Special Offer: Buy 1 course, get 2nd free! Buy the 'Managing Office 365 Identities & Requirements' course w/ Accelerated TestPrep, and automatically receive the 'Enabling Office 365 Services' course FREE!
Course Of The Month
7 days, 18 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Exchagne 365 to on premises Exchagne 2013 - 500pnts
Posted on 2014-04-13
Ok so I need to move our user back from 365 online to Exchange 2013 within our Lan
I have 46 users to move my plan is to move the MX records on the Friday night and export everything to PST files - reconnect client to on premise exchange server and reimport from pst. - I don't have time to learn about the hybrid mode as there very little documentation and I don't want to use Migrationwizard
Below is my game plan with some questions thrown in 500pnts available.
Our server FQDN is WLEXCH001.wiseman.co.uk - Internal IP 192.168.2.239 - I think our external IP for SMTP is 77.73.11.54
1.) Change MX records from wiseman-co-uk.mail.protect
2.) Change CNAME autodiscover from autodiscover.outlook.com – to what?? Guessing the internal server but where
3.) So if I configure external access domain from within Virtual directory for OWA say mailserver.wiseman.co.uk to our internal server would this be 77.73.11.54
As I have these line in my firewall “access-list mail permit tcp any host 77.73.11.54 eq smtp”+ “static (inside,outside) 77.73.11.54 192.168.2.239 netmask 255.255.255.255 0 0”
Or do I need another external ip address
Other than the above I need to - have I missed anything?
A.) Setup Mailboxes – What is the PS command to do this?
B.) Setup Dynamic Groups
C.) Setup Address list
D.) Config Malware and Spam filter – create quarantine user
E.) Do I need to doing anything in the Accepted Domain tab if we want to add wisemanlee.co.uk
F.) Setup the send connector – Do I enter our ISP MX records in here?
G.) Setup Public Folder
H.) Setup the databases and enable the Journal
I.) Create the Certificate
Thank you
Ian
I have 46 users to move my plan is to move the MX records on the Friday night and export everything to PST files - reconnect client to on premise exchange server and reimport from pst. - I don't have time to learn about the hybrid mode as there very little documentation and I don't want to use Migrationwizard
Below is my game plan with some questions thrown in 500pnts available.
Our server FQDN is WLEXCH001.wiseman.co.uk - Internal IP 192.168.2.239 - I think our external IP for SMTP is 77.73.11.54
1.) Change MX records from wiseman-co-uk.mail.protect
2.) Change CNAME autodiscover from autodiscover.outlook.com – to what?? Guessing the internal server but where
3.) So if I configure external access domain from within Virtual directory for OWA say mailserver.wiseman.co.uk to our internal server would this be 77.73.11.54
As I have these line in my firewall “access-list mail permit tcp any host 77.73.11.54 eq smtp”+ “static (inside,outside) 77.73.11.54 192.168.2.239 netmask 255.255.255.255 0 0”
Or do I need another external ip address
Other than the above I need to - have I missed anything?
A.) Setup Mailboxes – What is the PS command to do this?
B.) Setup Dynamic Groups
C.) Setup Address list
D.) Config Malware and Spam filter – create quarantine user
E.) Do I need to doing anything in the Accepted Domain tab if we want to add wisemanlee.co.uk
F.) Setup the send connector – Do I enter our ISP MX records in here?
G.) Setup Public Folder
H.) Setup the databases and enable the Journal
I.) Create the Certificate
Thank you
Ian
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
4-
3
7 Comments
Active 1 day ago
So, it sounds like you are moving from Office 365 back to on-prem. If you don't want to use Hybrid mode then I highly recommend MigrationWiz.
This will automate a good deal of this for you and eliminate the need to export and import those 46 PSTs. The cost per user is low and in the long run it will be cheaper than the time needed to do all those imports/exports.
MigrationWiz
http://goo.gl/83ZVeP
This will automate a good deal of this for you and eliminate the need to export and import those 46 PSTs. The cost per user is low and in the long run it will be cheaper than the time needed to do all those imports/exports.
MigrationWiz
http://goo.gl/83ZVeP
Active 1 day ago
1). This needs to point to your CAS server (or load balancer).
2). This needs to point to your CAS server (or load balancer).
3). Normally only one IP is required. Unless you have multiple MX records for redundancy.
Your firewall ACLs and NAT statements look correct. It is old code so I am guessing you are running Cisco IOS 8.2 or older.
A). New-Mailbox. But you can do this from the ECP as well. Whichever you are more comfortable with.
B). Depends on your needs. Normally, I see static groups created over dynamic groups.
C). For a 46 user network I would assume you most likely will just use the default address lists. Again, depends on your needs. One thing you will likely need to modify is the Email Address Policy to match that of the policy in Office 365. That way your users get the same email addresses assigned to their user accounts.
D). You can either use an Edge server (Exchange 2013 has an Edge Server now!), or, add the antimalware/antispam feature on the Exchange server. Or, put an appliance in front of it all. Personally, I prefer cloud based antispam solutions such as FOPE. Keeps all the spam off my internet connection/firewall/server
E). You will need to make sure that wisemanlee.co.uk is listed as an authoritative domain in the Accepted Domain tab.
F) No. If you plan to use a Smart-Host you can use that (especially if you are using a cloud based anti-spam solution for outbound/inbound filtering). Otherwise, sending to DNS directly is fine. Just one send connector for the entire namespace is likely all you will need for 46 users / 1 domain.
G). You will need a Public Folder Mailbox if you plan to use Public Folders. Are you using Public Folders in Office365?
H). For 46 users you can most likely get away with one database. I am assuming a single server with all roles (no DAG). When you installed Exchange it should have created a Mailbox Database. You can use this. Although I would relocate the database and logs to dedicated drives.
I). Yes, you will need a 3rd-party certificate for all Exchange Web Services. You will need a UC/SAN certificate. I recommend GoDaddy.com. Their prices are usually the lowest and with a quick Google Search on GoDaddy.com Promo Codes you can normally find additional savings. www.godaddy.com. The Exchange Control Panel will walk you through the certificate generation process. GoDaddy.com also has specific Exchange 2013 instructions as well for installing their certs.
2). This needs to point to your CAS server (or load balancer).
3). Normally only one IP is required. Unless you have multiple MX records for redundancy.
Your firewall ACLs and NAT statements look correct. It is old code so I am guessing you are running Cisco IOS 8.2 or older.
A). New-Mailbox. But you can do this from the ECP as well. Whichever you are more comfortable with.
B). Depends on your needs. Normally, I see static groups created over dynamic groups.
C). For a 46 user network I would assume you most likely will just use the default address lists. Again, depends on your needs. One thing you will likely need to modify is the Email Address Policy to match that of the policy in Office 365. That way your users get the same email addresses assigned to their user accounts.
D). You can either use an Edge server (Exchange 2013 has an Edge Server now!), or, add the antimalware/antispam feature on the Exchange server. Or, put an appliance in front of it all. Personally, I prefer cloud based antispam solutions such as FOPE. Keeps all the spam off my internet connection/firewall/server
E). You will need to make sure that wisemanlee.co.uk is listed as an authoritative domain in the Accepted Domain tab.
F) No. If you plan to use a Smart-Host you can use that (especially if you are using a cloud based anti-spam solution for outbound/inbound filtering). Otherwise, sending to DNS directly is fine. Just one send connector for the entire namespace is likely all you will need for 46 users / 1 domain.
G). You will need a Public Folder Mailbox if you plan to use Public Folders. Are you using Public Folders in Office365?
H). For 46 users you can most likely get away with one database. I am assuming a single server with all roles (no DAG). When you installed Exchange it should have created a Mailbox Database. You can use this. Although I would relocate the database and logs to dedicated drives.
I). Yes, you will need a 3rd-party certificate for all Exchange Web Services. You will need a UC/SAN certificate. I recommend GoDaddy.com. Their prices are usually the lowest and with a quick Google Search on GoDaddy.com Promo Codes you can normally find additional savings. www.godaddy.com. The Exchange Control Panel will walk you through the certificate generation process. GoDaddy.com also has specific Exchange 2013 instructions as well for installing their certs.
Thats Excellent diggisaur - couple of questions.
Do I need to configure my firewall to poing to my CAS server?
If I change my MX records to WLEXCH001.wiseman.co.uk which has a internal ip address - will I need a external IP and some sort of NAT?
Certificate:- Can I not use a cert create in AD CA?
Thanks
Ian.
Do I need to configure my firewall to poing to my CAS server?
If I change my MX records to WLEXCH001.wiseman.co.uk which has a internal ip address - will I need a external IP and some sort of NAT?
Certificate:- Can I not use a cert create in AD CA?
Thanks
Ian.
Active 1 day ago
You could use an AD CA but that will only be recognized by domain joined devices, or, devices you manually install the certificate on.
Some ActiveSync devices may have problems with a self signed cert as well.
With the amount of time it can take troubleshooting certificate errors on devices over the course of a year, it probably will be cheaper to just buy the third party cert.
With regard to the Cisco IOS, I am assuming you are using a single Exchange 2013 with all roles. If so, then you can direct it all to the same place.
access-list mail permit tcp any host 77.73.11.54 eq smtp
access-list mail permit tcp any host 77.73.11.54 eq https
access-list mail permit tcp any host 77.73.11.54 eq www
static (inside,outside) 77.73.11.54 192.168.2.239 netmask 255.255.255.255 0 0
Then make sure the access-list is assigned to the outside interface with an access-group.
That should be it.
Some ActiveSync devices may have problems with a self signed cert as well.
With the amount of time it can take troubleshooting certificate errors on devices over the course of a year, it probably will be cheaper to just buy the third party cert.
With regard to the Cisco IOS, I am assuming you are using a single Exchange 2013 with all roles. If so, then you can direct it all to the same place.
access-list mail permit tcp any host 77.73.11.54 eq smtp
access-list mail permit tcp any host 77.73.11.54 eq https
access-list mail permit tcp any host 77.73.11.54 eq www
static (inside,outside) 77.73.11.54 192.168.2.239 netmask 255.255.255.255 0 0
Then make sure the access-list is assigned to the outside interface with an access-group.
That should be it.
Featured Post
Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Suggested Solutions
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center.
Log into Exchange Admin Center.:
Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online.
The email signature template has been downloaded from:
www.mail-signatures…
Suggested Courses
Course of the Month7 days, 18 hours left to enroll
739 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.