Académique Documents
Professionnel Documents
Culture Documents
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
Welcome
Deployment Options
The Exchange 2013 Deployment Assistant is the IT pros source for Exchange deployment technical guidance. Tell us what kind of deployment youre interested in, answer a few questions about your environment, and then view Exchange deployment instructions created just for you.
On-Premises
Install a new on-premises Exchange 2013 deployment or upgrade your current environment to Exchange 2013
1 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
2 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
3 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
Disjoint namespace
Are you running a disjoint namespace?
In most domain topologies, the primary DNS suffix of the computers in the domain is the same as the DNS domain name. In some cases, you may require that these namespaces be different from one another. This is called a disjoint namespace. For example, a merger or acquisition may cause you to have a topology with a disjoint namespace. In addition, if DNS management in your organization is split between administrators who manage Active Directory and administrators who manage networks, you may need to have a topology with a disjoint namespace. For more information, see Disjoint Namespace Scenarios.
Yes No
4 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
Edge coexistence
Do you have an existing Edge Transport server?
The Edge Transport server isnt currently available in Exchange 2013. However, you can continue to use an existing Edge Transport server from your legacy Exchange organization.
Note: The Deployment Assistant checklist steps show you how to configure an existing Edge Transport server. The Deployment Assistant doesnt cover installing a new Edge Transport server in the Exchange 2013 organization.
Yes No
5 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
6 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
Server roles
Exchange 2013 includes two server roles; the Mailbox and Client Access server roles. Each organization requires at a minimum one Client Access server and one Mailbox server in the Active Directory forest. Additionally, each Active Directory site that contains a Mailbox server must also contain at least one Client Access server. If you're separating your server roles, we recommend installing the Mailbox server role first. The Mailbox server includes the Client Access protocols, the Transport service, the Mailbox databases, and Unified Messaging (the Client Access server redirects SIP traffic generated from incoming calls to the Mailbox server). The Mailbox server handles all activity for the active mailboxes on that server. The Client Access server provides authentication, limited redirection, and proxy services for all of the usual client access protocols: HTTP, POP and IMAP, and SMTP. The Client Access server, a thin and stateless server, doesnt do any data rendering. With the exception of diagnostic logs, nothing is queued or stored on the Client Access server. Learn more at: Mailbox and Client Access Servers
Certificates
Secure Sockets Layer (SSL) certificates help to protect communication between your Exchange servers and clients and other mail servers by encrypting data and, optionally, identifying each side of the connection. Certificates can be issued by third-party certificate authorities (CAs), issued by an internal CA, or self-signed. Heres a short description of each type of certificate:
Third-party certificates Third-party certificates are issued by a public CA such as GoDaddy, Verisign, Thawte, Comodo, or GlobalSign. Certificates published by public CAs are trusted by most operating systems and browsers. This is important if you want to use certificates to help protect communications between your Exchange 2013 organization and external organizations. The external organization must trust the certificate you give them. While you can accomplish the same thing with certificates issued by internal CAs or using self-signed certificates, the external organization must manually trust the certificates on each computer that will communicate with your Exchange 2013. Some public CAs also offer services to verify the identity of the organization theyre issuing a certificate to. This can be useful when an external organization must make sure theyre connecting to the correct organization. Public CAs charge for each certificate they issue. The cost varies depending on the type of certificate your purchase, the number of domains that will be listed on the certificate, and the pricing structure of the public CA. Private certificates Private certificates are issued by an internal, private CA. A private CA is hosted within your organization and issues certificates for your internal use. Private CAs are useful because there is no cost to issuing certificates, internal clients and servers can be configured to trust them automatically, and you manage the issuance process. However, the drawback is that external organizations dont trust your internal CA by default. If you want to secure communication between your Exchange 2013 and external organizations using a private certificate, the external organization must manually trust the certificates on each computer that will communicate with your Exchange 2013. Self-signed certificates Self-signed certificates are issued by an individual computer and not by any CA. Self-signed certificates arent trusted by any other computers, operating systems, or browsers. They dont allow other clients or servers to verify the identity of the organization. To connect to a computer that uses a self-signed certificate, the client or server thats connecting must manually trust the certificate. This process must be repeated each time the certificate expires. When you have clients or external organizations that need to connect to your Exchange 2013 servers, using self-signed certificates on your Client Access server isn't feasible. When deploying Exchange 2013, we strongly recommend that you obtain a certificate issued either by a third-party or internal CA for use on your Client Access server. This certificate will be used to help protect communication between the Client Access server and clients and other servers that are connecting to your server. However, you dont need to get or configure certificates for communication between your Mailbox server and Client Access server. The certificates used for communication between internal Exchange 2013 servers are managed automatically by Exchange. You dont need to configure certificates on the Mailbox server. Learn more at: Digital Certificates and SSL
Split DNS
Split domain name service (DNS) is a concept that allows you to configure different IP addresses for the same host name, depending on where the originating DNS request came from. This is also known as split-horizon DNS, split-view DNS, or split-brain DNS. Split DNS can help you reduce the number of host names that you must manage for Exchange by allowing your clients to connect to Exchange through the same host name whether they're connecting from the Internet or from the Intranet. Split DNS allows requests that originate from an intranet to receive a different IP address than requests that originate from the Internet. For example, external Internet users who visit www.contoso.com will be sent to the companys public website while employees on the internal intranet will be sent to the companys private intranet site. We recommend that you deploy Exchange 2013 in a split DNS configuration. In addition to simplifying deployment, split DNS also reduces the number of subject alternative names (SANs) required on the SSL certificates youll use to help secure connections to your Client Access server. The steps in this checklist configure your new Exchange 2013 organization to use split DNS. When youre done, youll be able to use the same URL, such as owa.contoso.com, to access your Exchange 2013 server from your intranet and the Internet.
Note: ExDeploy configures your Exchange 2013 deployment so that the URL internal and external users use to access your Exchange server is the same. If you have a different addressing scheme for your organization, you can change the internal and external URLs to match that scheme.
Supported clients
Exchange 2013 and Exchange Online support the following minimum versions of Microsoft Outlook and Microsoft Entourage for Mac:
Outlook 2013 (15.0.4420.1017) Outlook 2010 Service Pack 1 with the Outlook 2010 November 2012 update (14.0.6126.5000). For more information, see Description of the Outlook 2010 update: November 13, 2012. Outlook 2007 Service Pack 3 with the Outlook 2007 November 2012 update (12.0.6665.5000). For more information, see Description of the Outlook 2007 update: November 13, 2012. Entourage 2008 for Mac, Web Services Edition Outlook for Mac 2011 Important: The information above provides the minimum versions required for a client to connect to Exchange and Exchange Online. We strongly recommend that you install the latest available service packs and updates available so that your users receive the best possible experience when connecting to Exchange and Exchange Online. Outlook clients earlier than Outlook 2007 are not supported. Email clients on Mac operating systems that require DAV, such as Entourage 2008 for Mac RTM and Entourage 2004, are not supported. Outlook Web App supports several browsers on a variety of operating systems and devices. For detailed information, see What's New for Outlook Web App in Exchange 2013.
7 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
Accessibility
For information about keyboard shortcuts that may apply to the procedures in this checklist, see Keyboard Shortcuts in the Exchange Admin Center.
8 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
Prepare Organization
9 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
Verify prerequisites
Before you go any further with the Exchange Deployment Assistant, make sure that your organization's operating system, hardware, software, clients, and other elements meet the requirements for Exchange 2013. If they don't, you won't be able to complete the steps in the Deployment Assistant and you won't be able to deploy Exchange 2013.
Release notes
Make sure you read the release notes before you begin your deployment. The release notes contain important information about issues you might encounter during and after your deployment. Learn more at: Release Notes for Exchange 2013
System requirements
System requirements tell you what hardware and operating systems are supported on the computer where you install Exchange 2013. Youll also learn about what Active Directory configurations can be used, which legacy Exchange versions can coexist with Exchange 2013 in the same Active Directory forest, which email clients are supported, and whats required for hybrid deployments with Office 365. Learn more at: Exchange 2013 System Requirements
Note: Some features may require that you have local administrator permissions on the server you want to manage. To manage these features, you must be a member of the Local Administrators group on that server. Learn more at: Permissions
Installation permissions
The table below lists the permissions that you need to successfully use the Deployment Assistant and to install Exchange 2013. By default, the account that's used to install Exchange 2013 in the organization is added as a member of the Organization Management role group. When you install the first Exchange 2013 server role (Mailbox) into your Exchange 2013 organization, Exchange Setup will prepare your Active Directory schema if you have the correct permissions. If you want to separate your Active Directory schema preparation from the Exchange server installation, see Prepare Active Directory and Domains. For information about how to add permissions, see Manage Role Group Members.
Task Install the Mailbox server role (first server role installed)
Permissions required Local Administrator Enterprise Administrator Schema Admins Local Administrator Organization Management or Delegated Setup
Permissions required Local Administrator Domain Administrator Organization Management Organization Management Organization Management Organization Management or Server Management
Configure mail flow Configure accepted domains Configure email address policies Configure external URLs
10 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
11 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
Description Active Directory forest root Internal Exchange 2013 computer name Internal Exchange 2007 computer name External Exchange 2013 FQDN for the following services: Outlook Anywhere Offline Address Book Exchange Web Services (EWS) Exchange ActiveSync
Example value in checklist corp.contoso.com EX2013 EX2007 mail.contoso.com Note: This is the FQDN that, before installing Exchange 2013, points to your Exchange 2007 server. As part of the upgrade process, this FQDN will be moved from your Exchange 2007 server to the new Exchange 2013 server. Your Exchange 2007 server will be assigned a new FQDN, such as legacy.contoso.com.
Internal Exchange 2013 FQDN for the following services: Outlook Anywhere Offline Address Book Remote PowerShell Exchange Web Services (EWS) Exchange ActiveSync
Internal URL same as external URL mail.contoso.com Internal URL different than external URL internal.contoso.com
External Exchange 2013 FQDN for the following services: Outlook Web App ECP (Exchange Admin Center)
owa.contoso.com
Internal Exchange 2013 FQDN for the following services: Outlook Web App ECP (Exchange Admin Center)
Internal URL same as external URL owa.contoso.com Internal URL different than external URL internal.contoso.com
External Exchange 2007 FQDN for the following services: Outlook Web Access EWS Unified Messaging
legacy.contoso.com Note: This FQDN doesn't need to start with "legacy". It can be any available FQDN as long as it doesn't match any of the ones assigned to the Exchange 2013 server (for example, mail.contoso.com). You could, for example, use oldmail.contoso.com instead of legacy.contoso.com.
External Autodiscover FQDN Internal service connection point FQDN Primary SMTP namespace User principal name domain
Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection
12 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
Mailboxes stored in a mailbox database will inherit the OAB assigned to a mailbox database if the mailbox itself has no OAB assigned. This allows you to assign an OAB to many mailboxes without having to individually update each mailbox. When the mailbox is moved from an existing Exchange server to Exchange 2013, the mailbox will automatically begin using the new Exchange 2013-generated OAB if the mailbox itself isn't assigned an OAB.
How do I do this?
1. Open the Exchange Management Shell on your Exchange server. 2. Run the following command to retrieve a list of OABs. Get-OfflineAddressBook 3. Run the following command to view all the mailbox databases (except Exchange 2013 mailbox databases) in your organization and the OABs assigned to them. Get-MailboxDatabase | Format-Table Name, Server, OfflineAddressBook -Auto 4. For every mailbox database that doesn't have an OAB assigned, assign an OAB from the list you retrieved earlier. You can either set the OAB on each mailbox database individually or set the OAB on all mailbox databases at once. Use the command below that best suits your requirements. To set the OAB on each mailbox database individually, run the following command. The command example uses "Sales Employees" for the mailbox database name on the Ex2007 server, and the "Default Offline Address Book" for the name of the OAB. Set-MailboxDatabase "Ex2007\Sales Employees" -OfflineAddressBook "Default Offline Address Book" To set the same OAB on all mailbox databases at once, run the following command. The command example uses "Default Offline Address Book" for the name of the OAB. Warning: The following command will overwrite the OAB assigned to every mailbox database in your organization. If you want to verify the command has the intended effect, run it with the WhatIf switch parameter first. Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook "Default Offline Address Book"
Get-MailboxDatabase | Format-Table Name, Server, OfflineAddressBook -Auto Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection
13 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
How do I do this?
You need to create a public DNS record for the legacy.contoso.com host name to point to the external IP address of your Exchange 2007 server. The following is an example of the DNS record that you'd create with your public DNS provider, such as GoDaddy.
Important: You might need to make changes to your firewall to support this new legacy host name. You might need to add new firewall rules, add an external IP address for your Exchange 2007 server, or make other configuration changes. If your organization has a network management group, a security review process, or change management process, you may need to request permission to perform these changes or have someone else make them for you.
Value 172.16.10.10
1. Open a command prompt and run nslookup.exe. 2. Change to a DNS server that can query your public DNS zone. 3. In nslookup, look up the record for the legacy.contoso.com host name you created. Verify that the IP address that's returned matches the external IP address of your Exchange 2007 server. Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection
14 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
Caution: After you install Exchange 2013 on a server, you must not change the server name. Renaming a server after you have installed an Exchange 2013 server role is not supported.
How do I do this?
Important To prepare your organization for Exchange 2013, make sure that youve done everything in the Verify prerequisites step earlier in this checklist. That step has lots of important information, like the following:
In order for Exchange 2013 to coexist with previous versions of Exchange, all your Exchange 2013 servers must be running Cumulative Update 2 (CU2) for Exchange 2013. For information on how to download Exchange 2013, see Cumulative Updates for Exchange 2013. You'll also need to install Update Rollup 10 for Exchange 2007 Service Pack 3 (SP3) on all the Exchange 2007 servers in your organization before you can install Exchange 2013. Download from Exchange Server 2007 Service Pack 3 and Update Rollup 10 for Exchange Server 2007 Service Pack 3(KB2788321). In terms of the order in which to upgrade your sites, assuming you have Exchange servers in more than one site, start with any Internet-facing Active Directory sites, followed by the internal sites. The first site you will want to upgrade is the one where AutoDiscover requests from the Internet come in.
1. After you have downloaded Exchange 2013 CU2, log on to the computer on which you want to install Exchange 2013. 2. Navigate to the network location of the Exchange 2013 installation files. 3. Start Exchange 2013 Setup by double-clicking Setup.exe. Important: If you have User Access Control (UAC) enabled, you must right-click Setup.exe and select Run as administrator. 4. On the Check for Updates page, choose whether you want Setup to connect to the Internet and download product and security updates for Exchange 2013. If you select Connect to the Internet and check for updates, Setup will download updates and apply them prior to continuing. If you select Don't check for updates right now, you can download and install updates manually later. We recommend that you download and install updates now. Click Next to continue. 5. The Introduction page begins the process of installing Exchange into your organization. It will guide you through the installation. Several links to helpful deployment content are listed. We recommend that you visit these links prior to continuing setup. Click Next to continue. 6. On the License Agreement page, review the software license terms. If you agree to the terms, select I accept the terms in the license agreement, and then click Next. 7. On the Recommended settings page, select whether you want to use the recommended settings. If you select Use recommended settings, Exchange will automatically send error reports and information about your computer hardware and how you use Exchange to Microsoft. If you select Don't use recommended settings, these settings remain disabled but you can enable them at any time after Setup completes. For more information about these settings and how information sent to Microsoft is used, click ?. 8. On the Server Role Selection page, select both Mailbox role and Client Access role. The management tools are installed automatically if you install any other server role. Select Automatically install Windows Server roles and features that are required to install Exchange Server to have the Setup wizard install required Windows prerequisites. You may need to reboot the computer to complete the installation of some Windows features. If you don't select this option, you must install the Windows features manually. Note: This option installs only the Windows features required by Exchange. You must install other prerequisites manually. For more information, see Exchange 2013 Prerequisites. Click Next to continue. 9. On the Installation Space and Location page, either accept the default installation location or click Browse to choose a new location. Make sure that you have enough disk space available in the location where you want to install Exchange. Click Next to continue. 10. On the Malware Protection Settings page, choose whether you want to enable or disable malware scanning. If you disable malware scanning, it can be enabled in the future. Unless you have a specific reason to disable malware scanning, we recommend that you keep it enabled. Click Next to continue. 11. On the Readiness Checks page, view the status to determine if the organization and server role prerequisite checks completed successfully. If they haven't completed successfully, you must resolve any reported errors before you can install Exchange 2013. You don't need to exit Setup when resolving some of the prerequisite errors. After resolving a reported error, click Back and then click Next to run the prerequisite check again. Be sure to also review any warnings that are reported. If all readiness checks have completed successfully, click Install to install Exchange 2013. 12. On the Completion page, click Finish. Note: If you didn't separate your Active Directory schema preparation from the installation of Exchange 2013, the amount of time this takes is dependent upon your Active Directory site topology. It might take some time for the changes to replicate across your organization. 13. Restart the computer after Exchange 2013 has completed.
15 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
How do I do this?
1. Open the EAC by browsing to the URL of your Client Access server. For example, https://Ex2013/ecp?ExchClientVer=15. Important: You need to include ?ExchClientVer=15 in the URL when you want to open the EAC with a user that doesn't have an Exchange 2013 mailbox. 2. 3. 4. 5. 6. 7. Enter the user name and password of the account you used to install Exchange 2013 in Domain\user name and Password , and then click Sign in. Go to Recipients > Mailboxes. On the Mailboxes page, click Add and then select User mailbox. Provide the information required for the new user and then click Save. Go to Permissions > Admin Roles. On the Admin Roles page, select Organization Management and click Edit . Under Members, click Add . Select the Exchange 2013 mailbox you just created, click Add , then click OK. Then click Save.
1. In the EAC, go to Permissions > Admin Roles. On the Admin Roles page, select Organization Management. 2. In the details pane, view the Members list. If the Exchange 2013 mailbox has been successfully added as a member of the Organization Management role group, the mailbox will be listed here. Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection
16 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
Configure Services
Exchange 2013 external URLs
Estimated time to complete: 10 to 15 minutes There are several settings that you need to configure on the Exchange 2013 virtual directories, which include Outlook Anywhere, Exchange ActiveSync, Exchange Web Services, Offline Address Book (OAB), Outlook Web App, the Exchange admin center, and the availability service. Learn more at: Virtual Directory Management
How do I do this?
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. Open the EAC by browsing to the URL of your Client Access server. For example, https://Ex2013/ECP. Enter your user name and password in Domain\user name and Password, and then click Sign in. Go to Servers > Servers, select the name of the Internet-facing Client Access server and then click Edit . Click Outlook Anywhere. In the Specify the external hostname field, specify the externally accessible FQDN of the Client Access server. For example, mail.contoso.com. While youre here, lets also set the internally accessible FQDN of the Client Access server. In the Specify the internal hostname field, insert the FQDN you used in the previous step. For example, mail.contoso.com. Click Save. Go to Servers > Virtual directories and then click Configure external access domain . Under Select the Client Access servers to use with the external URL , click Add . Select the Client Access servers you want to configure, and then click Add. After youve added all the Client Access servers you want to configure, click OK. In Enter the domain name you will use with your external Client Access servers, type the external domain you want to apply. For example, mail.contoso.com. Click Save. Note: Some organizations make the Outlook Web App FQDN unique to protect users against changes to underlying server FQDN changes. Many organizations use owa.contoso.com for their Outlook Web App FQDN instead of mail.contoso.com. If you want to configure a unique Outlook Web App FQDN, do the following after you completed the previous step. This checklist assumes you have configured a unique Outlook Web App FQDN. 1. In Select server, choose your Exchange 2013 Client Access server. 2. Select owa (Default Web Site) and click Edit . 3. In External URL, type https://, then the unique Outlook Web App FQDN you want to use, and then append /owa. For example, https://owa.contoso.com/owa. 4. Click Save. 5. Select ecp (Default Web Site) and click Edit . 6. In External URL, type https://, then the same Outlook Web App FQDN that you specified in the previous step, and then append /ecp. For example, https://owa.contoso.com/ecp. 7. Click Save.
1. In the EAC, go to Servers > Virtual directories. 2. In the Select server field, select the Internet-facing Client Access server. 3. Select a virtual directory and then, in the virtual directory details pane, verify that the External URL field is populated with the correct FQDN and service as shown below:
External URL value No external URL displayed https://owa.contoso.com/ecp https://mail.contoso.com/EWS/Exchange.asmx https://mail.contoso.com/Microsoft-Server-ActiveSync https://mail.contoso.com/OAB https://owa.contoso.com/owa http://mail.contoso.com/PowerShell
Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection
17 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
What do you want to do? Configure internal and external URLs to be the same
1. Open the Exchange Management Shell on your Exchange 2013 Client Access server. 2. Store the host name of your Client Access server in a variable that will be used in the next step. For example, Ex2013. $HostName = "Ex2013" 3. Run each of the following commands in the Shell to configure each internal URL to match the virtual directorys external URL.
Set-EcpVirtualDirectory "$HostName\ECP (Default Web Site)" -InternalUrl ((Get-EcpVirtualDirectory "$HostName\ECP (Default Web Site)").ExternalUrl) Set-WebServicesVirtualDirectory "$HostName\EWS (Default Web Site)" -InternalUrl ((get-WebServicesVirtualDirectory "$HostName\EWS (Default Web Site)").ExternalUrl)
Set-ActiveSyncVirtualDirectory "$HostName\Microsoft-Server-ActiveSync (Default Web Site)" -InternalUrl ((Get-ActiveSyncVirtualDirectory "$HostName\Microsoft-Server-ActiveSync (Default Web Site)").E Set-OabVirtualDirectory "$HostName\OAB (Default Web Site)" -InternalUrl ((Get-OabVirtualDirectory "$HostName\OAB (Default Web Site)").ExternalUrl) Set-OwaVirtualDirectory "$HostName\OWA (Default Web Site)" -InternalUrl ((Get-OwaVirtualDirectory "$HostName\OWA (Default Web Site)").ExternalUrl) Set-PowerShellVirtualDirectory "$HostName\PowerShell (Default Web Site)" -InternalUrl ((Get-PowerShellVirtualDirectory "$HostName\PowerShell (Default Web Site)").ExternalUrl)
1. 2. 3. 4.
In the EAC, go to Servers > Virtual directories. In the Select server field, select the Internet-facing Client Access server. Select a virtual directory and then click Edit . Verify that the Internal URL field is populated with the correct FQDN and service as shown below:
Internal URL value No internal URL displayed https://owa.contoso.com/ecp https://mail.contoso.com/EWS/Exchange.asmx https://mail.contoso.com/Microsoft-Server-ActiveSync https://mail.contoso.com/OAB https://owa.contoso.com/owa http://mail.contoso.com/PowerShell
Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection
1. 2. 3. 4.
In the EAC, go to Servers > Virtual directories. In the Select server field, select the Internet-facing Client Access server. Select a virtual directory, and then click Edit . Verify that the Internal URL field is populated with the correct FQDN. For example, you may have set the internal URLs to use internal.contoso.com.
18 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection
19 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
How do I do this?
1. 2. 3. 4. 5. 6. 7. 8. Open the EAC by browsing to the URL of your Client Access server. For example, https://Ex2013/ECP. Enter your user name and password in Domain\user name and Password, and then click Sign in. Go to Servers > Certificates. On the Certificates page, make sure your Client Access server is selected in the Select server field, and then click New . In the New Exchange certificate wizard, select Create a request for a certificate from a certification authority and then click Next. Specify a name for this certificate and then click Next. If you want to request a wildcard certificate, select Request a wild-card certificate and then specify the root domain of all subdomains in the Root domain field. If you don't want to request a wildcard certificate and instead want to specify each domain you want to add to the certificate, leave this page blank. Click Next. Click Browse and specify an Exchange 2013 server to store the certificate on. The server you select should be the Internet-facing Exchange 2013 Client Access server. Click Next. For each service in the list shown, verify that the external or internal server names that users will use to connect to the Exchange server are correct. For example: If you configured your internal and external URLs to be the same, Outlook Web App (when accessed from the Internet) and Outlook Web App (when accessed from the Intranet) should show owa.contoso.com. OAB (when accessed from the Internet) and OAB (when accessed from the Intranet) should show mail.contoso.com. If you configured the internal URLs to be internal.contoso.com, Outlook Web App (when accessed from the Internet) should show owa.contoso.com and Outlook Web App (when accessed from the Intranet) should show internal.contoso.com. These domains will be used to create the SSL certificate request. Click Next. Click Add to add the legacy host name to the certificate. In the Domain name field, enter your legacy host name. For example, legacy.contoso.com. Click OK. Add any additional domains you want included on the SSL certificate. Select the domain that you want to be the common name for the certificate and click Set as common name. For example, contoso.com. Click Next. Provide information about your organization. This information will be included with the SSL certificate. Click Next. Specify the network location where you want this certificate request to be saved. Click Finish.
After you've saved the certificate request, submit the request to your certificate authority (CA). This can be an internal CA or a third-party CA, depending on your organization. Clients that connect to the Client Access server must trust the CA that you use. After you receive the certificate from the CA, complete the following steps:
1. 2. 3. 4. 5. 6.
On the Server > Certificates page in the EAC, select the certificate request you created in the previous steps. In the certificate request details pane, click Complete under Status. On the Complete pending request page, specify the path to the SSL certificate file and then click OK. Select the new certificate you just added, and then click Edit . On the certificate page, click Services. Select the services you want to assign to this certificate. At minimum, you should select IIS but you can also select IMAP, POP, and UM call router if you use these services. If you want to use secure transport, you can also select SMTP to make this certificate available to Exchange 2013 transport. Click Save. 7. If you receive the warning Overwrite the existing default SMTP certificate?, click Yes.
1. In the EAC, go to Servers > Certificates. 2. Select the new certificate and then, in the certificate details pane, verify that the following are true: Status shows Valid Assigned to services shows, at minimum, IIS and optionally IMAP, POP, UM call router, and SMTP. Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection
20 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
How do I do this?
First, you need to export your certificate from your Exchange 2013 server with the certificate's private key using the following steps.
Log on directly to your Exchange 2013 Client Access server with an administrator user account. Open an empty Microsoft Management Console (MMC). Click File, and then Add/Remove Snap-in. In the Add or Remove Snap-ins window, select Certificates and then click Add >. In the Certificates snap-in window that appears, select Computer account and then click Next. Select Local computer and click Finish. Then, click OK. Under Console Root, expand Certificates (Local Computer), Personal, and then Certificates. Select the third-party certificate you created in the previous step. Right-click on the certificate, select All Tasks, and then Export. In the Certificate Export Wizard, click Next. Select Yes, export the private key and then click Next. Make sure Personal Information Exchange - PKCS #12 (.PFX) and Include all certificates in the certification path if possible are selected. Make sure no other options are selected. Click Next. Select Password and then enter a password to help secure your certificate. Click Next. Specify a file name for the new certificate. Use the file extension .pfx. Click Next, and then click Finish. You'll receive a confirmation prompt if the certificate export was successful. Click OK to close it. Copy the .pfx file you created to your Exchange 2007 Client Access server.
After you've exported the certificate from your Exchange 2013 server, you need to import the certificate on your Exchange 2007 server using the following steps.
1. 2. 3. 4. 5. 6. 7. 8. 9. 10.
Log on directly to your Exchange 2007 Client Access server with an administrator user account. Open an empty Microsoft Management Console (MMC). Click File, and then Add/Remove Snap-in. In the Add or Remove Snap-ins window, select Certificates and then click Add >. In the Certificates snap-in window that appears, select Computer account and then click Next. Select Local computer and click Finish. Then, click OK. Under Console Root, expand Certificates (Local Computer), and then Personal. Right-click Personal , select All Tasks and then Import. In the Certificate Import Wizard, click Next. Click Browse and select the .pfx file you copied to your Exchange 2007 Client Access server. Click Open, and then click Next. Note: You may need to change the File name filter in the Open window to All Files (*.*) to see the .pfx file.
In the Password field, enter the password you used to help secure the certificate when you exported it on the Exchange 2013 Client Access server. Verify that Include all extended properties is selected and click Next. Verify that Place all certificates in the following store is selected and Personal is shown in Certificate store. Click Next. Click Finish. You'll receive a confirmation prompt if the certificate import was successful. Click OK to close it.
Now that the new certificate has been imported on your Exchange 2007 Client Access server, you need to assign it to your Exchange services using the following steps.
1. Open the Exchange Management Shell on your Exchange 2007 Client Access server. 2. Run the following command to list the certificates installed on the Exchange 2007 server. Get-ExchangeCertificate 3. Find the third-party certificate that contains the domain you configured on the certificate in the Subject column. 4. Copy the GUID of the certificate that's located in the Thumbprint column and save it. You'll use this value in the next step. 5. Run the following command to assign the certificate to the Internet Information Services (IIS), POP, IMAP, and Unified Messaging (UM) services. You'll need to paste the thumbprint you saved in the previous step into this command. The thumbprint GUID used in this example is BBF70EF91B214CCBC0D336EFA9BD9FE0035858C3. Enable-ExchangeCertificate BBF70EF91B214CCBC0D336EFA9BD9FE0035858C3 -Services IIS, POP, IMAP, UM
Note: Only include the Unified Messaging service in the command if you've installed the Unified Messaging (UM) server role on this Exchange 2007 server.
1. Open the Exchange Management Shell on your Exchange 2007 Client Access server. 2. Run the following command to list the certificates installed on the Exchange 2007 server. Get-ExchangeCertificate 3. Verify that the services that you assigned to the new third-party certificate are listed in the Services column of the certificate. The following characters are used to indicate each service:
Character I P U
Service IMAP POP Unified Messaging Note: This service will only be assigned to the certificate if you have the UM server role installed on this Exchange 2007 and included the UM service when you ran the Enable-ExchangeCertificate command.
IIS
21 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
SMTP Note: This service wasn't included in the Enable-ExchangeCertificate command in the procedure earlier in this topic. Unless you included the SMTP service in the command, this service will be assigned to a previously installed certificate.
Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection
22 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
Perform Switchover
Important note about switchover
Up until this point, you've been getting everything ready to bring your new Exchange 2013 server into production and switch some services from your Exchange 2007 server to your Exchange 2013. There has been no impact to your users. The next several steps in the checklist will transition Outlook Web App, Exchange Web Services, Autodiscover, and Exchange ActiveSync access from your Exchange 2007 server to your Exchange 2013 server. During this period, your users may experience some disruption as settings are updated and domain name configuration is replicated across the Internet. We recommend that you perform these steps outside of business hours and that you communicate possible service disruption to your users.
23 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
The Outlook Anywhere external URL is set to the external hostname of the Exchange 2013 server. Client authentication, which is used to allow clients like Outlook 2013 to authenticate with Exchange, is set to Basic. Internet Information Services (IIS) authentication, which is used to allow Exchange servers to communicate, set to NTLM and Basic.
How do I do this?
Perform the following steps to enable and configure Outlook Anywhere on your Exchange 2007 servers.
1. Open the Exchange Management Shell on your Exchange 2007 Client Access server. 2. Store the external host name of your Exchange 2013 Client Access server in a variable that will be used in the next steps. For example, mail.contoso.com. $Exchange2013HostName = "mail.contoso.com" 3. Run the following command to configure Exchange 2007 servers that already have Outlook Anywhere enabled to accept connections from Exchange 2013 servers. Warning: The following command will change the configuration of Outlook Anywhere on any Exchange 2007 server in your organization on which it's already enabled.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like "Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} | Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq $True} | ForEach 4. Run the following command to enable Outlook Anywhere on the rest of your Exchange 2007 servers to accept connections from Exchange 2013 servers.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like "Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} | Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq $False} | Enable
1. Open the Exchange Management Shell on your Exchange 2007 Client Access server. 2. Run the following command to view the Outlook Anywhere configuration on your Exchange 2007 servers:
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like "Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} | Get-OutlookAnywhere | Format-Table Server, ClientAuthenticationMethod, IISAuth Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection
24 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
How do I do this?
Perform the following steps to configure the SCP object on your Exchange 2007 servers.
1. Open the Exchange Management Shell on your Exchange 2007 Client Access server. 2. Store the AutoDiscover host name of your Exchange 2013 Client Access server in a variable that will be used in the next step. For example, autodiscover.contoso.com. $AutodiscoverHostName = "autodiscover.contoso.com" 3. Run the following command to set the SCP object on every Exchange 2007 server to the AutoDiscover URL of the new Exchange 2013 server.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like "Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://$AutodiscoverHo Perform the following steps to configure the SCP object on your Exchange 2013 servers.
1. Open the Exchange Management Shell on your Exchange 2013 Client Access server. 2. Store the AutoDiscover host name of your Exchange 2013 Client Access server in a variable that will be used in the next step. For example, autodiscover.contoso.com. $AutodiscoverHostName = "autodiscover.contoso.com" 3. Run the following command to set the SCP object on every Exchange 2013 server to the AutoDiscover URL of the new Exchange 2013 server.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like "Version 15*") -And ($_.ServerRole -Like "*ClientAccess*")} | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://$AutodiscoverH
Open the Exchange Management Shell on your Exchange 2007 Client Access server. Run the following command to view the SCP object configuration on Exchange 2007 servers.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like "Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} | Get-ClientAccessServer | Format-Table Name, AutoDiscoverServiceInternalUri -Au To verify that you've successfully configured the AutoDiscoverServiceInternalUrl property on your Exchange 2013 servers with the value of the Exchange 2013 AutoDiscover URL, do the following:
1. Open the Exchange Management Shell on your Exchange 2013 Client Access server. 2. Run the following command to view the SCP object configuration on Exchange 2013 servers.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like "Version 15*") -And ($_.ServerRole -Like "*ClientAccess*")} | Get-ClientAccessServer | Format-Table Name, AutoDiscoverServiceInternalUri -A Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection
25 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
Warning: The commands in this step overwrite the value stored in the ExternalUrl property of the Outlook Web Access, Exchange Web Services, and Unified Messaging virtual directories on all the Exchange 2007 Client Access servers in your organization.
How do I do this?
1. Open the Shell on the Exchange 2007 Client Access server. 2. Run the commands in the "How do I know this worked" section to retrieve the current values of the ExternalUrl property of the Outlook Web Access, Exchange Web Services, and Unified Messaging virtual directories. Make note of these values in case you need to revert back to them. 3. Store the external host name of your Exchange 2007 Client Access server in a variable that will be used in the next steps. For example, legacy.contoso.com. $LegacyHostName = "legacy.contoso.com" 4. Run the following command to configure the external URL of the Outlook Web App virtual directory on the Exchange 2007 Client Access server using the external host name you stored in the $LegacyHostName variable. Get-OwaVirtualDirectory | Where {$_.OwaVersion -Eq "Exchange2007"} | Set-OwaVirtualDirectory -ExternalUrl https://$LegacyHostName/owa 5. Run the following command to configure the external URL of the Exchange Web Services virtual directory on the Exchange 2007 Client Access server using the external host name you stored in the $LegacyHostName variable.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like "Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} | Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -ExternalUrl 6. Run the following command to configure the external URL of the Unified Messaging virtual directory on the Exchange 2007 Client Access server using the external host name you stored in the $LegacyHostName variable.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like "Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} | Get-UMVirtualDirectory | Set-UMVirtualDirectory -ExternalUrl https://$LegacyHo
26 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
Verify that the Exchange 2007 host name resolves to the external publicly accessible IP address of the Exchange 2007 Client Access server. Change the primary host names, such as mail.contoso.com, autodiscover.contoso.com, and owa.contoso.com (if used) to point to the external publicly accessible IP address of the Exchange 2013 Client Access server with your public DNS provider. Change the primary host names, such as mail.contoso.com (or internal.contoso.com if you're using different internal host names), autodiscover.contoso.com, and owa.contoso.com (if used) to point to the internal machine name of the Exchange 2013 Client Access server on your internal DNS servers. Important: Read this topic completely before starting. You might need to make changes to your firewall to support the new Exchange 2013 server. You might need to add new firewall rules, add an external IP address for your Exchange 2013 server, or make other configuration changes. If your organization has a network management group, a security review process, or change management process, you may need to request permission to perform these changes or have someone else make them for you.
1. Open a command prompt and run nslookup.exe. 2. Change to a DNS server that can query your public DNS zone. 3. In nslookup, look up the record for the legacy.contoso.com host name you created. Verify that the IP address that's returned matches the external IP address of your Exchange 2007 server. Now, verify that you can access your Exchange 2007 server using the legacy host name. Using a computer outside of your internal network, open your favorite browser and browse to the Outlook Web Access URL of the Exchange 2007 server, for example, https://legacy.contoso.com/owa. Verify that you can connect to Outlook Web App, log in, and view the contents of an Exchange 2007 mailbox. Also verify that you don't receive any certificate warnings or errors. If you can access an Exchange 2007 mailbox and don't receive any certificate warnings or errors, you can continue on with the rest of this topic. If you do receive certificate errors or if you can't access the Exchange 2007 mailbox, do the following:
Make sure that you've created the legacy DNS host name. For more information, see "Create legacy Exchange host name" earlier in the checklist. Make sure that you've successfully requested and received the new certificate on your Exchange 2013 Client Access server and imported it on your Exchange 2007 server. For more information, see "Exchange 2013 certificates" and "Exchange 2007 certificates" earlier in the checklist. Make sure that you've correctly configured the internal and external URLs on your Exchange 2007 server. For more information, see "Configure Exchange 2007 URLs" earlier in the checklist. Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection
Important: Before you make any changes to your DNS records, we strongly recommend that you reduce the time to live (TTL) values of each DNS record you want to change to its minimum interval. The TTL value determines how long a DNS record stays cached on DNS servers. A smaller interval, such as 5 or 10 minutes, will allow you to reverse any changes faster in the event you need to revert back to your original configuration. If you do need to change the TTL of your DNS records, don't make any other changes until the original TTL interval has passed.
Important: Before you make any changes to your DNS records, we strongly recommend that you reduce the time to live (TTL) values of each DNS record you want to change to its minimum interval. The TTL value determines how long a DNS record stays cached on DNS servers. A smaller interval, such as 5 or 10 minutes, will allow you to reverse any changes faster in the event you need to revert back to your original configuration. If you do need to change the TTL of your DNS records, don't make any other changes until the original TTL interval has passed.
FQDN
Value
27 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
CNAME CNAME A
Important: Before you make any changes to your DNS records, we strongly recommend that you reduce the time to live (TTL) values of each DNS record you want to change to its minimum interval. The TTL value determines how long a DNS record stays cached on DNS servers. A smaller interval, such as 5 or 10 minutes, will allow you to reverse any changes faster in the event you need to revert back to your original configuration. If you do need to change the TTL of your DNS records, don't make any other changes until the original TTL interval has passed.
1. Open a command prompt and run nslookup.exe. 2. Change to a DNS server that can query your public DNS zone. 3. In nslookup, look up the record of each FQDN you created. Verify that the value that's returned for each FQDN is correct. Now, verify that you can access your Exchange 2013 server using your primary host name. Using a computer outside of your internal network, open your favorite browser and browse to the Outlook Web Access URL of the Exchange 2013 server, for example, https://mail.contoso.com/owa. Perform the two following tests:
Log into an Exchange 2013 mailbox Log into an Exchange 2013 mailbox and verify that you can access the contents of the mailbox without any certificate warnings or other errors. Log out and close your browser. If you need to create a new Exchange 2013 mailbox, see Create User Mailboxes. Log into an Exchange 2007 mailbox Log into an Exchange 2007 mailbox. When you log into this mailbox, you will be redirected to your Exchange 2007 Client Access server (the URL in the browser address bar with switch from mail.contoso.com to legacy.contoso.com). Verify that you are logged in successfully, that you can access the contents of the mailbox, and that you don't receive any certificate warnings or other errors. Test inbound and outbound mail flow Send a message from an external mail provider, such as outlook.com, to Exchange 2013 and Exchange 2007 mailboxes. Verify that the message is received successfully. Reply to the message from each mailbox and verify that the external recipient receives the message. You can also examine the message headers of the messages you sent and received to verify the path the message took using the Message Analyzer in the Microsoft Remote Connectivity Analyzer. With the exception of the mail flow test, repeat the previous tests from a computer inside your network to test your internal DNS configuration. If you've configured your internal DNS records to use the same host names as your external DNS, attempt to access an Exchange 2013 and Exchange 2007 mailbox using those host names, for example mail.contoso.com or owa.contoso.com. If you've configured your internal DNS records to use a different host name, attempt to access an Exchange 2013 and Exchange 2007 mailbox using the internal host name, for example internal.contoso.com. Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection
28 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
29 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
Post-configuration tasks
After you complete a new installation of Exchange 2013, add an additional Exchange 2013 server role to an existing Exchange 2013 server, or install Exchange 2013 in an existing organization, you should consider the post-installation tasks. The post-installation tasks will help you verify the installation and configure the components that you have just installed.
Product key
When you install Exchange 2013, your server is licensed as a trial edition. The trial edition expires 120 days after the date of installation. A server that has a trial edition license functions as an Exchange Standard Edition server, but it isn't eligible for support from Microsoft support services. If you have Exchange 2013 servers for which the trial edition has expired, Exchange displays a separate warning for each expired server. You need to enter a product key before the trial edition expires if you want to continue using Exchange 2013 on the server. Learn more: Enter Product Key
Permissions configuration
For the purposes of the Exchange Deployment Assistant, your administrator account was granted permissions that you might not need going forward. You should verify that this account doesn't have more permissions than required to configure and manage your Exchange 2013 environment. Role Based Access Control (RBAC), the permissions model in Exchange 2013, is extremely flexible. The built-in role groups are probably sufficient to manage most of your Exchange 2013 organization. You can simply add and remove members from the existing role groups to control permissions. The following topics provide more information and can help you configure the appropriate permissions for your Exchange 2013 tasks:
Permissions Manage Role Groups Manage Role Group Members Manage Role Assignment Policies Change the Assignment Policy on a Mailbox Built-in Role Groups Built-in Management Roles
Public folders
Public folders are designed for shared access and provide an easy and effective way to collect, organize, and share information with other people in your workgroup or organization. You can use them as an archive for distribution groups, as a simple document sharing solution, and more. Learn more: Public Folders Now that you've successfully installed Exchange 2013, you can migrate your public folders from Exchange Server 2010 SP3 or Exchange 2007 SP3 RU10 to Exchange Server 2013. Youll perform the migration by using the new *PublicFolderMigrationRequest cmdlets, in addition to several PowerShell scripts. These cmdlets use the Microsoft Exchange Mailbox Replication service to perform the migration. Learn more: Migrate Public Folders to Exchange 2013 From Previous Versions
Modify or Remove Exchange 2010 How to Completely Remove Exchange 2007 from a Server
Configure mobile device policies so users can only access their mail from approved devices. Add remote domains to apply custom configuration and security to mail sent to and from a partners mail servers. Configure backup and restore processes to help keep your data safe. In addition to enabling features to improve productivity, you might need to add servers so that you can deploy a high availability solution, service users in other locations, increase capacity, or meet a combination of those or other goals. As you install additional servers, youll need to think about things like Active Directory site design, load balancing Client Access servers, message routing and transport high availability, and so on. For more information, see the following topics:
Description Learn how Exchange 2013 uses Active Directory sites, and why its important to have a good Active Directory site design to help ensure the correct and efficient functioning of Exchange Server.
30 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
Permissions
Smaller organizations can often manage Exchange with a single administrator account. However, you might want to delegate permission to additional administrators, give limited permission to specialist users, and more. Read this topic to learn more about how you can use Exchange to grant permissions to administrators, specialist users, or how you can give users access to control their own mailbox. Depending on the laws of your country or rules and regulations for your industry, you might be required to archive data for a certain period of time or provide documents in response to a legal court order. Read this topic to learn more about how Exchange can help you respond to these requirements and requests. As you add more Exchange 2013 servers, youll need to carefully plan message routing between servers in different Active Directory sites, other messaging products, and the Internet. Read this topic to learn more about how Exchange 2013 routes traffic, how you can configure efficient highly available mail routing, and how you can perform mail flow monitoring and diagnostics. The global address list (GAL) contains every recipient in the Exchange 2013 organization. Some organizations might not want every user to see every other recipient in the organization. Or, you might want some departments or business units to have a specific email address domain. Read this topic to learn more about how you can use Exchange 2013 to segment the GAL so that users only see the recipients you want them to see, how to apply the correct email address to recipients automatically, how to configure offline address books, and more.
Users no longer access their email only from their computer at work. They use their home computer, mobile device, tablet, airport kiosk, and other methods to access their email. Its important to understand how users access their email so that you can ensure your companys information stays safe. Read this topic to learn more about how Exchange can help you keep control of your companys information by applying policies to devices, specifying which methods users can use to access their email, and more.
Mailbox and Client Access Servers Managing High Availability and Site Resilience Install Exchange 2013 Using the Setup Wizard
Understanding the Mailbox and Client Access server roles is critical to maintaining a healthy Exchange organization. Read the topics in this node to learn more about how these roles function, how to move mailboxes, manage mailbox databases, configure load balancing, configure certificates, and more. Data integrity and server availability are critically important in an Exchange organization. You need to ensure that the data stored on your Exchange servers is safe, and that the availability of your Exchange servers meets your organizations requirements. Read this topic to learn more about how Exchange can help you meet your goals by configuring database availability groups, establishing and testing backup and restore processes, and more. Additional servers increase capacity and enable you to configure features like database availability groups. Read this topic to learn how to install additional Mailbox and Client Access servers.
31 of 32
8/14/2013 6:34 PM
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
32 of 32
8/14/2013 6:34 PM