Saturday, 24 November 2012

Decommissioning Exchange 2003 in a 2010 Environment - Walkthrough Guide

Scenario: Commonly with Exchange 2003 to 2010 migrations, an Exchange Consultant will come in and set up the environment for coexistence, set off public folder replication, and show the customer how to migrate mailboxes; then a time later when mailboxes have been moved across – and ideally the Exchange 2003 servers have been left shutdown for at least 2 days but ideally 2 weeks to be sure nothing is still using them – an Exchange Consultant will come back in (not always the same one hence the checks in this guide) and perform the final decommissioning steps.

Part A: Exchange 2003 to Exchange 2010 Coexistence Crib Sheet

So as not to have missed any critical steps, below is a quick step by step guide of how to setup coexistence (essentially using an example of a CA, HT, and MB role Exchange 2010 server with single Exchange 2003 server – but the theory is applicable to larger Exchange deployments too)!

1. Suppress Link State Updates on Exchange 2003 Server
1.1) Add “SuppressStateChanges” value = 1 (regedit)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RESvc\Parameters
New DWORD = “SuppressStateChanges”
Value = 1
1.2) Restart SMTP, MSExchange Routing Engine, MSExchange MTA Stack (command prompt)
> net stop SMTPSVC
> net start SMTPSVC
> net stop RESvc
> net start RESvc
> net stop MSExchangeMTA
> net start MSExchangeMTA

2. Install Pre-requisites for Exchange 2010 on Windows 2008R2
2.1) Install Microsoft Office Filter Packs for Office 2007 and Office 2010
2.2) Administrator: Windows PowerShell:
> Import-Module ServerManager
> Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart
2.3) Administrator: Windows PowerShell (after restart in 2):
> Set-Service NetTcpPortSharing -StartupType Automatic


3. Installing Exchange 2010 CA, HT, MB Server
3.1) Administrator: Windows PowerShell (with Exchange 2010 Media):
> d:
> .\setup.com /pl
> .\setup.com /ps
3.2) Administrator: Command Prompt (with Exchange 2010 Media):
> d:
> setup.com /mode:Install /roles:CA,HT,MB /EnableLegacyOutlook /LegacyRoutingServer:Exchange2003.exchange.com /ExternalCASServerDomain:mail.exchange.com
3.3) Reboot!

4. Exchange 2010 Configuration After Initial Install
4.1) Enter the Product Key (via EMS):
> Get-ExchangeServer
> Set-ExchangeServer -Identity ExServer01 -ProductKey xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
> restart-service MSExchangeIS
4.2) Register Filter Pack IFilters with Exchange 2010 (in regedit or using RegisterMicrosoftFilterPack.ps1 in PowerShell or EMS as below):
> .\RegisterMicrosoftFilterPack.ps1
> Stop-Service msftesql-Exchange -Force; Start-Service MSExchangeSearch

5. Configure Exchange 2010 Hub Transport Server Role
5.1) Configure Receive Connector (via EMC > Server Configuration > Hub Transport > Default SERVERNAME) to allow Anonymous users
5.2) Configure Send Connector (via EMS):
> New-SendConnector -Name "Internet Connector" -Usage Custom -AddressSpace "*;5" -DNSRoutingEnabled $True -MaxMessageSize 20MB
5.3) Configure Firewall Rules to allow outbound/inbound SMTP communication from HT server

6. Configure Exchange 2010 Client Access Server Role
6.1) Configure Outlook Web App (via EMS):
> Set-OwaVirtualDirectory -Identity "EXCHANGE2010\owa (Default Web Site)" -ExternalUrl "https://mail.exchange.com/owa" -InternalUrl "https://exchange2010.exchange.com/owa"
6.2) (Optional) Enable additional logon methods (via EMS) for example if you are publishing OWA through ISA or TMG 2010:
> Set-OwaVirtualDirectory -Identity "EXCHANGE2010\owa (Default Web Site)” -BasicAuthentication:$True -WindowsAuthentication:$True
6.3) Configure Exchange Control Panel (ECP) (via EMS):
> Set-EcpVirtualDirectory -Identity "EXCHANGE2010\ecp (Default Web Site)" -ExternalUrl "https://mail.exchange.com/ecp" -InternalUrl "https://exchange2010.exchange.com/ecp"
6.4) (Optional with 6.2) Change authentication settings on ECP virtual directory (via EMS):
> Set-EcpVirtualDirectory -Identity "EXCHANGE2010\ecp (Default Web Site)” -BasicAuthentication:$True -WindowsAuthentication:$True
6.4) Configure Microsoft Exchange ActiveSync (via EMS):
> Set-ActiveSyncVirtualDirectory -Identity "EXCHANGE2010\Microsoft-Server-ActiveSync (Default Web Site)" -InternalUrl "https://exchange2010.exchange.com/Microsoft-Server-ActiveSync" –ExternalUrl “https://mail.exchange.com/Microsoft-Server-ActiveSync”
6.5) Configure Offline Address Book Distribution (via EMS):
> Set-OabVirtualDirectory -Identity "EXCHANGE2010\OAB (Default Web Site)" -PollInterval 720 -InternalUrl "http://exchange2010.exchange.com/OAB" -ExternalUrl "https://mail.exchange.com/OAB"
6.6) Configure Outlook Anywhere (via EMS):
> Enable-OutlookAnywhere -Server 'EXCHANGE2010' -ExternalHostname 'anywhere.exchange.com' -DefaultAuthenticationMethod 'Basic' -SSLOffloading $false
6.7) Request, Download and Configure a SAN/WildCard SSL Certificate (for example a PKCS#12 auto-csr)

7. Configure Exchange 2010 Mailbox Server Role
7.1) Move the Exchange 2010 Database and Logs Locations (via EMS):
> Get-MailboxDatabase
> Move-DatabasePath -Identity 'Mailbox Database 0269743206' -EdbFilePath 'M:\Mailbox Database 0269743206\Mailbox Database 0269743206.edb' -LogFolderPath 'L:\Mailbox Database 0269743206\Logs'
7.2) Restart IIS and Exchange Information Store Service (via EMS):
> IISReset
> Net Stop MSExchangeIS
> Net Start MSExchangeIS

Part B: Moving Settings and Data to Exchange 2010

8. Moving Settings and Data to Exchange 2010
8.1) Move Mailboxes via EMC > Recipient Configuration > Mailbox > New Local Move Request
8.2) Move Public Folders (via EMS):
> cd “C:\Program Files\Microsoft\Exchange Server\V14\Scripts”
> .\AddReplicaToPFRecursive.ps1 -TopPublicFolder "\" -ServerToAdd "exchange2010"
Note: if there is a desire not to replicate the entire root “\”, then the “\” above can be changed to the desired top-level folder and the additional command must be run
> .\AddReplicaToPFRecursive.ps1 -TopPublicFolder "\NON_IPM_SUBTREE\" -ServerToAdd “exchange2010
> Update-PublicFolderHierarchy –server “exchange2010
Note: it is fine to re-run the above commands if required!
(Wait 24-48 hours depending on source PF database!)
> .\MoveAllReplicas.ps1 -Server "Exchange2003" -NewServer "Exchange2010"
Note: the above will remove replicas from the Exchange 2003 server

9. Move Organization Settings
9.1) Move OAB Generation Server (via EMS):
> Move-OfflineAddressBook -Identity '\Default Offline Address List' -Server 'EXCHANGE2010'
9.2) Update Address Lists (via EMS):
> Set-AddressList “All Users” –IncludedRecipients MailboxUsers
> Set-AddressList “All Groups” –IncludedRecipients MailGroups
> Set-AddressList “All Contacts” –IncludedRecipients MailContacts
> Set-AddressList “Public Folders” –RecipientFilter { RecipientType –eq ‘PublicFolder’ }
> Set-GlobalAddressList “Default Global Address List” –RecipientFilter {(Alias –ne $null –and (ObjectClass –eq ‘user’ –or ObjectClass –eq ‘contact’ –or ObjectClass –eq ‘msExchSystemMailbox’ –or ObjectClass –eq ‘msExchDynamicDistributionList’ –or ObjectClass –eq ‘group’ –or ObjectClass –eq ‘publicFolder’))}
9.3) Upgrade Email Address Policies (via EMS):
> Set-EmailAddressPolicy "Default Policy" -IncludedRecipients AllRecipients
To upgrade a custom Email Address Policy
> Set-EmailAddressPolicy -Identity "South" -ConditionalStateorProvince "Hampshire","Kent"

Part C: Decomissioning Exchange Server 2003
This is the point of no return – you will want to check all the items above are done.

10 Decommissioning Exchange Server 2003
10.1) Check mailboxes have been moved across!
10.2) Check public folders replicas have been moved across!
> Get-PublicFolder -Identity \ -Recurse | FL Name,Replicas
> Get-PublicFolder -recurse \non_ipm_subtree |fl name, replicas
> Get-PublicFolderStatistics
10.3) Re-run the commands in 9 to verify they have been run (they will just error if they have already been run)!
10.4) Shut down Exchange 2003 for 2 days to 2 weeks (ideal) to be sure nothing is still using it!
10.5) Remove Exchange 2003 Mailbox Databases via ESM

Fig. 10.5.1: Delete Mailbox Store

10.6) Remove Exchange 2003 Public Folder Database via ESM
When you come to delete the public folder store, you will receive the error below, just click OK, select the new Exchange 2010 Public Folder database and click OK again.

Fig. 10.6.1: Warning when delete Public Folder Store

10.7) Remove Routing Group Connect (via EMS):
> Get-RoutingGroupConnector | Remove-routingGroupConnector -confirm:$false

Fig. 10.7.1: ESM Connectors – the 2003 to 2010 connector is removed by the above command

10.8) Remove Recipient Update Service on Exchange 2003 server using ADSIEDIT.msc (available with Windows Support Tools):
-Configuration
- CN=Configuration,DC=ace,DC=priv
-  CN=Services
-   CN=Microsoft Exchange
-    CN=First Organization
-     CN=Address Lists Container
-      CN=Recipient Update Services
Delete the Domain RUS and Enterprise RUS and then close ADSIEDIT.

Fig. 10.8.1: Domain RUS and Enterprise RUS to be deleted

10.9) Uninstall Exchange Server 2003 (this will need the Exchange 2003 Install Media)
> d:
> cd \setup\i386
> setup
Within the Microsoft Exchange Installation Wizard, change the action to ‘Remove’ and follow the prompts to remove Exchange Server 2003!

Fig. 10.9.1: Microsoft Exchange 2003 Installation Wizard – Remove

10.10) Restart the Exchange 2003 Server

THE END!

Further Reading and Credits

Credit to Milind Naphade’s for his excellent PDF document “Rapid transition guide from Exchange 2003 to Exchange 2010”

1 comment:

  1. Hi ,

    This is Denny, the creator of this free automated employee
    provisioning/termination app-- Z-hire. I wrote this app for the TechNet community a year ago.

    Since you run a very informative blog, I would like your help
    spread the word. Since my application is free, i need supporters from the
    community. It would means a lot if you can help.

    Here is a link to my app
    http://gallery.technet.microsoft.com/Z-Hire-Employee-Provisionin-e4854d6b


    Thanks
    Denny

    ReplyDelete