Exchange 2007 to Exchange 2010 - Is it possible to do without using a Legacy Host Name?

This may be a bit long winded so apologies in advance.
We are currently in the process of migrating from Exchange 2007 to Exchange 2010 but we're facing some issues with setting up a legacy host name for coexistence.
Here's our current setup:

One internet facing Exch2007 CAS server behind a firewall (with port secured obviously).
One Exch2007 Hub Transport/Mailbox server (approx. 1200 large-ish mailboxes).
SSL UC cert with 5 names (maxed out) currently in use on 2007 CAS server.
FQDN of OWA ( resolves to one of our ISP assigned public IP addresses.
Firewall has DNAT rule setup to redirect incoming traffic for to the Exch2007 CAS server IP address.
Firewall has SNAT rule to stamp all outbound SMTP traffic with same public IP address mentioned above.

For reasons I won't go into here, we were unable to include any of our internal domain FQDNs on our UC cert. To work around this issue with autodiscover and internal Outlook clients, we've had to implement a second internal DNS forward look-up zone for our external domain and create one A record there for our external FQDN ( and give it the IP address of our Exch2007 CAS server.

Our Exchange 2010 setup will be basically the same as our Exch2007 setup above.

MS claim that for coexistence (after installing and configuring new Exch2010 CAS server), you must create additional A records in internal and external DNS zones for a legacy host name which will point to the IP address of the Exch2007 CAS server. Because of our unique (and ham-fisted) setup, we'd like to avoid doing this as it presents complications (we've only a few public IP addresses left which are to be allocated to MOSS and we've used up all of the names on our UC cert which is still valid for another 2 years and we plan to export it to the new Exch2010 CAS server so we don't want to have to get an additional one).
Is it possible to simply install the new Exch2010 CAS server (and export the current UC cert to it), give it the name, change the firewall DNAT rule to redirect to its IP address and then decommission the Exch2007 CAS server? If so, how would the new 2010 CAS server know how to redirect to Exch2007 for those users with mailboxes still on that server?
Thanks in advance for any help.
Who is Participating?
Glen KnightConnect With a Mentor Commented:
only if you don't want to provide remote access to both servers during the migration.

The legacy host name is so that the Exchange 2010 CAS server can redirect client requests to the 2007 CAS server.  if you are not worried about this or don't use external access then it is not required.
stedwardsitdeptAuthor Commented:
Unfortunately, we will want to have remote access available during the move so it looks like we'll have to go with the legacy host name option.
I understand that we'll have to create a A record in our external DNS zone for "legacy" that directs to the Exch2007 CAS server IP, but is it necessary to create same record for our internal DNS? Outlook 2007 uses autodiscover to look for SCP AD object which points to our Exch2007 CAS currently. Would the intstallation of the 2010 CAS server alter that record so that it points to 2010 CAS?
Glen KnightCommented:
You don't need to do it for internal users, it's only for external access.

You will also need 2 public IP addresses, the legacy URL will point to 1 and the other will be for Exchange 2010
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

stedwardsitdeptAuthor Commented:
Thanks for your help and swift responses on this.
Perhaps you can help clarify the redirection process a bit for me.
I understand that we will need to create the external DNS record for legacy and assign it a public IP address. I also understand that we will need to give the 2010 CAS server the original OWA FQDN ( Further, I know that we will need to obtain another UC cert for the 2010 CAS server that lists the legacy FQDN. My confusion comes in at how the 2010 CAS actually goes about performing the redirection. I've read that it sends requests for users still on Exch2007 back outside the organisation to look for that legacy record, but I'm unclear on how this is done. I've read that you must "publish" the legacy address, but this brings to mind technology used by Forefront, ISA, TMG, none of which we are using. Our CAS servers are internet facing and simply sit behind a firewall. I'm aware that we will need to configure the DNAT rules to send incoming connections for "legacy" to the 2007 CAS server and redirect connections for the original to the new 2010 CAS server. Can you enlighten me?
Glen KnightCommented:
OK, basically when a client makes a request to the 2010 server, it will redirect the client to their 2007 CAS server using the LegacyURL option.

The redirection is then done silently and the client will request (for example) and get logged in.  This is why both URL's need to be available externally and why they need their own IP address because you cannot port forward the same port from a single external IP to 2 different destinations.

You don't need FTMG or ISA to achieve this.
stedwardsitdeptAuthor Commented:
Yes, I understand that much of it. I'm more enquiring about the details of what the 2010 CAS server is doing to the request it receives from Exch2007 users in order to redirect them to the new legacy URL. In other words, is it altering the request by stripping out the original URL, replacing it with the legacy URL, then pushing the request back out of the firewall/organisation so that it does a "u-turn" to look for that legacy FQDN? And what of the Set-OwaVirtualDirectory -Exchange2003URL cmdlet? Is that a necessary part of the process? I've read that it must be run in order for redirection to work.
Glen KnightCommented:
>>In other words, is it altering the request by stripping out the original URL, replacing it with the legacy URL, then pushing the request back out of the firewall/organisation so that it does a "u-turn" to look for that legacy FQDN

Basically, yes.

>>And what of the Set-OwaVirtualDirectory -Exchange2003URL cmdlet? Is that a necessary part of the process?
You only need to use this if you still have Exchange 2003 servers.

Have a look at:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.