Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Exchange Server 2010 - Replace User's Accounts

Posted on 2013-12-26
10
Medium Priority
?
245 Views
Last Modified: 2014-01-24
We are running Exchange 2010 on a Windows 2012 Enterprise server. We have a client that has changed their website address from www.acme.com to www.acme.org. They would now like to change their email address (about 30 users) to reflect the new address change (user@acme.org). I would like to setup the new user accounts and still have the old email addresses available during the changeover. I believe that I would have to change the DNS pointers to have mail.acme.org and webmail.acme.org point to the exchange server WAN address. Can I leave the old address DNS pointers for mail.acme.com and webmail.acme.com? How would I make the users address change in the Exchange configuration and the ISP DNS pointer change?
0
Comment
Question by:Generator
  • 6
  • 3
10 Comments
 
LVL 60

Accepted Solution

by:
Cliff Galiher earned 1600 total points
ID: 39741017
First, only because I believe that accuracy is important in both asking a question and providing an accurate answer, let me say that there is no such thing as Windows 2012 Enterprise.

Now, your question falls into several parts. I'm making a few assumptions about your topology, and assuming you have a fairly simple layout of server(s) for Exchange. If it is complex, the answer will obviously not apply, but chances are you wouldn't need to ask the question here anyways...

First, you will need to tell Exchange that it can accept email for the new domain. You'll do that via the Exchange Console (or via powershell) in the Organization Configuration Hub Transport area.  Add the new accepted domain, tell it you are authoritative for that domain. Your existing domain can stay for as long as you want during the transition. Return here and remove the existing domain when you are comfortable.

Second, you will want to add the new addresses to existing users. You'll do that in the same section (hub transport) under E-mail address policies. In a small environment, you probably only have one default policy. Edit that, step through the wizard, and you'll reach a point where you see a place to add email addresses using a template format. Add as many new template addresses as you want, and for each mailbox where the policy applies (usually all of them by default) they will get the new addresses. Again, you can also leave the existing templates in place and a user's mailbox will apply all of the templates. Go back and remove the old ones when you are comfortable that the transition is complete.

Exchange is now ready to receive new mail (and still receive email for the existing domain.

So now you just need to adjust DNS. You'll do that with whoever hosts your public DNS records. Maybe that is your ISP. Maybe it is your DNS registrar. Or maybe you did this with a 3rd-party. All are common options, and only you know how you set that up. And different ISPs and registrars offer different ways to manage DNS, so I can't really give any specifics here.

Add A records and MX records for your new domain pointing to your public IP address(es) and, as long as your router is already forwarding traffic for the old domain to your Exchange server, that should continue to work. If you have a firewall or UTM device that can filter traffic and does deep inspection, you *may* need to adjust the firewall rules to allow the new domain. But in my experience, this is rare. And again, each UTM and firewall is different.

Your existing records for your old domain can continue to exist, so email will continue to flow properly as well. And, again, when you are comfortable, you can always go back and delete the old DNS records.

So coexistence is certainly possible, and in most cases, quite easy.

Good luck.

-Cliff
0
 

Author Comment

by:Generator
ID: 39741051
Thanks for this - you are right about the OS - it's Windows 2012 Standard. We should be completing this changeover this weekend. I'll keep you informed.
0
 
LVL 7

Expert Comment

by:dsnegi_25dec
ID: 39741059
And you have to take care :- autodiscover , webmail & there certificate also for new domain.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Generator
ID: 39743016
Cliff - I have setup the new address in the email Address Policy - there was an existing policy related to the existing  address being used and a default one. I edited the existing policy and added the new address. Do I make the new address "Set as Reply"? Also, I went through the "Edit E-Mail Address Policy" but could not find the place to add e-mail addresses using a template format as mentioned in your comments. I made the DNS changes so I think we are getting close. I did send a test email using the new address but it bounced back "smtp;550 5.1.1 <joe@acme.org> recipient rejected". Thanks.
0
 

Author Comment

by:Generator
ID: 39747055
It looks like Exchange has been configured properly - all the users now also have the new email address along with the former one. Since the new web address is hosted by a different ISP I had to contact the registrar to add three NS entries related to the users ISP so that the mail will flow properly. Another problem to be addressed is the certificate. I'll keep you up to date. Thanks.
0
 

Author Comment

by:Generator
ID: 39761101
The new DNS settings have been applied and the ping for mail.acme.org is pointing to the proper address - however - when testing the new email address I get the following message:

Reporting-MTA: dns;blu0-omc1-s11.blu0.hotmail.com
Received-From-MTA: dns;BLU0-SMTP76
Arrival-Date: Mon, 6 Jan 2014 16:23:12 -0800

Final-Recipient: rfc822;generator@acme.org Action: failed
Status: 5.7.1
Diagnostic-Code: smtp;550 5.7.1 Unable to relay for <generator@acme.org>

I assume that there is an exchange setting preventing the mail from being delivered? The NS entries were completed today - would this be the usual wait for 48 hours for propagation?
0
 
LVL 7

Expert Comment

by:dsnegi_25dec
ID: 39761120
I will suggest go for DNS test first for me it look some DNS issues

http://www.dnssy.com/
0
 

Author Comment

by:Generator
ID: 39761145
Thanks - I completed the tests on the new domain and the following 2 failed:
"Mail to local postmaster" - (failed) - I got an error response to my "RCPT TO:<postmaster>" message. Your mail server does not accept mail addressed to "postmaster". I expected a response beginning with 250, but got the response:
 
550 5.7.1 Unable to relay for <postmaster>
 
[RFC2821 Section 3.6]

"Mail to domain postmaster" - (failed) - I got an error response to my "RCPT TO:<postmaster@acme.org>" message. Your mail server does not accept mail addressed to "postmaster@acme.org". I expected a response beginning with 250, but got the response:
 
550 5.7.1 Unable to relay for <postmaster@acme.org>
 
[RFC2821 Section 3.6]

The other tests passed.
0
 
LVL 7

Assisted Solution

by:dsnegi_25dec
dsnegi_25dec earned 400 total points
ID: 39761152
Can you check your relay configuration has been done correctly

http://exchangeserverpro.com/how-to-configure-a-relay-connector-for-exchange-server-2010/
0
 

Author Comment

by:Generator
ID: 39761171
The problem may have been associated to the Sonicwall Email Security Appliance - there was a relay setting to only allow the former domain - I added the new domain and now do not get that error message any longer. I will test this again tomorrow to see if this solved the problem. Thanks.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

879 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question