Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 639
  • Last Modified:

Migrating from Exchange Server 2003 to Exchange 2010

Hello all - I have a series of steps that I need to go through in order to implement Exchange 2010 into our domain and am looking for your expert assistance.  First and foremost, I will describe my existing domain to give a bit of a background.  Our domain started out with a single server running SBS2003, but currently, we've grown a bit, so right now the SBS2003 server is our domain controller and is also still running Exchange 2003.  We have a new server on the network that is currently only acting as a file server, but we want IT to be our email server instead, and we want it to run Exchange 2010 as we have already purchased Exchange 2010.  In regards to licensing, initially we only had 35 Small Business Server CAL's installed on our domain (since the SBS box was the only server we had for a very long time), however, I do not believe our domain is currently actively using the SBS Cal's.  We have another server on the network that functions as a file server that is running Windows Server 2008 R2, and that particular server has 50 Server 2008 CAL's installed on it.  I believe that our domain is pretty much using those CAL's for everything, but I"m not sure how to tell what I need to install on the 'new' server that will be running Exchange.  I also have already purchased the necessary Exchange CAL's, but so far we have done nothing with the Exchange software (2010) or the associated Exchange licenses.  Can you guys help me to perform a step by step "crossover" from the old SBS2003 Exchange 2003 box to the 'new' Exchange 2010 Box?   There will not be any fancy setup nor will there be any front-end/back-end Exchange setup, we are simply moving this entire Exchange setup to the new server.   Another thing to note is that at some point in the near future, (after the Exchange migration), we will also be decommissioning the Small Business Server for good and will also be implementing a new domain controller, actually a pair of them.  There will be a physical Windows 2008 R2 server functioning as the primary domain controller, and a secondary virtual server will function as a secondary domain controller.   Any and all help is very much appreciated in advance.  Thanks, guys!
  • 7
  • 5
  • 4
4 Solutions

This by all means isn't every single step involved.  Here is the document I put together in preparation for an upgrade.  The first step (prereq) is very important!  Good Luck!

Exchange Upgrade – Phase 1 (Coexistence)
1. Prereq – Make sure no one is using Outlook 2003
2. 1.  Build VM – Install Exch 2010 Typical Install (Mailbox, Hub Transport and Client Access Server Roles) – Install Exch 2010 SP3
3.  Install 2008R2 Exchange 2010 PreReqs:
a. Number 3 -

4.   Get new certificate for External DNS (mail, autodiscover and legacy DNS names)
a. Ensure all dns records are configured to the appropriate places
External DNS
IP (external)
Ports - external spam filter IP

(Exchange 2010 external IP)
http, https, imap, pop3, secure imap, secure pop3
(Exchange 2010 external IP)
http, https
External IP for Exchange 2003
http, https
b. Ensure RDNS and MX are synched with public IP
5. Per the Pre-Deployment wizard, enable Link State Suppression on the Exchange 2003 server via registry – HKLM/system/CurrentControlSet/Services/RESvc/Parameters, Right click – New DWord SuppressionStateChanges= decimal 1  
6. Use Microsoft Deployment Assistance
7. Once 2010 is installed enable anonymous access on the receive connectors.
8. Enable Outlook Anywhere
9. Configure OAB and Web Services Virtual
a. EMC / Org config / Mailbox / OAB tab / properties / distribution / enable web based, enable public folder, cick move, browse, find 2010 server, OK
10. Create Send Connector on 2010 Server
11. OWA and ActiveSync – Adjust Authentication for the virtual directory to allow integrated windows authentication
a. ECM / Server Config / OWA tab / owa and as policies / owa properties / auth tab / integrated windows.
12.  Delete SMTP Connector on 2003 Server
13.  Move Mailboxes to 2010
 EMC / Recipient Config / Mailbox / Add Column for Database
New Local Move request 2k10 server
Powershell example New-Moverequest –Identity ‘’ –TargetDatabase “DBNAME”
e. Get-user –organizatoinalunit IT | New-Moverequest –TargetDatabase “DBname”
f. Get-moverequest
14.  Move Public Folders from 2003 to 2010
a. Create replica for day or 2
b. EMC / ORG Config / Mailbox / DB Mgmt / New PF DB / 2k10PF / browse to 2k10server – creates pfdb
c. EMC / Toolboxc / PFMC / right click properties / replication tab / replicate content to these pf databases / Add / 2k10 server pfdb / replication always run
d. Connect to server 2k10 – update hierarchy
15.  Verify Install
16.  New Certificate Request Wizard
17. To configure Outlook Anywhere – EMC / Server Config / Client Access / External host name
18. Configure OAB and Web Services Virtual
a. Configure External URL for offline Address book
i. Set-OABVirtualDirectory -Identity "CAS01\OAB (Default Web Site)" -ExternalUrl -RequireSSL:$true
b. Configure External URL for Exchange Web Services
i. Set-WebServicesVirtualDirectory -Identity "CAS01\EWS (Default Web Site)" -ExternalUrl -BasicAuthentication:$True
c. Check to see if it works
i. Get-OABVirtualDirectory -Identity "CAS01\OAB (Default Web Site)"
ii. Get-WebServicesVirtualDirectory -Identity "CAS01\EWS (Default Web Site)"
19. Configure Virtual Directory Settings
a. Server Config / Client Access
b. Click on Each of the tabs to configure (OWA, ECP, EAS) / Properties
i. External URL
ii. Configure Exchange2003URL parameter to co-exist
iii. Set-OWAVirtualDirectory -Identity "CASServer\owa (Default Web Site)" -Exchange2003URL
20. Exchange 2003 ActiveSync Authentication
a. Download and install hotfix for Exchange 2003 – 2010 coexistance
21. Change OAB Generation Server
a. EMC / Organization Configuration / Mailbox / Offline Address Book Tab
b. Move / Move Offline Address Book / Browse / Selection 2010 Server
22. Create Sent Connector  on 2010 Server
a. EMC / ORG Config / Hub Transport / Send Connectors / New Send Connector
b. Name / Address Space * / Configure Smart Host
23. Delete Exchange 2003 SMTP Connect
a. ESM / Organization Node / Admin Groups / Routing Groups / Connector / Right click / Delete
24. EMC / Recipient Configuration / Mailbox / New Local Move Request / Select Mailbox
25. EMC / Toolbox / PF MGMT Console / Default PF / Expand System Public Folders / Click Offline Address Book or Schedule+ Free Busy / Right click PF to be replicated to Exchange 2010 click properties / Replication tab / Add / Select 2010 PF, click OK.
26. Get-ExchangeServer cmdlet to verify install was successful / Enter Product Key / Test / Test / Test
a. Move mailboxes – test; does active sync work?
b. Best practices analyzer
a. Use that link to migrate room mailboxes to 2010 and to upgrade their auto accept to the new room mailbox type in 2010
28. Create DBs – naming convention? – 100GB recommended size for each db.  Get up to 100 with enterprise exchange
29. Active Sync – allow non-provisional devices
a. Server config / client access / exchange active sync tab / properties
30. Outlook anywhere – enable it
a. Server config / CAS / Enable OA / / NTLM_Auth
31. CAS Secruity and SSL Certs
a. Configure the certs in IIS
b. EMC / Server Config – New SSL Certificate / Assign the services SMTP and IIS to certificate
32. Double check send / receive connectors on 2010 server
a. EMC / org config / Hub Transport / Send Connectors
i. Create send connector to Baracuda / Internet / * / scoped send connector / route to smart host
b. EMC / server config / Hub Transport Receive Connectors
i. Receive connector properties / turn on anonymous access
33. Register Filterpack Ifilters
a. Registermicrosoftfilterpack.ps1

Tools for troubleshooting
1.  EMC / Tool Box / Queue Viewer; Mailflow troubleshooter
2. Microsoft Best Practices Analyzer
3. EMS powershell test commands
a. Test-mailflow
b. Test-servicehealth
c. Test-mapiconnectivity
d. Test-assistanthealth
e. Get-mailboxstatistics –server
f. Get-mailboxfolderstatistics
g. Get-transportpipeline
h. Get-mailboxdatabase
*After mailboxes are moved to exchange 2010, do we worry about reconfiguring everything to the new box or create a alias dns record for 2003 pointing to the new box?
The above is a fantastic and detailed summary.

I personally had to do an in-place upgrade and it was awful.  A separate box is definitely going to make your life easier.

In addition to bill's fantastic post I'd like to add to manage not only your end users' expectations, but your own as well.

I like to tell people on a project like this, assuming its done on the weekend, "When you come in Monday morning, your historical email will be there, and you will be able to send and receive emails.  You may notice some little quirks here and there, so please let me know if you notice anything out of place".

It not only helps them relax, but it is also a nice way to let them know "Hey, you may notice something different, but I'll fix it".

I also like to make sure I'm there before everyone else that morning, and that my budget for them includes 1-2 days of "handholding" where I literally just watch them open and use outlook for a few minutes, especially if they're going from Outlook 2003 to 2013 :-)

And manage your own expectations.  It's going to be a long, stressful nightmare, that will hopefully end with you waking up to a functioning server.  Don't be afraid to reach out here or elsewhere to get help.

Hope this helps.

Chris M
zagnutttt4Author Commented:
Guys, thank you very much for your assistance!  So far I have installed Exchange 2010 on the new server along w/ Service Pack 3.  I have not done anything yet on the 2003 box.  To move forward w/ the co-existence scenario, what is my very next step?   One thing to note is that we have never utilized SSL before - we've never even owned a certificate.
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

I'll let Bill take the hard question :-)

The easy question is the certificate.  Or easier anyhow.  I got mine through

I want to say we paid around $100 for it, give or take, but yours might be cheaper; we had multiple domains and hostnames and put it on our Cisco VPN box as well.  Basically do step #16 above.  The certificate request is pretty easy.  Then you copy and paste it in at digicert or whomever you go with, and it will generate what you need.

If you make a mistake, it isn't a huge deal on that part because digicert will re-issue the cert with correct names and stuff.

My next step would be to take a backup of everybody's mailboxes, and take it off site.  As for the migration, Bill seems more knowledgeable so I'll defer to him on that.

Chris M.
zagnutttt4Author Commented:
Chris - thanks!  Our primary WAN link has been down for a couple of days, so today I should be able to finally move forward with the Certificate.  I have already backed up everybody's mailboxes and do have them stored offsite.
zagnutttt4Author Commented:
Just a quick "add-on" question - Should I purchase a new SSL certificate "just" for my MX record?   Our main domain that is used for email is "", with the IP of our firewall resolving to "" via DNS, and the MX record points incoming mail to Postini, our outside filtering service, first.
zagnutttt4Author Commented:
Just a quick update - I am almost complete with the installation.  I'm preparing the server to send outbound email through a smarthost as we use Postini for our Outbound filtering as well.  Does anyone have any experience w/ this?  Also, when adding services to my 3rd party SSL certificate - I have added IIS, which did get ActiveSync working.  However, do I need to add SMTP?   I'm a bit confused on how the SSL certficate applies, if at all, to the outgoing smtp connector (send connector).
The first next step is hopefully you've made sure that no one is using Outlook 2003.  Everyone should be on at least 2007 version of Outlook
then start at number 3 and work your way down.  An upgrade...well migration is pretty hectic.  I had to reach out to Microsoft and open two tickets myself...
look at number 4.  There are 3 different DNS records.  All of which could typically require https, i.e. a certificate.  Mail would typically be your MX record and will be where your end users log into OWA.  Autodiscover is if you want people on the Internet to be able to use OUtlook without a VPN and even create a new profile on their outlook without a VPN.  This record is a SRV (service) DNS record.  Legacy is the DNS entry for your old MX i.e. point to the 2003 OWA site..
I would look at creating SPF records for the postini stuff:

Many of us have to adjust these things over time.  A combination of proper SPF records, proper MX records, and forward and reverse DNS settings will do wonders for making sure that you don't get flagged as a spammer, and just in general make your email setup much better.
zagnutttt4Author Commented:
Guys - thanks for all of the helpful comments so far!  So far, I have everything working correctly EXCEPT incoming email from Postini.  I have a send connector on the 2010 box and it's properly sending outbound email and the outbound email is being properly filtered, then delivered, through Postini.  I haven't decommisioned the 2003 box yet and it is still trying to receive email via the SMTP virtual server.  When I point my firewall at 2010 so that the new server "tries" to receive incoming email (also filtered through Postini), I get nothing.  I do get undeliverables eventuall stating that the email was bouncing back and forth between the two servers.  I guess my questions at this point are:

1.)  The certificate is now installed correctly on 2010 and ActiveSync and OWA work properly.  Do I need to do anything extra to "receive" on the 2010 box or simply point inbound mail towards it at port 25?

2.)  I have a few more mailboxes to move but they are high priority boxes and they are still on the 2003 box, sending as receiving as usual.  When I'm on the 2010 box, internal email works perfectly between mailboxes that are already ON the 2010 box.  Is this normal behavior?  And if so - I guess I'm still hesitant as to what my next step is concerning incoming mail (from the outside world) and what I need to do next with both servers.

3.)  My MX records point to Postini, but my mail A record (i.e. point properly towards my external (WAN) IP address.   (we only have a single WAN IP Address).  

4.)  I initially thought that I had chosen to "not" coexist the two servers, until I noticed that the old (2003) server has a routing group connector pointing over to the 2010 box.  Is this normal?

5.)  Clients connecting via Outlook 2010 and 2007 (I have decommisioned all pre-2007 Outlook clients) do connect via Auto-Discovery properly to the new 2010 box, however, they get a certificate popup each and every time, even when I properly acknowledge and install the certificate on the client.

Thanks, guys, and I think I'm getting closer!!!
Can you sanitize and post the bounce messages?  Did you add postini on the 2010 box as an allowed sender?
Yes it coexists by default so that the mailboxes on 2003 can still receive email.  Although there is some manual effort needed.  I believe you need to create a routing group connector on the 2003 box to the 2010 box.  This is where I needed to call Microsoft because the coexistence for us didn't work right away and it was needed for us.  Depending on the number of mailboxes it may be more beneficial for you to just hurry up to move all mailboxes to 2010 so that coexistence isn't a barrier.  Or if it is something you need it may be worth the 250 bucks to give them a buzz...
zagnutttt4Author Commented:
Hello FutureTechSysDOTcom...  Actually, yes, I can post one of the bounced messages.  I will do so shortly.  I did not add Postini on the 2010 box as an allowed Sender.  I will do that now after doing a little bit of research.

Bill..  Coexistence isn't really an issue for me, I would move ALL of the rest of the mailboxes over to 2010 right now if I could get the 2010 box to receive email from the outside world.  It appears that on the 2003 box, a routing connector already exists between it and the 2010 box, although I did not manually create it - I believe it was created directly during the 2010 Exchange install.  Does the mere act of having the mail directed at the SMTP port (25) on the 2003 box make the 2010 box "know" that it should not be able to receive email from the outside world?   In otherwords.. if I go on the 2003 box and delete the SMTP connector, will that force the 2010 box to begin accepting email from the outside world?
zagnutttt4Author Commented:
Bill, also - which receive connector does the 2010 box use to grab mail by default from the outside world as it comes in?   I have 2 connectors - one is Client and one is Default.  One is listening on port 25 but the other is listening on port 587, which I think may (not sure) be part of my problem as well.  Thanks again.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 7
  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now