1. Group name change.
Use Exchange 2010 “Organization Management” AD group for DNP Servers application pools accounts on Exchange 2010servers instead of Exchange 2007 “Exchange Organization Administrators” group.
2. DNP Hosting OU ACL.
Exchange 2010 deployment adds a lot of new permission entries AD. That’s why after you deploy Exchange 2010 in your existing DNP-managed Exchange 2007 environment, you need to reset DNP Hosting root OU permissions to default and then repeat this http://help.dotnetpanel.com/DotNetPanel%20Hosted%20Exchange%20Solution/Deploying%20Hosted%20Organizations%20module.aspx#Section3 step.
3. Address Lists containers DACL.
For the same reason you reset DNP Hosting root OU permissions in previous section you should set to default all Address Lists containers DACL you changed before according to http://help.dotnetpanel.com/DotNetPanel%20Hosted%20Exchange%20Solution/DNP%20Hosted%20Exchange%20Solution%20Pre-Deployment%20Tasks.aspx#Section4 and the repeat that steps (Modifying Address Lists Containers) again.Otherwise many system processes and administrative procedures like OAB generation will not work.
4. New globalAddressList2 AD attribute.
After you create first mailbox in first Exchange 2010 organization thus creating first GAL on Exchange 2010 – it adds new globalAddressList2 attribute to CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=hosterdomain,DC=com and populate this multi-valued attribute with newly created GAL DN. For some reasons this attribute becomes preferable (when Exchange provide clients with GALs list when they search it to check name) than normally used globalAddressList attribute of the same object. Because of this attribute is not populated with existing GALs distinguished names – adding first mailbox with DNP to mixed Exchange 2007/2010 DNP-managed organizations – this lead to “bookmark is not valid” error for existing Exchange 2007 users. More information about those attributes is here http://msdn.microsoft.com/en-us/library/cc219948(PROT.13).aspx and here http://msdn.microsoft.com/en-us/library/cc220151(PROT.13).aspx Solution is to add all existing GALs DNs that exist in globalAddressList attribute to globalAddressList2 attribute. This can be automated with LDIFDE (http://support.microsoft.com/kb/237677/en-us). Here is an example of commands that may help you to export GALs DNs from globalAddressList attribute and import them to globalAddressList2 attribute.Note that all this must be tested; AD should be backed up before. DNP does not responsible for results of this action. 4.1 Exporting GALs DNs from globalAddressList attribute to text file. LDIFDE -d "CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=hosterdomain,DC=com" -f globalAddressList-export.txt -l globalAddressList 4.2 Preparing import file. Open globalAddressList-export.txt, save as globalAddressList2-import.ldf and modify it for import looking at this http://support.microsoft.com/kb/237677/en-us article and our example. globalAddressList2-import.ldf content example: dn: CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=hosterdomain,DC=comchangetype: modifyreplace: globalAddressList2globalAddressList2: CN=test01 Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=Exchange Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=hosterdomain,DC=comglobalAddressList2: CN=test02 Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=Exchange Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=hosterdomain,DC=comglobalAddressList2: CN=test03 Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=Exchange Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=hosterdomain,DC=com- Note that “-“ symbol in the end is must have one. 4.3 Importing GALs DNs to globalAddressList2 attribute LDIFDE -i -f globalAddressList2-import.ldf 4.4 Checking that import is OK Open ADSI edit, navigate to configuration container, open CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=hosterdomain,DC=com object and compare globalAddressList and globalAddressList2 attributes values. They should be identical.
5. OWA 2010 may show hidden objects issue.
DNP use this http://technet.microsoft.com/en-us/library/bb430794.aspx to restrict address list using with OWA clients. DNP use Distinguished Name of Hosted Organizations Organizational Unit. It works OK for Exchange 2007 and for some Exchange 2010 implementations. But in some Exchange 2010 deployments OWA (according to our experience in deployed from the scratch, not coexisted with Exchange 2007) shows hidden objects like group created by DNP for internal purposes or some another mailbox or DL in organization which set hidden (regardless in DNP or EMS/EMS). In case this attribute set to organization GAL Distinguished Name – it works OK. In DNP 2.8.12 we will change way DNP set mailbox attributes to organization GAL Distinguished Name instead of OU. In case you need to get patch before 2.8.12 – please contact us. For now in case you experience this behavior temporary workaround it to set msExchQueryBaseDN attribute manually to GAL Distinguished Name instead of OU. Appropriate DNP-created GAL name starts with Hosted Organization ID. For example if user’s organization ID is ORG01, his OU is ORG01, pre-Windows 2000 name is user_org01 and GAL is org01 Global Address List. Note that you can use ADModify.net (http://technet.microsoft.com/ru-ru/library/aa996216(EXCHG.65).aspx) for bulk change of this attribute for all mailboxes in some OU (organization).
6. DNP Exchange 2010 provider interface settings.
6.1 Clustered Mailbox Server – this setting is obsolete and this field will be removed from Exchange 2010 provider in next DNP release. In case you manage Exchange 2010 Mailbox server locally (with DNP Server and DNP Exchange 2010 module locally deployed) – leave this field empty. In case you manage alone 2010 mailbox server or Database Availability Group remotely (with DNP Server and DNP Exchange 2010 module deployed on some non-Exchange server with Exchange administrative tools installed or form CAS/HUB server) – set this field the same as OAB generation server.
6.2 Public Folder Server. You can set separate mailbox server with PF database for OAB creation. This server does not require any DNP licensing. In case you manage Exchange 2010 Mailbox server locally and have no separate PF server – leave this field empty. In case you manage alone 2010 mailbox server or Database Availability Group remotely – set some mailbox server name which host PF database there.
6.3 OAB Server. You can set separate mailbox server for OAB generation. This server does not require any DNP licensing. In case you manage Exchange 2010 Mailbox server locally and have no separate OAB server – leave this field empty. In case you manage alone 2010 mailbox server or Database Availability Group remotely – set some mailbox server name there.
6.4 Hub Transport Service and Client Access Service. All HUB and CAS servers should have DNP Server and DNP Exchange 2010 modules deployed locally (as per Visio diagram created before) and added to main Exchange 2010 service which manages Exchange 2010 Mailbox locally or remotely.
7. Recommended migration path from Exchange 2007 to 2010 in mixed Exchange 2007/2010 DNP-managed environment.
Note. This instruction assume that you perform actions like informing customers about possible pause in service and made full backup of your system as well as ensure that you can restore and revert back any changes yourself. 7.1 Deploy Exchange 2010 service in DNP in parallel with DNP Exchange 2007 module. 7.2 Create test Virtual Server, Hosting Plan, DNP User and Hosting Space with Exchange 2010 test Hosting plan. Create Hosted Organization. Check Exchange 2010 mailbox creation. Note that you should be ready to importing GALs DNs to globalAddressList2 attribute immediately after you create this mailbox to avoid “bookmark is not valid” errors with existing Exchange 2007 users. 7.3 Delete test mailbox, Hosted Organization, DNP User and Space, test Hosting Plan and Virtual Server. Do not delete Exchange 2010 service you created at step 1. 7.4 Open existing Virtual Server you use and replace existing Exchange 2007 service with Exchange 2010 service you created in step 1 and tested in step 2. 7.5 Create new DNP User and Hosting Space with existing Hosting Plan which is based on Virtual Server you just modify in step 4. Create new Hosted Organization in this Space, then new mailbox in this organization. Check that it is created at Exchange 2010 server. Note that you should be ready to importing GALs DNs to globalAddressList2 attribute again because in case you delete first test Exchange 2010 mailbox in step 3 globalAddressList2 attribute may be deleted and in this step recreated again. 7.6 Migrate existing organization: 7.6.1 Move mailboxes for target Hosted Organization from Exchange 2007 mailbox server to Exchange 2010 mailbox server with EMC or EMS. 7.6.2 Set target Hosted Organization to use Exchange 2010 module and Mailbox database: 7.6.2.1 Open Exchange 2007 service which was just removed from Virtual Server and write down ServiceID from the browser string.7.6.2.2 Open Exchange 2010 service which was just added to Virtual Server and write down ServiceID from the browser string.7.6.2.3 Open Hosting Space which contains target Hosted Organization and write down SpaceID from the browser string.7.6.2.4 Open target Hosted Organization and write down itemID from the browser string.7.6.2.5 Open Exchange 2010 module settings (or EMC) and write down target mailbox database name.7.6.2.6 Open Microsoft SQL Server Management Studio and run the script below against DotNetPanel (DNPEnterpriseServer) database: DECLARE @Exchange2007ServiceID INTDECLARE @Exchange2010ServiceID INTDECLARE @SpaceID INTDECLARE @OrganizationID INTDECLARE @Database NVARCHAR(3000) ---------------------- Place here your real values -------------------------------------- SET @Exchange2007ServiceID = aaa --replace with your real Exchange 2007 serviceId valueSET @Exchange2010ServiceID = bbb --replace with your real Exchange 2010 serviceId valueSET @SpaceID = ccc --replace with your real spaceId valueSET @OrganizationID = ddd --replace with your real itemId valueSET @Database = 'Mailbox Database 123456789' --replace with your real Exchange 2010 database name----------------------------------------------------------------------------------------- -- update space serviceUPDATE PackageServicesSET ServiceID = @Exchange2010ServiceIDWHERE ServiceID = @Exchange2007ServiceIDAND PackageID = @SpaceID -- update organization settings UPDATE ServiceItemPropertiesSET PropertyValue = @DatabaseWHERE PropertyName = 'Database'AND ItemID = @OrganizationID 7.6.3 Check that you can manage existing mailboxes in target Hosted Organization as well as create new mailboxes in Exchange 2010 Mailbox database.
8. Alternative migration/coexisting paths and their issues.
Recommended migration path assumes that you continue to manage your existing Exchange 2007 based organizations, while migrate them to Exchange 2010 (step 6) peacefully, one by one. All new organizations will be Exchange 2010 based. However all existing organizations will remain Exchange 2007 based (and all new mailboxes in that organizations will be Exchange 2007 based!) until procedures from step 6 done with organization. Note that this path is the only fully tested and supported at the moment. You may decide to choose not this migration path, but coexisting approach where existing Exchange 2007 based Virtual Server and Hosting plans set will be not changed and new Exchange 2010-based Virtual Server and Hosting plans set will be created in parallel to be able to create new organizations both Exchange 2007 and 2010 based. In this case most probably you will meet issue with mailboxes in new (only new!) created Exchange 2007 organizations get “bookmark is not valid’ issue. It is because Exchange 2007 GAL creation procedure does not populate globalAddressList2 attribute (but only globalAddressList attribute) with newly created organization’s GAL distinguished name. That’s why you may be needed to consider some manual or automated workflow to add new GAL’s distinguished names (created by Exchange 2007 provider) to globalAddressList2 attribute. Sure this issue does not affect you in case you decide to deploy Exchange 2010 in new AD forest / Exchange organization. In this case migration is much more connected to r-creation of organizations and exporting-importing mailbox content.
9. Useful Microsoft links for migration/coexisting planning.
http://technet.microsoft.com/en-us/library/dd638158.aspxhttp://technet.microsoft.com/en-us/library/bb124350.aspxhttp://technet.microsoft.com/en-us/library/dd351133.aspxhttp://technet.microsoft.com/en-us/library/dd346708.aspxhttp://technet.microsoft.com/en-us/library/ee332345.aspx