Migrate Exchange 2007 (single-server) to Exchange 2010 (single-server) with no downtime

Posted on 2011-05-05
Medium Priority
Last Modified: 2012-06-21
I'm looking to complete a migration from our current Exchange 2007 (all running on a single-server) to our new Exchange 2010 (also running on a single-server) with little-to-no downtime, if at all possible.  Ideally, I would have the new Exchange 2010 Server acting as the primary, with clients routed to whichever server their mailbox lives at -- and this would be true for Outlook clients, OWA access, EAS connectivity, etc..  

My understanding is that this is very possible.

Anyhow, there are a number of good write-ups out there, but I'm still somewhat gun shy about moving forward.  A lot of my confusion comes from the order of steps around pointing folks to the new server (with SSL certificate), how they're routed between the servers (depending upon whether their mailbox has been moved yet), and getting things like the Public Folders, which we still use, moved over.

At this point, I have our Exchange 2010 Server set up and ready to use -- complete with SP1 and latest rollups.  I was able to successfully migrate a test mailbox from Exch2007 to the new Exch2010 server, and it's working great.  It can both send & receive email.  

Currently, going to our primary OWA address (https://webmail.ourdomain.com) gets you to your mailbox -- except for the test mailbox that I migrated to Exch2010.  In that case, it gives a suggestion for a better URL, and takes you back to the login.  If you go to the temporary OWA address of our new server (https://webmail2.ourdomain.com), you'll get routed to the Exch2010 interface on the test mailbox, and then routed to the Exch2007 interface for the rest of the mailboxes.  Interesting.

Our layout is as follows:
- Exchange 2010 Server
- Internal Name: MX10
- External Name:  webmail2.ourdomain.com

- Exchange 2007 Server
- Internal Name: MX07
- External Name: webmail.ourdomain.com

1) What is the next step for getting our Exchange 2010 Server as the primary box in our setup?
2) Do I go ahead and get a new SSL certificate for the Exch2010 Server for our current external URL, webmail.ourdomain.com?
3) I've read about setting up an external DNS name, legacy.ourdomain.com, for the old server, and then point webmail.ourdomain.com at the new server.  Does it route users to the old server automatically?
4) Assuming that users are pointing to the new server and have access to their mailbox, wherever it lives, does the Mailbox Move function allow for moving users in real-time while on-line?
5) Will these changes affect users who have smartphones already pointed to webmail.ourdomain.com?

I realize that I'm looking for an awful lot of hand-holding here, but I tend to not mess with our Exchange setup as much as possible.  I like it to "just work", and so do my users!

Thanks for your help,

Question by:chumplet
  • 4
  • 3

Expert Comment

ID: 35702012
Well there is much to be assumed about your network...I assume it is multi-homed with multiple servers, the Exchange is merely Exchange mail server running DNS. There are a couple paths you can take at this point honestly. I have migrated dozens of these servers in different ways depending on the client needs.
For starters If you are going to change your domain name completely. I would do that migration prior to the Exchange server migration or do that after the migration either way leave it out of the project to reduce confusion.

Changing Flow of mail to the server is determined by DNS and your MX records. If you check your DNS records now with your host register.com or networksolutions, godaddy w/e... you will see the MC record is set to webmail.ourdomain.com (webmail prefix usually indicates to forward to port 80 for WWW/webmail and mail record usually forwards to port 25) or mail.ourdomain.com. so when you look in your records you might see both webmail and mail, whatever is set to the MX record is the record! but for this explanation we will pretend the MX is pointing to webmail.

*Do not make these changes as you read so you can choose your path without downtime*
So to make your server go Live you will update your MX record to include the new record but set the MX priority lower on the new record webmail2.ourdomain.com.

MX webmail.ourdomain.com priority 10
MX webmail2.ourdomain.com priority 5

*****Note: This is an example and without me having your actual domain to look up the records i cant give exact instructions., but most likely you have an IP address listed for the webmail.ourdomain.com and/or mail.ourdomain.com. You want to be sure to add an MX record pointing to the new IP address.
Just copy the other record using the new IP address and set the priority higher by assigning a lower number like 5. The way I am instructing you to do so you will not remove or change any records, only Add records! you will remove the old record in a month or so when you are satisfied everything is done right. Understanding DNS is key...
ourdomain.com = your domain and usually points to www.ourdomain.com
WWW= pointer and points to webhost
webmail = pointer usually points to port 80(WWW) on your mail server and OMA uses this also
mail = pointer and usually points to 25(SMTP) on your mail server
The internet record authorities understand most domain names will have mail associated with it and you assign MAIL(pointer record) as the MX record.
having said that you have another pointer webmail2, here you have to decide whether to make webmail2 a permanent fixture or add the current webmail2 ip address to the MX priority list for your current MAIL/WEBMAIL record which is what I would do. phase out test pointer webmail2, you can leave it in place and just add records but ultimately u want to get rid of it.

Adding the second MX record with the higher priority(but lower number) will put it first and the mail will start to deliver to it instead of the higher priority, this is also how u set backup server in case your primary server goes down it dominoes to the next priority etc..

You will want to do this on a Friday at 5pm! Especially if you have international clients. It takes 72 hours to totally propagate to every DNS server on the internet and roughly 24 hours just for United States but you will see deliveries within minutes and especially if the record is new but we wont get into that, plan for 4-12 hours before seeing any deliveries to the new server.

The SSL thing I would probably just do last and my experience with that is limited. In this case I would make a new post if you are not familiar enough with it to get it setup specifically.

That is how to change delivery of your totally configured mail server currently running Exchange 2010 with the ports opened and configured to that IP address.

Last Question next, Smart phone will be affected. You can test OMA is setup properly before initiating the change using someone's phone since u have an external DNS assigned to that server etc.. but then you will have to change it a third time when you switch. Just assume you will have to reconfigure those devices. If it is more than just a handful there are ways but in the scope of the project at hand reconfiguring 4-5 devices to work with the new server is minor and just plan to do it that next Monday.

Migration next:
I assume you already have all the mailboxes setup if not enable a mailbox for each of your AD users on this server then use exmerge.
I used exmerge the most which shows how old school I am but it still works for 2007 to export .PST files from mailboxes and Public folders.
Migrate depending on the users, executives you will probably want to exmerge out their .PST when you make the DNS change and upload it immediately to the new exchange server then check for any mails that went to the 2007 exchange on Monday that didnt get merged or delivered, sometimes its 1-2. Then users let them run on an empty mailbox early Monday as you exmerge all their pst files in while they work. You may have to ring them and tell them to close outlook, exmerge then call them a couple minutes later at tell them its done. pretty simple. Do some practice runs with Exmerge from your mailbox on the old server to yours on the new server. same with Smartphone OMA(outlook Mobile Access)

The domain change really is unnecessary but can be done the same way I told you to do the MX record change.  Do not worry about pointing stuff to the old server.

I am going to stop there and see what questions you have?

Expert Comment

ID: 35702123
Link on creating certificates

Also if you are configuring an Exchange server for the first time research the Built-in Email message Filter and (RBL's) Real-time Blacklists to use to help protect yourself along with excellent mail scanning antivirus. Some of this might have been configured on your old server so be aware of it and set it up on your new server. You may turn your new server live and get flooded with SPAM you normally do not get because the 2007 Exchange is trained for Spam already.

Accepted Solution

chumplet earned 2000 total points
ID: 35702525
Thanks for your reply.  I guess I should've been more clear on a few points.

1) I am not intending to have two servers running long-term -- just long enough to get the mailboxes migrated from Exch2007 to Exch2010.
2) I am not intending to switch from our current "webmail.ourdomain.com" FQDN to "webmail2" -- that was merely set up to test that external access was getting to the new server.  I am planning on keeping "webmail.ourdomain.com" as the only FQDN that we use -- for OWA, EAS, OMA, etc..
3) I am not changing our domain name at all.
4) I'm not sure why I should need to mess with MX records at all. My plan is to update our firewall so that the external IP address, which won't change, will point to our new Exch2010 server, once it's fully ready to go.
5) All of the RBL stuff is already handled, since we use Postini as our external anti-spam filter.  I'm not concerned with any of that at this point.

My thought is that I need to get a new SSL certificate for "webmail.ourdomain.com" on our new Exchange 2010 Server.  Once that is functional, I would guess that I could update our firewall to route the traffic formerly going to Exch 2007 to the new Exch 2010 box.  Does that sound correct?  If so, do I need to also get a new SSL certificate for "legacy.ourdomain.com" for the Exch 2007 server until everything is migrated?

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.


Expert Comment

ID: 35703419
that all sounds good with the routing.

I would leave the Exch 2007 and MX just like it is at 10 probably, then put the 2010 server as the backup MX record(higher number say 20). Then you can have them both on the same domain and setup the new SSL for the Exch 2010 on the right IP and using the right name, then decommission the 2007. After you unplug the Exch 2007 server the email will roll over to the 2010 server immediately. Then you can either lower your priority number or just leave it at 20 (assuming the current one is set to 10). If you want to turn the 2007 back on just make the priority on that MX record 30 and the new server to 10. In 72 hours it would be safe to turn it back on. Or you could just disable the route and keep it on.

If you you are really set on the Current external IP of the 2007 being the same for the new server for documentation reasons then swap the current routes then swap them now then do the changeover.

Here is a link to setting up SSL

Author Comment

ID: 35724122
I ended up solving this on my own.  Thanks for the comments.

Expert Comment

ID: 35729531
I would say I answered all of your questions in detail and with accuracy. If you came up with another workaround great but you should reward credit for the questions you asked in this post and others should be able to use it as a reference. Anyways Good Luck.

Author Comment

ID: 35730611
I do appreciate your effort, but there wasn't a single item from your responses that I could use.  MX records had nothing to do with this migration, SSL needed to be taken care of fairly early on, and ExMerge is not necessary when moving mailboxes from Exch2007 to Exch2010.

Again, I appreciate your effort, but I didn't see a need to award points when I didn't use any of your advice *and*, quite frankly, I felt that most of it was barking up the wrong tree.



Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses
Course of the Month17 days, 4 hours left to enroll

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question