Finally, all users moved from Exchange 2003 to Exchange 2010.

I’ve been working on migrating our Exchange environment from 2003 to 2010 for several months. My first post about this is from April 14th, when I was just trying to virtualize our existing Exchange 2003 system. Once that was complete, I started playing around with Exchange 2010 around June or July, and had most of the users moved over to 2010 by the end of August. The last holdouts were Blackberry users. I couldn’t move their mailboxes because our BES was hosted on our original Exchange 2003 server.

BES is another product that I inherited that I had no experience with. It’s BES 4.1.x and while I wasn’t a fan of the UI it seemed to do its job. However, when I started moving people to Exchange 2010 I learned that BES 4.1 doesn’t support Exchange 2010. So, to cut the (absurdly long) story short, I setup BES Express on a new VM, pointed it at our Exchange 2010 server, tested it out (and it worked), and just last week was able (finally) to move the last few users over to Exchange 2010. BES users had to have their phones wiped to join them to the BES Express server, which was the major sticking point.

I can’t believe it actually took that long to complete, but we managed to move all user mailboxes twice (Ex2003 physical -> Ex2003 VM, then Ex2003 VM -> Ex2010 VM) with no noticeable interruption to users (we did the moves at night). OWA 2010 alone would make it worth the upgrade, but I’m actually loving the Exchange Management Shell too.

Anyway… nice to have it completed.

Converting Exchange 2003 conference rooms to Exchange 2010

I’m wrapping up moving mailboxes to Exchange 2010. The last ones to be moved (except for BlackBerry users… thanks BES) are the conference rooms. So the first step was to move them using the Local Move tool, which was pretty simple. But I don’t want them in 2010 as user mailboxes if they can be designated as “rooms,” which they can. So here’s how I’m doing it:

Identify the mailboxes to be moved

Once you figure out the syntax for the “-Filter” flag to get-mailbox, this is easy

[PS] C:\Windows\system32>get-mailbox -filter { (RecipientTypeDetails -eq "UserMailbox") -and ( DisplayName -like "*conference*") }

Name                      Alias                ServerName       ProhibitSendQuota
----                      -----                ----------       -----------------
Conference Room2          ConferenceRoom2      exch2010be1      unlimited
Production Conference ... productionconf       exch2010be1      unlimited
Conference Room 1         conference1          exch2010be1      unlimited
L&D Conference Room       ldconference         exch2010be1      unlimited
Tech Conference Room      techconference       exch2010be1      unlimited
Client Services Confer... csconference         exch2010be1      unlimited
Suite 202 Conference Room 202conf              exch2010be1      unlimited

Convert them to rooms

As Microsoft says in this story about converting mailboxes to rooms, this can only be done via Exchange Management Shell (not EMC), so just pipe the output from the previous command to Set-Mailbox -Type Room:

[PS] C:\Windows\system32>get-mailbox -filter { (RecipientTypeDetails -eq "UserMailbox") -and ( DisplayName -like "*confe
rence*") } | set-mailbox -type room
[PS] C:\Windows\system32>

Done! Now when you create an appointment in Outlook 2007, in Scheduling Assistant, you can click the “Add Room” button to add a room. Hooray.

The Joy of Migrating from Exchange 2003 to 2010

I’ve been working on migrating from Exchange 2003 to Exchange 2010 for several weeks. Actually, at this point it feels like several months. Now that I think about it, I guess that’s because it’s actually been several months.

Back in January or February, I got fed up with the Exchange setup I inherited: our Exchange 2003 server was running on a server in the basement of our office, on non-UPS power, with a power company that likes to pull shenanigans (like 3-4 hour outages every few months). In addition, the physical machine itself has some weird bug where it would hang at the POST screen complaining about some USB device, even though there are no USB devices plugged in, and USB is disabled in the BIOS. Meanwhile, in the datacenter, I had recently finished migrating most of our ancient physical servers to virtual machines on beautiful new hardware. It didn’t take long to see the solution that seemed to be obvious: move Exchange to the datacenter, in a VM.

There was a major wrinkle in this plan, however: there were no quota limits enforced in Exchange, and the average mailbox was 6-7 gigabytes, with 4 users over 10 gigs. At the time, we only had a 5 mbit upload connection to the datacenter, and the total size of the mailboxes was around 400 gigs. I didn’t want to spend weeks and weeks moving tons of mail over a slow pipe – and with mailboxes being so big, I wasn’t sure I could even complete some of them overnight.

At this point I brought up the idea of migrating the company to Google Apps. I’m a big fan of Gmail and moving off of Exchange would have certainly simplified some aspects of my job, and nobody would need Outlook (especially not me). I knew it would be a tough sell internally, but the pricing certainly didn’t help; it came out to $83/user/year for Google Apps + document retention. The price came out to about the same as upgrading to Exchange 2010. If it had been half or a third the cost I may have pushed harder, but to make the story (a little) shorter, we ended up sticking with Exchange, and instituting quotas.

We phased in the quotas over the course of a month to give users time to archive and clean up their mailboxes. Once that was done, I setup a new Exchange 2003 frontend server (in a VM) in the datacenter and pointed our webmail (OWA & ActiveSync) there. So we had the frontend in the datacenter and the backend “mailbox” server still in the office. I then setup another VM running Exchange 2003 in the datacenter. This enabled me to move mailboxes over one at a time with almost no interruption in service, except for the user whose mail was in transit. Since we instituted quotas, the mailboxes were all under 2 GB, and I was able to do 6-10 mailboxes each night.

I can’t tell you how happy I was when we lost power yet everyone retained full connectivity to email via their phones (except BlackBerry users, since BES was still in the basement — note to RIM: ActiveSync!).

So phase 1 & 2 (instituting quotas and moving email out of the basement) were complete. Phase 3 was the bigger unknown – moving to Exchange 2010. After lots of reading and planning, installing, configuring and testing, about two weeks ago I setup a Client Access Server to serve as the new webmail “frontend.” Microsoft has some pretty great instructions for setting up 2003 and 2010 in coexistence, but basically you point your “real” webmail URL to the 2010 CAS and move your “old” Exchange 2003 webmail to another url (they suggest legacy.company.com). Then people log in to the 2010 interface, and if their mailbox is housed on the 2003 server, it seamlessly redirects them to https://legacy.company.com/, and they don’t have to log in again. Pretty slick, and I didn’t believe it would work until I saw it for myself (which, btw, it does). So ActiveSync and Outlook Anywhere were working through the 2010 CAS even for the users housed on the 2003 server (which was all of them).

This week I started moving users over to Exchange 2010. So far it’s been mostly positive. We have several Mac users, so the ability for them to have native mail & calendaring is pretty epic. The Outlook Web App in Exchange 2010 is phenomenal. I mean, it almost brings a tear to my eye, it’s so beautiful – especially when compared with 2003. And being able to do server-side searching in OWA & on my iPhone is fabulous.

All is not perfect, though. I keep getting stupid certificate errors for Autodiscover when I open Outlook 2007. I guess I’ll need to buy another SSL certificate and dedicate another IP to this service… ugh. And now that I moved my mailbox to Exchange 2010, Outlook Anywhere appears not to work. Oh well, almost there…

Exchange 2010 and Set-ActiveSyncVirtualDirectory Identity

I don’t really know why I put this blog up, but generally I write stuff here after I muddle through some ridiculous problem that may have ended up being easily resolved, but whose solution was hard to find. That’s definitely the case with this post. Currently I’m in the middle of moving my company’s email from Exchange 2003 to Exchange 2010. Microsoft has provided some pretty good documentation on how to do this, but they do assume a certain level of familiarity with the product. For example, I probably spent 30 minutes trying to run Exchange cmdlets in Powershell before I realized there’s a special shell just for Exchange, the Exchange Management Shell.

Anyway, I’m trying to setup a Client Access Server to replace our Exchange 2003 Outlook Web Access (webmail) system. Again, Microsoft’s walkthrough is pretty good, and everything seemed to be working until I got to section 4c of their instructions:

Exchange ActiveSync: Set-ActiveSyncVirtualDirectory -Identity \Microsoft-Server-ActiveSync -ExternalURL https://mail.contoso.com

For the other examples they provided, I had been replacing with the internal name of my new CAS, “EXCH2010FE1,” so that’s what I attempted to do here as well, however it threw this error:

[PS] C:\Windows\system32>Set-ActiveSyncVirtualDirectory -Identity EXCH2010FE1\Microsoft-Server-ActiveSync -ExternalURL https://webmail.example.com
The operation couldn’t be performed because object
‘EXCH2010FE1\Microsoft-Server-ActiveSync’ couldn’t be found on ‘activedir.example.com’.
+ CategoryInfo : NotSpecified: (0:Int32) [Set-ActiveSyncVirtualDirectory], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : B33731BE,Microsoft.Exchange.Management.SystemConfigurationTasks. SetMobileSyncVirtualDirectory

[PS] C:\Windows\system32>

I racked my brain on this for a while. I discovered the Get-ActiveSyncVirtualDirectory command, hoping it would magically solve the problem (telling me what the “Identity” was), but it didn’t – at least not at first:

[PS] C:\Windows\system32>Get-ActiveSyncVirtualDirectory -server exch2010fe1

Name Server InternalUrl
—- —— ———–
Microsoft-Server-ActiveSync (Default… EXCH2010FE1 https://exch2010fe1.example.com/Microsoft-Se…

[PS] C:\Windows\system32>

It was showing me the server, but not the Identity, which is what I wanted. Having never used Powershell before, I figured there had to be a way to get that property out of the command, but I had no idea what it was. Some more Googling finally helped me resolve it:

[PS] C:\Windows\system32>Get-ActiveSyncVirtualDirectory -server exch2010fe1 | Select-Object Identity

Identity
——–
EXCH2010FE1\Microsoft-Server-ActiveSync (Default Web Site)

[PS] C:\Windows\system32>

Once I supplied “EXCH2010FE1\Microsoft-Server-ActiveSync (Default Web Site)” for the Identity parameter the command completed correctly. I also tried piping the Get-ActiveSyncVirtualDirectory command directly to Set-ActiveSyncVirtualDirectory, like this:

[PS] C:\Windows\system32>Get-ActiveSyncVirtualDirectory -Server exch2010fe1 | Set-ActiveSyncVirtualDirectory -ExternalURL https://webmail.example.com

This appeared to execute successfully, but I don’t know if it actually did what I intended, so I stuck with specifying the identity manually.

The Exchange 2010 CAS is properly redirecting users to legacy.example.com, but ActiveSync isn’t working (I’m testing with my iPhone), so I guess the problem I was having above wasn’t the source of all my ills, sadly. The battle continues…