Upgrade Exchange 2003 to Exchange 2010 - Part II

15 January 2010
by Jaap Wesselius

In Jaap's second article on upgrading straight from Exchange Server 2003 to 2010, he explains how to move the various services from the older version and fully decommission the Exchange Server 2003 servers. Jaap's first article can be found here.

In my previous article I explained the initial steps that are needed when you want to upgrade an existing Exchange 2003 environment to Exchange Server 2010. The Active Directory was upgraded, the new namespace is planned, a combined CAS/HUB server installed as well as a Mailbox Server, including a storage design. The last step that was performed in the previous article was the Public Folder replication from Exchange Server 2003 to Exchange Server 2010.

In this article we will actually move the various services from Exchange Server 2003 to Exchange Server 2010 and fully decommission the Exchange Server 2003 servers.

Offline Address Book generation

Changing the Offline Address Book generation isn’t the most difficult part of a migration. Logon to the new Exchange 2010 Server and open the Exchange Management Console. In the navigation pane, navigate to the Organization Configuration and select the Mailbox option. In the results pane, select the Offline Address Book tab. Right here you’ll see that the ‘old’ 2003 Mailbox Server is the Offline Address Book generation server. Right click this server and select ‘Move…’. The Move Offline Address Book wizard will appear, use the Browse button to select the Exchange 2010 Mailbox Server Role as the new generation server. Click the Move button to finish the wizard. When finished click the Finish button.

Address List conversion

Exchange Server 2010 uses E-mail Address Policies, just like Exchange Server 2007. And, as with Exchange Server 2007 these are not compatible with the Recipient Policies used in Exchange Server 2003. The next step is to convert the Recipient Policies to Exchange Server 2010 Email Address Policies.

There’s no way to achieve this using the Exchange Management Console so we need the Exchange Management Shell. When you try to edit a Recipient Policy in Exchange Server 2010 Management Console it gives a clue on how to convert the Recipient Policies to E-mail Address Policies:

Figure 1. You cannot edit Exchange 2003 Recipient Policies in Exchange Server 2010

Besides the fact that you have to convert the Recipient Policies to Email Address Policies there’s another very important aspect. Exchange Server 2003 can use LDAP queries for Recipient Policies while Exchange Server 2007 and Exchange Server 2010 use a new technique called OPATH filtering for creating queries. The OPATH filtering syntax replaces the LDAP filtering syntax. Using OPATH it is possible to create filters directly in the Exchange Management Shell using the –RecipientFilter parameter.

LDAP filters are supported in Exchange Server 2010, and they continue to work, but they only exist on objects that are migrated from Exchange Server 2003 or earlier.But if you want to edit LDAP filters they first need to be converted to OPATH filters. Microsoft has created a script that can convert your LDAP filters to OPATH filters. Check the Exchange team blog for more information: “Need help converting your LDAP filters to OPATH?

If you don’t use any LDAP filtering in your Recipient Policies you can convert the Recipient Policies directly to Email Address Policies.

The Set-EmailAddressPolicy cmdlet is needed for this.

Open the Exchange Management Shell and enter the following command:

Get-EmailAddressPolicy | where {$_.RecipientFilterType –eq “Legacy”}

This will show a list of Recipient Policies that are available in your Exchange organization. We can use this output by piping it into the Set-EmailAddressPolicy cmdlet:

Get-EmailAddressPolicy | where {$_.RecipientFilterType –eq “Legacy”} |
Set-EmailAddressPolicy –IncludedRecipients AllRecipients

The Recipient Policies are now converted to Exchange Server 2010 Email Address Policies and you can open them in the Exchange Management Console. Please note that the examples mentioned above are pretty simple policies. If you have more complex policies please test this thoroughly. If you have any Mailbox Manager policies, these have to be removed.

Warning:
if you  happen to do this on Recipient Policies that have (advanced) LDAP queries, all custom filters can be reset to "mailnickname=*" which can result significant email outages. You have to test all these changes in a dedicated lab environment to see how these changes will affect your Exchange environment!

The Address Lists need to be converted to Exchange Server 2010 as well. To achieve this open an Exchange Management Shell and enter the following commands:

Set-AddressList “All Users” –IncludedRecipients MailboxUsers

Set-AddressList “All Groups” –IncludedRecipients Mailgroups

Set-AddressList “All Contacts” –IncludedRecipients MailContacts

Set-AddressList “Public  Folders” –RecipientFilter {RecipientType –eq “PublicFolder”}

Set-GlobalAddressList "Default Global Address List" -RecipientFilter {(Alias -ne $null -and (ObjectClass -eq 'user' -or ObjectClass -eq 'contact'
-or ObjectClass -eq 'msExchSystemMailbox' -or ObjectClass
-eq 'msExchDynamicDistributionList' -or ObjectClass -eq 'group'
-or ObjectClass -eq 'publicFolder'))}

When finished you can open all Address Lists using the Exchange Management Console and using the Exchange 2003 System Manager for opening the Address Lists is no longer possible.

For more detailed information regarding the upgrade of Recipient Policies and Address Lists check the following Microsoft website:

Mail flow settings

Before changing the actual SMTP mailflow we have to create a Send Connector first. This will allow the Hub Transport Server to send SMTP mail to the Internet directly. In the Exchange Management Console, navigate to the Organization Configuration and select the Hub Transport Server. In the Actions Pane select “New Send Connector…” and create a new SMTP connector to the Internet. Select * in the namespace (this will send all outbound messages go through this connector) and select the DNS or the Smarthost option, depending on your own situation.

By default the Receive Connector on the Exchange 2010 Hub Transport Server will not allow any anonymous connections. To change this open the Exchange Management Console, navigate to the Server Configuration and select the Hub Transport Server in the Results Pane. Right Click the default Receive Connector and select its properties. Select the Permissions tab and check the “anonymous” option to enable SMTP anonymous access.

Figure 2. Enable Anonymous access on the Default Receive Connector

Now that everything is in place, we can start moving the messaging services to Exchange Server 2010. Although there’s no hard requirement to start with the mail flow I’m going to start here. In the original configuration, mail from the Internet is delivered to the ISA 2006 Server and from there it is sent to the Exchange 2003 front-end server. We’ll change the ISA Server configuration so that SMTP mail is delivered to the Exchange Server 2010 Hub Transport Server. When a mailbox is still on Exchange Server 2003 the message is sent across the Interop Routing Group Connector from Exchange Server 2010 to Exchange Server 2003 where it is delivered to the intended Recipient. The Interop Routing Group Connector was created during setup of the Hub Transport Server as explained in the previous chapter. On the ISA 2006 Server open the ISA Server Management Console and navigate to the Firewall Policy. In the results pane select the SMTP rule and edit it so SMTP messages are delivered to the new Exchange 2010 Hub Transport Server.

Outbound SMTP traffic needs to be changed as well. In the original situation there was an SMTP connector from the Exchange Server 2003 Front-End Server towards the Internet. A new Send Connector on the Exchange Server 2010 Hub Transport Server needs to be created that will replace the old Exchange Server 2003 SMTP Connector.

Log on to the Exchange Server 2010 Hub Transport Server and open the Exchange Management Console. Navigate to the Organization Configuration and select the Hub Transport. In the Results Pane select the Send Connectors tab and select “New Send Connector” in the Actions Pane and follow the wizard to create a new Send Connector. In the Address Space windows select “*” as the address space to make sure all messages are routed through this connector. In the Network Settings window you have to select either to use DNS (the Hub Transport Server will send all messages to other hosts) or to use a smart host (the Hub Transport Server will forward all messages to this host which in turn will send it to all other hosts).

If the new Send Connector is working, the SMTP Connector on the Exchange Server 2003 Front-End Server can be removed. If removed, messages from Exchange Server 2003 mailboxes bound to the Internet go through the Interop Routing Group Connector to the Exchange Server 2010 Hub Transport Server and then through the Send Connector to the Internet.

Client Access Server

In the previous article regarding the upgrade from Exchange Server 2003 to Exchange Server 2010 I explained the different namespaces. On the Exchange Server 2010 Client Access Server there’s a certificate with the following names:

  • Webmail.inframan.nl
  • Autodiscover.inframan.nl
  • Legacy.inframan.nl

When an OWA client logs on to the Exchange Server 2010 Client Access Server and the particular mailbox is still on Exchange Server 2003 the client gets redirected to the Exchange Server 2003 front-end server. This server will have the legacy. Inframan.nl name, since two servers cannot have the same Fully Qualified Domain Name (webmail.inframan.nl).

The new certificate on the Exchange Server 2010 Client Access Server can be exported and imported on the Exchange Server 2003 Front-End Server. This way an error message will not be shown when a client gets redirected to the Exchange Server 2003 Front-End Server.

Note. The certificate needs to be imported on the ISA 2006 Server as well.

After importing the new certificate on the Exchange Server 2003 Front-End server and the ISA 2006 Server the clients continue working, but with the new certificate, so you’ll face only a small downtime (one minute) here when replacing the certificate.

Changing the ISA 2006 Server rules takes a bit more planning. Three new rules will be created:

  • Exchange 2010 OWA rule;
  • Exchange 2010 ActiveSync rule;
  • Exchange 2010 Outlook Anywhere and Autodiscover rule;

Do not Apply the changes to the ISA Server at this moment, but uncheck the ‘enable’ option on each rule to prevent immediate activation.

For the ‘old’ Exchange 2003 legacy environment three rules have to be created on the ISA 2006 Server as well:

  • Exchange 2003 OWA rule;
  • Exchange 2003 ActiveSync rule;
  • Exchange 2003 RPC over HTTP rule (this one can be combined with the previous rule however);

As with the Exchange 2010 do not apply these rules immediately, but uncheck the ‘enable’ option on every rule before applying these changes.

The Web Listener in ISA 2006 Server needs to be changed as well. Since a seamless experience for end-users is needed when the redirection occurs, the Single Sign-On option need to be enabled on the Web Listener.

Figure 3. Enable to single sign-on option for the coexistence phase

In the ISA Server Management Console open the properties of the Web Listener and navigate to the SSO tab. Add the .inframan.nl in the SSO domain, please note the leading dot.

When you have configured the above options it’s time to apply all changes in the ISA Server. Enable the 2010 firewall rules, enable the legacy Exchange 2003 rules and disable the old Exchange 2003 rules. All clients are now connected to the Exchange Server 2010 Client Access Server and when needed the clients are redirected to the Exchange Server 2003 Front-End Server.

If you want more information regarding the Client Access Server in the coexistence phase you can read more, including step-by-step instructions on the Microsoft Exchange Product Team blogs:

Move Mailboxes

Before moving the Mailboxes to Exchange 2010 new Mailbox Databases need to be created on the Exchange Server 2010 Mailbox Server. As calculated with the Storage Requirements Calculator (check Table 1 in the previous article) four databases are needed on the Exchange Server 2010 Mailbox Server. To create these open the Exchange Management Console and navigate to the Organization Configuration and select the Mailbox option. In the results pane select the Mailbox Database tab and in the Actions Pane select “New Mailbox Database…”. Create four new Mailbox Databases, named for example DB01 to DB04. Locate the Databases on drive F:\ and the accompanying log files on drive G:\. Moving mailboxes is the easiest part in transitioning from Exchange Server 2003 to Exchange Server 2010. The only thing you have to be aware of is the fact that you must initiate the move to Exchange Server 2010 from the Exchange Management Console (or Exchange Management Shell) and not from the Exchange 2003 System Manager.

When you open the Exchange Management Console on the Exchange Server 2010 Mailbox Server and you navigate to the Mailbox option under Recipient Configuration you see a list of mailboxes in the results pane. In the Recipient Type Details column you can see what kind of mailboxes there are. The “Legacy Mailbox” is still an Exchange 2003 Mailbox; a “User Mailbox” is an Exchange Server 2010 Mailbox.

To move a mailbox right click the mailbox and select “New Local Move Request…”. In the wizard that shows up you’ll see the mailbox(es) that you selected. Click the Browse button to select a Mailbox Database you want the mailboxes to move to.

The following window is about corrupted messages and what the move mailbox should do when corrupted messages are found. By default the migration of the mailbox is skipped when corrupt messages are found. When moving from older Exchange versions, like Exchange 2003 it happens that for example old calendar items are corrupt, causing the Mailbox Move to fail. You can increase this number to for example 1,000 to continue moving Mailboxes.

A configuration summary is shown, and when you click the New button the move mailbox starts. After some time, the move mailbox will be finished and the mailbox is on the new Exchange Server 2010 Mailbox Server.

It is also possible to use the Exchange Management Shell for moving mailboxes. It is also possible to create custom scripts which may be useful for larger and more complex environments.

A sample command to move all legacy mailboxes (i.e. Exchange 2003 mailboxes) to Exchange Server 2010 would be:

Get-Mailbox –RecipientTypeDetails legacyMailbox | New-MoveRequest
–TargetDatabase DB01

Note: All Mailboxes will be spread across all four Mailbox Database that were created in the previous stop.

This will query the Exchange organization for all Exchange 2003 mailboxes and send the output of the query to the New-MoveRequest command. This will be queued on the server and processed in the background. After some time you can use the Get-MoveRequest command to view the status of the Move Requests:

Figure 4. The New-Move-Request and the status of the Move-Requests

When all of them are finished you can remove the completed Move Requests in the Exchange Management Console or in the Exchange Management Shell by entering the following command:

Get-MoveRequest | Remove-MoveRequest

Remove Public Folder database

When all mailboxes are moved to the Exchange Server 2010 Mailbox Server it’s time to remove the Public Folder Database from Exchange Server 2003. Since this Public Folder Database contains a replica of the Public Folder data the replica has to be moved to another server, in this case the Exchange Server 2010 Mailbox Server.

Logon to the Exchange Server 2003 server and open the Exchange System Manager. Navigate to the Exchange Server 2003 Mailbox Server, right click the Public Folder Database and select “Move All Replicas”.  Select the Exchange Server 2010 Public Folder database in the drop down box and click OK.

A warning message is displayed that the Public Folder Replicas will be move to the other Public Folder Database and that this can take a considerable amount of time. I’ve seen situation where this took more than 24 hours to complete. Replication takes place using SMTP messages that are sent across the Interop Routing Group Connector to the Exchange Server 2010 Public Folder Database.

Figure 5. Moving the replica from Exchange Server 2003 to Exchange Server 2010

As can be seen in the warning message you can check the ‘Public Folders Instances’ folder under the Public Folder database to see if it’s empty. If it’s not and you want to delete the Public Folder Database another warning message is displayed that the Database cannot be deleted.

Figure 6. Deleting the Public Folder database is denied as long as there are Public Folders.

As can be seen in  REF _Ref249414839 \h Figure 5 there are still Public Folders in the Database, therefore the Database cannot be removed and a warning message is displayed.

When all Public Folders are moved out of the Exchange Server 2003 Public Folder Database, it can be removed. The Mailbox Database can be removed at this time as well.

Move the Public Folder Hierarchy

The Public Folder tree itself should also be moved to the new Exchange Server 2007 Public Folder database. Logon to the Exchange Server 2003 server and open the Exchange Service Manager. Expand the Administrative Groups and right click the “Exchange Administrative Group (FYDIBOHF23SPDLT)”, select “New” and select “Public Folders Container”.

Then expand the old “First Administrative Group”, expand “Folders” and move the Public Folders tree to the Public Folders container you created in the previous step.

Remove the Interop Routing Group Connector

When the Public Folder Database and the Mailbox Database are removed, and you’ve double checked to ensure that no other clients are using the Exchange 2003 Front-End server as an SMTP relay, the Interop Routing Group Connector can be removed. This can only be done using the Exchange Management Shell on an Exchange Server 2010 server by using the following command:

Get-RoutingGroupConnector | Remove-RoutingGroupConnector

The Get-RoutingGroupConnector will return both Interop Routing Group Connectors (one from Exchange Server 2003 to Exchange Server 2010 and the other one vice versa) and this output will be used as input for the Remove-RoutingGroupConnector command.

Please make sure that absolutely no messages are remaining to be sent across the Interop Routing Group Connector before deletion!

Remove the Exchange Servers

Now that all services are not needed anymore on Exchange 2003 it’s time to remove the Exchange 2003 Front-End Server from our Exchange organization. Please use the Add/Remove Programs option in the server’s control panel to remove Exchange Server 2003. I’ve seen it several times that customers just turn off their Exchange 2003 Servers and start wondering why their environment became that unstable!

Please note that for uninstalling the Exchange 2003 Front-End Server you’ll need the installation media so keep this around.

The Recipient Update Service is the next to remove from the Exchange Server 2003 server. Open the Exchange System Manager and in the Recipients Container select the Recipients Update Service (domain). Right click this Recipient Update Service and select “Delete”. To remove the Enterprise Recipient Update Service it’s not possible to use the Exchange System Manager. To remove this you have to use ADSIEdit.

Open ADSIEdit and open the Configuration Container in Active Directory. Navigate to the

“CN=Recipient Update Services,CN=Address Lists Container,CN=Inframan, CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=inframan,DC=local”

container. There you’ll find the Recipient Update Server (Enterprise) object. Right click this object and select “Delete”.

The Exchange 2003 Mailbox Server is the last Exchange 2003 server and is ready to be removed. As with the Front-End server please remove it using the Add/Remove Programs option in the server’s control panel.

Note: When you check Active Directory with ADSIEdit you’ll notice that the old Exchange Server 2003 Administrative Group is still present, although empty. Do not remove this Administrative Group unless you’re absolutely sure there’s no object in Active Directory referencing this Administrative Group in the ExchangeLegacyDN attribute. For more information please check this Microsoft knowledgebase article: http://support.microsoft.com/kb/945602 - Users who use Outlook 2003 cannot publish their free/busy data in Exchange Server 2007.

My personal opinion would be just to leave it there and not touch it. Nobody will see this Administrative Group and it will bother nothing else, so just don’t touch it.

More information regarding the removal of the last legacy Exchange Server can be found on the Microsoft website:


© Simple-Talk.com