Is there a way to programmatically change the Principle Name on all clients?

Migrating from Exchange 2003 to 2010. I see the directions call for three domain names:

mail.domain.com (new Ex2010 server)
autodiscover.domain.com
legacy.domain.com (new DNS record to be pointed at soon-to-be old Ex2003 server)

Currently, I have the old Ex2003 server as mserver.domain.com. The new Ex2010 I want to call mail.domain.com and NOT mserver.domain.com. From what I can tell, I think I'm going to have to visit each client personally (or remotely) and change the principal (MSSTD:mserver.domain.com) name to be the new principal (MSSTD:mail.domain.com). Anyone know a way around this? In the long term, I want mserver.domain.com to go completely away.

The cert I'm using has mserver.domain.com as the primary name, and mail.domain.com as a SAN. Therefore authentication fails using www.testexchangeconnectivity.com and the test for RPC/HTTP. The failure reads, "The certificate common name mserver.domain.com, doesn't validate against Mutual Authentication string provided msstd:mail.domain.com". I know I can change the mutual authentication string in Exchange Mgmt Shell, but this doesn't help me when I want to retire the DNS name mserver.domain.com.

Ideas?
xydenAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

defkamelCommented:
you only need legacy.domain.com  if you are going to have 2003 exchange coexisting with the new 2010 server. you can remove it if you are removing the old 2003 server.

I would have the following on the cert. You can re-key the cert with the correct names.

autodiscover.domain.com
mail.domain.com
servername
servername.domain.com

Then if you configure an external DNS A record for autodiscover.domain.com  (same place you configure your MX record) with the external IP address of your router and port 80 forwarded to the exchange server the clients can automatically configure themselves using the following process.

http://www.msexchange.org/tutorials/Uncovering-New-Outlook-2007-Discover-Service.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
xydenAuthor Commented:
Yeah, I need them to coexist for at least 2 weeks.

I'm thinking the best thing to do is follow the MS examples and migrate the current Ex2003 external FQDN (mserver.domain.com) to the new Ex2010 box while assigning a new FQDN (legacy.domain.com) to the old Ex2003 server. Once the migration and upgrade are complete, then handle changing the external FQDN of the Ex2010 box from mserver.domain.com to mail.domain.com.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.