Upload
jacob-rice
View
331
Download
10
Tags:
Embed Size (px)
Citation preview
Exchange 2013Transition & MigrationThomas Dehn, Mario Fasciano
Agenda• Deployment Fundamentals• Upgrade and Coexistence• Public Folder Migrations• 3rd Party Migration Tools
Deployment Fundamentals
Exchange Server 2013 Scenarios• Transition
• Update from prior version of Exchange within the same Exchange Organization(IntraOrg, local mailbox moves)
• Migration• Migration from any Exchange Organization to another Exchange 2013
Organization (InterOrg, cross forest mailbox moves)• Migration from e.g. Lotus Notes, Novell GroupWise or any other mail
platform to Exchange 2013• Office 365 (remote mailbox moves)
Exchange Server 2013 Prerequisites• Supported coexistence scenarios
• Exchange Server 2010 SP3• Exchange Server 2007 SP3 RU10
• Supported client access methods• Microsoft Outlook:
• Outlook Anywhere only: Outlook 2013, Outlook 2010, Outlook 2007• Outlook for Mac 2011
• Entourage 2008 for Mac, Web Services Edition
Exchange Server 2013 Prerequisites• Active Directory
• Windows Server 2003 forest functional level or higher• At least one Windows 2003 SP2 or later GC/DC in each site• No support for RODC or ROGC
• Namespaces• Contiguous• Non-contiguous• Disjoint• Single label domain http://support.microsoft.com/gp/gp_namespace_master for details
Exchange Server 2013 Prerequisites• Operating System
• Windows Server 2008 R2 SP1 Standard or Enterprise• Windows Server 2012 Standard or Datacenter
• Other Components• IIS and OS components• .NET Framework 4.5• Windows Management Framework 3.0• Unified Communications Managed API (UCMA) 4.0
Exchange Server 2013• RTM as of 10/11/12 (15.000.516.32)
• http://aka.ms/E15RTM
• GA as of 12/3/12• http://aka.ms/E15GA
• Downloadable WW• http://aka.ms/E15DL
• Service GA as of 2/27/13• http://aka.ms/ServiceGA
• CU1 released on 4/2/13 (15.00.0620.029)• http://aka.ms/E15RTMCU1
• CU2 released on 7/29/13 (15.00.0712.024)• http://aka.ms/E15RTMCU2
dsquery * "CN=ms-Exch-Schema-Version-Pt,CN=Schema,CN=Configuration,DC=contoso,DC=com“-scope base -attr rangeUpper
Exchange Server Schema Version 1/2http://support.microsoft.com/kb/556086 • GUI
• Shell
Exchange Server Schema Version 2/2Exchange Server version Forest "rangeUpper" attribute of ms-Exch-Schema-
Version-PtExchange 2000 Server RTM 4397Exchange 2000 Server SP3 4406Exchange Server 2003 RTM 6870Exchange Server 2003 SP1 6870Exchange Server 2003 SP2 6870Exchange Server 2007 RTM 10637Exchange Server 2007 SP1 11116Exchange Server 2007 SP2 14622 Exchange Server 2007 SP3 14625Exchange Server 2010 RTM 14622ExchangeServer 2010 SP1 14726Exchange Server 2010 SP2 14732Exchange Server 2010 SP3 14734Exchange Server 2013 15137Exchange Server 2013 CU1 15254Exchange Server 2013 CU2 15281
Servicing Exchange 2013• Security Updates
• Security updates will be delivered via independent packages that can be applied to a previously released CU or installed during the upgrade to the current CU
• Cumulative Updates (CU’s)• Routine product updates will be distributed via quarterly (CU’s)• The version of Exchange shipped to on-premises customers in each CU
will be the same version we use to host Exchange Online in Office 365• A CU is serviced for a period of 3 months after the release date of next
CU
• Service Packs• Periodic service pack releases rolling up CU’s and new features
Cumulative Updates• Benefits of new model
• Predictable release cadence (4x a year)• Dedicated security releases• Improved support for hybrid deployments
• Differences between CUs and RUs• Larger update packages• Loss of server customization• Installation failure recovery• Server version number will be updated with CU install
• At least CU1 required for coexistence with Exchange 2010/2007
Upgrade & Coexistence
Functional Layering
AuthN, Proxy, Re-direct
Protocols, API,
Biz-logic
Assistants, Store, CI
Exchange 2010Architecture
AuthN, Proxy, Re-direct
Store, CI
Protocols, Assistants,
API, Biz-logic
Exchange 2013Architecture
Client Access
Mailbox
Client AccessHub Transport,
Unified Messaging
Mailbox
HardwareLoad Balancer
L4 LB
L7 LB
Upgrade from Exchange 2010 to Exchange 2013
SP3
E2010 CAS
E2010 HUB
E2010 MBX
Clients
Internet facing site – Upgrade first
autodiscover.contoso.commail.contoso.com
Intranet site
Exchange 2010 Servers
SP3
1. Prepare
Install Exchange 2010 SP3 across the ORG
Validate existing Client Access using MCA and ExRCA and built-in Test cmdlets
Prepare AD with E2013 schema
4. Switch primary namespace to Exchange 2013 CAS
E2013 fields all traffic, including traffic from Exchange 2010 users
Validate using MCA and ExRCA5. Move Mailboxes
Build out DAG
Move E2010 users to E2013 MBX
6. Repeat for additional sites
2. Deploy Exchange 2013 servers
Install both E2013 MBX and CAS servers
SP3SP3
E2013 CAS
E2013MBX
3. Obtain and Deploy CertificatesObtain and deploy certificates on E2013 Client Access Servers
1 24
3
5 6
Upgrade from Exchange 2007 to Exchange 2013
RU
E2007 SP3 CAS
E2007 SP3 HUB
E2007 SP3 MBX
Clients
Internet facing site – Upgrade first
autodiscover.contoso.commail.contoso.com
Intranet site
Exchange 2007 SP3 Servers
RU
1. Prepare
Install Exchange 2007 SP3 + RU across the ORG
Prepare AD with E2013 schema and validate
5. Switch primary namespace to Exchange 2013 CAS
Validate using MCA and ExRCA6. Move Mailboxes
Build out DAG
Move E2007 users to E2013 MBX
7. Repeat for additional sites
2. Deploy Exchange 2013 servers
Install both E2013 MBX and CAS servers
RU
RU
E2013 CAS
E2013MBX
3. Create Legacy namespaceCreate DNS record to point to legacy E2007 CAS
4. Obtain and Deploy CertificatesObtain and deploy certificates on E2013 Client Access Servers configured with legacy namespace, E2013 namespace and Autodiscover namespaceDeploy certificates on Exchange 2007 CAS
legacy.contoso.com3
1 2 5
4
6 7
Upgrade to Exchange Server 2013
SP/RU
E2010 or 2007CAS
E2010 or 2007 HUB
E2010 or 2007 MBX
Clients
Internet facing site – Upgrade first
autodiscover.contoso.commail.contoso.com
Intranet site
Exchange 2010 or 2007 Servers
SP/RU
1. Prepare
Install Exchange SP and/or updates across the ORG
Prepare AD with E2013 schema and validate
5. Switch primary namespace to Exchange 2013 CAS6. Move Mailboxes
7. Repeat for additional sites
3. Create Legacy namespace
4. Obtain and Deploy Certificates
1 2. Deploy Exchange 2013 servers
Prepare for Exchange Server 2013• Install coexistence update on all existing
Exchange servers• For Exchange 2010, this would be SP3• For Exchange 2007, this would be SP3 RU10
• Prepare Active Directory with Exchange 2013 schema extensions
• Validate existing client access• Microsoft Connectivity Analyzer -
https://testconnectivity.microsoft.com/?tabid=client• Remote Connectivity Analyzer - http://www.exrca.com • Built-in Test cmdlets
Upgrade to Exchange Server 2013
SP/RU
E2010 or 2007CAS
E2010 or 2007 HUB
E2010 or 2007 MBX
Clients
Internet facing site – Upgrade first
autodiscover.contoso.commail.contoso.com
Intranet site
Exchange 2010 or 2007 Servers
SP/RU
1. Prepare
Install Exchange SP and/or updates across the ORG
Prepare AD with E2013 schema and validate
5. Switch primary namespace to Exchange 2013 CAS6. Move Mailboxes
7. Repeat for additional sites
2. Deploy Exchange 2013 servers
Install both E2013 MBX and CAS servers
E2013 CAS
E2013MBX
3. Create Legacy namespace
4. Obtain and Deploy Certificates
2 2. Deploy Exchange 2013 CU1 servers
Install both E2013 MBX and CAS servers
Exchange Server 2013 Setup
Setup.exe /mode:install /roles:clientaccess
Setup.exe /mode:install /roles:mailbox
Setup.exe /mode:install /roles:ManagementTools /IAcceptExchangeServerLicenseTerms
Install both MBX and CAS ServersMBX performs PowerShell commandsCAS is proxy only
Exchange 2013 SetupGUI or command lineNo in-place upgrade
New ParameterLicense terms acceptance
Upgrade to Exchange Server 2013
E2010 or 2007CAS
E2010 or 2007 HUB
E2010 or 2007 MBX
Clients
Internet facing site – Upgrade first
autodiscover.contoso.commail.contoso.com
Intranet site
Exchange 2010 or 2007 Servers
1. Prepare
Install Exchange SP and/or updates across the ORG
Prepare AD with E2013 schema and validate
5. Switch primary namespace to Exchange 2013 CAS6. Move Mailboxes
7. Repeat for additional sites
2. Deploy Exchange 2013 servers
Install both E2013 MBX and CAS servers
E2013 CAS
E2013MBX
4. Obtain and Deploy Certificates
legacy.contoso.com3
3. Create Legacy namespace
SP/RU
SP/RU
Create Legacy Namespace• Required for Exchange 2007 coexistence
only
• Create DNS record in internal and external DNS for legacy namespace
• Validate legacy namespace using MCA, ExRCA and built-in Test cmdlets
Remote Connectivity Analyzer
Remote Connectivity Analyzer
Upgrade to Exchange Server 2013
E2010 or 2007CAS
E2010 or 2007 HUB
E2010 or 2007 MBX
Clients
Internet facing site – Upgrade first
autodiscover.contoso.commail.contoso.com
Intranet site
Exchange 2010 or 2007 Servers
1. Prepare
Install Exchange SP and/or updates across the ORG
Prepare AD with E2013 schema and validate
5. Switch primary namespace to Exchange 2013 CAS6. Move Mailboxes
7. Repeat for additional sites
2. Deploy Exchange 2013 servers
Install both E2013 MBX and CAS servers
E2013 CAS
E2013MBX
4. Obtain and Deploy CertificatesObtain and deploy certificates on E2013 Client Access Servers configured with legacy namespace, E2013 namespace and autodiscover namespaceDeploy certificates on Exchange 2007 CAS
legacy.contoso.com
43. Create Legacy namespace
SP/RU
SP/RU
Certificates• Best Practices
• Minimize the number of certificates• Minimize number of hostnames
• Use split DNS for Exchange hostnames• Don’t list machine hostnames in certificate hostname list
• Use Subject Alternative Name (SAN) certificate
• End-to-End certificate wizard in the EAC• EAC notifies you when a certificates is
about to expire• 1st notification shown 30 days prior to expiration• Subsequent notifications provided daily
Upgrade to Exchange Server 2013
E2010 or 2007CAS
E2010 or 2007 HUB
E2010 or 2007 MBX
Clients
Internet facing site – Upgrade first
autodiscover.contoso.commail.contoso.com
Intranet site
Exchange 2010 or 2007 Servers
1. Prepare
Install Exchange SP and/or updates across the ORG
Prepare AD with E2013 schema and validate
5. Switch primary namespace to Exchange 2013 CAS
Validate using MCA, ExRCA and Test cmdlets6. Move Mailboxes
7. Repeat for additional sites
2. Deploy Exchange 2013 servers
Install both E2013 MBX and CAS servers
E2013 CAS
E2013MBX
4. Obtain and Deploy CertificatesObtain and deploy certificates on E2013 Client Access Servers configured with legacy namespace, E2013 namespace and Autodiscover namespaceDeploy certificates on Exchange 2007 CAS
legacy.contoso.com
3. Create Legacy namespace
SP/RU
SP/RU
5
Switch Primary Namespace• Validate legacy namespace creation• Configure Load balancing
• Legacy namespace is separate VIP with Layer 7 load balancer• Configure AutoDiscoverServiceInternalUri on Exchange 2013 CAS to LB
FQDN• Configure AutoDiscoverSiteScope
• Update publishing rules for legacy namespace• Use MCA and ExRCA to test access externally and internally
• Update DNS• Mail and Autodiscover namespaces should point to CAS 2013
Layer 4 LBLayer 7
LB
mail.contoso.com
HTTPPROXY
RPC/HTTP
Clients
E2007/E2010 MBX
Internet-facing site
RPC/HTTP
Intranet-facing site
E2007/E2010 MBX
OA Enabled OA EnabledClient SettingsIIS Auth: NTLM
E2007/E2010 CAS OA
Client SettingsIIS Auth:
E2007/E2010 CAS
HTTPPROXY
3. Client settings
Make legacy OA settings the same as 2013 CAS so all clients get the same proxy hostname
1. Enable Outlook Anywhere on all legacy CAS2. IIS authentication methods
IIS Auth must have NTLM enabled on all legacy CAS
RPC
Client Auth: BasicIIS Auth: Basic
NTLM
E2013 CU1 CAS
E2013 CU1 MBX
RPCRPC
DisabledEnabled
NTLM
4. DNS cutoverA low TTL on the existing
record the days prior to the cutover is a good idea.
Switching OA to CAS 2013
Upgrade to Exchange Server 2013
E2010 or 2007CAS
E2010 or 2007 HUB
E2010 or 2007 MBX
Clients
Internet facing site – Upgrade first
autodiscover.contoso.commail.contoso.com
Intranet site
Exchange 2010 or 2007 Servers
1. Prepare
Install Exchange SP and/or updates across the ORG
Prepare AD with E2013 schema and validate
5. Switch primary namespace to Exchange 2013 CAS
Validate using MCA, ExRCA and Test cmdlets6. Move Mailboxes
Build out DAG
Move users to E2013 MBX
7. Repeat for additional sites
2. Deploy Exchange 2013 servers
Install both E2013 MBX and CAS servers
E2013 CAS
E2013MBX
4. Obtain and Deploy CertificatesObtain and deploy certificates on E2013 Client Access Servers configured with legacy namespace, E2013 namespace and Autodiscover namespaceDeploy certificates on Exchange 2007 CAS
legacy.contoso.com
3. Create Legacy namespace
SP/RU
SP/RU
6
Moving Mailboxes• New Migration Service
• Provides functionality to orchestrate moves such as batch management• Provides migration reporting• Provides retry semantics
• New cmdlets • New-MigrationBatch• Get-MigrationUserStatistics
• Also available from EAC
Management Tools for Coexistence• Use the Exchange Administration Center
(EAC) to:• Manage Exchange 2013 mailboxes• View and update Exchange 2010/2007 mailboxes and properties (with
a few limitations)
• Use Exchange Management Console (EMC) to:• Create mailboxes• Perform new operations on those versions
Public Folder Migrations
Modern Public Folders• Database-centered architecture replaced by
mailbox• Existing public folders can be migrated to Exchange 2013• End user experience doesn’t change (Outlook 2007 and newer)• Public folder replication is removed
• Migrate Public Folder users before Public Folders• Exchange 2013 users can access Exchange 2010/2007 Public Folders• Exchange 2010/2007 users cannot access Exchange 2013 Public
Folders• Migration of Public Folders is a cut-over migration• Similar to online mailbox moves
Comparing Legacy vs. Modern Public Folders Legacy Public Folders Modern Public Folders
Content storage Public Folder database Public Folder mailbox
Public Folder content replication Can be replicated between databases
Replication is not possible
High availability PF replication DAG
PF Hierarchy storage One per PF database, multi-master
Per PF mailbox, one master only
PF Hierarchy synchronization Based on e-mail Direct mailbox sync
Search Items only Items and attachments (full-text)
Public Folder permission management
Access Control Lists (ACLs) Role-based Access Control (RBAC)
Public Folder Client permissions Access Control Lists (ACLs) Access Control Lists (ACLs)
Admin Platform PF Management Console + EMS EAC + EMS
Outlook client support Any Outlook version Outlook 2007 - 2013
OWA support OWA 2007, OWA 2010 OWA 2013
Exchange Server support Exchange 2010 or earlier Exchange 2013
2. Analyze
Take snapshot of existing PF folder structure, statistics and permissions
Map PF folders to PF mailboxes
Public folder migration
Outlook clients
1. Prepare
Install Exchange SP and/or updates across the ORG
Migrate all users that require access to Exchange 2013
Verify PF health (replication, mail flow, etc.)
4. Begin migration request
Clients continue to access and create new data during copyAfter copy is complete migration request status is AutoSuspended5. Finalize migration request
Update snapshot of existing PF folder structure, statistics and permissions
Lock source, clients logged off, final sync occurs
3. Create new public folder mailboxesSet to HoldForMigration Mode, mailboxes invisible to clients
1 2
4
6
MBX MBX
6. Validate
Check and verify destination folders
PF dbase 2
PF dbase 3
E2007 SP3 or E2010
PF
Exchange 2013 CU1
PF mbx 1
PF mbx 2
MBX5
PF dbase 1
PFs
PF mbx 3
3
RU10
SP3
from Exchange 2007 or Exchange 2010 Public Folders
Step 1: Prepare & Analyze (1/2)Prepare
Cleanup any Public Folder that includes a Backslash (“\”) in the nameCleanup any Public Folder that is larger than 25 GB (recommendation)Download Microsoft Exchange 2013 Public Folder Migration Scripts http://www.microsoft.com/en-us/download/details.aspx?id=38407
Analyze (optional)Get-PublicFolder -Recurse –Resultsize unlimited | Export-CSV C:\PFMigration\PFStructure.csvGet-PublicFolder -Recurse | Get-PublicFolderStatistics | Export-CSV C:\PFMigration\PFStatistics.csvGet-PublicFolder -GetChildren | Get-PublicFolderClientPermission | Select-Object Identity,User -ExpandProperty AccessRights | Export-CSV C:\PFMigration\PFPerms.csv
Step 1: Prepare & Analyze (2/2)Run Public Folder Migration Scripts1. Export-PublicFolderStatistics.ps1
<map.csv> <Public Folder server>
2. PublicFolderToMailboxMapGenerator.ps1<maxPFmbxsize> <map.csv> <PFtoMbx.csv>
3. Output example:
Step 2: Create public folder mailboxesCreate required Public Folder mailboxes
Amount of mailboxes is defined in PFtoMBX matching fileFirst public folder mailbox must be in HoldForMigration modeCreate at least one public folder mailbox per 2.000 mailbox users
CMDlets to create PF mailboxes:First: New-Mailbox -PublicFolder “Mailbox1” -HoldForMigration:$true -IsExcludedFromServingHiearchy:$trueAll others:New-Mailbox -PublicFolder “MailboxXX” -IsExcludedFromServingHiearchy:$true
Configure Quotas on PF mailboxesOn-premises: 2 GB default, 25 GB recommended, 100 GB maximumOnline: 25 GB configured / maximum
Step 3: Begin migrationCreate PF migration request(s)New-PublicFolderMigrationRequest -SourceDatabase (Get-PublicFolderDatabase -Server <Source server>) -CSVData (Get-Content <map file.csv> -Encoding Byte) -BadItemLimit $BadItemLimitCount
Verify PF migration requestGet-PublicFolderMigrationRequest | Get-PublicFolderMigrationRequestStatistics -IncludeReport | fl
Verify that Migration Request will stop by 95%
Regularly run the following cmdlet:Resume-PublicFolderMigrationRequest \PublicFolderMigration
Step 4: Finalize Migration RequestLock out users from legacy Public Folders:Set-OrganizationConfig -PublicFoldersLockedForMigration:$true (Legacy Public Folders will be locked – wait until replicated to all databases!)
Complete PF Migration Request and restart sync:Set-PublicFolderMigrationRequest \PublicFolderMigration -PreventCompletion:$false Resume-PublicFolderMigrationRequest \PublicFolderMigration Get-PublicFolderMigrationRequestStatistics \PublicFolderMigration –IncludeReport |fl
Issue: Run: Set-OrganizationConfig -PublicFoldersLockedForMigration:$true (+ restart MSExchangeIS)
Resume-PublicFolderMigrationRequest again until request is 100% completed!
Step 5: Finalize Public Folder migrationVerify Modern Public Folders
Set-Mailbox <Mailbox> –DefaultPublicFolderMailbox Mailbox1Use Outlook or OWA to verify Public Folders
Allow general Access to Modern Public Folders
Get-Mailbox -PublicFolder | Set-Mailbox -PublicFolder -IsExcludedFromServingHierarchy $false
Run on legacy server:Set-OrganizationConfig -PublicFolderMigrationComplete:$true(Allows e-mail delivery to Modern Public Folders)
Remove Legacy Public Folder DatabasesDon’t remove them too quickly, otherwise you cannot roll-back anymore!
Roll-back to legacy Public FoldersRun on Exchange server (on-prem):
Set-OrganizationConfig –PublicFoldersLockedForMigration:$falseSet-OrganizationConfig –PublicFolderMigrationComplete:$false(Restart Microsoft Exchange Information Store service to speed up access)
Remove Public Folder Mailboxes (option)
Key considerationMay loose new content when users already were working in Modern Public Folders
Summary
Summary• Updates are required for coexistence• Exchange 2007 requires a legacy
namespace • Certificate management is improved• Public Folder migration is cutover process
3rd Party Migration Tools
Exchange, InterOrg or IntraOrg migration• Exchange out of the box (local or remote
move)• Local IntraOrg (Transition)• Remote InterOrg (Migration)
• Quest Migraton Manager Suite• Mainly InterOrg scenarios with complex coexistence requirements
• Other 3rd Party
Migration Tools, Microsoft vs. Quest - I• Use Microsoft cross forest MBX move
• Involved Exchange Orgs need to be prepared first (e.g. migration accounts, MRS Proxy, MaxConnection)
• Prepare mailbox move• mail enabled user need to exist (ADMT, ILM, …)• matching attributes synchronization with Prepare-MoveRequest.ps1
(e.g. email addresses, GAL data, LegacyExchangeDN as a new X500 address, …)
• Use New-MoveRequest and New-MigrationBatch cmdlets for mailbox moves
• Pre-migration of mailbox content is possible.• Email address space sharing (mailrouting needs to be implemented
manually)
Migration Tools, Microsoft vs. Quest - II• Use Microsoft cross forest MBX move
• Free/Busy (manually)• Calender-Sharing (No)• PublicFolder content (manualy via PST import)• PublicFolder permission (No)• Mailbox permission for Folder and Deputy-Delegation (No)• Profilechange (script or ExProfRe)• OST (rebuilt new)• Administration (script and different tools needed)• WAN Optimizing (none, high bandwidth)• migration time (A few days / week)• Adjustment (Medium / High, Own scripts)• Monitoring and Reporting (manualy, no out-of-the-box)
Migration Tools, Microsoft vs. Quest - I• Use Quest Migration Manager for Exchange
• Migration (step-by-step with replication)• Migration of distribution lists (continuously dirsync)• Exchange email addresses (continuously dirsync with delta update, and
more)• Mailbox creation (automatically)• LegacyExchangeDN as an X500 address (automatically)• Forwarding (yes via targetaddress)• Mailboxdata (Gradual migration through Replilcation the source data
into the target)• Free/Busy (PF, EWS through calender sync agent)• Calender-Sharing (fully possible)
Migration Tools, Microsoft vs. Quest - II• Use Quest Migration Manager for Exchange
• PublicFolder content (possible)• PublicFolder permission (possible)• Mailbox permission for Folder and Deputy-Delegation (possible)• Profilechange (Quest Client Profile Updating Utility via flag)• OST (con be take over)• Administration (one MMC)• WAN Optimizing (replication can be scheduled)• migration time (long coexistence possible)• Adjustment (low)• Monitoring and Reporting (Report Server, eventlog, text files)
Questions?
Track resourcesExchange Team Blog:
http://blogs.technet.com/b/exchange/
Twitter:Follow @MSFTExchange Join the conversation, use #IamMEC
Check out: Microsoft Exchange Conference 2014: www.iammec.com Office 365 FastTrack: http://fasttrack.office.com//Technical Training with Ignite: http://ignite.office.com/