Supported Systems for Exchange 2013

Supported Domain Controller

  • Windows Server 2012 R2 Standard or Datacenter 1
  • Windows Server 2012 Standard or Datacenter
  • Windows Server 2008 R2 Standard or Enterprise SP1 or later
  • Windows Server 2008 R2 Datacenter RTM or later
  • Windows Server 2008 Standard or Enterprise SP1 or later (32-bit or 64-bit)
  • Windows Server 2008 Datacenter RTM or later
  • Windows Server 2003 Standard Edition with Service Pack 2 (SP2) or later (32-bit or 64-bit)
  • Windows Server 2003 Enterprise Edition with SP2 or later (32-bit or 64-bit)

Supported Forest

Windows Server 2003 forest functionality mode or higher 2

  1. Windows Server 2012 R2 is supported only with Exchange 2013 SP1 or later.
  2. Windows Server 2012 R2 forest functionality mode is supported only with Exchange 2013 SP1 or later.

DNS Name Space

  • Contiguous
  • Noncontiguous
  • Single label domains
  • Disjoint

Mailbox, Client Access, and Management Tools

  • Windows Server 2012 R2 Standard or Datacenter
  • Windows Server 2012 Standard or Datacenter
  • Windows Server 2008 R2 Standard with Service Pack 1 (SP1)
  • Windows Server 2008 R2 Enterprise with Service Pack 1 (SP1)
  • Windows Server 2008 R2 Datacenter RTM or later

Supported Client

  • Outlook 2013
  • Outlook 2010
  • Outlook 2007
  • Entourage 2008 for Mac, Web Services Edition
  • Outlook for Mac 2011

Supported Coexistence

  • Exchange 2007 SP3 Update Rollup 10
  • Exchange 2010 SP3 Update Rollup 6

Supported Hybrid Deployment

  • Latest version of Office 365

Relevant Articles

Exchange 2013 Upgrade Guide

Exchange 2013 Deployment

Unified Messaging in Exchange 2013

Publish Exchange 2013

Exchange 2013 Upgrade, Migration and Co-existence

Migration Guide

Exchange 2007/2010 to Exchange 2013 Migration Step by Step Guide

How to Configure Unified Messaging in Exchange 2013 Step by Step

Mail flow in Exchange 2013

image

Source: Microsoft TechNet

image

Source: Microsoft TechNet

Protocol Exchange 2007 & Exchange 2013 Exchange 2007 & Exchange 2013
Namespace legacy.domain.com no additional namespace
OWA Non-silent redirection to
legacy.domain.com
Proxy to CAS2010
Silent direction
EAS Proxy to MBX2013 Proxy to CAS2010
Outlook Anywhere Proxy to CAS2007 Proxy to CAS2010
Autodiscover Redirect to CAS2007 Proxy to CAS2010
EWS Autodiscover Proxy to CAS2010
POP/IMAP Redirect to CAS2007 Proxy to CAS2010
OAB Redirect to CAS2007 Proxy to CAS2010
RPS N/A Proxy to CAS2010
ECP N/A Proxy to CAS2010

Exchange 2013 Perquisites

Supported Co-existence Scenario

  • Exchange 2010 SP3
  • Exchange 2007 SP3+RU10

Supported Client

  • Outlook Anywhere Only, Outlook 2007 or later
  • Outlook for Mac 2011
  • Entourage 2008 for Mac

Active Directory

  • Windows 2003 Forest Functional Level or higher
  • At least one global catalog. two global catalog is highly recommended for redundancy purpose
  • No support for RODC or ROGC

Namespace

  • Contiguous
  • Non-Contiguous
  • Single level Domain
  • disjoint

Operating Systems

  • Windows Server 2008 R2 SP1
  • Windows Server 2012 or Windows Server 2012 R2

Other Components

  • Internet Information Service (IIS)
  • .Net Framework 4.5
  • Unified Communication Managed API

Cumulative Updates

  • CU is a full exchange installer or binary
  • Required for co-existence with Exchange 2007/2010

Upgrade from Exchange 2010 to Exchange 2013

1. Prepare

  • Prepare Exchange 2010 with SP3
  • Test Exchange using Test cmdlets
  • Test Active Directory health status
  • Prepare Active Directory Schema using Exchange 2013 schema

2. Deploy Exchange 2013

  • Install both Exchange 2013 MBX and CAS servers
  • Install Management Server on admin PC

3. Obtain and deploy Certificates

  • Create Certificate CSR from Exchange 2013
  • Sign the certificate from public CA
  • Install Certificate and assign certificate to IIS,SMTP,POP,IMAP

OR

  • Export certificate from Exchange 2010 and import into Exchange 2013

4. Configure Mail flow

  • Create mail and autodiscover namespace and point to Exchange 2013
  • Add Exchange 2013 MBX server into Send Connector
  • Configure Frontend receive connector
  • Create anonymous relay

5. Switch Primary Name Space

  • Switch OWA, ActiveSync and SMTP traffic to Exchange 2013
  • Use TMG/UAG to switch OWA and ActiveSync to Exchange 2013
  • Switch port 25 forwarding to Exchange 2013
  • Validate traffic flow to Exchange 2013

6. Move Mailboxes

  • Build Exchange DAG
  • Migrate user mailbox
  • Migrate resource mailbox
  • Migrate public folders

7. Repeat additional sites

8. Decommission Exchange 2010

Upgrade from Exchange 2007 to Exchange 2013

1. Prepare

  • Prepare Exchange 2007 with SP3 +RU
  • Test Exchange using Test cmdlets
  • Test Active Directory health status
  • Prepare Active Directory Schema using Exchange 2013 schema

2. Deploy Exchange 2013

  • Install both Exchange 2013 MBX and CAS servers
  • Install Management Server on admin PC

3. Obtain and deploy Certificates

  • Create a certificate CSR from Exchange 2013 with legacy namespace
  • Sign the certificate from public CA
  • Install Certificate and assign certificate to Exchange 2013 IIS,SMTP,POP,IMAP
  • Install same certificate into Exchange 2007

4. Configure Mail flow

  • Create legacy DNS record pointing to Exchange 2007
  • Create mail and autodiscover namespace and point to Exchange 2013 CAS
  • Create Send Connector in Exchange 2013
  • Configure Frontend receive connector
  • Create anonymous relay

5. Switch Primary Name Space

  • Switch OWA, ActiveSync and SMTP traffic to Exchange 2013
  • Use TMG/UAG to switch OWA and ActiveSync to Exchange 2013
  • Switch port 25 forwarding to Exchange 2013
  • Validate traffic flow to Exchange 2013 using MCA and ExRCA

6. Move Mailboxes

  • Build Exchange DAG
  • Migrate user mailbox
  • Migrate resource mailbox
  • Migrate public folders

7. Repeat additional sites

8. Decommission Exchange 2007

Validate External Connectivity

Certificate Best Practice

  • Minimize number of certificates
  • Minimize number of host name
  • use split DNS for Exchange host name
  • Don’t list machine name in certificates
  • Use Subject Alternative Name Certificate or SAN certificates

Restart Transport Services and Information Store Service

  • Patch Exchange Server using WSUS or ConfigMgr
  • Reboot DAG member one by one
  • Reboot CAS server one by one
  • Management Tools
  • User Exchange 2013 Administration Center to manage co-existence and migration tasks
  • Use Exchange 2010 management console to move offline address book

Cutover Process

  • Public folder migration is part of final cutover
  • Exchange and Active Directory health check
  • verify proposed and implemented Exchange 2013

Post Migration

  • Shutdown Exchange 2010 servers for minimum 48 hours in working days
  • Decommission Exchange 2010

Blogging year 2010—-what stats says

Gallery

Sharing stats of my blog https://araihan.wordpress.com with my visitors. I started this free wordpress before founding http://microsoftguru.com.au Team WordPress.com + Stats Helper MonkeysJanuary 2nd, 2011, 03:35pm Here’s a high level summary of my overall blog health: Wow Blog-Health-o-Meter™ “We think … Continue reading

How to configure Exchange 2010 Unified Messaging Server –step by step

An UM infrastructure is an integration of Microsoft Exchange Server, IP Gateway Conventional PBX and IP-PBX to deliver voicemail, greetings and customer messages to a single outlook client.  Microsoft Exchange Server Unified Messaging (UM) combines voice messaging and e-mail messaging into a single messaging infrastructure. Unified Messaging puts all e-mail and voice messages into one Exchange 2010 mailbox that can be accessed from many different devices. After Unified Messaging servers have been deployed on a network, users can access their messages using Outlook Voice Access, from any telephone, from a mobile phone, or from the computer.
Windows Server 2012 Step by Step

Systems Requirements

Microsoft Certified PBX and IP Gateway

Microsoft Telephony Advisor for Exchange Server

Exchange 2010 pre-requisites

Unified Communication Architecture

image

To install Unified Messaging Server Role on Exchange 2010

  • Log on to the server on which you want to install Exchange 2010
  • Insert the Exchange 2010 DVD into the DVD drive (or browse to your install location). If Setup.exe doesn’t start automatically, navigate to the DVD drive and double-click Setup.exe
  • On the Start page, click Choose Exchange language option. Select Install only languages from the DVD
  • In the Exchange Server 2010 Setup wizard, on the Introduction page, click Next.
  • On the License Agreement page, review the software license terms. If you agree to the terms, select I accept the terms in the license agreement, and then click Next.
  • On the Error Reporting page, select Yes, and then click Next.
  • On the Installation Type page, click Custom Exchange Server Installation.
  • On the Server Role Selection page, select the UM server role
  • On the Customer Experience Improvement Program page, choose the appropriate selection for your organization, and then click Next.
  • On the Completion page, click Finish

After you install and configure the Unified Messaging server, You must create the following objects after you successfully install the Unified Messaging server role:

  • Dial Plan objects
  • IP Gateway objects
  • Hunt Group objects
  • Mailbox Policy objects
  • Auto Attendant objects
  • UM Server objects

Once UM server configured. You must configure other UM devices such AudioCodecs IP Gateway, Siemens, Cisco or your preferred PBX, IP-PBX devices to work with Microsoft Exchange Server 2010 UM. Microsoft supported configuration “how to” guides are at the end this articles in PDF format.

How UM use Active Directory and HT server to Transmit Email

The Unified Messaging server role uses Active Directory site membership information to determine which Hub Transport servers are located in the same Active Directory site as the Unified Messaging server. The Unified Messaging server submits messages for routing to a Hub Transport server within the same Active Directory site. The Hub Transport server performs recipient resolution and queries Active Directory to match a telephone number, or another Unified Messaging property, to a recipient account. After the recipient resolution completes, the Hub transport server will deliver the message to the target mailbox in the same way as a regular e-mail message.

To Create UM Dial Plan

  • In the console tree, navigate to Organization Configuration > Unified Messaging.
  • In the action pane, click New UM Dial Plan.
  • In the New UM Dial Plan wizard
  • On the Set UM Servers page, click Add, and then, on the Select UM Server page, select the UM server that you want to add to the UM dial plan.
  • On the Completion page, confirm whether the dial plan was successfully created.
  • Click Finish to complete the New UM Dial Plan wizard 1183To enable Unified Messaging on an Exchange 2010 server
  • In the console tree, navigate to Server Configuration > Unified Messaging.
  • select the Unified Messaging server, Click on Enter Product Key to enter UM license
  • Once licensed, In the result pane, select the Unified Messaging server to enable.
  • In the action pane, click Enable UM Server 17To Create an UM IP Gateway
  • In the console tree, navigate to Organization Configuration > Unified Messaging.
  • In the work pane, click the UM IP Gateways tab.
  • In the action pane, click New UM IP Gateway.
  • In the New UM IP Gateway wizard
  • On the Completion page, confirm whether the UM IP gateway was successfully created.
  • Click Finish to complete the New UM IP Gateway wizard 4567To Create an UM Hunt Group
  • In the console tree, navigate to Organization Configuration > Unified Messaging.
  • In the work pane, click the UM IP Gateways tab.
  • In the result pane, select a UM IP gateway.
  • In the action pane, click New UM Hunt Group.
  • In the New UM Hunt Group wizard,view or complete the following fields,  Associated UM IP gateway ,Name  Dial plan   Click the Browse button to select the dial plan that will be associated with the UM hunt group.  Pilot identifier   An extension number or a Session Initiated Protocol (SIP) Uniform Resource Identifier (URI) can be used in this field.
  • On the Completion page, confirm whether the UM hunt group was successfully created
  • Click Finish to complete the New UM Hunt Group wizard. 192021To add a UM server to a dial plan
  • In the console tree, click Server Configuration.
  • In the result pane, select the Unified Messaging server.
  • In the action pane, click Properties.
  • On the UM Settings > Associated Dial Plans, click Add.
  • In the Select Dial Plan window, select the dial plan you want to add from the list of available dial plans, and then click OK.
  • Click OK again to accept your changes. 222324
  • To configure the start-up mode
  • In the console root, navigate to Server Configuration > Unified Messaging.
  • In the result pane, click to select the Unified Messaging server you want to set up.
  • In the action pane, click Properties.
  • On the UM Settings tab, in the Startup Mode drop-down list, select one of the following settings: TCP   Use this setting if the UM server is being added to only UM dial plans that are set to Unsecured but won’t be added to dial plans that are set to SIP Secured or Secured. In TCP mode, the UM server will only listen on TCP port 5060 for SIP requests. By default, the UM server will startup in TCP only mode. TLS   Use this setting if the UM server is being added to UM dial plans that are set to SIP Secured or Secured but won’t be added to dial plans that are set to Unsecured. In TLS mode, the UM server will only listen on TCP port 5061 for SIP requests.

    Dual   Use this setting if the UM server is being added to UM dial plans that have different security settings. In Dual mode, the UM server can listen on ports 5060 and 5061 simultaneously.

    Click OK.

    To configure number of concurrent voice calls

  • In the console tree, navigate to Server Configuration > Unified Messaging.
  • In the result pane, click to select the Unified Messaging server you want to set up.
  • In the action pane, click Properties.
  • On the UM Settings tab, in the Maximum concurrent calls text box, type the maximum number of concurrent voice calls.
  • Click OK. 22To view number of active calls
  • Click Start, click Programs, click Administrative Tools, and then click Performance.
  • In the Performance console, right-click the details pane, and then select Add Counters from the menu. You can also press CTRL+I to open the Add Counters window.
  • In the Add Counters window, in the Performance object list, select MSExchangeUMGeneral.
  • In Select Counters from list, select Current Calls, click Add, and then click Close.
  • In the Performance console, in the details pane, select the Current Calls counter to display the number of current calls.  To add UM Mailbox
  • In the console tree, navigate to Organization Configuration > Unified Messaging.
  • In the work pane, click the UM Mailbox tab.
  • In the action pane, click New UM Mailbox.
  • In the New UM Mailbox wizard
  • On the Completion page, confirm whether the UM Mailbox was successfully created.
  • Click Finish to complete the New UM Mailbox wizard 89   10

    To add UM Auto Attendant

  • In the console tree, navigate to Organization Configuration > Unified Messaging.
  • In the work pane, click the UM Auto Attendant tab.
  • In the action pane, click New UM Auto Attendant .
  • In the New UM Auto Attendant wizard
  • On the Completion page, confirm whether the UM Auto Attendant was successfully created.
  • Click Finish to complete the New UM Auto Attendant wizard  1112To verify UM mailbox property
  • In the console tree, navigate to Organization Configuration > Unified Messaging.
  • In the work pane, click the UM Mailbox tab.
  • Right click Newly UM Mailbox.
  • Click on Property  1314 1516       
  •  AudioCodecs Configuration Guide

    Siemens HiPath 4000 Configuration Guide

    Design Guide for Cisco Unified Messaging 1.0

    Cisco CallManager Express Configuration Guide

    CallManager for Cisco Unity Express Configuration Example

    Cisco Unity Express Command Reference Complete Book

    Command Reference for Cisco Unified Messaging Gateway (Cisco UMG) Release 8.0

    Cisco Unified Communication Software

    Cisco IP Phone

    Quick Start Guide for Outlook Voice Access 2010 

  • Cisco Unified Communications Manager Administration Guide, Release 7.1(2)Microsoft Exchange 2010 Unified Messaging PBX Configuration Note for Cisco Unified Communications Manager 7.0

     

Rename Domain with Exchange 2007/2010 not feasible! an alternative solutions

Recently my company registered a new domain name and wanted to me to investigate best possible way to rename domain internally, change websites (hosted on IIS) publicly accessible CNAME to new domain name and change email address for entire organization. Fun hahh!! Google search appears that domain rename possible in win2k3 AD and exchange 2003 SP1.  However, according to Microsoft TechNet I can not rename Windows 2008 native domain with Exchange 2007 . what happen to those who are in the following situation:

  • Rename Business registration
  • Merger and/or Acquisition between companies
  • Change of ownership

If your management decide to have new user account@newdomain, email addresses@newdomain and websites with new domain name. Now you will not have a choice but  find out a solution regardless of who says what. In this article (Ref: Plan A), I will investigate and share with you what happen if you rename domain on a test environment similar to my organisation i.e. Microsoft Active Directory 2008 and Exchange 2007/2010. Those who are in my situation, I will explain (Ref: Plan B) how I can accomplish same objectives with alternative deployment that means without messing around AD domain and Exchange 2007/2010.  I know plan A is going to fail but worthwhile to produce documents to management and go for plan B. So that business runs smoothly. when time perfect and fund is available then rebuild Microsoft messaging systems for entire organization.

Light bulbDo NOT perform these steps in a production environment. Domain rename is NOT supported when Exchange 2007/2010 installed in a member server.

Rename Domain on a Testbed

Objectives:

  • Rename Domain
  • Migrate IIS to new domain
  • Fix GPO and Exchange (only applicable for Exchange 2003)

Assumptions:

image

Steps involve:

  • Set up your control station for the domain rename operation.
  • Freeze the Forest Configuration
  • Back up all the domain controllers in your forest.
  • Generate the current forest description.
  • Specify the new forest description.
  • Generate domain rename instructions
  • Push domain rename instructions to all domain controllers, and verify DNS readiness.
  • Verify the readiness of the domain controllers.
  • Execute the domain rename instructions
  • Update the Exchange configuration, and restart the Exchange servers (Only applicable for Exchange 2003 SP1)
  • Unfreeze the forest configuration
  • Re-establish external trusts
  • Fix Group Policy objects (GPOs) and links.

Precaution: Use the following link for Active Directory Backup and Restore in Windows Server 2008  or keep your resume handyWink

To verify the forest functionality to Windows Server 2008

  1. Open Active Directory Domains and Trusts.
  2. In the scope pane, right-click Active Directory Domains and Trusts and then click Raise Forest Functional Level.
  3. In the Select an available forest functional level box, click Windows Server 2008, and then click Raise.
  4. Click OK to raise the forest functionality, and then click OK again.

12

To analyze and prepare DNS zones for domain rename

  1. Compile a list of DNS zones that need to be created.
  2. Use the DNS MMC snap-in to create the required DNS zones compiled in step 1.
  3. Configure DNS zones according to “Add a forward lookup zone” in Windows Server 2008.
  4. Configure dynamic DNS update according to “Allow dynamic updates” in Windows Server 2008.

To generate the current forest description file

In windows server 2008, rendom and GPFix utility are available in %Windir%system32 folder. If you change your directory into c:Windowssystem32 and run rendom /list then domainlist.xml will be placed in same directory.

  1. On the control station, open a command prompt and change to the X:DomainRename directory.
  2. At the command prompt, type rendom /list the following command and press ENTER:
  3. Save a copy of the current forest description file (domainlist.xml) generated in step 2 as domainlist-save.xml for future reference by using the following copy command: copy domainlist.xml domainlist-save.xml

95

To edit the domainlist.xml file

  1. Using a simple text editor such as Notepad.exe, open the current forest description file domainlist.xml generated in “STEP 3: Generate the Current Forest Description” earlier in this document.
  2. Edit the forest description file, replacing the current DNS and/or NetBIOS names of the domains and application directory partitions to be renamed with the planned new DNS and/or NetBIOS names.

67

8

To review the new forest description in domainlist.xml

At the command prompt, type the following and then press ENTER: rendom /showforest

To generate the domain rename instructions and upload them to the domain naming master

  1. On the control station, open a command prompt.
  2. From within the X:DomainRename directory, execute the following command: rendom /upload
  3. Verify that the domain rename tool created the state file dclist.xml in the directory X:DomainRename and that the state file contains an entry for every domain controller in your forest

10

To discover the DNS host name of the domain naming master

  1. On the control station, open a command prompt.
  2. At the command prompt, type the following and then press ENTER: Dsquery server –hasfsmo name

To force synchronization of changes made to the domain naming master

The following procedure forces the Active Directory changes initiated at the Domain Naming master DC in STEP 4 to replicate to all DCs in the forest.

  1. On the control station, open a command prompt.
  2. At the command prompt, type the following and then press ENTER: repadmin /syncall /d /e /P /q DomainNamingMaster

where DomainNamingMaster is the DNS host name of the domain controller that is the current domain naming master for the forest.

To verify the readiness of domain controllers in the forest

1. On the control station, open a command prompt and change to the X:DomainRename directory

2. At the command prompt, type the following command and then press ENTER: rendom /prepare

3. Once the command has finished execution, examine the state file domainlist.xml to determine whether all domain controllers have achieved the

To execute the domain rename instructions on all domain controllers

  1. On the control station, open a command prompt.
  2. At the command prompt, type the following and then press ENTER: rendom /execute
  3. When the command has finished execution, examine the state file domainlist.xml to determine whether all domain controllers have reached either the Done state or the Error state.
  4. If the domainlist.xml file shows any DCs as remaining in the Prepared state, repeat step 2 in this procedure as many times as needed until the stopping criterion is met.

12

To force Rendom /execute to re-issue the RPC to a DC in the Error state

  1. In the domainlist.xml file, locate the <Retry></Retry> field in the domain controller entry for the DC that you believe should be retried.
  2. Edit the domainlist.xml file such that the field reads <Retry>yes</Retry> for that entry.
  3. The next execution of the rendom /execute command will re-issue the execute-specific RPC to that DC.

To fix up DFS topology in every renamed domain

On the control station, open a command prompt. For each Dfs root, if any of the topology components as described above needs to be fixed, type the following command (the entire command must be typed on a single line, although it is shown on multiple lines for clarity) and press ENTER:

dfsutil /RenameFtRoot /Root:DfsRootPath /OldDomain:OldName /NewDomain:NewName /Verbose

-Where-

DfsRootPath is the DFS root to operate on, e.g., \microsoftguru.com.aupublic.

OldName is the exact old name to be replaced in the topology for the Dfs root.

NewName is the exact new name to replace the old name in the topology.

To fix up Group Policy in every renamed domain

  1. On the control station, open a command prompt and change to the X:DomainRename directory.
  2. At the command prompt, type the following command (the entire command must be typed on a single line, although it is shown on multiple lines for clarity) and press ENTER:

gpfixup /olddns:OldDomainDnsName /newdns:NewDomainDNSName /oldnb:OldDomainNetBIOSName

/newnb:NewDomainNetBIOSName /dc:DcDnsName 2>&1 >gpfixup.log

-Where-

OldDomainDnsName is the old DNS name of the renamed domain.

NewDomainDnsName is the new DNS name of the renamed domain.

OldDomainNetBIOSName is the old NetBIOS name of the renamed domain.

NewDomainNetBIOSName is the new NetBIOS name of the renamed domain.

DcDnsName is the DNS host name of a domain controller in the renamed domain, preferably the PDC emulator, that successfully completed the rename operation with a final Done state in the dclist.xml state file in “STEP 8: Execute Domain Rename Instructions” earlier in this document.

For example,

gpfixup /olddns:wolverine.com.au /newdns:microsoftguru.com.au /oldnb:wolverine /newnb:microsoftguru /dc:dc.wolverine.com.au 2>&1 >gpfixup1.log

11

To force replication of the Group Policy fix-up changes made at the DC named in DcDNSName in above step of this procedure to the rest of the DCs in the renamed domain, type the following and then press ENTER: repadmin /syncall /d /e /P /q DcDnsName NewDomainDN

-Where-

DcDnsName is the DNS host name of the DC that was targeted by the gpfixup command.

NewDomainDN is the distinguished name (DN) corresponding to the new DNS name of the renamed domain.

Repeat steps  in this procedure for every renamed domain. You can enter the commands in sequence for each renamed domain.

For Example, repadmin /syncall /d /e /P /q dc.microsoftguru.com.au dc=microsoftguru,dc=com, dc=au 

To update the DNS name of the CA machine

  1. On the CA machine, open registry editor and locate the entry CAServerName under HKLMSystemCurrentControlSetCertSvcConfigurationYourCAName.
  2. Change the value in CAServerName to correspond to the new DNS host name.

To update the Web enrolment file

To enable proper Web enrollment for the user, you must also update the file that is used by the ASP pages used for Web enrollment. The following change must be made on all CA machines in your domain.

1. On the CA machine, search for the certdat.inc file (if you have used default installation settings, it should be located in the %windir%system32certsrv directory).

14

2. Open the file, which appears as follows:

1516

17

<%’ CODEPAGE=65001 ‘UTF-8%>

<%’ certdat.inc – (CERT)srv web – global (DAT)a

‘ Copyright (C) Microsoft Corporation, 1998 – 1999 %>

<% ‘ default values for the certificate request

sDefaultCompany=””

sDefaultOrgUnit=””

sDefaultLocality=””

sDefaultState=””

sDefaultCountry=””

‘ global state

sServerType=”Enterprise” ‘vs StandAlone

sServerConfig=”OLDDNSNAMEYourCAName”

sServerDisplayName=”YourCAName”

nPendingTimeoutDays=10

‘ control versions

sXEnrollVersion=”5,131,2510,0″

sScrdEnrlVersion=”5,131,2474,0″

%>

3. Change the SServerConfig entry to have the NewDNSName of the CA machine.

To perform attribute clean up after domain rename

  1. On the control station, open a command prompt.
  2. At the command prompt, from within the X:DomainRename directory, execute the following command: rendom /clean
Command-line usage to run XDR-fixup.exe

XDR-fixup.exe /s:start_domainlist.xml /e:end_domainlist.xml [/user:username /pwd:password | *] [/trace:tracefile] /changes:changescript.ldf /restore:restorescript.ldf [/?]

Note This command is one line. It has been wrapped for readability.

Command-line usage to verify XDR-fixup.exe

Use the following command line to verify the changes that are made by XDR-fixup.exe:

XDR-fixup /verify:restorescript.ldf /changes:verifycorrections.ldf

To unfreeze the forest configuration

From within the X:DomainRename directory, execute the following command: rendom /end

To force remove domain member if fails to join new domain using following command. Then re-join domain manually.

netdom remove <machine-name> /Domain:<old-domain> /Force”

To use Control Panel to check for primary DNS suffix update configuration for a computer

The following procedures explain two ways to view the setting for a member computer that determines whether the primary DNS suffix changes when the name of the membership domain changes.

1. On a member computer, in Control Panel, double-click System.

2. Click the Computer Name tab and then click Change.

3. Click More and then verify whether Change primary domain suffix when domain membership changes is selected.

4. Click OK until all dialog boxes are closed.

To use the registry to check for primary DNS suffix update configuration for a computer

1. On the Start menu, click Run.

2. In the Open box, type regedit and then click OK.

3. Navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters.

4. Verify whether the value of REG_RWORD SyncDomainWithMembership is 0x1. This value indicates that the primary DNS suffix changes when the domain membership changes.

To determine whether Group Policy specifies the primary DNS suffix for a computer

  1. On a member computer, perform one of the following steps:
  2. At a command prompt, type gpresult. In the output, under Applied Group Policy objects, check to see whether Primary DNS Suffix is listed.

Open the Resultant Set of Policy Wizard, as follows:

In Active Directory Users and Computers, right-click the computer object, click All Tasks, and then click Resultant Set of Policy (Logging).

Open a command prompt and then type: ipconfig /all

Check the Primary DNS Suffix in the output. If it does not match the primary DNS suffix that is specified in the System Control Panel for the computer (see “To use Control Panel to check for primary DNS suffix update configuration for a computer” earlier in this document), then the Primary DNS Suffix Group Policy is applied.

u In the registry, check for the presence of the entry Primary DNS Suffix under HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftSystemDNSclient. If a value is present, then the Primary DNS Suffix Group Policy is applied to the computer.

To install Support Tools

1. On the Windows Server 2003 Standard Edition, Windows Server 2003 Enterprise Edition, or Windows Server 2003 Datacenter Edition operating system CD, double-click the Support folder.

2. In the Support folder, double-click the Tool folder and then run suptools.msi.

To use ADSI Edit to add DNS suffixes to msDS‑AllowedDNSSuffixes

The attribute msDS‑AllowedDNSSuffixes is an attribute of the domain object. Therefore, you must set DNS suffixes for each domain whose name is going to change.

1. On the Start menu, point to Programs, Windows Server 2003 Support Tools, Tools, and then click ADSI Edit.

2. Double-click the domain directory partition for the domain you want to modify.

3. Right-click the domain container object, and then click Properties.

4. On the Attribute Editor tab, in the Attributes box, double-click the attribute msDS‑AllowedDNSSuffixes.

5. In the Multi-valued String Editor dialog box, in the Value to add box, type a DNS suffix and then click Add.

6. When you have added all the DNS suffixes for the domain, click OK.

7. Click OK to closed the Properties dialog box for that domain.

8. In the scope pane, right-click ADSI Edit and click Connect to.

9. Under Computer, click Select or type a domain or server.

10. Type the name of the next domain for which you want to set the primary DNS suffix, and then click OK.

11. Repeat steps 2 through 7 for that domain.

12. Repeat steps 8 through 10 to select each subsequent domain and repeat steps 2 through 7 to set the primary DNS suffix for each subsequent domain that is being renamed.

                  18

To apply the Group Policy setting Primary DNS Suffix to groups of member computers

1. In Active Directory Users and Computers, right-click the domain or organizational unit that contains the group of computers to which you are applying Group Policy.

-Or-

In Active Directory Sites and Services, right-click the site object that contains the computers to which you are applying Group Policy.

2. Click the Group Policy tab.

3. In the Group Policy object Links box, click the Group Policy object that you want to contain the Primary DNS Suffix setting.

-Or-

To create a new Group Policy object, click New and then type a name for the object.

4. With the Group Policy object selected, click Edit.

5. Under Computer Configuration, click to expand Administrative Templates, Network, and then click DNS Client.

6. In the results pane, double-click Primary DNS Suffix.

7. Click Enabled, and then in the Enter a primary DNS suffix box, type the DNS suffix for the domain whose member computers are in the group you selected in Step 1.

8. Click OK.

9. Close the Group Policy dialog box, and then close the properties page for the selected object.

To configure the redirecting alias DNS entry

1. In the DNS MMC snap-in, expand the DNS server node to expose the old DNS zone.

2. Right-click the old DNS zone.

3. Click New Alias (CNAME ).

4. In the Alias name box, type the original fully qualified domain name (FQDN) of the HTTP Server..

5. In the Fully qualified domain name for target host box, type the new FQDN of the HTTP Server, and then click OK.

At this point you can test the redirection by pinging the FQDN of the old HTTP server. The ping should be remapped to the new FQDN of the HTTP server.

Issues involving domain rename:

  • XDR-Fixup tool does not work on Exchange 2010 
  • Exchange SMTP stops functioning
  • Exchange organization initialization fails

19

Simple alternative solutions without renaming domain

Microsoft does not support domain rename if Exchange 2007 installed in member server. So what could be work around if you have to have new user account, corresponding emails account and web sites with new domain name without renaming domain.

  • Prepare a control workstation station and log on as a domain admin, schema admin and enterprise admin
  • Create a new range of IP in your infrastructure
  • Prepare an windows server 2008 and promote as your new primary domain with new domain name
  • Create External trust between two domains
  • Ask your ISP Add new Host (A) and MX record with new domain

  20          

  • Point this new MX record to existing SMTP server
  • Add new domain into trusted domain list

232122

  • Add new email policy for new domain

2425

2627

2829

30

  • Change default email address to new email addresses through email property of mailbox using Exchange management console

31

  • Migrate IIS web sites to new web server
  • Redirect CNAME record to new websites for customers and stakeholder
  • Add 301 redirect using Google webmaster if necessary 

Relevant Articles:

Microsoft Exchange System Attendant service does not start

completely remove Exchange 2000 or Exchange 2003 from Active Directory

How to remove Exchange Server 2003 from your computer

How to remove the first Exchange Server 2003 computer from the administrative group

Removing and Modifying Exchange 2007

Step-by-Step Guide to Implementing Domain Rename

Windows Server 2003 Active Directory Domain Rename Tools

Exchange Server Domain Rename Fixup

Microsoft KB842116

Microsoft Exchange Server Domain Rename Fixup (XDR-Fixup)

Windows 2003 domain rename tools

 

Forefront TMG 2010: Publishing Exchange server 2010

Gallery

This gallery contains 2 photos.

To ensure that every Exchange client access mail securely from anywhere (internally and externally) Exchange deployment published through Forefront TMG 2010. you need to plan and deploy the different roles of Exchange Server which includes Exchange HT, CAS, ET and … Continue reading