the distribution of folders across mailboxes. 3.1 Running Public Folder Scripts and Gathering Data First script Export-PublicFolderStatistics.ps1 will gather the statistics of Public Folder from legacy exchange server, in my case I am running Exchange Server 2010. Export the file with.csv extension. Figure 35 By default the output will come as Mailbox1, Mailbox2 and so on and if you have multiple Public Folder than it will create as many Mailbox as there are Public Folders.
Figure 36 I renamed it to PFMailbox, PFMailbox01 as per my convenience. Figure 37 Next script you will run is PulicFolderToMailboxMapGenerator.ps1 and this script will be run from Exchange Server 2013. Copy the script to Exchange 2013 and run it. In ImportFile: mention the file name which you saved when you ran the first script, in my case it s PublicFolderSize.csv. In ExportFile: You can mention whatever you like 3.2 Creating Public Folder Mailbox and Public Folder Migration Script Now you will create Public Folder Mailbox by running the below commands on Exchange Server 2013.
New-Mailbox PublicFolder PFMailbox HoldForMigration:true Database DB01 Figure 38 Figure 39 3.3 Migrate Public Folder from Exchange 2010 to Exchange 2013 New-PublicFolderMigrationRequest -SourceDatabase (Get-PublicFolderDatabase -Server EX01) -CSVData (Get-Content C:\PublicFolderMigration\NameOfTheFileYouExported.csv -Encoding Byte) The.csv file you will be the file which you exported using PulicFolderToMailboxMapGenerator.ps1 script. Figure 40
Now you need to run another command which used to be ran on Exchange 2010 but now I can run it on Exchange 2013 as I am running CU6 on Exchange 2013. Along with it there are 2 more commands which you need to run from Exchange 2013. Note: I ran the below command on Exchange 2010 SP3 RU6 and it failed. Set-OrganizationConfig PublicFolderLockedForMigration:$true If you are looking at the progress you will see its stops just before 100%, this is because you need to "Lock" the source public folder and let the migration complete. WARNINIG this will involve downtime warn your users or do this out of hours. Set-PublicFolderMigrationRequest Identity \PublicFolderMigration -PreventCompletion:$false Resume-PublicFolderMigrationRequest Identity \PublicFolderMigration Figure 41 Next command is to check the status of Migration. You will run the command as you see in above figure. Get-PublicFolderMigrationRequest Get-PublicFolderMigrationRequestStatistics IncludeReport fl After running this command you need me make sure that Status and StatusDetail is AutoSuspended and not Stopped or Paused. Figure 42 Check the status of Public Folder using EAC or Exchange Management Shell Figure 43
Figure 44 Makes sure the contents are migrated to new Exchange Server 2013 and they are accessible. Once all is done and you are sure that all the data is on the new server, than run the final command remove the PublicFolderMigrationRequest. 4. Exchange 2010 Mailbox Migration to Exchange 2013 4.1 Move User Mailbox There are two ways to migrate the mailboxes to Exchange 2013. 1. Using Exchange Admin Center and 2. Using Exchange Management Shell. I am using Exchange Management Shell to migrate the Mailboxes. Under Recipient go to Migration Tab, Click on the down arrow near the + sign and click on Move to different database.
Figure 45 Click on + sign to add the user to move the mailbox. Figure 46 Select the mailboxes you want to migrate to Exchange 2013.
Figure 47 Click on add-> and click on ok.
Type the batch name and select the one option out of 3 of them. I have chosen to go with 1 st option, select the target database and click on next. Figure 48 Select the recipient which will receive the report of migration. Select the batch option as per your requirement and click on new. Figure 49 Click on view details for status of move mailbox.
Figure 50 Figure 51
Figure 52 Next option we are going to see is using.csv file to migrate the user Mailbox. You need to get the email address of current user mailbox to prepare the.csv sheet. Figure 53 Copy the email address which you want to migrate to Exchange 2013 and save it in below format. Figure 54 Figure 55
Figure 56
Figure 57
Figure 58
Figure 59
Figure 60
Figure 61 Now I have moved all my User Mailbox to Exchange Server 2013. Only remaining Mailboxes are Room Mailbox, Equipment and Linked Mailbox. Figure 62
You will migrate those remaining mailboxes the same way. Figure 63 5. Configure Mail Flow on Exchange Server 2013 5.1 Send Connector In co-existence environment mail s flow from Source Hub Transport Server (Exchange 2010) to Target Transport Server (Exchange 2013) and then to Mailbox Server. Again it all depends on your planning and requirement to make these changes. For all incoming email from the internet comes via your Smart Host or DNS. If you are using Smart Host than you will have to change the server from Exchange 2010 to Exchange 2013 in smart host. After making the change on smart host all the incoming emails will hit on Exchange 2013 Once you decided to cut over to Exchange 2013, edit the Send Connector and add Exchange 2013 in Source Server or create new Send Connector and once you decided to decommission the legacy Exchange 2010 remove Exchange 2010 from Send Connector. Figure 64
Figure 65 Figure 66
Figure 67 Note: After you make changes to Send Connector make sure that you restart Transport Service on the server. 5.2 Receive Connector In Exchange 2013 by default Receive Connector is ready to receive emails. Export the list of SMTP Relay IP address from legacy (Exchange 2010) Server using the below command Get-ReceiveConnector -Identity SMTP Relay ft *Remote*
Figure 68 Create new Receive Connector for SMTP Relay. Figure 69 After creating the connector edit the connector and click on Security and make sure Anonymous Users are checked.
Figure 70 To activate Anonymous users to use this connector for relaying, you must issue the following command: Get-ReceiveConnector SMTP Relay Connector Add-ADPermission -User NT AUTHORITY\ANONYMOUS LOGON -ExtendedRights Ms-Exch-SMTP-Accept-Any-Recipient Figure 71 Now add the list of IP address to SMTP Relay Connector of Exchange 2013.
Figure 72 Figure 73 Test the relay with all the application servers and make sure they are working fine. 6. Important Notes 1. Make sure you do regress testing on Public Folder migration. 2. Test Outlook, Outlook Anywhere, Outlook Web App, Active Sync, IMAP and POP. 3. Follow the decommission process of legacy exchange server. 4. Certificate is the most important part of migration. I hope this guide helps you to complete your migration.