Posts tagged ‘exchange’
Cross Forest Migration from Exchange 2003 to Exchange 2016 using CodeTwo
Hi All
After a long pause I thought add a new post about a recent project that I worked with .The project was to perform a cross forest migration from Exchange 2003 to Exchange 2016 .We had to bypass the double hop migration ,thus we chose CodeTwo exchange migration to move directly from Exchange 2003 to Exchange 2016.
In this article I have include the steps (not detailed steps as it could be easily found via a simple Google search) which will guide you from Cross Forest Active Directory Migration to Exchange Migration.
NOTE: There was no inter forest mail flow during the migration as we decided to move all the mailboxes over the weekend.
Source Forest:
Windows(2003) , Exchange (2003), Multiple SMTP Domains configured on Exchange 2003
Target Forest:Windows 2012(R2),Exchange(2016), Multiple SMTP Domains configured as the Accepted Domains.
The migration task was broken in to several sequential steps.
1)User Migration (via ADMT)
2)Group Migration(via ADMT)
3)Workstation Migration (via ADMT)
4)Mailbox Migration(via CodeTwo)
Based on the above we started preparing the prerequisites for the steps 1-3(Exchange 2016 was already installed on the Target Domain).
– Raised the Forest Functional level and Domain Functional level to
2003 on the Source Domain Controllers.
– Created conditional forwarding on source and target DNS servers
for both domain names to be resolved vice versa.
– Created two way trust between the source and target forest.
– Created a group called ADMTAdmin(on source) and added the
Domain Admin(Target). Thereafter created a group policy for the
Restricted group and added the ADMT Admin Group(This is to
have local administrator rights on all source forest workstations).
– Created another group policy to disable Windows Firewall.
– Install SQL Express and .NET Framework on the Target DC prior to
installing the ADMT.
– Install Password Export Server on the source Domain Controller
(This is to import the same password).This will require the below
steps.
– Create PAC Key on Target *
(admt key /option:create /sourcedomain:ebyader.com
/keyfile:”c:\PES.pes” /keypassword:*)* (use this extracted key
when installing the PES Application)
– PES service should be run as using target admin account) *
– Finally Add the Administrator use to remote builtin Administrator
group vice versa on each forest..
Once the above are done you can start migrating the users,groups and workstations. The ADMT will prepare the workstations to work on the new domain but accessing the same profile.The Outlook profile still will be pointed to the old exchange server.(In order to avoid the password prompt you could grant Mailbox right for the target AD account to his/her mailbox).
Any issues related to ADMT and the required troubleshooting steps were collected from the website: https://blog.thesysadmins.co.uk/admt-series-1-preparing-active-directory.html
Issues faced at this stage.
Issue 1: Users get blank profile with out any data.
Solution:
Ask the user to log off from the user workstation.
– Run Regedit from your computer. Connect Network Registry to the user workstation.
– Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
– Go through the Profile list and identify the Source account. Copy the value from the ProfileImagePath key.
– Again go through the Profile list and identify the Target account. Paste the ProfileImagePath key value there.
– Restart the user workstation.
The ProfileImagePath key will be same value for both Source and Target user accounts. This ensures both source and target users will receive the same profile which is stored under C:\Documents and Settings\UserName.
Issue2: Outlook users will not be able to access their email as per attached error.
Solution: This is because the autodisover on Exchange 2016 will try to reconfigure the outlook. Thus you could set the autodiscover url to null, and remove the autodiscover DNS record created in the local DNS servers(Target).
Issue3: Failed to change domain affiliation, hr=800704f1 .
Solution: Enabled the Group Policy on the Target DC as
Default Domain Controller Policy-Computer Configuration-Policies-Admin Templates-System-Net Logon-Allow cryptography —NT 4.0
At this stage all the users ,groups and workstation were migrated to the new target forest but still accessing the old exchange mail flow.Thus we reached the climax of this project which is the exchange migration. we started preparing the prerequisites for Exchange Migration using CodeTwo
– Installed Windows 2012 R2 and joined to the Source domain.
– Login with the domain administrator account
– Install CodeTwo (please refer the user manual from CodeTwo , but
in my case I skipped all the prerequisites as I was not intended to
maintain any mail flow between two forests.
– Started Exchange Migration in batches and completed successfully.
– Informed the ISP to change the MX toward the new IP pointing to
Exchange 2016 server.
– Did a rescan (CodeTwo command to copy any missed or new
items from the source mailboxes to new mailboxes.
Issue Faced:When migrating with CodeTwo you will receive ErrorMessageSizeExceeded
Solution: EAC -> Mail Flow-> More Option -> OrganizationTransportSettings -> Change it to more than 100.
http://www.codetwo.com/kb/changing-the-message-size-limit/?sts=1646.
Finally we enabled the autodiscover and recreated the autodiscover DNS record. In order to minimize the work involved to recreate the profile in outlook we pushed the below Group Policy entries as it will enable the user to press “new” button on the popup that display when they double click on outlook icon.
————————————————————————————-
For Outlook 2016:
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover
As a policy:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\AutoDiscover
For Outlook 2013:
HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\AutoDiscover
As a policy:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\Outlook\AutoDiscover
For Outlook 2010
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\AutoDiscover
As a policy:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\Outlook\AutoDiscover
For Outlook 2007:
HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover
As a policy:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\AutoDiscover
2. Once the key is created, right-click in the right pane and click New, click DWORD Value and type in “ZeroConfigExchange” (without the quotes) and then press ENTER.
3. Finally, right-click ZeroConfigExchange, click Modify and then in the Value data box, type 1, and then click OK
————————————————————————————-
In case if the outlook is not prompting create the below entry as well
HKEY_CURRENT_USER\Software\Microsoft\Exchange\Client\Options
String Value: PickLogonProfile
Data: 1
All these above Registry entries can be pushed via GroupPolicy.
Hope I have covered all the required steps in brief and anybody who wants to perform a cross forest migration using Code Two , can refer this article as guideline for their project.The other fact which I decided to write this article is that I did not find any single article/post on the Internet which covering all the cross forestmigration processes staring from Active Directory Objects to Mailboxes.
Cheers !!
Muralee
How to create Exchange 2013 DAG and Test DAG Failover
Dear Folks
Today I decided to write a post explaining Exchange 2013 DAG Switchover/Switchback and Failover/Failback because I could not find a proper or an consolidated article in the Internet which explains the required steps to install and test the DAG.
This article will be divided in to 3 sections
Step 1 – Installation of Exchange Prerequisites and Exchange Installation
Step 2 – DAG creation
Step 3 – Testing (Switchover/Switchback and Failover/Failback)
Environment
1 DC (Windows 2012 R2 OS, Domain: Test.local)
2 Exchange Servers(Windows 2012 R2 OS, Exchange 2013 CU6)
Step 1 – Installation of Exchange Prerequisites and Exchange Installation
In this series we will walk you through the process of performing a clean installation of Exchange 2013 in single server.(Windows OS installation will not be covered)
> Begin with Installing the AD DS and AD LDS Roles to prepare the AD forest for the Exchange 2013 deployment.
> Thereafter open an elevated command prompt run the prepare schema command
> Then start with the AD Preparation in this you need to mention the Exchange Server Organization Name
> Now you could prepare the domain.
> We need to install the below prerequisite based on exchange roles that will be installed since my deployment is single server role (cas and mbox together)
Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation ( For other roles please refer Technet Article http://technet.microsoft.com/en-us/library/bb691354%28v=exchg.150%29.aspx )
> Next we install the below mentioned components in the mentioned order as
1.Net Framework 4.5.2 (Only for CU7 , In case CU6 the required .NET Framework is pre installed)
2.Microsoft Unified Communication Managed API 4.0,Core Runtime 64-bit
> Finally begin the Exchange Installation by running setup.exe and follow the screen (selected option may vary based on your environment requirements) below are some of the customized options as per my LAB
Step 2 – DAG creation
Now we have installed the Exchange Servers. We will begin with the DAG creation.
> As a prerequisite the Exchange Installation or the Database and Log location should not to be identical in my case it was not
hence I need to move the Database and Log Files.
> Thereafter we need to pre create the CNO (Cluster Name Object) when we deploy DAG on Windows 2012 or Windows 2012 R2
1) Create a new computer object via Active Directory Users and Computer Snap-in
2) Disable the Computer Account created above and Press ” Yes” on the Prompt.
3) Enable “Advanced Features”
4) Right Click the Computer Object Created and add one of the Exchange Mailbox server and grant Full control
5) Add the File Witness Server in my case the Domain Controller in Exchange Trusted Sub System Group
6) Add the Exchange Trust Subsystem group on the Local Administrator Group of the File Witness Server.
Everything is done now we will begin with the DAG creation
7) We will create a DAG with the below parameteres
DAG Name : – DAG
IP Address :- 192.168.252.131
FSW Server : dc.test.local
NOTE:- I forgot the step 6 in my LAB and the FSW was not created , hence I need to re set the FSW property on my DAG after completing the Step6
8) Add the Mailbox Servers to the DAG.
9) Verify the Cluster Resource to confirm whether the above commands are executed correctly and the required cluster resources has been created.
10) Now we are going to make the Database Copies ,hence check the Database and Log Path on the Exchange Server.
11) Add the First Copy
12) Verify the Database Copy Status and repeat the steps for the other databases.
(If you notice any status other the Healthy you could give some time or simply restart the Information Store Service.)
Step 3 – Testing (Switchover/Switchback and Failover/Failback)
1) Now we have successfully created the DAG we will go through the testing .( While testing I prefer if you could open an E-Mail Client to test the email flow between 2 accounts)
We will perform a database switchover which is a planned activity and can be done via ECP , Hence login to ECP –> Servers –> Databases
Select the passive copy of the database on the Exchange2 server and click on activate it.
Test the e-mail flow .
2) Now we will test the automatic service recovery a beautiful feature of DAG.
In the below snapshot we will stop the IISAdmin service and confirm that Exchange will restart the service automatically
3) Now we will perform a Failover which is an unplanned activity,In order to do this we will crash or stop the process Microsoft.Exchange.Store.Worker
on theExchange2 Server
Once it done you will notice on the ECP that the Passive Database is activated automatically on the Exchange1 Server and now you could test the e-mail flow.
Done.
How to delete the Exchange Server transaction logs
Dear Folks
When your are performing a backup which is not Exchange Aware or for some reason the job fails , you will fall in to situation where the exchange transaction logs will not be cleared automatically and end up in eating your disk space.
I have listed the steps where you could identify the logs that have been committed already and delete them manually.
– Open Powershell
– Browse it to the exchange installation directory (x:\Program Files\Microsoft\Exchange Server\V14\bin\)
– Then run the command “eseutil /mk “C:\MDBDATA\MDB01\E00.chk”
Output of the above command will be similar to – Checkpoint: (0x4B1D,FFFF,FFFF)
– Remember the value “0x4B1D”
Go to the Exchange Transactions log folder and arrange the files on the “Modified Time”
– Then look in to the folder for the file with the value “0x4B1D” and delete the files above them.
NOTE:- Since the log files are deleted immediately you must take a full backup for the safety of the exchange environment.