Can I change Exchange email domain on SBS 2011?

Yep, you should be able to re-run the "Setup your internet address" wizard, put in the new domain and it should change over fine. Obviously you'll need to update the external domain records and any reverse dns entries you have on the internet line the server uses.

After running the Internet address wizard run the Fix My Network wizard to make sure it updated the certificates correctly etc.

Will you no longer receive emails on your old domain?

They will no longer receive mail to the old domain. It is my understanding the host is going to setup a forwarding procedure from the old domain to the new for 30 days or so until all their clients have the new addresses.

Olaf,

Will I need to add the new email address to each user? I was hoping exchange handle it, since the new\updated email domain will be the only one available.

As I said before: If you set up In EMC>organisation>hub transport>Email address policy> add new.
I will make an emailaddress for every  user  (not email sddress) for the new domain.
Let me know if you have any issues.
You can also set priority  on all your email policies. As I said it is very  versatile.
Olaf

I assume this policy will be added to the existing mailboxes correct?

If it doesn't automatically apply the policy then change the policy priority to 0 and apply. This will force the policy onto any mailboxes that are ticked to Auto apply the policy.

No , user only, not email addresses.
Because every user can have several email addresses.
The email address policy only adds the mailbox for the username@new domain.
Does not dot do it for the secondary email addresses.
Makes sense?
Let me know.
Olaf

Yeah I think you lost me, forgive me. Let me try to rephrase my question a little.

So, currently I have 40 users accounts with exchange email/ mailboxes for "users@olddomain.com"

I'm going to update "olddomain.com" to "newdomain.com", effectively, as I understand it, removing "olddomain.com" from exchange and replacing it with "newdomain.com".

My understanding is that all current mailboxes will effectively and automatically change from being "user1@olddomain.com" to being "user1@newdomain.com"..user2@newdomain.com...etc., and so on.

I am assuming that re-running the wizard will apply all the necessary changes on the fly. Ultimately, my primary concern is that the existing mailboxes will not cease to function, or become unusable.

Yes to all you said:
1: Wizard will make mail boxes for the new domain and set them as primary.
2: If you want old domain to work  you have to to make it an accepted domain in EMC (Exchange Management Console). (First post)
Then you can add a new SMT in properties of every user in Recipient> Mailboxes>right click the user>choose properties>email address> add new smtp  address in the format of something@old domain
OR-
You can use an email address policy t do this automatically for every user in the SBS console.
Hope that makes more sense.
Let me know.
Olaf

Microsoft actually published a step by step blogpost on this very subject.  Its the same for SBS 2011 as it is for 2008
http://sbs.seandaniel.com/2008/10/hosting-multiple-domains-on-sbs.html

I am making this change this morning, I will update as soon as possible.

I have run the wizard, and then run the fix my network. Outlook is still prompting for certificates. Also, when I run outlook to setup an exchange account, it is still setting it up for the old domain and not the new domain.

I have added the new domain as the default accepted domain in hub transport, the priority is set to 1 (it will not allow me to make a 0, says must be a 1 or higher)

In active directory I can see that the domain email has changed when looking at a user.

did you restart the Exchange services?
I would also run gpupdate /force on server and workstations

Yes I did both. Odd thing, when I run the wizard it fails, yet im still seeing all the changes.Iwhen I try to manually apply the new domain name in outlook for exchange setup, it fails and says  the name can not be matched in the address list.

I would try again after restarting the server

Okay i believe I have the issue with outlook seeing the new domain. Last issue, certificates refuse to update, outlook continues to see old domain certificate.

on the workstation > Control Panel > Mail
I would delete the profile and create a new one

Did that for all the users, still get certificate warning, identifying the old domain address.

can you do a screen print of the cert warning?

Here you go.
Untitled.jpg

and I may have overlooked this but did you re-run the setup my internet address wizard?
is this issue on local computers or remote computers?

I did re-run the setup my internet address wizard. I did this initially to start the process. Odd thing is, if failed, yet it completed updating what it was supposed to. However, with the exception of the certificated I guess. The issue is on local machines. There aren't any remote users.

did it tell you what the failure was?
Of course the best solution is to get a cheap single domain trusted 3rd party cert
7.99/year http://www.ssls.com/?from=www.cheapssl&fromCheapSSLs

I hate to buy a cert for exchange mail that is used internally only. lol

I don't suppose there is a way to force Exchange to recognize/create/distribute a new certificate?

I'll re-run the wizard and see what the failure was.

You can go here and get instructions for looking at the certs assigned to Exchange and make changes as needed
http://technet.microsoft.com/en-us/library/ee332322(v=exchg.141).aspx

Do this through the Exchange management Console (EMC)

Sadly it doesn't provide an error, just says to run the fix my network wizard. When I do that, it fixes a couple of things, but nothing appears to change.

and what are the things it fixes?

Static IP for IPV6 not configured
DNS server not listening to the IP address of the primary Network Adapter

Does not fix "Exchange SMTP Connectors are invalid". Though, I'm not using any for external mail, and I have read this is a common bug.

Is IPv6 disabled?
Sounds like you have some DNS issues as well

So if exchange is not doing external mail, why the change?

IPV6 isn't disabled, I checked that to be sure. The name was changed due to contract obligations.

Should I remove all the certificate entries for the old domain in the exchange certificates area?

There are a #$%^ load of certificates here, Not sure what needs to be there/updated..etc.

So what does exchange get used for internally?   I'm hesitant to tell to remove the old certs because I'm not there...don't know what your back up situation is.

Open IIS,  Click on Sites
In the middle you should see Default Website
Right Click and select Bindings
Then click on the https type and click on the edit button
in the SSL Cert...does it have the correct cert?   If not click on the drop down and select the correct one.  Then click on view  to insure its the one you want

The correct cert is there, but it is not assigned to an IP

I take that back, there are two "https" One is not assigned an IP, the other one is.

does it show an *

do you also have a entry for 127.0.0.1 for https: with the correct cert?

Yes on both counts

I'm not sure where to take you at this point.
I'd suggest one more thing...
In Exchange Management Console > Recipient Configuration > Mailbox
Right Click on any mailbox and choose properties
what is set as the default? (newdomain?
does old domain still show up?

Just to confirm, did you say that the Internet Address Wizard had failed?  If so, what was the failure?

If so, can you upload the TrustedCert log located here:  C:\Program Files\Windows Small Business Server\Logs\

Ultimately, this was the answer for completing the task at hand. Thank you kindly for the assistance and the added knowledge. As far as the certification issue, it is a separate issue, and has also been solved on a different thread (I think): https://www.experts-exchange.com/questions/28355438/Exchange-Certificate-update-failure.html
Thank you Chris for your help with the cert, wanted you to see the answer in the other link.

Thank You,
Olaf