Exchange 2010 Deployment Guide

Published on June 2016 | Categories: Documents | Downloads: 63 | Comments: 0 | Views: 1101
of 35
Download PDF   Embed   Report

Comments

Content

Contents
Navigate your checklist .................................................................................................................... 3 Confirm prerequisite steps are done ............................................................................................... 4 Install the Client Access server role ................................................................................................ 5 Add digital certificates on the Client Access server ......................................................................... 9 Enable Exchange 2010 Outlook Anywhere ................................................................................... 14 Configure OAB and Web Services virtual directories .................................................................... 15 Configure settings on virtual directories ........................................................................................ 16 Install the Hub Transport server role ............................................................................................. 17 Configure Exchange ActiveSync authentication ............................................................................ 21 Configure a legacy host name ....................................................................................................... 22 Install the Mailbox server role ........................................................................................................ 23 Change the OAB generation server .............................................................................................. 27 Create Send connectors ................................................................................................................ 28 Move mailboxes to Exchange 2010............................................................................................... 30 Move public folder data to Exchange 2010 ................................................................................... 31 Post-installation tasks .................................................................................................................... 32 Checklist complete......................................................................................................................... 34

Navigate your checklist
Now that we’ve asked you a few questions about your environment, it’s time to review how to use your Exchange 2010 Deployment Checklist.

How can I see my answers to the environment questions?
That's easy. There are two ways: Click the left arrow at the bottom of this page or, click Review your answers at the top of the left pane. Then you can see a summary of how you answered the questions.

How can I change my answers?
Go to the Review your answers page. Right after the summary of your responses, you'll see where you can click to make changes. You can also click Start Over at the top of any page. When you change your answers, you'll get a whole new checklist that's tailored to those answers.

How can I move through the checklist?
You can browse the checklist by clicking a step in the left pane or by using the right and left arrow buttons. While you can browse in any order you want, you do need to complete the steps in the order shown. If you try to jump ahead and complete a step, you'll find that you won't be able to mark the step as complete. That's because the previous steps were skipped.

What do I do when I finish a step?
Pat yourself on the back! Then, you can either click the check box to the left of the step or the check box icon at the bottom of the screen. Then, you can move on to the next step. The progress bar will change as you mark steps complete so you can easily track your progress.

What if I get interrupted?
You can exit the Exchange Deployment Assistant at any time and return to the same computer later to continue. Please be aware that if you access the Deployment Assistant from a different computer, progress from your session on the original computer is not available.

Can I print this stuff?
Yes! See the Print | Send | Download Checklist icons at the top of this page? They're on every page of the checklist. You can print the step you're working on, and you can even download the

3

entire checklist. Also, if you'd like to send mail to someone about a step, click Send. A link to the step is automatically included in the mail.

Confirm prerequisite steps are done
Before you go any further with the Exchange Deployment Assistant, make sure that your organization's operating system, hardware, software, clients, and other elements meet the requirements for Exchange 2010. If they don't, you won't be able to complete the steps in the Deployment Assistant and you won't be able to deploy Exchange 2010. We recommend that you run the Exchange Pre-Deployment Analyzer (ExPDA) to perform an overall topology readiness scan of your environment. ExPDA provides a detailed report that will alert you if there are any issues within your organization before you install Exchange 2010. If ExPDA reports any warnings or errors, take care of those issues before you proceed any further. To get ExPDA from the Microsoft Download Center, see: Exchange Pre-Deployment Analyzer Learn more at: Understanding Exchange 2003 Upgrade Prerequisites To successfully install Exchange 2010, the following components are required. If you run ExPDA, it will check to make sure your environment has these components.

Directory Servers
 Schema master The latest 32-bit or 64-bit edition of the Windows Server 2003 SP1 Standard or Enterprise operating system or later or the latest 32-bit or 64-bit edition of the Windows Server 2008 Standard or Enterprise operating system or later. Global catalog server In every Active Directory site where you plan to install Exchange 2010, you must have at least one global catalog server that is either the latest 32bit or 64-bit edition of Windows Server 2003 SP1 Standard or Enterprise, the latest 32-bit or 64-bit edition of Windows Server 2008 Standard or Enterprise, or the latest 32-bit or 64-bit edition of Windows Server 2008 R2 Standard or Enterprise. Active Directory Forest The Active Directory forest must be Windows Server 2003 forest functional mode. Domain Controller You must have the latest 32-bit or 64-bit Windows Server 2003 Standard Edition or Enterprise Edition with Service Pack 1 (SP1) operating system or the latest 32-bit or 64-bit edition of the Windows Server 2008 Standard or Enterprise operating system or the Windows Server 2008 R2 Standard or Enterprise operating system or the Windows Server 2008 Datacenter or Windows Server 2008 R2 Datacenter.



 

Operating Systems
  64-bit edition of Windows Server 2008 Standard Service Pack 2 64-bit edition of Windows Server 2008 Enterprise Service Pack 2

4

 

64-bit edition of Windows Server 2008 Standard R2 64-bit edition of Windows Server 2008 Enterprise R2

Operating System Components
  .NET Framework 3.5 SP1 Internet Information Services (IIS)

Windows Management Framework
  Windows PowerShell V2.0 Windows Remote Management V2.0

Install the Client Access server role
The Client Access role is one of five server roles in Exchange 2010. It's also the first server role that must be installed. The Client Access role enables access to mailbox data through a variety of clients, such as Microsoft Office Outlook, Outlook Anywhere, Outlook Web App, POP3, and IMAP4, and it also hosts Exchange Web services, such as the Autodiscover service and the Availability service. Learn more at: Understanding the Client Access Server Role We recommend installing the latest update rollup for Exchange 2010 on all your servers. Although you can install update rollups on a server after Exchange 2010 has been installed, it's also possible and less time-consuming to incorporate the update rollup into the install server installation process. To do this, copy the contents of the Exchange 2010 DVD to the file system, and then copy or move the downloaded update rollup file to the Updates folder in the installation tree. When you perform the procedure below, the update rollup will be installed as part of the initial installation process. To download the latest update rollup for Exchange 2010, visit: Microsoft Download Center Important: <rte:GENL_RPCOutlook> Note: Exchange 2010 uses the Autodiscover service to aid in the configuration of client connections. In particular, Microsoft Office Outlook and some mobile phones use the Autodiscover service to allow users to configure a connection with only their e-mail address and password. Learn more at: Understanding the Autodiscover Service

5

How do I do this?
You'll use the Exchange Server 2010 Setup wizard to install the Client Access role: 1. Insert the Exchange 2010 DVD into the DVD drive. When the AutoPlay dialog appears, click Run Setup.exe under Install or run program. If the AutoPlay dialog doesn't appear, navigate to the root of the DVD and double-click Setup.exe. Alternatively, browse to the location of your Exchange 2010 installation files and double-click Setup.exe. 2. TheExchange Server 2010 Setup welcome screen appears. In the Install section, the software listed for Steps 1 and 2 was installed with the Exchange 2010 prerequisites. However, if these prerequisites aren't already installed, click the appropriate step to install them. 3. When Steps 1 and 2 are listed as Installed, click Step 3 to expand the Exchange language options, and then choose the appropriate option: a. Install all languages from the language bundle This option installs all the Exchange 2010 languages from an Exchange 2010 language bundle. You can connect to the Internet to download the latest applicable language bundle or to use a previously downloaded language bundle on a local drive or network share. Internet connectivity is required for Exchange Setup to download the language pack bundle. b. Install only languages from the DVD This option installs only the languages included with the Setup DVD. The installation of additional languages support requires installing the languages from the language bundle. 4. After Step 3 is complete, click Step 4: Install Microsoft Exchange. 5. On the Introduction page, click Next. 6. On the License Agreement page, review the software license terms. If you agree to the terms, select I accept the terms in the license agreement, and click Next. 7. On the Error Reporting page, select Yes or No to enable the Exchange Error Reporting feature, and click Next. 8. On the Installation Type page, select Custom Exchange Server Installation. For Exchange 2010 SP1, you can select to automatically install all required Windows roles and features for this server. To optionally change the installation path for Exchange 2010, click Browse, locate the appropriate folder in the folder tree, and then click OK. Click Next. 9. On the Server Role Selection page, select the Client Access Role, and click Next. The Management Tools option, which installs the Exchange Management Console and the Exchange Management Shell, will also be selected and installed.

6

10. Use the Configure Client Access Serverexternal domain page to configure an external fully-qualified domain name (FQDN). This is the FQDN that you give to Outlook Web App, Outlook Anywhere, and Exchange ActiveSync users to connect to Exchange 2010. Select the check box, enter your FQDN, and then click Next. 11. On the Customer Experience Improvement Program page, optionally join in the Exchange Customer Experience Improvement Program (CEIP). The CEIP collects anonymous information about how you use Exchange 2010 and any problems that you encounter. To join the CEIP, select Join the Customer Experience Improvement Program, choose the industry that best represents your organization, and then click Next. 12. On the Readiness Checks page, review the Summary to determine if the system and server are ready for the Client Access role to be installed. If all prerequisite checks completed successfully, click Install. If any of the prerequisite checks failed, you must resolve the displayed error before you can proceed with installing the Client Access role. In many cases, you don't need to exit Setup while you're fixing issues. After you resolve an error, click Retry to run the prerequisite check again. Also, be sure to review any warnings that are reported.

7

13. The Progress page displays the progress and elapsed time for each phase of the installation. As each phase ends, it's marked completed and the next phase proceeds. If any errors are encountered, the phase will end as incomplete and unsuccessful. If that happens, you must exit Setup, resolve any errors, and then restart Setup. 14. When all phases have finished, the Completion page displays. Review the results, and verify that each phase completed successfully. Clear the check box for Finalize this installation using the Exchange Management Console, and then click Finish to exit Setup. 15. When you're returned to the Setup welcome screen, click Close. On the Confirm Exit prompt, click Yes. 16. Restart the computer to complete the installation of the Client Access role.

Create a Client Access Server Array
If you're installing multiple Client Access servers in one Active Directory site, you can create a Client Access server array. This is a load-balanced group of Client Access server computers that can be accessed through a single URL. Creating a Client Access array reduces the number of fully qualified domain names (FQDN) you need to have on your certificate, and it allows all users in one Active Directory site to access Exchange 2010 through a single URL. After you've completed the installation of your first Client Access server computer, you can start building your Client Access server array. To create a new Client Access server array, run the following command using the Exchange Management Shell. New-ClientAccessArray -FQDN ClientArray.contoso.com -Site "YourSite" Name "clientarray.contoso.com" There can only be one Client Access array per Active Directory site. After you've created the array, you can manage which Client Access server computers are part of the array through your load balancer configuration. Learn more at: Understanding RPC Client Access If you're unfamiliar with the Shell, learn more at: Overview of Exchange Management Shell

How do I know this worked?
The successful completion of the Exchange Setup wizard will be your first indication that the installation process worked as expected. To further verify that the Client Access server role installed successfully, you can run Get-ExchangeServer <server name> | formatlist in the Exchange Management Shell, which can be launched from the Exchange Server 2010 program group on the Windows Start Menu. This cmdlet outputs a list of the Exchange 2010 server roles that are installed on the specified server. You can also check the Exchange setup log (ExchangeSetup.log), located in <system drive>\ExchangeSetupLogs to verify that the Client Access role was installed as expected.

8

Learn more at: Verify an Exchange 2010 Installation

Add digital certificates on the Client Access server
For secure external access to Exchange, you'll need a digital certificate. This certificate will include an exportable private key in X.509 format (DER encoded binary or Base-64 encoded). We recommend you procure, import, and enable a Subject Alternative Name (SAN) certificate that contains the names for the current namespace, a legacy namespace, and the Autodiscover namespace. The names you need to include in your Exchange certificate are the fully qualified domain names (FQDNs) used by client applications to connect to Exchange. For example, a company named Contoso that uses contoso.com can use just three hostnames for all client connectivity within an Active Directory site:  mail.contoso.com This name can cover nearly all client connections to Exchange, including Microsoft Office Outlook, Outlook Anywhere, offline address book (OAB) downloads (by Outlook), Exchange Web Services (for Outlook 2007 and later, and Entourage 2008), POP3, IMAP4, SMTP (both client and other SMTP server connections), Outlook Web App, the Exchange Control Panel, Exchange ActiveSync, and Unified Messaging. autodiscover.contoso.com This name is used for Autodiscover, which is used by Outlook 2007 and later, Outlook Anywhere, Exchange ActiveSync, Exchange Web Services clients, and Windows Mobile 6.1 and later. legacy.contoso.com This name is used to maintain Internet access to an older version of Exchange while you transition to Exchange 2010. This is necessary during transition because some Exchange services (for example, Outlook Web App, Exchange ActiveSync, and services that send configuration information through Autodiscover) tell clients to connect directly with the old Exchange servers if they see requests to access a mailbox on an older version of Exchange.





In addition to these three names, your root domain (for example, contoso.com) will also be added as a name. There are three steps to adding certificates to your Client Access server(s): 1. If you don't already have a digital certificate, you can use the New Certificate Request Wizard in Exchange 2010 to generate a certificate request file, which you can then submit to your selected Certification Authority. 2. After you have the digital certificate from your Certification Authority, you then complete the certificate request process by importing the certificate into your Client Access server. 3. After the certificate has been imported, you assign one or more client access services to it. Before proceeding with these steps, we recommend that you review this topic: Understanding Digital Certificates and SSL

9

In addition, the configuration settings used in the Exchange Deployment Assistant assume that you are using split DNS for client access. To learn more, see: Understanding DNS Requirements

How do I create a certificate request file for a new certificate?
You can use the New Exchange Certificate wizard to create your certificate request. 1. In the Console tree, click Server Configuration. 2. From the Actions pane, click New Exchange Certificate to open the New Exchange Certificate wizard. 3. On the Introduction page, enter a friendly name for the certificate (for example, Contoso.com Exchange certificate) and then click Next. 4. On the Domain Scope page, if you plan on using a wildcard certificate, check the box for Enable wildcard certificate, enter the root portion of your domain (for example contoso.com or *.contoso.com), and then click Next. If you're not using a wildcard certificate, just click Next. Note: It's a best practice to not use wildcard certificates because they represent a potential security risk. Like a SAN certificate, a wildcard certificate (for example, *.contoso.com) can support multiple names. There are security implications to consider because the certificate can be used for any sub-domain, including those outside the control of the actual domain owner. A more secure alternative is to list each of the required domains as Subject Alternative Names in the certificate. By default, this approach is used when certificate requests are generated by Exchange. 5. On the Exchange Configuration page, expand and configure each area as follows: a. Federated Sharing Federated Sharing allows you to enable users to share information with recipients in external federated organizations by creating organization relationships between two Exchange 2010 organizations, or using a sharing policy to allow users to create sharing relationships on an individual basis. If you plan on using this feature, expand Federated Sharing and select the Public certificate check box. b. Client Access server (Outlook Web App) Expand this option and select the check box(es) that are appropriate for your Outlook Web App usage (Intranet and/or Internet). If you're using Outlook Web App internally, then in the Domain name you use to access Outlook Web App internally field, remove the existing server names and enter the FQDN you configured for external access to the Client Access server during Setup of the Client Access server (for example, mail.contoso.com). This is the same FQDN that is listed in the domain name field for Outlook Web App on the Internet. c. Client Access server (Exchange ActiveSync) Exchange ActiveSync should already be selected and the domain name field should be configured with the same FQDN used for Outlook Web App.

10

d. Client Access server (Web Services, Outlook Anywhere, and Autodiscover) Exchange Web Services, Outlook Anywhere, and Autodiscover on the Internet should already be selected. Outlook Anywhere should already be configured to use two FQDNs: one that is the same FQDN used by Outlook Web App (for example, mail.contoso.com) and one that is the root domain for that FQDN (for example, contoso.com). Autodiscover should already be configured to use a long URL, which should automatically be configured as autodiscover.rootdomain (for example, autodiscover.contoso.com). e. Client Access server (POP/IMAP) If you plan on using secure POP or secure IMAP internally or over the Internet, expand this option and select the appropriate check box. In the domain name field for each protocol, remove the individual server names and enter the same FQDN you're using for Outlook Web App. f. Unified Messaging server If you plan on using Unified Messaging (UM) features, you can use a certificate that is self-signed by an Exchange 2010 UM server (which is the default option). If you're integrating UM with Office Communications Server (OCS), you'll need to use a public certificate. We recommend using a separate certificate for UM and OCS integration.

g. Hub Transport server Hub Transport servers can use certificates to secure Internet mail, as well as POP and IMAP client submission. If you plan on using mutual TLS or if you're using POP or IMAP clients and want to secure their SMTP submissions, select the appropriate check box and in the FQDN field, enter the same FQDN you're using for Outlook Web App. h. Legacy Exchange Server This option is used to add the legacy namespace to the certificate, which will be used only during the period of coexistence between Exchange 2010 and the legacy version(s). Expand this option, select the Use legacy domains check box, and in the FQDN field, enter the FQDN you are using for your legacy namespace. 6. On the Certificate Domains page, review the list of domains that will be added to the certificate. If the names are correct, click Next. If any names are missing or incorrect, you can click Add to add missing names, or select a name and click Edit to modify the name. Click Next. 7. On the Organization and Location page, fill in the Organization, Organization unit, Location, Country/region, City/locality, and State/province fields. Click Browse and browse to the location where you want the certificate request file created. In the File name field, enter a name for the request file (for example, Exchange Certificate Request.req) and click Save. Click Next. 8. On the Certificate Configuration page, review the configuration summary. If any changes need to be made, click Back, and make the necessary changes. If everything is correct, click New to generate the certificate request file. 9. On the Completion page, review the output of the wizard. Click Finish to close the wizard.

11

10. Transmit the certificate request file to your selected Certification Authority, who will then generate the certificate and transmit it to you. After you have the certificate file, you can use the Complete Pending Request wizard to import the certificate file into Exchange 2010. 11. In the Console tree, click Server Configuration. 12. In the Work pane, right-click the certificate request you created and click Complete Pending Request. 13. On the Introduction page, click Browse to select the certificate file provided to you by your selected Certification Authority. Enter the private key password for the certificate, and then click Complete. 14. On the Completion page, verify that the request completed successfully. Click Finish to close the Complete Pending Request wizard.

How do I assign services to the certificate?
You can use the Assign Services to Certificate wizard to assign the appropriate services to the imported certificate. 1. After the certificate has been successfully imported, you can assign services to it. Select the certificate in the Work pane, and then from the Actions pane, click Assign Services to Certificate to open the Assign Services to Certificate wizard. 2. On the Select Servers page, the Exchange server into which you imported the certificate is shown. Click Next. 3. On the Select Services page, select the check box for each service you want assigned to the selected certificate and then click Next. For example, select the check box for Internet Information Services (IIS) to assign services for Outlook Web App, Exchange ActiveSync, and other Exchange services that are integrated with IIS. 4. On the Assign Services page, review the configuration summary. If any changes need to be made, click Back. If the configuration summary is correct, click Assign to assign the specified services to the selected certificate. 5. On the Completion page, verify that each step completed successfully. Click Finish to close the wizard.

How do I install the certificate on the legacy Exchange Server?
In addition to installing the SSL certificate on the Exchange 2010 Client Access server, you'll also need to install the certificate on the Exchange 2007 Client Access server or the Exchange 2003 server so that users with mailboxes on Exchange 2007 or Exchange 2003 can use SSL to connect to their mailboxes.

12

Note: If you'll be moving all mailboxes from Exchange 2003 or Exchange 2007 to Exchange 2010 over a short period of downtime, such as a weekend, you can skip these steps. Before you install the digital certificate on the legacy Exchange server you must first export it from the Exchange 2010 Client Access server. To export your digital certificate, use the following steps. 1. Export the digital certificate to the variable $file using the following command. $file = Export-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -BinaryEncoded:$true Password (Get-Credential).password 2. The following command uses the Set-Content cmdlet to write data stored in the variable $file to the file htcert.pfx. Set-Content -Path "c:\certificates\htcert.pfx" -Value $file.FileData -Encoding Byte To install a digital certificate on an Exchange 2003 server, use the following steps. 1. Copy the exported certificate to a location that can be accessed from the Exchange 2003 server. 2. Right-click the .pfx file, and choose Install PFX. 3. After the Certificate Import Wizard launches, click Next twice to access the Password page. 4. Type the password for the private key in the Password field, and then click Next. 5. Select Automatically select the certificate store based on the type of certificate, click Next, and then click Finish. To install a digital certificate on an Exchange 2007 server, use the following steps. 1. Copy the exported certificate to a location that can be accessed from the Exchange 2007 server. 2. Using the Exchange Management Shell run the following command. Import-ExchangeCertificate -Path c:\certificates\import.pfx Password:(Get-Credential).password

How do I know this worked?
The successful completion of the New Exchange Certificate, Complete Pending Request, and Assign Services to Certificate wizards will be your first indication that the certificate request, import, and assignment worked as expected. To further verify that your certificate was imported and assigned correctly, you can perform the following steps from the Exchange 2010 Client Access server computer. 1. In the Console tree, click Server Configuration. 2. In the Result pane, select the server that contains the certificate, and then in the Work pane, select the certificate you want to view.

13

3. From the Actions pane, click Open. You can view information about the certificate on the General, Details, and Certification Path pages of the Exchange Certificate dialog box.

Enable Exchange 2010 Outlook Anywhere
Outlook Anywhere eliminates the need for users in remote offices or mobile users to have to use a VPN to connect to their Exchange servers. Although Outlook Anywhere is an optional component of Exchange 2010, we recommend its use if you have external clients that will connect to Exchange 2010. Outlook Anywhere provides access to a user's mailbox via RPC over HTTPS. As with any external client access method, there are security implications to consider when deploying Outlook Anywhere. Before making the decision to deploy Outlook Anywhere, you should read: Understanding Security for Outlook Anywhere Learn more at: Understanding Outlook Anywhere

How do I do this?
The Enable Outlook Anywhere wizard helps you with this task. 1. In the console tree, navigate to Server Configuration > Client Access. 2. In the action pane, click Enable Outlook Anywhere. 3. Enable Outlook Anywhere page:  Type the external host name or URL for your organization in External host name. The external host name should be the FQDN you entered when installing the Client Access server role, which is the existing host name. For example, mail.contoso.com. Select either Basic authentication or NTLM authentication. If you're using an SSL accelerator and you want to use SSL offloading, select Allow secure channel (SSL) offloading. Important: Don't use this option unless you're sure that you have an SSL accelerator that can handle SSL offloading. If you don't have an SSL accelerator that can handle SSL offloading, and you select this option, Outlook Anywhere won't function correctly. 4. Click Enable to apply these settings and enable Outlook Anywhere.

 

How do I know this worked?
Outlook Anywhere will be enabled on your Client Access server after a configuration period of approximately 15 minutes. To verify that Outlook Anywhere has been enabled, check the application event log on the Client Access server. The following events will be logged in the event log.

14

   

EventID 3007 MSExchange RPC over HTTP Autoconfig EventID 3003 MSExchange RPC over HTTP Autoconfig EventID 3004 MSExchange RPC over HTTP Autoconfig EventID 3006 MSExchange RPC over HTTP Autoconfig

You can also use the Exchange Remote Connectivity Analyzer (ExRCA) to verify that Outlook Anywhere has been enabled and configured correctly. ExRCA is a free Web-based tool provided by Microsoft. You can find ExRCA at https://www.testexchangeconnectivity.com

Configure OAB and Web Services virtual directories
To enable Outlook Anywhere clients to discover and automatically connect to Exchange 2010, you must configure the offline address book (OAB) and Exchange Web Services virtual directories. This step is only necessary if you'll be using Exchange Web Services, Outlook Anywhere, or the offline address book. If you haven't enabled Outlook Anywhere, and you don't plan on using Exchange Web Services for programmatic access to Exchange mailbox information, you can skip this step. Learn more at: Understanding Offline Address Books, Configure External Client Access Namespaces, and Configure the Autodiscover Service for Internet Access

How do I do this?
You must use the Exchange Management Shell to configure OAB and Exchange Web Services virtual directory settings. This step assumes that you have configured the Autodiscover service for Internet access. This is standard practice in any Exchange organization with clients outside the firewall. If you're unfamiliar with the Shell, learn more at: Overview of Exchange Management Shell 1. Configure the external URL for the offline address book using the following syntax. Set-OABVirtualDirectory -Identity "CAS01\OAB (Default Web Site)" ExternalUrl https://mail.contoso.com/OAB -RequireSSL:$true 2. Configure the external URL for Exchange Web Services using the following syntax. Set-WebServicesVirtualDirectory -Identity "CAS01\EWS (Default Web Site)" -ExternalUrl https://mail.contoso.com/EWS/Exchange.asmx BasicAuthentication:$True

How do I know this worked?
To verify that these steps were completed successfully, run the following commands to verify the ExternalURL property is set correctly on both virtual directories.

15

Get-OABVirtualDirectory -Identity "CAS01\OAB (Default Web Site)" ExternalURL Get-WebServicesVirtualDirectory -Identity "CAS01\EWS (Default Web Site)" -ExternalURL

Configure settings on virtual directories
During the installation of the Client Access server role, virtual directories are created for the Autodiscover service, Exchange ActiveSync, Outlook Web App, the Exchange Control Panel, PowerShell, Exchange Web Services, and public folders. Legacy virtual directories are also created for coexistence. You can configure a variety of settings on those virtual directories, including authentication and SSL. For Active Directory sites that are accessible from outside an external firewall such as Internet Security and Acceleration Server (ISA), you'll also need to configure publishing rules for the various virtual directories that are accessible from the Internet, including the Exchange ActiveSync virtual directory, the Autodiscover service virtual directory, and the Outlook Web App virtual directory. Learn more at: Understanding Virtual Directories

How do I do this?
Perform the following steps from the computer that has the Exchange 2010 Client Access server role installed. 1. In the Console tree, navigate to Server Configuration > Client Access. 2. In the Result pane, select the Client Access server you want to configure. 3. In the Work pane, click the tab that corresponds to the virtual directory whose settings you want to configure (Outlook Web App, Exchange Control Panel, Exchange ActiveSync), and then click the virtual directory. 4. In the Actions pane, under the virtual directory name, click Properties. 5. Edit any of the settings on the tabs. (If you need more information about the settings, click F1 while you're on a tab.) Common settings to be configured are: a. External URL This is the URL used to access the Web site from the Internet. The value for this URL should have been set during installation of the Client Access server role. b. Authentication You can specify a variety of authentication options, as well as specify the sign-in format and sign-in domain. c. Public Computer File Access For Outlook Web App, you can configure direct file access settings for users who choose the public or shared computer option when logging in.

d. Private Computer File Access For Outlook Web App, you can configure direct file access settings for users who choose the private option when logging in.

16

6. Configure the Exchange2003URL. This parameter is only necessary when you have users with mailboxes on Exchange 2003 at the same time as users with mailboxes on Exchange 2010. In that case, set this parameter to the legacy DNS endpoint, for example, http://legacy.contoso.com. This parameter can be set with the following code. Set-OWAVirtualDirectory -Identity "CASServer\owa (Default Web Site)" -Exchange2003URL https://legacymail.contoso.com/exchange 7. Click OK to confirm your changes. Note: To configure publishing rules for external access to virtual directories, see: Configure External Client Access Namespaces

How do I know this worked?
How you confirm whether your settings were applied varies by the setting.  To verify that the external URL has been configured correctly for Exchange ActiveSync or Outlook Web App, you can use the Exchange Remote Connectivity Analyzer (ExRCA), a free Web-based tool provided by Microsoft. You can find ExRCA at https://www.testexchangeconnectivity.com   To verify that authentication has been configured correctly for Exchange ActiveSync or Outlook Web App, you can also use ExRCA. To verify that direct file access has been configured correctly for Outlook Web App, log on as a user to Outlook Web App using the public computer option and then try to access and save a file attached to an e-mail message.

Install the Hub Transport server role
The Hub Transport server role is responsible for internal mail flow for the Exchange organization. It handles all mail flow inside the organization, applies transport rules, applies journaling policies, and delivers messages to recipient mailboxes. Learn more at: Overview of the Hub Transport Server Role You can install the Hub Transport server role on dedicated hardware, or you can install it on the same server where you installed the Client Access server role. We recommend installing the latest update rollup for Exchange 2010 on all your servers. Although you can install update rollups on a server after Exchange 2010 has been installed, it's also possible and less time-consuming to incorporate the update rollup into the install server installation process. To do this, copy the contents of the Exchange 2010 DVD to the file system, and then copy or move the downloaded update rollup file to the Updates folder in the installation tree. When you perform the procedure below, the update rollup will be installed as part of the initial installation process. To download the latest update rollup for Exchange 2010, visit: Microsoft Download Center

17

How do I install the Hub Transport server role on dedicated hardware?
The Exchange Server 2010 Setup wizard helps you install the Hub Transport role: 1. Insert the Exchange 2010 DVD into the DVD drive. When the AutoPlay dialog appears, click Run Setup.exe under Install or run program. If the AutoPlay dialog doesn't appear, navigate to the root of the DVD and double-click Setup.exe. Alternatively, browse to the location of your Exchange 2010 installation files and double-click Setup.exe. 2. TheExchange Server 2010 Setup welcome screen appears. In the Install section, the software listed for Steps 1 and 2 was installed with the Exchange 2010 prerequisites. If these prerequisites are not already installed, click on the appropriate step to install them. 3. When Steps 1 and 2 are listed as Installed, click Step 3 to expand the Exchange language options, and then choose the appropriate option: a. Install all languages from the language bundle This option installs all the Exchange 2010 languages from an Exchange 2010 language bundle. You can connect to the Internet to download the latest applicable language bundle or to use a previously downloaded language bundle on a local drive or network share. Internet connectivity is required for Exchange Setup to download the language pack bundle. b. Install only languages from the DVD This option installs only the languages included with the Setup DVD. The installation of additional languages support requires installing the languages from the language bundle. 4. After Step 3 is complete, click Step 4: Install Microsoft Exchange. 5. On the Introduction page, click Next. 6. On the License Agreement page, review the software license terms. If you agree to the terms, select I accept the terms in the license agreement, and click Next. 7. On the Error Reporting page, select Yes or No to enable the Exchange Error Reporting feature, and click Next. 8. On the Installation Type page, select Custom Exchange Server Installation. For Exchange 2010 SP1, you can select to automatically install all required Windows roles and features for this server. To optionally change the installation path for Exchange 2010, click Browse, locate the appropriate folder in the folder tree, and then click OK. Click Next. 9. On the Server Role Selection page, select the Hub Transport Role, and click Next. The Management Tools option, which installs the Exchange Management Console and the Exchange Management Shell, will also be selected and installed.

18

10. On the Readiness Checks page, review the Summary to determine if the system and server are ready for the Hub Transport role to be installed. If all prerequisite checks completed successfully, click Install. If any of the prerequisite checks failed, you must resolve the displayed error before you can proceed with installing the Hub Transport role. In many cases, you don't need to exit Setup while you're fixing issues. After you resolve an error, click Retry to run the prerequisite check again. Also, be sure to review any warnings that are reported. 11. The Progress page displays the progress and elapsed time for each phase of the installation. As each phase ends, it's marked completed and the next phase proceeds. If any errors are encountered, the phase will end as incomplete and unsuccessful. If that happens, you must exit Setup, resolve any errors, and then restart Setup. 12. When all phases have finished, the Completion page displays. Review the results, and verify that each phase completed successfully. Clear the check box for Finalize this installation using the Exchange Management Console, and then click Finish to exit Setup. 13. When you're returned to the Setup welcome screen, click Close. On the Confirm Exit prompt, click Yes. 14. Restart the computer to complete the installation of the Hub Transport role.

19

How do I add the Hub Transport server role to my Client Access server?
You can also use the Exchange Server 2010 Setup wizard to add the Hub Transport role to your existing Client Access server. 1. Open the Windows Control Panel and launch the Programs and Features applet. 2. Select Microsoft Exchange Server 2010 from the list of installed programs, and then click Change. 3. The Exchange Server 2010 Setup wizard will start in Exchange Maintenance Mode. Click Next. 4. On the Server Role Selection page, select the check box for Hub Transport Role and then click Next. 5. On the Readiness Checks page, review the Summary to determine if the system and server are ready for the Hub Transport role to be installed. If all prerequisite checks completed successfully, click Install. If any of the prerequisite checks failed, you must resolve the displayed error before you can proceed with installing the Hub Transport role. In many cases, you don't need to exit Setup while you're fixing issues. After you resolve an error, click Retry to run the prerequisite check again. Also, be sure to review any warnings that are reported. 6. The Progress page will display the progress and elapsed time for each phase of the installation. As each phase ends, it will be marked completed and the next phase will proceed. If any errors are encountered, the phase will end as incomplete and unsuccessful. In this event, you must exit Setup, resolve any errors, and then restart Setup in Maintenance Mode. 7. When all phases have finished, the Completion page will be displayed. Review the results and verify that each phase completed successfully. Click Finish to exit Setup. 8. Restart the computer to complete the installation of the Hub Transport role.

How do I know this worked?
The successful completion of the Exchange Setup wizard will be your first indication that the installation process worked as expected. To further verify that the Hub Transport server role installed successfully, you can run Get-ExchangeServer <server name> | formatlist in the Exchange Management Shell, which can be launched from the Exchange Server 2010 program group on the Windows Start Menu. This cmdlet outputs a list of the Exchange 2010 server roles that are installed on the specified server. You can also review the contents of the Exchange setup log file (ExchangeSetup.log), located in <system drive>\ExchangeSetupLogs to verify that the Hub Transport role was installed as expected. Learn more at: Verify an Exchange 2010 Installation

20

Configure Exchange ActiveSync authentication
For Exchange ActiveSync to function during Exchange 2003 and Exchange 2010 coexistence, you must configure Integrated Windows authentication on the Microsoft-Server-ActiveSync virtual directory on the Exchange 2003 server. During this procedure, services will be restarted on the Exchange 2003 server, resulting in a brief interruption in service. Learn more at: Understanding Exchange ActiveSync Coexistence

How do I do this?
There are two methods you can use to complete this task. Here's one method: 1. Install this hotfix for the Exchange 2003 server: "Event ID 1036 is logged on an Exchange 2007 server that is running the CAS role when mobile devices connect to the Exchange 2007 server to access mailboxes on an Exchange 2003 back-end server." Get the hotfix from: Microsoft Support site 2. Using Exchange System Manager on the Exchange 2003 server, adjust the authentication settings of the Exchange ActiveSync virtual directory. 3. Repeat these steps for all Exchange 2003 servers in your organization that contain mailboxes. Alternatively, you can do the following:  Set to a value of 6 the msExchAuthenticationFlags attribute on the Microsoft-ServerActiveSync object within the configuration container on each Exchange 2003 server that contains mailboxes. To review sample scripts for this change, see: Server Build DVD Visual Basic Script Examples

How do I know this worked?
To verify that this worked, do the following in your capacity as a user with a mailbox on Exchange 2003. 1. Using a mobile phone or mobile phone emulator, create an Exchange ActiveSync connection to the Exchange 2010 server. 2. Verify that mail can be sent and received through Exchange ActiveSync. You can also use the Exchange Remote Connectivity Analyzer (ExRCA) to verify authentication has been configured correctly. ExRCA is a free Web-based tool provided by Microsoft. You can find ExRCA at https://www.testexchangeconnectivity.com

21

Configure a legacy host name
You need to create a legacy domain name system (DNS) host name so your legacy Exchange environment (Exchange 2003 and/or Exchange 2007) and Exchange 2010 can coexist. For example, if your domain name is currently contoso.com, you're likely using a host name of mail.contoso.com or www.contoso.com for external client access to Exchange. During co-existence, we recommend creating and using, for example, a host name of legacy.contoso.com. This host name should be configured the same way your primary host name is configured. You'll associate the legacy host name with your existing Exchange server and associate your current host name (for example, mail.contoso.com) with your Exchange 2010 Client Access server or array. Your end-users will not see or use the legacy host name. It will be used by Autodiscover and Client Access servers when redirecting legacy users to a legacy server. All client connections will be redirected, including Exchange ActiveSync, Outlook Web App, POP3, and IMAP4. After the legacy host name has been configured, users will be able to access their mailbox regardless of whether it's on Exchange 2010 or Exchange 2003. If you're upgrading from Exchange 2007 to Exchange 2010 or from an environment that contains both Exchange 2007 and Exchange 2003, Availability service requests will also be redirected. In addition, after you configure a legacy host name, you'll also need to ensure that your digital certificates are configured with the legacy host names. Learn more at: Understanding DNS Requirements and Understanding Digital Certificates and SSL

How do I do this?
The steps to perform this task will vary for each organization. That's because the exact steps depend on your Internet provider and firewall configuration. Example steps for GoDaddy are provided below just to give you an idea of how things work. Your actual steps may vary. But, in general, you need to: 1. Create a DNS host (A) record in your internal and external DNS servers that points to the IP address of your legacy Internet-facing Exchange server (for example, Exchange 2007 Client Access server, Exchange 2003 front-end server, etc.) in internal DNS or the public IP address on your reverse proxy or firewall solution (external DNS). The host name should be in the format of legacy.domain.com (for example, legacy.contoso.com). 2. Create a publishing rule for the legacy host name in your reverse proxy or firewall solution to point to your legacy Internet-facing Exchange server. Refer to your proxy/firewall solution's user manual for instructions on how to do this. 3. Configure the existing DNS host (A) record in your internal and external DNS servers for your original host name (for example, mail.contoso.com) to point to your Exchange 2010 organization; for example, the IP address of your Client Access server or array (internal DNS), or the public IP address on your reverse proxy or firewall solution (external DNS).

22

So, for example, if your provider is GoDaddy.com, here's how you create a DNS host (A) record and associate it with your legacy Exchange infrastructure: 1. From your GoDaddy account management home page, click Domain Manager under the My Products heading in the left sidebar. 2. If prompted, log in to your account. 3. In the Total DNS section of the Domain Manager information screen, click Total DNS Control. 4. In the A (Host) section of the Total DNS Control screen, click Add new A record. 5. Enter the host name, for example legacy.contoso.com and enter the IP address of your legacy Exchange server in the Points to IP address box. 6. Choose a TTL (time to live) value. If you're performing this step well in advance of your Exchange 2010 installation, you can choose 1 day or 1 week from the drop-down list box. Otherwise, choose the default of 1 hour or 1/2 hour. 7. Click OK to complete your changes.

How do I know this worked?
From outside your firewall, perform the following steps, using your specific domain name. 1. Navigate to https://mail.contoso.com/owa, and verify that you can access Outlook Web App for a user whose mailbox is on Exchange 2010. 2. Navigate to https://legacy.contoso.com/exchange, and verify that you can access Outlook Web Access for a user whose mailbox is on a legacy Exchange server. 3. Navigate to https://mail.contoso.com/owa, and verify that you can access Outlook Web App for a user whose mailbox is on a legacy Exchange server. You can also use the Exchange Server Remote Connectivity Analyzer to verify connectivity for the legacy namespace. You'll find ExRCA at: https://www.testexchangeconnectivity.com

Install the Mailbox server role
The Mailbox server role hosts mailbox and public folder databases, and it generates the offline address book (OAB). Mailbox servers also provide services that enforce e-mail address policies and managed folders. Learn more at: Overview of the Mailbox Server Role You can install the Mailbox server role on dedicated hardware, or you can install it on a server that is already running Exchange 2010. We recommend installing the latest update rollup for Exchange 2010 on all your servers. Although you can install update rollups on a server after Exchange 2010 has been installed, it's also possible and less time-consuming to incorporate the update rollup into the install server installation process. To do this, copy the contents of the Exchange 2010 DVD to the file system,

23

and then copy or move the downloaded update rollup file to the Updates folder in the installation tree. When you perform the procedure below, the update rollup will be installed as part of the initial installation process. To download the latest update rollup for Exchange 2010, visit: Microsoft Download Center

How do I install the Mailbox server role on dedicated hardware?
The Exchange Server 2010 Setup wizard helps you install the Mailbox role. 1. Insert the Exchange 2010 DVD into the DVD drive. When the AutoPlay dialog appears, click Run Setup.exe under Install or run program. If the AutoPlay dialog doesn't appear, navigate to the root of the DVD and double-click Setup.exe. Alternatively, browse to the location of your Exchange 2010 installation files and double-click Setup.exe. 2. TheExchange Server 2010 Setup welcome screen appears. In the Install section, the software listed for Steps 1 and 2 was installed with the Exchange 2010 prerequisites. If these prerequisites are not already installed, click the appropriate step to install them. 3. When Steps 1 and 2 are listed as Installed, click Step 3 to expand the Exchange language options, and then choose the appropriate option: a. Install all languages from the language bundle This option installs all the Exchange 2010 languages from an Exchange 2010 language bundle. You can connect to the Internet to download the latest applicable language bundle or to use a previously downloaded language bundle on a local drive or network share. Internet connectivity is required for Exchange Setup to download the language pack bundle. b. Install only languages from the DVD This option installs only the languages included with the Setup DVD. The installation of additional languages support requires installing the languages from the language bundle. 4. After Step 3 is complete, click Step 4: Install Microsoft Exchange. 5. On the Introduction page, click Next. 6. On the License Agreement page, review the software license terms. If you agree to the terms, select I accept the terms in the license agreement, and click Next. 7. On the Error Reporting page, select Yes or No to enable the Exchange Error Reporting feature, and click Next. 8. On the Installation Type page, select Custom Exchange Server Installation. For Exchange 2010 SP1, you can select to automatically install all required Windows roles and features for this server. To optionally change the installation path for Exchange 2010, click Browse, locate the appropriate folder in the folder tree, and then click OK. Click Next. 9. On the Server Role Selection page, select the Mailbox Role, and click Next. The Management Tools option, which installs the Exchange Management Console and the Exchange Management Shell, will also be selected and installed.

24

10. On the Client Settings page, select Yes if your organization has client computers running either Microsoft Outlook 2003 or Microsoft Entourage 2004 or earlier. Select No if you don't. 11. On the Readiness Checks page, review the Summary to determine if the system and server are ready for the Mailbox role to be installed. If all prerequisite checks completed successfully, click Install. If any of the prerequisite checks failed, you must resolve the displayed error before you can proceed with installing the Mailbox role. In many cases, you don't need to exit Setup while you're fixing issues. After you resolve an error, click Retry to run the prerequisite check again. Also, be sure to review any warnings that are reported. 12. The Progress page displays the progress and elapsed time for each phase of the installation. As each phase ends, it's marked completed and the next phase proceeds. If any errors are encountered, the phase will end as incomplete and unsuccessful. If that happens, you must exit Setup, resolve any errors, and then restart Setup. 13. When all phases have finished, the Completion page displays. Review the results, and verify that each phase completed successfully. Clear the check box for Finalize this installation using the Exchange Management Console, and then click Finish to exit Setup. 14. When you are returned to the Setup welcome screen, click Close. On the Confirm Exit prompt, click Yes. 15. Restart the computer to complete the installation of the Mailbox role.

25

How do I add the Mailbox server role to an existing Exchange 2010 server?
You can also use the Exchange Server 2010 Setup wizard to add the Mailbox role to an existing Exchange 2010 server. 1. Open the Windows Control Panel and launch the Programs and Features applet. 2. Select Microsoft Exchange Server 2010 from the list of installed programs, and then click Change. 3. The Exchange Server 2010 Setup wizard will launch in Exchange Maintenance Mode. Click Next. 4. On the Server Role Selection page, select the check box for Mailbox Role and then click Next. 5. On the Readiness Checks page, review the Summary to determine if the system and server are ready for the Mailbox role to be installed. If all prerequisite checks completed successfully, click Install. If any of the prerequisite checks failed, you must resolve the displayed error before you can proceed with installing the Mailbox role. In many cases, you don't need to exit Setup while you're fixing issues. After you resolve an error, click Retry to run the prerequisite check again. Also, be sure to review any warnings that are reported. 6. The Progress page will display the progress and elapsed time for each phase of the installation. As each phase ends, it will be marked completed and the next phase will proceed. If any errors are encountered, the phase will end as incomplete and unsuccessful. In this event, you must exit Setup, resolve any errors, and then restart Setup in Maintenance Mode. 7. When all phases have finished, the Completion page will be displayed. Review the results and verify that each phase completed successfully. Click Finish to exit Setup. 8. Restart the computer to complete the installation of the Mailbox role.

How do I know this worked?
The successful completion of the Exchange Setup wizard will be your first indication that the installation process worked as expected. To further verify that the Mailbox server role installed successfully, you can run Get-ExchangeServer <server name> | format-list in the Exchange Management Shell, which can be launched from the Exchange Server 2010 program group on the Windows Start Menu. This cmdlet outputs a list of the Exchange 2010 server roles that are installed on the specified server. You can also review the contents of the Exchange setup log file (ExchangeSetup.log), located in <system drive>\ExchangeSetupLogs to verify that the Mailbox role was installed as expected. Learn more at: Verify an Exchange 2010 Installation

26

Change the OAB generation server
Offline address book (OAB) generation is the process by which Exchange creates and updates the OAB. To do that, an internal process called OABGen runs on a Mailbox server that has been designated as the OAB generation server. When OAB generation occurs, Exchange generates new OAB files, compresses the files, and then shares the files to client computers. Outlook 2003 and earlier clients require OAB distribution to occur using public folders. In Exchange 2010, OABs can be distributed using public folders to support Outlook 2003 clients. OABs can also be distributed using Web services to support Outlook 2007 and Outlook 2010. You can generate the OAB from an Exchange 2003 server provided that public folder distribution is enabled in Exchange 2010. However, be aware that if you generate the OAB from an Exchange 2003 server, you will lose the following functionality:   Japanese phonetic display name, phonetic surname, phonetic given name, phonetic company name, and phonetic department name PR_DISPLAY_TYPE_EX, which is used by Office Outlook 2007 and later to render the correct icon for objects that are replicated across the forest.

To ensure full functionality with Exchange 2010 features, we recommend that you move the OAB generation to an Exchange 2010 mailbox server. Moving the OAB generation to a new server will result in a full OAB download for all clients. Learn more at: Understanding Offline Address Books

How do I do this?
You can use the Move Offline Address Book wizard in the Exchange Management Console to perform this procedure. 1. In the Console tree, navigate to Organization Configuration > Mailbox. 2. In the Result pane, click the Offline Address Book tab, and then select the OAB for which you want to move the generation to a new server. 3. In the Actions pane, click Properties. On the Distribution tab, select the Enable Webbased distribution and the Enable public folder distribution check boxes and then click OK. 4. In the Actions pane, click Move. 5. On the Move Offline Address Book page, click Browse to select the server to which you want to move the OAB generation process, and then click OK. 6. Click Move to move the OAB generation process to the selected server. 7. On the Completion page, verify that the operation completed successfully. Click Finish to close the Move Offline Address Book wizard.

27

How do I know this worked?
The successful completion of the Move Offline Address Book wizard will indicate that the command worked as expected. To further verify that the OAB generation server is the server selected in Step 5 above, examine the value for Generation Server on the Offline Address Book tab in the Exchange Management Console.

Create Send connectors
During your upgrade from Exchange 2003 to Exchange 2010 you will move outbound Internet mail flow from Exchange 2003 to 2010. If you are using an Edge Transport server and have completed the steps described in this tool for installing the Edge Transport server role and subscribing the Edge Transport server, then outbound Internet mail flow is already configured in Exchange 2010, and all you will need to do is delete the Exchange 2003 SMTP Connector. If you are not using an Edge Transport server, then you must create at least one Send connector configured with the appropriate address space, and then delete the existing Exchange 2003 SMTP connector(s). Learn more at: Understanding Send Connectors

How do I create a Send connector?
You can use the New Send Connector wizard in the Exchange Management Console to perform this procedure. 1. In the Console tree, expand Organization Configuration and select Hub Transport. 2. In the result pane, click the Send Connectors tab. 3. In the Actions pane, click New Send Connector. The New SMTP Send Connector wizard starts. 4. On the Introduction page, follow these steps: a. In the Name field, type a meaningful name for this connector. Specify a name for the Send connector that helps you distinguish this Send connector from other Send connectors in your configuration. b. In the Select the intended use for this connector field, select Internet and click Next. 5. On the Address space page, click Add. 6. In the Address field, enter * and click OK. Click Next. 7. On the Network settings page, review the available options and select how to send e-mail with the Send connector. (If you need more information about the settings, click F1.)  Select the Use the External DNS Lookup settings on the transport server check box if you want to use a specific list of DNS servers instead of the DNS server(s) configured for the Hub Transport server's network adapter. After you finish, click Next.

28

Important: Verify that you have configured the external DNS servers list by using the SetTransportServer cmdlet, or by using the External DNS Lookups tab in the properties of the Hub Transport server.  If you're using a smart host, the Configure smart host authentication settings page appears. By default, no authentication is used. To configure the smart host authentication settings, click Change. Select the method you want to use to authenticate to the smart host, and then click Next. Note: Here are some things to be aware of if the smart host requires Basic authentication. Basic authentication requires that you provide a user name and password. We strongly recommend that you use an encrypted connection if you're using Basic authentication because the user name and password are sent in clear text. Select the Basic Authentication over TLS check box to enable encryption on the connection. Also, if you specify more than one smart host for this Send connector, all the specified smart hosts must accept the same user name and password.

How do I delete an Exchange 2003 SMTP connector?
1. When each Send connector is created and verified, the corresponding SMTP connector can be deleted. 2. In Exchange System Manager, expand the Organization node, expand Administrative Groups, expand <AdministrativeGroupName>, expand Routing Groups, expand <RoutingGroupName>, and then select Connector. 3. In the right-hand pane, right-click the connector you want to delete and select Delete. 4. Click OK to confirm the deletion.

How do I know this worked?
The successful completion of the New Send Connector wizard will be your first indication that the configuration changes were made as expected. You can perform additional tests to further verify that the configuration changes are operational:  You can use the Exchange Remote Connectivity Analyzer (ExRCA), a free Web-based tool provided by Microsoft, to verify that your outbound SMTP email settings are configured correctly by running the Outbound SMTP Email tests. You can access ExRCA at: https://www.testexchangeconnectivity.com  You can send a message to a recipient on the Internet to verify that your Send connector is configured correctly.

29

Move mailboxes to Exchange 2010
After you've deployed the Exchange 2010 Mailbox server role, you can move mailboxes from Exchange 2003 to Exchange 2010. Be aware that during the move users will not be able to send and receive messages. So, we recommend that you perform this step off-hours to minimize the interruption in service. Learn more at: Understanding Move Requests In Exchange 2003, shared mailboxes are used to represent resources (for example, a conference room, a piece of A/V equipment, etc.). Exchange 2010 introduces a new kind of mailbox called a resource mailbox. When moving a shared mailbox from Exchange 2003 to Exchange 2010, the move request creates the mailbox as a shared Exchange 2010 mailbox. After the move has been completed, you can convert the shared mailbox to a resource mailbox. Learn more at: Convert a Mailbox

How do I do this?
You can use the Exchange Management Console and the New Local Move Request wizard to perform this task. 1. In the Console tree, expand Recipient Configuration and then select Mailbox. 2. In the Result pane, select the mailbox(es) that you want to move. 3. In the Actions pane, click New Local Move Request. 4. On the Introduction page, configure the following settings, and then click Next: a. A new move request will be placed for the following mailboxes This displays the mailboxes being moved. To change this list, click Cancel, and make new selections in the Result pane. b. Target mailbox database Click Browse to open the Select Mailbox Database dialog box and select the Exchange 2010 mailbox database to which you want to move the mailboxes. Click OK to return to the wizard. 5. On the Move Options page, specify how you want to manage corrupted messages if any are found and then click Next.  Skip the mailbox This option skips any mailbox that contains any corrupted messages. We recommend selecting this option. Only select Skip the corrupted messages if the move request failed in a previous attempt. Skip the corrupted messages This option moves the mailbox, except for any corrupted messages. If you select this option, you'll need to set the maximum number of messages to skip. Maximum number of messages to skip If you select Skip the corrupted messages, specify a number between -1 and 2,147,483,647. Use -1 to skip an unlimited number of corrupted messages.





6. On the New Local Move Request page, review the local move request to make sure it's correct and then click New to create the move request. Click Back to make any changes.

30

7. On the Completion page, review the information shown, and then click Finish.

How do I know this worked?
The successful completion of the New Local Move Request wizard will be your first indication that the mailbox was moved successfully. You can further verify that the move operation was successful by performing any of the following tasks:  Examine the properties of the mailbox in the recipients work pane. To do this, right-click the mailbox and select Properties. The database hosting the mailbox is displayed in the Mailbox database field on the General tab. Run the Get-Mailbox cmdlet to view a list of all mailboxes on the Exchange 2010 database. For example, you could run: Get-Mailbox -Database DB1 Or, for example: Get-Mailbox -Server EX2  Have each user whose mailbox was moved try to open their mailbox and verify the contents, as well as try to send and receive messages.



Move public folder data to Exchange 2010
Public folders are an optional feature in Exchange 2010. If all client computers in your organization are running Microsoft Office Outlook 2007 or later, then public folders are an optional feature. However, if Outlook 2003 clients are in use, then public folders are required. In addition, if you're currently using public folders for collecting, organizing, or sharing documents and other information and you want to continue doing so, you can use public folder replication to move your public folder data to Exchange 2010. Learn more at: Understanding Public Folder Replication

How do I do this?
You can use the Exchange Management Console to perform this task. 1. In the Console tree, click Toolbox. 2. In the Result pane, double-click Public Folder Management Console. The Public Folder Management Console appears. 3. In the public folder tree, click or expand Default Public Folders, and then select the parent public folder of the public folder that you want to move to Exchange 2010. Note: To configure replication for the offline address book (OAB) or for Schedule+ free/ busy information, expand System Public Folders, and then click OFFLINE ADDRESS BOOK or SCHEDULE+ FREE BUSY.

31

4. In the Result pane, right-click the public folder you want to replicate to Exchange 2010 and select Properties. 5. On the Replication tab, click Add to select an Exchange 2010 public folder database and then click OK. 6. By default, Exchange uses the replication schedule configured for the public folder database. To create a custom replication schedule for the public folder, clear the Use public folder database replication schedule check box and select one of the settings in the list. 7. To create a customized schedule, click Customize. 8. To set the schedule, click the time grid in the Schedule dialog box. Public folder replication will run during the time slots that you specify. 9. Click OK to close the Schedule dialog box. 10. To specify the age limit for items in this public folder, type the number of days in the Local replica age limit (days) box. Items that have reached the age limit are deleted. Note: Age limits should be used for public folders only. They should not be used for System Folders, such as OFFLINE ADDRESS BOOK or SCHEDULE+ FREE BUSY. 11. Click OK to close the Properties dialog and to save your changes. 12. Repeat Steps 4-11 for each public folder you want to move to Exchange 2010.

How do I know this worked?
You can use the Get-PublicFolder cmdlet in the Exchange Management Shell to verify replicas on the Exchange 2010 public folder database. For example, to determine the replicas for all public folders in the public folder tree, run the following command: Get-PublicFolder -Recurse | Format-List Name,Replicas To determine the replicas for all system folders, run the following command: Get-PublicFolder \NON_IPM_SUBTREE | Format-List Name,Replicas Learn more about the cmdlet at: Get-PublicFolder

Post-installation tasks
After you complete a new installation of Exchange 2010 or after you add an additional Exchange 2010 server role to an existing Exchange 2010 server, you should complete the postinstallation tasks. The post-installation tasks will help you verify the installation and configure the components that you have just installed.

32

Tasks to complete on all server roles
For all server roles, we recommend that you verify the installation immediately after you install Exchange 2010. If you install the Hub Transport or Edge Transport server roles, you should also verify the agent configuration. For more information, see the following topics:       Verify an Exchange 2010 Installation Enter Product Key Transport Server Post-Deployment Tasks Finalize Deployment Tasks End-to-End Scenario Tasks Additional Post-Installation Tasks

If you're upgrading from an Exchange 2003 or a mixed Exchange 2003 and Exchange 2007 organization, see: Upgrade Custom LDAP Filters to OPATH Filters

Optional tasks to complete on the Mailbox server role
After deploying and verifying the successful installation of at least two Mailbox servers, you can configure your Mailbox servers and mailbox databases for high availability and site resilience. Exchange 2010 uses the concept of incremental deployment, which is the ability to configure high availability and site resilience for Mailbox servers after the servers have been deployed. Service and data redundancy is achieved by using new features in Exchange 2010 such as database availability groups and database copies. For more information about configuring your Mailbox servers for high availability or site resilience, see: Managing High Availability and Site Resilience

Optional tasks to complete on the Hub Transport server role
After deploying and verifying the installation of the Hub Transport server role, you might be interested in enabling anti-spam functionality on your Hub Transport server. In some small organizations, it may make sense to run Exchange 2010 anti-spam features on Hub Transport servers. For example, some organizations may not have enough e-mail volume to justify the cost of installing and maintaining a full perimeter network together with an Edge Transport server. Learn more at: Enable Anti-Spam Functionality on a Hub Transport Server

Optional tasks to complete on the Unified Messaging server role
After deploying and verifying the installation of your Unified Messaging (UM) server(s), you might be interested in integrating UM services with Microsoft Office Communications Server (OCS)

33

2007 R2. Exchange 2010 UM combines voice messaging and e-mail messaging into a single messaging infrastructure. Enterprise Voice in OCS 2007 R2 makes use of the UM infrastructure to provide call answering, subscriber access, call notification, and auto attendant services. Implementing these services requires integrating Exchange UM and OCS in a shared Active Directory topology, careful planning, and a clear understanding of the technologies involved, the features you want to enable, and important configuration details that you must be aware of to successfully complete your deployment. For more information about integrating UM with OCS, see: Enterprise Voice and Unified Communications

Permissions configuration
For the purposes of the Exchange Deployment Assistant, your administrator account was granted permissions that you might not need going forward. You should verify that this account doesn't have more permissions than required to configure and manage your Exchange 2010 environment. Role Based Access Control (RBAC), the new permissions model in Exchange 2010, is extremely flexible. The built-in role groups are probably sufficient to manage most of your Exchange 2010 organization. You can simply add and remove members from the existing role groups to control permissions. The following topics will provide more information and help you configure the appropriate permissions for your Exchange 2010 tasks:        Understanding Permissions Understanding Role Based Access Control Understanding Management Role Groups Understanding Management Role Scopes Built-in Role Groups Built-in Management Roles Understanding Permissions Coexistence with Exchange 2003

Remove legacy Exchange versions
After you have completed deploying Exchange 2010 into your organization, you may be ready to remove previous versions of Exchange. For more information about removing legacy Exchange servers, see the following topics:   How to Uninstall Exchange Server 2003 How to Completely Remove Exchange 2007 from a Server

Checklist complete
Congratulations on successfully completing your checklist in the Exchange Deployment Assistant!

34

Tools you can use
To determine the overall health of your Exchange servers and topology, you can use the Microsoft Exchange Best Practices Analyzer (ExBPA). The tool scans Exchange servers and identifies items that don't conform to Microsoft best practices. After the data is collected, ExBPA compares what it finds on your system with Exchange best practice rules and then provides a detailed report. The report lists recommendations that you can consider to achieve greater performance, scalability, and uptime. You can find ExBPA in the Toolbox in the Exchange Management Console. The Exchange Remote Connectivity Analyzer Tool is a Web-based tool that helps you troubleshoot connectivity issues. The tool simulates several client logon and mail flow scenarios. When a test fails, many of the errors have troubleshooting tips to assist you in correcting the problem. Take a look at: Exchange Remote Connectivity Analyzer Tool And, for more information about Exchange planning and deployment, you can always review the related content in the Exchange TechCenter Library. Find it all at: Planning and Deployment

Give us feedback please
We would really appreciate your feedback about the Exchange Deployment Assistant. What worked for you? What could we have done better? What do you recommend we change for the next version? Tell us what you think at: Feedback: Exchange 2010 Deployment Assistant

35

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close