Migrate exchange URL from old domain to new domain

These are hostnames, rather than URLs.

You will make the above changes at your DNS record level.

Simply change host name of mail.olddomain.com to mail.newdomain.com + also be sure you generate a new SSL cert to cover your new host name.

Are you changing SMTP aliases for the users or just the Access (OWA/ActiveSync) names/domains? If you are changing the SMTP Aliases, you just need to add the new domain as an Accepted domain and add the new SMTP address to the accounts, either with an Email address policy or by hand. Otherwise, David is correct. TO minimize confusion, I would keep the old and new names in DNS and on the Certificate as SANs. Later you can retire the old name from DNS.
 No need for a new environment.

Jeff brings up a good point.

Always keep both the old + new host record, to avoid confusion + ease debugging... because with conversions like this... well... something always seems to require debugging.

Also as Jeff suggested, retire the old site soon as possible, again to avoid confusion.

Confusion == The big time killer.

NO THAT'S NOT ENOUGH.

You MUST update the virtual directories in Exchange to use the new URLs.

This takes multiple steps.

1. Define new UPN(s) in Active Directory
2. Define new Accepted Domain(s) in Exchange
3. Define new Email Address Policy(ies) in Exchange
4. Apply new EAP(s)
5. Create new SSL cert with both new and old names
6. Apply the SSL cert on all relevant servers (including firewalls and load balancers as necessary)
7. Write script to update Exchange with new virtual directory names
8. Write script to update user UPNs
9. Communicate with user community as to cut-over date and change-over impacts
10. On cut-over date, update UPNs, update Exchange with new virtual directory names
11. Drink a beer, after an uneventful cutover

OK, You have a point here. It does take multiple steps. I admit I often assume that if you are managing Exchange, you know the basics. A failing of mine. However, your first step is a non-issue in most cases. The UPN has absolutely nothing to do with Exchange on-Premise. You can have a UPN that is a .local with SMTP domains of .com. Works fine unless you need to use Office 365 or any other federated partner. As long as the SMTP addresses are correct, it will work.
  Yes, Michael is correct, you need to change the Virtual directory names before retiring the old domain. As long as you have DNS resolution of the old name, the old VDir names will work but before it is retired, they need to change.  But writing a script is overkill (in my opinion) for It if you only have one or two CAS servers. (however, it can be good practice if you need to get better in PowerShell)  You can use the EAC to do it for everything except the SCP. And that is a one liner for each server in Powershell.
Set-ClientAccessServer -Identity <CAS server name> -AutoDiscoverServiceInternalURI https://autodiscover.newdomain.com/AutoDiscover/AutoDiscover.xml

The last thing I noticed... You mention .local. You need to forget about that with Exchange. New Certificates will not accept a .local name and trying to use it with any Vdir or SCP will cause you connection issues.

Otherwise, the steps are correct except for remembering to add DNS entries to the new domain.

If you configure OWA to "login via email address" it means UPN. They are important.

At my clients, their UPN and their primary email address are always the same. The only need to remember one thing to log into everything.

Writing a script makes it less likely that you will type something wrong when you are in a hurry.

At one point, you couldn't update the MAPI vdir from EAC. I know that was scheduled to be fixed, but I don't have an Exchange 2013 server in my lab any more to check.

OK, true. I never configure OWA that way since our users all use their SAMAccountName to login and keeping OWA that was easiest but you have a point. It depends on how they want to do it. And you have a point about MAPI but I have never had to set that. It alwasy seemed to work with the settings for the default web site. But if needed, set-mapivirtualdirectory is there.
  Guess we think about writing a script differently, I am all for pre-writing the lines in a text file and copy-paste rather than writing a .ps1 file

Hi all

Thanks a lot for your all suggestions.

The organization is big (around 500 users) and I cann't simply ask for long down time. The customer engaged another vendor to migrate their olddomain.local to newdomain.local . Only exchange is left in old domain so far. The rest servers all joined to new domain.local. There is trust established between two domains now.

The existing exchange also has DAG setup.
Since I also need to change Virtual directories, I assume I better do as follows?

1. Setup new exchange server in new domain
2.  Do migration on -  cross domain

 Quesiton

1. Will user outlook be automatically configured once mailbox is moved to new domain exchange server?

2. Instead of cross domain migration, should I go with third party email migration service to migrate mailbox such as Bottitan?

3. The management intention is they don't want to see old domain anywhere - in outlook or OWA or mobile. For this requirement, should I go that far as stated above? Any simple work around that allows seamless or very minimum changes?

Thanks

This is quite a bit different. Now you are talking about AD domains and forests, not email domains and forests.

[1] No - Outlook profiles will not automatically be updated.
[2] Bittitan doesn't provide any value in the mailbox migration itself. I'm not sure of its current feature set - you might check to see if it can do the profile migration for you.
[3] No. You can't move an Exchange server from one forest to another. Not even one AD domain to another.

Hi Michael

I'm not trying to move from one forest to another. I'm simply trying to move mailbox from olddomain.local to newdomain.local as the management don't want to see olddomain related .

There is another vendor who migrate domain for them from olddomain.local to newdomain.local
The mailboxes changed to linked mailbox when I check in ECP .

Friend of mine told me that I'l have to go with Resource forest migration. https://docs.microsoft.com/en-us/exchange/recipients/linked-mailboxes?view=exchserver-2019

But would linked mailbox migration allow me to migrate mailbox from olddomain.local to newdomain.local ? If yes, would that auto configure user Outlook profile to automatically point to new domain Exchange server database?

Thanks

After we had discussion with management, they don't want to migrate exchange to another domain by cross-forest migration as it requires to buy new server.

As I mentioned, users are all migrated to new domain and new domain is already added as accepted domain in exchange hence their smtp is aldy set to new domain credential.

At this point, can I just create DNS records that point autodiscover.newdomain.com pointing to autodiscover.olddomain.com and add additional cert for autodiscover.newdomain.com and mail.newdomain.com in exchange server?

Will above sufficient for my requirement? Will users get password keep prompting issue or opening shared mailbox issue or OOF issue? The reason i ask is last time i encountered above issues due to autodiscover issue.

Please advise.

Many Thanks

Can someone respond on above please ?

You changed the question.

The question you asked, was answered. Award points and ask a new question.

I'm preparing to setup staging environment to see which answer is the solution.

Thanks

Hi Jeff and David

Sorry for late respond as I had to wait for management decisions. I'm in the mid of preparing the staging environment, will do the test next week.
Regards to the Cert, just to clarify, since it is the test, I'll signup for 30 days trial SSL certs for autodiscover.newdomain.com and mail.newdomain.com

Just to clarify, when I assign the new cert to SMTP, IIS etc., will the old SSL cert still be functioning? Since it is just a test, I won't have SAN cert.

My plan is to forward DNS records of autodiscover.newdomain.com  to autodiscover.olddomain.com in my DNS server.
Please advise your comment. Appreciate your help.

Thanks

When you install a new cert and assign it to the services, the old cert is still there but not really doing much of anything. It should still be valid and will still show in Exchange, just without the services assigned (may have SMTP assigned but unless you are securing email, it is not really used)

Thanks for the respond. How about the Outlook anywhere setting in exchange? Do I need to change to mail.newdain.com url ?

How about internal and external URL? I just leave as it is like mail.oldsomain.com or need to change Outlook anywhere plus internal and external urls to mail.newdain.com ?

If you are going with mail.newdomain.com and autodiscover.newdomain.com as the main email, then yes, as alluded to in Michael Smiths email, you will need to change the SCP (this is how Outlook anywhere gets the settings), the virtual directories internal and external, and make sure the new domain resolves correctly internally and externally. My earlier comment listed how to change SCPs. Vdirs can be mostly done (except MAPI) via the EAC.

Actually I'm not going to change the virtual directory.

My plan is just to forward host name of autodiscover.newdomain.com to autodiscover.olddomain.com

Install cert for autodiscover and mail.newdomain.com for IIS service.

Is above sufficient for Outlook , Mobile to work by dns forwarding as stated above (if we set server name - as mail.newdomain.com in mobile which forward to mail.olddomain.com)?

Thanks

Cannot say. We have all the Autodiscover names on the certificate. I think if you do not have both domains on the certificate, you may run into an issue there.

DNS forwarding I referring is to forward to alias - autodiscover.olddomain.com.

Shouldn't it be sufficient for mobile and Outlook?

Thanks

I know what DNS forwarding is. However, you stated you did not want to use a SAN cert, I am saying that forwarding the URL to the old domain name may cause certificate errors. We use SAN certs exclusively so I cannot comment directly on how your proposed setup will work. We never imagined doing it that way.

Well, i'll install the certs manually whatever is prompted in Outlook or mobile when I do the testing.

If above worka. I'll ask management to buy SAN cert

What you suggest on above?