Exchange 2013 Deployment Assistant

Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
Welcome
Deployment Options
The Exchange 2013 Deployment Assistant is the IT pros source for Exchange deployment technical guidance. Tell us what kind of deployment youre interested in, answer a few questions about your environment, and then view Exchange deployment instructions created just for you.
On-Premises
Install a new on-premises Exchange 2013 deployment or upgrade your current environment to Exchange 2013
1 of 32
8/14/2013 6:34 PM
On-Premises Deployment Questions

Select your on-premises deployment
Select your deployment scenario to get started
New installation of Exchange 2013 Upgrade from Exchange 2007 Upgrade from Exchange 2010 Upgrade from Exchange 2007 and Exchange 2010
2 of 32
8/14/2013 6:34 PM
Client Access and Mailbox server installation location

Are you planning to install the Client Access and Mailbox server roles on the same or a different server?
Exchange 2013 has two server roles: Mailbox and Client Access. During deployment, you can install the server roles on the same server or on different servers. Where you install these roles depends on the number of servers available, their physical capacities, and the layout of your network. For example, you might want to dedicate certain servers to specific functions. For more information, see Exchange 2013 System Requirements.
Same server Different servers
3 of 32
8/14/2013 6:34 PM
Disjoint namespace
Are you running a disjoint namespace?
In most domain topologies, the primary DNS suffix of the computers in the domain is the same as the DNS domain name. In some cases, you may require that these namespaces be different from one another. This is called a disjoint namespace. For example, a merger or acquisition may cause you to have a topology with a disjoint namespace. In addition, if DNS management in your organization is split between administrators who manage Active Directory and administrators who manage networks, you may need to have a topology with a disjoint namespace. For more information, see Disjoint Namespace Scenarios.
Yes No
4 of 32
8/14/2013 6:34 PM
Edge coexistence
Do you have an existing Edge Transport server?
The Edge Transport server isnt currently available in Exchange 2013. However, you can continue to use an existing Edge Transport server from your legacy Exchange organization.
Note: The Deployment Assistant checklist steps show you how to configure an existing Edge Transport server. The Deployment Assistant doesnt cover installing a new Edge Transport server in the Exchange 2013 organization.
Yes No
5 of 32
8/14/2013 6:34 PM
On-Premises Deployment Steps

Navigate your checklist
Now that weve asked you a few questions about the type of deployment you want, its time to review how to use your Exchange 2013 deployment checklist.
How can I see my answers to the deployment questions?

That's easy. Simply expand the deployment questions section in the left menu of this page, and select a question to see how you answered it.
How can I change my answers?

Go to the deployment questions section in the left menu. Select the question youd like to change the answer for, revise your answer, and then click Next change your answers, you'll get a whole new checklist that's tailored to those answers. . You can also click Start Over at the top of any page. When you
How can I move through the checklist?

You can browse the checklist by clicking a step in the left pane or by using the Previous and Next buttons. While you can browse in any order you want, you do need to complete the steps in the order shown.
What do I do when I finish a step?

Pat yourself on the back! Then you can move on to the next step by clicking Next .
How long will it take to complete the checklist?

Good question! It depends. The checklist is based on answers you gave to the questions about your environment, and because there are many possible combinations of answers, its hard to know the total time it will take you to complete the entire process. Plus, youll need to do some planning before you start the configuration steps. However, to give you some idea as to how long a step should take, weve included an estimate of time to complete at the beginning of each configuration step in your checklist.
What if I get interrupted?

You can exit the Exchange Deployment Assistant at any time and return to the same computer later to continue where you left off. Please be aware that if you access the Deployment Assistant from a different computer, progress from your session on the original computer is not available.
Can I print this stuff?

Yes! See Print Checklist at the top of this page? Use that icon to print the entire deployment checklist. You can also use Print This Page at the bottom of each page to print just a single checklist step.
Can I copy and paste?

You can copy the code examples while youre in the checklist. Just click Copy in the code example to copy the code to your clipboard. For everything else, you can just highlight any text passage and copy to your clipboard and paste into the text editor of your choice.
How do I tell you what I think about this?

We'd love to hear what you think of the Deployment Assistant. Your feedback is encouraged and welcome! See Feedback at the top of the page? Click it to send feedback to us via email anytime.
6 of 32
8/14/2013 6:34 PM
Before you begin

Welcome to Exchange 2013! Before you deploy Exchange 2013 in your organization, you'll need to first do some careful planning. Before you go any further with the Exchange 2013 Deployment Assistant (ExDeploy), we urge you to review this entire topic to make sure that you fully understand how deploying Exchange 2013 could affect your existing network and Exchange organization.
Things to consider before deploying Exchange 2013

Before you deploy Exchange 2013, you need to carefully consider some important issues. Its important that you understand these issues before you begin your deployment so you dont run into any surprises along the way.
Server roles
Exchange 2013 includes two server roles; the Mailbox and Client Access server roles. Each organization requires at a minimum one Client Access server and one Mailbox server in the Active Directory forest. Additionally, each Active Directory site that contains a Mailbox server must also contain at least one Client Access server. If you're separating your server roles, we recommend installing the Mailbox server role first. The Mailbox server includes the Client Access protocols, the Transport service, the Mailbox databases, and Unified Messaging (the Client Access server redirects SIP traffic generated from incoming calls to the Mailbox server). The Mailbox server handles all activity for the active mailboxes on that server. The Client Access server provides authentication, limited redirection, and proxy services for all of the usual client access protocols: HTTP, POP and IMAP, and SMTP. The Client Access server, a thin and stateless server, doesnt do any data rendering. With the exception of diagnostic logs, nothing is queued or stored on the Client Access server. Learn more at: Mailbox and Client Access Servers
Active Directory schema update

When you install Exchange 2013 for the first time, your Active Directory schema will be updated. This schema update is required to add objects and attributes to Active Directory to support Exchange 2013. Depending on the size of your organization, and how infrastructure responsibilities are divided within your organization, the schema update may need to be done by another team or department. Additionally, replicating the changes made to your schema may take several hours or days and is dependent on your Active Directory replication schedule. Before installing the first Exchange 2013 server, talk with your Active Directory management team, if you have one, so they can review, sign-off, and implement the schema update. We also recommend that you test the schema update in a lab environment and back up your production Active Directory schema prior to applying the schema update. Learn more at: Exchange 2013 Active Directory Schema Changes, Exchange Server 2003 to Exchange Server 2010 Active Directory Schema Changes Reference, March 2013, Prepare Active Directory and Domains, and Testing for Active Directory Schema Extension Conflicts
Certificates
Secure Sockets Layer (SSL) certificates help to protect communication between your Exchange servers and clients and other mail servers by encrypting data and, optionally, identifying each side of the connection. Certificates can be issued by third-party certificate authorities (CAs), issued by an internal CA, or self-signed. Heres a short description of each type of certificate:
Third-party certificates Third-party certificates are issued by a public CA such as GoDaddy, Verisign, Thawte, Comodo, or GlobalSign. Certificates published by public CAs are trusted by most operating systems and browsers. This is important if you want to use certificates to help protect communications between your Exchange 2013 organization and external organizations. The external organization must trust the certificate you give them. While you can accomplish the same thing with certificates issued by internal CAs or using self-signed certificates, the external organization must manually trust the certificates on each computer that will communicate with your Exchange 2013. Some public CAs also offer services to verify the identity of the organization theyre issuing a certificate to. This can be useful when an external organization must make sure theyre connecting to the correct organization. Public CAs charge for each certificate they issue. The cost varies depending on the type of certificate your purchase, the number of domains that will be listed on the certificate, and the pricing structure of the public CA. Private certificates Private certificates are issued by an internal, private CA. A private CA is hosted within your organization and issues certificates for your internal use. Private CAs are useful because there is no cost to issuing certificates, internal clients and servers can be configured to trust them automatically, and you manage the issuance process. However, the drawback is that external organizations dont trust your internal CA by default. If you want to secure communication between your Exchange 2013 and external organizations using a private certificate, the external organization must manually trust the certificates on each computer that will communicate with your Exchange 2013. Self-signed certificates Self-signed certificates are issued by an individual computer and not by any CA. Self-signed certificates arent trusted by any other computers, operating systems, or browsers. They dont allow other clients or servers to verify the identity of the organization. To connect to a computer that uses a self-signed certificate, the client or server thats connecting must manually trust the certificate. This process must be repeated each time the certificate expires. When you have clients or external organizations that need to connect to your Exchange 2013 servers, using self-signed certificates on your Client Access server isn't feasible. When deploying Exchange 2013, we strongly recommend that you obtain a certificate issued either by a third-party or internal CA for use on your Client Access server. This certificate will be used to help protect communication between the Client Access server and clients and other servers that are connecting to your server. However, you dont need to get or configure certificates for communication between your Mailbox server and Client Access server. The certificates used for communication between internal Exchange 2013 servers are managed automatically by Exchange. You dont need to configure certificates on the Mailbox server. Learn more at: Digital Certificates and SSL
Split DNS
Split domain name service (DNS) is a concept that allows you to configure different IP addresses for the same host name, depending on where the originating DNS request came from. This is also known as split-horizon DNS, split-view DNS, or split-brain DNS. Split DNS can help you reduce the number of host names that you must manage for Exchange by allowing your clients to connect to Exchange through the same host name whether they're connecting from the Internet or from the Intranet. Split DNS allows requests that originate from an intranet to receive a different IP address than requests that originate from the Internet. For example, external Internet users who visit www.contoso.com will be sent to the companys public website while employees on the internal intranet will be sent to the companys private intranet site. We recommend that you deploy Exchange 2013 in a split DNS configuration. In addition to simplifying deployment, split DNS also reduces the number of subject alternative names (SANs) required on the SSL certificates youll use to help secure connections to your Client Access server. The steps in this checklist configure your new Exchange 2013 organization to use split DNS. When youre done, youll be able to use the same URL, such as owa.contoso.com, to access your Exchange 2013 server from your intranet and the Internet.
Note: ExDeploy configures your Exchange 2013 deployment so that the URL internal and external users use to access your Exchange server is the same. If you have a different addressing scheme for your organization, you can change the internal and external URLs to match that scheme.
Supported clients
Exchange 2013 and Exchange Online support the following minimum versions of Microsoft Outlook and Microsoft Entourage for Mac:
Outlook 2013 (15.0.4420.1017) Outlook 2010 Service Pack 1 with the Outlook 2010 November 2012 update (14.0.6126.5000). For more information, see Description of the Outlook 2010 update: November 13, 2012. Outlook 2007 Service Pack 3 with the Outlook 2007 November 2012 update (12.0.6665.5000). For more information, see Description of the Outlook 2007 update: November 13, 2012. Entourage 2008 for Mac, Web Services Edition Outlook for Mac 2011 Important: The information above provides the minimum versions required for a client to connect to Exchange and Exchange Online. We strongly recommend that you install the latest available service packs and updates available so that your users receive the best possible experience when connecting to Exchange and Exchange Online. Outlook clients earlier than Outlook 2007 are not supported. Email clients on Mac operating systems that require DAV, such as Entourage 2008 for Mac RTM and Entourage 2004, are not supported. Outlook Web App supports several browsers on a variety of operating systems and devices. For detailed information, see What's New for Outlook Web App in Exchange 2013.
7 of 32
8/14/2013 6:34 PM
Hybrid deployments with Office 365

A hybrid deployment offers organizations the ability to extend the feature-rich experience and administrative control they have with their existing on-premises Microsoft Exchange organization to the cloud. A hybrid deployment provides the seamless look and feel of a single Exchange organization between an on-premises Exchange Server 2013 organization and Exchange Online in Microsoft Office 365. In addition, a hybrid deployment can serve as an intermediate step to moving completely to an Exchange Online organization. To configure a hybrid deployment after your initial Exchange 2013 installation is complete, select Hybrid in the Exchange 2013 Deployment Assistant and complete the checklist steps. Learn more at: Exchange Server 2013 Hybrid Deployments
Accessibility
For information about keyboard shortcuts that may apply to the procedures in this checklist, see Keyboard Shortcuts in the Exchange Admin Center.
8 of 32
8/14/2013 6:34 PM
Prepare Organization
9 of 32
8/14/2013 6:34 PM
Verify prerequisites
Before you go any further with the Exchange Deployment Assistant, make sure that your organization's operating system, hardware, software, clients, and other elements meet the requirements for Exchange 2013. If they don't, you won't be able to complete the steps in the Deployment Assistant and you won't be able to deploy Exchange 2013.
Release notes
Make sure you read the release notes before you begin your deployment. The release notes contain important information about issues you might encounter during and after your deployment. Learn more at: Release Notes for Exchange 2013
System requirements
System requirements tell you what hardware and operating systems are supported on the computer where you install Exchange 2013. Youll also learn about what Active Directory configurations can be used, which legacy Exchange versions can coexist with Exchange 2013 in the same Active Directory forest, which email clients are supported, and whats required for hybrid deployments with Office 365. Learn more at: Exchange 2013 System Requirements
Exchange 2013 prerequisites

Prerequisites tell you what Windows components, software packages, and updates need to be installed on the computer where youll install Exchange 2013. These prerequisites need to be installed on the computer before you begin your Exchange 2013 installation. To prepare the Exchange 2007 servers in your organization for coexistence with for Exchange 2013, youll need to install Update Rollup 10 (RU10) for Exchange 2007 Service Pack 3 (SP3) on all the Exchange 2007 servers in your organization before you can install Exchange 2013. The service pack is available in the Microsoft Download Center at Exchange Server 2007 Service Pack 3. The update rollup is available in the Microsoft Download Center at Update Rollup 10 for Exchange Server 2007 Service Pack 3 (KB2788321). (Although this topic isn't an exact match, you can reference it for steps about how to upgrade to Exchange 2007 SP3: How to Upgrade to Exchange 2007 SP1) Also, in order for Exchange 2013 to coexist with previous versions of Exchange, all your Exchange 2013 servers must be running Cumulative Update 2 (CU2) for Exchange 2013. To download Exchange 2013 CU2, see Cumulative Updates for Exchange 2013. Learn about all prerequisites at: Exchange 2013 Prerequisites
Permissions to install and manage Exchange 2013

Exchange 2013 requires different permissions to install and to manage your server roles. When you're installing Exchange 2013 servers in your organization, the account you use might not be the same account that you use for administering and managing your server roles. To manage your server roles, Exchange 2013 uses the Role Based Access Control (RBAC) permissions model. Exchange 2013 uses RBAC to manage permissions on the Mailbox and Client Access server roles. With RBAC, you can control what resources administrators can configure and what features users can access. The RBAC model is flexible and provides you with several ways to customize the default permissions. RBAC has two primary ways of assigning permissions to users in your organization, depending on whether the user is an administrator or specialist user, or an end-user: Management role groups and management role assignment policies. Each method associates users with the permissions they need to do their jobs. The following tables list the tasks found in the Exchange Deployment Assistant and the permissions required to complete the task.
Note: Some features may require that you have local administrator permissions on the server you want to manage. To manage these features, you must be a member of the Local Administrators group on that server. Learn more at: Permissions
Installation permissions
The table below lists the permissions that you need to successfully use the Deployment Assistant and to install Exchange 2013. By default, the account that's used to install Exchange 2013 in the organization is added as a member of the Organization Management role group. When you install the first Exchange 2013 server role (Mailbox) into your Exchange 2013 organization, Exchange Setup will prepare your Active Directory schema if you have the correct permissions. If you want to separate your Active Directory schema preparation from the Exchange server installation, see Prepare Active Directory and Domains. For information about how to add permissions, see Manage Role Group Members.
Task Install the Mailbox server role (first server role installed)
Permissions required Local Administrator Enterprise Administrator Schema Admins Local Administrator Organization Management or Delegated Setup
Install the second server
Exchange management permissions

The table below lists the configuration permissions that you need to successfully use the Deployment Assistant. For information about how to add permissions, see Manage Role Group Members.
Task Configure disjoint namespace
Permissions required Local Administrator Domain Administrator Organization Management Organization Management Organization Management Organization Management or Server Management
Configure mail flow Configure accepted domains Configure email address policies Configure external URLs
10 of 32
8/14/2013 6:34 PM
11 of 32
8/14/2013 6:34 PM
Collect required information

Before you start your Exchange 2013 deployment, you're going to need information about your organization. We suggest you print this step so you can record your organization's information and have easy access to it as you go through the checklist. You can use the following table to gather information about your organization that you're going to need before you get started. When you're working through your checklist, replace the example information that you see in the checklist with the information you've provided in this table. For example, if the external fully qualified domain name (FQDN) of your Exchange 2013 server will be exchange.adatum.com, enter that FQDN in the "Value in your organization" field.
Description Active Directory forest root Internal Exchange 2013 computer name Internal Exchange 2007 computer name External Exchange 2013 FQDN for the following services: Outlook Anywhere Offline Address Book Exchange Web Services (EWS) Exchange ActiveSync
Example value in checklist corp.contoso.com EX2013 EX2007 mail.contoso.com Note: This is the FQDN that, before installing Exchange 2013, points to your Exchange 2007 server. As part of the upgrade process, this FQDN will be moved from your Exchange 2007 server to the new Exchange 2013 server. Your Exchange 2007 server will be assigned a new FQDN, such as legacy.contoso.com.
Value in your organization
Internal Exchange 2013 FQDN for the following services: Outlook Anywhere Offline Address Book Remote PowerShell Exchange Web Services (EWS) Exchange ActiveSync
Internal URL same as external URL mail.contoso.com Internal URL different than external URL internal.contoso.com
External Exchange 2013 FQDN for the following services: Outlook Web App ECP (Exchange Admin Center)
owa.contoso.com
Internal Exchange 2013 FQDN for the following services: Outlook Web App ECP (Exchange Admin Center)
Internal URL same as external URL owa.contoso.com Internal URL different than external URL internal.contoso.com
External Exchange 2007 FQDN for the following services: Outlook Web Access EWS Unified Messaging
legacy.contoso.com Note: This FQDN doesn't need to start with "legacy". It can be any available FQDN as long as it doesn't match any of the ones assigned to the Exchange 2013 server (for example, mail.contoso.com). You could, for example, use oldmail.contoso.com instead of legacy.contoso.com.
External Autodiscover FQDN Internal service connection point FQDN Primary SMTP namespace User principal name domain
autodiscover.contoso.com autodiscover.contoso.com contoso.com contoso.com
Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection
12 of 32
8/14/2013 6:34 PM
Configure default offline address book

Estimated time to complete: 5 minutes or longer, depending on the number of mailbox databases in your organization Before you install Exchange 2013, you need to make sure that all of the existing Exchange mailboxes in your organization are assigned a default offline address book (OAB). If you don't do this, any mailbox that isn't assigned a default OAB when Exchange 2013 is installed will automatically download the new OAB generated by Exchange 2013. If you have hundreds or thousands of mailboxes, this could cause significant network traffic and server load. The steps below show you how to assign a default OAB to Exchange mailbox databases. Assigning a default OAB to a mailbox database has two advantages:
Mailboxes stored in a mailbox database will inherit the OAB assigned to a mailbox database if the mailbox itself has no OAB assigned. This allows you to assign an OAB to many mailboxes without having to individually update each mailbox. When the mailbox is moved from an existing Exchange server to Exchange 2013, the mailbox will automatically begin using the new Exchange 2013-generated OAB if the mailbox itself isn't assigned an OAB.
How do I do this?
1. Open the Exchange Management Shell on your Exchange server. 2. Run the following command to retrieve a list of OABs. Get-OfflineAddressBook 3. Run the following command to view all the mailbox databases (except Exchange 2013 mailbox databases) in your organization and the OABs assigned to them. Get-MailboxDatabase | Format-Table Name, Server, OfflineAddressBook -Auto 4. For every mailbox database that doesn't have an OAB assigned, assign an OAB from the list you retrieved earlier. You can either set the OAB on each mailbox database individually or set the OAB on all mailbox databases at once. Use the command below that best suits your requirements. To set the OAB on each mailbox database individually, run the following command. The command example uses "Sales Employees" for the mailbox database name on the Ex2007 server, and the "Default Offline Address Book" for the name of the OAB. Set-MailboxDatabase "Ex2007\Sales Employees" -OfflineAddressBook "Default Offline Address Book" To set the same OAB on all mailbox databases at once, run the following command. The command example uses "Default Offline Address Book" for the name of the OAB. Warning: The following command will overwrite the OAB assigned to every mailbox database in your organization. If you want to verify the command has the intended effect, run it with the WhatIf switch parameter first. Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook "Default Offline Address Book"
How do I know this worked?

To verify that every mailbox database in your organization is assigned a default OAB, run the following command. Every mailbox database should have an OAB listed in the OfflineAddressBook column.
Get-MailboxDatabase | Format-Table Name, Server, OfflineAddressBook -Auto Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection
13 of 32
8/14/2013 6:34 PM
Create legacy Exchange host name

Estimated time to complete: 5 minutes You need to create a legacy domain name system (DNS) host name so your legacy Exchange 2007 environment and Exchange 2013 can coexist. For example, if your domain name is currently contoso.com, you're likely using a host name of mail.contoso.com or www.contoso.com for external client access to Exchange. During coexistence, we recommend creating and using, for example, a host name of legacy.contoso.com. You'll associate the legacy host name with your existing Exchange 2007 server and associate your current host name (for example, mail.contoso.com) with your Exchange 2013 Client Access server. Your end users will not see or use the legacy host name. It will be used by Autodiscover and Client Access servers when redirecting legacy users to a legacy server. All client connections will be redirected, including Exchange ActiveSync, Outlook Web App, POP3, and IMAP4. After the legacy host name has been configured, users will be able to access their mailbox regardless of whether it's on Exchange 2007 or Exchange 2013. If you're upgrading from Exchange 2007 to Exchange 2013, Availability service requests will also be redirected.
How do I do this?
You need to create a public DNS record for the legacy.contoso.com host name to point to the external IP address of your Exchange 2007 server. The following is an example of the DNS record that you'd create with your public DNS provider, such as GoDaddy.
Important: You might need to make changes to your firewall to support this new legacy host name. You might need to add new firewall rules, add an external IP address for your Exchange 2007 server, or make other configuration changes. If your organization has a network management group, a security review process, or change management process, you may need to request permission to perform these changes or have someone else make them for you.
Host name Legacy.contoso.com
DNS record type A
Value 172.16.10.10

To verify that you've successfully configured your public DNS records, do the following:
1. Open a command prompt and run nslookup.exe. 2. Change to a DNS server that can query your public DNS zone. 3. In nslookup, look up the record for the legacy.contoso.com host name you created. Verify that the IP address that's returned matches the external IP address of your Exchange 2007 server. Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection
14 of 32
8/14/2013 6:34 PM
Install Exchange 2013

Estimated time to complete: 50 to 60 minutes The Mailbox server role in Exchange 2013 hosts user mailboxes and public folder mailboxes, provides Unified Messaging services, generates the Offline Address Book (OAB), and more. In Exchange 2013, the Client Access server role provides clients with access to mailboxes via Outlook, Outlook Web App, and other protocols; accepts inbound SMTP connections from the Internet and other Active Directory sites; accepts connections from telephony systems; and more. Learn more at: Mailbox and Client Access Servers
Caution: After you install Exchange 2013 on a server, you must not change the server name. Renaming a server after you have installed an Exchange 2013 server role is not supported.
How do I do this?
Important To prepare your organization for Exchange 2013, make sure that youve done everything in the Verify prerequisites step earlier in this checklist. That step has lots of important information, like the following:
In order for Exchange 2013 to coexist with previous versions of Exchange, all your Exchange 2013 servers must be running Cumulative Update 2 (CU2) for Exchange 2013. For information on how to download Exchange 2013, see Cumulative Updates for Exchange 2013. You'll also need to install Update Rollup 10 for Exchange 2007 Service Pack 3 (SP3) on all the Exchange 2007 servers in your organization before you can install Exchange 2013. Download from Exchange Server 2007 Service Pack 3 and Update Rollup 10 for Exchange Server 2007 Service Pack 3(KB2788321). In terms of the order in which to upgrade your sites, assuming you have Exchange servers in more than one site, start with any Internet-facing Active Directory sites, followed by the internal sites. The first site you will want to upgrade is the one where AutoDiscover requests from the Internet come in.
1. After you have downloaded Exchange 2013 CU2, log on to the computer on which you want to install Exchange 2013. 2. Navigate to the network location of the Exchange 2013 installation files. 3. Start Exchange 2013 Setup by double-clicking Setup.exe. Important: If you have User Access Control (UAC) enabled, you must right-click Setup.exe and select Run as administrator. 4. On the Check for Updates page, choose whether you want Setup to connect to the Internet and download product and security updates for Exchange 2013. If you select Connect to the Internet and check for updates, Setup will download updates and apply them prior to continuing. If you select Don't check for updates right now, you can download and install updates manually later. We recommend that you download and install updates now. Click Next to continue. 5. The Introduction page begins the process of installing Exchange into your organization. It will guide you through the installation. Several links to helpful deployment content are listed. We recommend that you visit these links prior to continuing setup. Click Next to continue. 6. On the License Agreement page, review the software license terms. If you agree to the terms, select I accept the terms in the license agreement, and then click Next. 7. On the Recommended settings page, select whether you want to use the recommended settings. If you select Use recommended settings, Exchange will automatically send error reports and information about your computer hardware and how you use Exchange to Microsoft. If you select Don't use recommended settings, these settings remain disabled but you can enable them at any time after Setup completes. For more information about these settings and how information sent to Microsoft is used, click ?. 8. On the Server Role Selection page, select both Mailbox role and Client Access role. The management tools are installed automatically if you install any other server role. Select Automatically install Windows Server roles and features that are required to install Exchange Server to have the Setup wizard install required Windows prerequisites. You may need to reboot the computer to complete the installation of some Windows features. If you don't select this option, you must install the Windows features manually. Note: This option installs only the Windows features required by Exchange. You must install other prerequisites manually. For more information, see Exchange 2013 Prerequisites. Click Next to continue. 9. On the Installation Space and Location page, either accept the default installation location or click Browse to choose a new location. Make sure that you have enough disk space available in the location where you want to install Exchange. Click Next to continue. 10. On the Malware Protection Settings page, choose whether you want to enable or disable malware scanning. If you disable malware scanning, it can be enabled in the future. Unless you have a specific reason to disable malware scanning, we recommend that you keep it enabled. Click Next to continue. 11. On the Readiness Checks page, view the status to determine if the organization and server role prerequisite checks completed successfully. If they haven't completed successfully, you must resolve any reported errors before you can install Exchange 2013. You don't need to exit Setup when resolving some of the prerequisite errors. After resolving a reported error, click Back and then click Next to run the prerequisite check again. Be sure to also review any warnings that are reported. If all readiness checks have completed successfully, click Install to install Exchange 2013. 12. On the Completion page, click Finish. Note: If you didn't separate your Active Directory schema preparation from the installation of Exchange 2013, the amount of time this takes is dependent upon your Active Directory site topology. It might take some time for the changes to replicate across your organization. 13. Restart the computer after Exchange 2013 has completed.
How do I know this worked? Run Get-ExchangeServer

To verify that Exchange 2013 installed successfully, run the Get-ExchangeServer cmdlet in the Exchange Management Shell. A list is displayed of all Exchange server roles that are installed on the specified server when this cmdlet is run. For detailed syntax and parameter information, see Get-ExchangeServer.
Review the setup log file

You can also learn more about the installation and configuration of Exchange 2013 by reviewing the setup log file created during the setup process. During installation, Exchange Setup logs events in the Application log of Event Viewer on computers that are running Windows Server 2008 R2 with Service Pack 1 (SP1) and Windows Server 2012. Review the Application log, and make sure there are no warning or error messages related to Exchange setup. These log files contain a history of each action that the system takes during Exchange 2013 setup and any errors that may have occurred. By default, the logging method is set to Verbose. Information is available for each installed server role. You can find the setup log file at <system drive>\ExchangeSetupLogs\ExchangeSetup.log. The <system drive> variable represents the root directory of the drive where the operating system is installed. The setup log file tracks the progress of every task that is performed during the Exchange 2013 installation and configuration. The file contains information about the status of the prerequisite and system readiness checks that are performed before installation starts, the application installation progress, and the configuration changes that are made to the system. Check this log file to verify that the server roles were installed as expected. We recommend that you start your review of the setup log file by searching for any errors. If you find an entry that indicates that an error occurred, read the associated text to figure out the cause of the error. Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection
15 of 32
8/14/2013 6:34 PM
Create an Exchange 2013 mailbox

To simplify configuration of Exchange 2013 and to help test your new server later on, you need to create an Exchange 2013 mailbox. We'll make this new mailbox a member of the Organization Management role group and you'll use this mailbox when you configure Exchange 2013. Later on in the checklist you'll need to log into your Exchange 2013 servers. Log in using the Exchange 2013 mailbox you'll create in this step. This will make sure you have the correct permissions to perform each of the steps and that the EAC opens correctly.
How do I do this?
1. Open the EAC by browsing to the URL of your Client Access server. For example, https://Ex2013/ecp?ExchClientVer=15. Important: You need to include ?ExchClientVer=15 in the URL when you want to open the EAC with a user that doesn't have an Exchange 2013 mailbox. 2. 3. 4. 5. 6. 7. Enter the user name and password of the account you used to install Exchange 2013 in Domain\user name and Password , and then click Sign in. Go to Recipients > Mailboxes. On the Mailboxes page, click Add and then select User mailbox. Provide the information required for the new user and then click Save. Go to Permissions > Admin Roles. On the Admin Roles page, select Organization Management and click Edit . Under Members, click Add . Select the Exchange 2013 mailbox you just created, click Add , then click OK. Then click Save.

To verify that you've successfully created an Exchange 2013 mailbox and added it as a member of the Organization Management role group, do the following:
1. In the EAC, go to Permissions > Admin Roles. On the Admin Roles page, select Organization Management. 2. In the details pane, view the Members list. If the Exchange 2013 mailbox has been successfully added as a member of the Organization Management role group, the mailbox will be listed here. Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection
16 of 32
8/14/2013 6:34 PM
Configure Services
Exchange 2013 external URLs
Estimated time to complete: 10 to 15 minutes There are several settings that you need to configure on the Exchange 2013 virtual directories, which include Outlook Anywhere, Exchange ActiveSync, Exchange Web Services, Offline Address Book (OAB), Outlook Web App, the Exchange admin center, and the availability service. Learn more at: Virtual Directory Management
How do I do this?
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. Open the EAC by browsing to the URL of your Client Access server. For example, https://Ex2013/ECP. Enter your user name and password in Domain\user name and Password, and then click Sign in. Go to Servers > Servers, select the name of the Internet-facing Client Access server and then click Edit . Click Outlook Anywhere. In the Specify the external hostname field, specify the externally accessible FQDN of the Client Access server. For example, mail.contoso.com. While youre here, lets also set the internally accessible FQDN of the Client Access server. In the Specify the internal hostname field, insert the FQDN you used in the previous step. For example, mail.contoso.com. Click Save. Go to Servers > Virtual directories and then click Configure external access domain . Under Select the Client Access servers to use with the external URL , click Add . Select the Client Access servers you want to configure, and then click Add. After youve added all the Client Access servers you want to configure, click OK. In Enter the domain name you will use with your external Client Access servers, type the external domain you want to apply. For example, mail.contoso.com. Click Save. Note: Some organizations make the Outlook Web App FQDN unique to protect users against changes to underlying server FQDN changes. Many organizations use owa.contoso.com for their Outlook Web App FQDN instead of mail.contoso.com. If you want to configure a unique Outlook Web App FQDN, do the following after you completed the previous step. This checklist assumes you have configured a unique Outlook Web App FQDN. 1. In Select server, choose your Exchange 2013 Client Access server. 2. Select owa (Default Web Site) and click Edit . 3. In External URL, type https://, then the unique Outlook Web App FQDN you want to use, and then append /owa. For example, https://owa.contoso.com/owa. 4. Click Save. 5. Select ecp (Default Web Site) and click Edit . 6. In External URL, type https://, then the same Outlook Web App FQDN that you specified in the previous step, and then append /ecp. For example, https://owa.contoso.com/ecp. 7. Click Save.

To verify that you have successfully configured the external URL on the Client Access server virtual directories, do the following:
1. In the EAC, go to Servers > Virtual directories. 2. In the Select server field, select the Internet-facing Client Access server. 3. Select a virtual directory and then, in the virtual directory details pane, verify that the External URL field is populated with the correct FQDN and service as shown below:
Virtual directory Autodiscover ECP EWS Microsoft-Server-ActiveSync OAB OWA PowerShell
External URL value No external URL displayed https://owa.contoso.com/ecp https://mail.contoso.com/EWS/Exchange.asmx https://mail.contoso.com/Microsoft-Server-ActiveSync https://mail.contoso.com/OAB https://owa.contoso.com/owa http://mail.contoso.com/PowerShell
17 of 32
8/14/2013 6:34 PM
Exchange 2013 internal URLs

Estimated time to complete: 10 to 15 minutes Before clients can connect to your new Exchange 2013 server from your Intranet, you need to configure the internal domains, or URLs, on the Exchange 2013 Client Access servers virtual directories. You choose whether you want users to use the same URL on your intranet and on the Internet to access your Exchange servers or whether they should use a different URL. What you choose depends on the addressing scheme you have in place already or that you want to implement. If youre implementing a new addressing scheme, we recommend that you use the same URL for both internal and external URLs. Using the same URL makes it easier for users to access your Exchange servers because they only have to remember one address. Regardless of the choice you make, you need to make sure you configure a private DNS zone for the address space you configure. For more information about administering DNS zones, see Administering DNS Server. For more information internal and external URLs on virtual directories, see Virtual Directory Management.
What do you want to do? Configure internal and external URLs to be the same
1. Open the Exchange Management Shell on your Exchange 2013 Client Access server. 2. Store the host name of your Client Access server in a variable that will be used in the next step. For example, Ex2013. $HostName = "Ex2013" 3. Run each of the following commands in the Shell to configure each internal URL to match the virtual directorys external URL.
Set-EcpVirtualDirectory "$HostName\ECP (Default Web Site)" -InternalUrl ((Get-EcpVirtualDirectory "$HostName\ECP (Default Web Site)").ExternalUrl) Set-WebServicesVirtualDirectory "$HostName\EWS (Default Web Site)" -InternalUrl ((get-WebServicesVirtualDirectory "$HostName\EWS (Default Web Site)").ExternalUrl)
Set-ActiveSyncVirtualDirectory "$HostName\Microsoft-Server-ActiveSync (Default Web Site)" -InternalUrl ((Get-ActiveSyncVirtualDirectory "$HostName\Microsoft-Server-ActiveSync (Default Web Site)").E Set-OabVirtualDirectory "$HostName\OAB (Default Web Site)" -InternalUrl ((Get-OabVirtualDirectory "$HostName\OAB (Default Web Site)").ExternalUrl) Set-OwaVirtualDirectory "$HostName\OWA (Default Web Site)" -InternalUrl ((Get-OwaVirtualDirectory "$HostName\OWA (Default Web Site)").ExternalUrl) Set-PowerShellVirtualDirectory "$HostName\PowerShell (Default Web Site)" -InternalUrl ((Get-PowerShellVirtualDirectory "$HostName\PowerShell (Default Web Site)").ExternalUrl)

To verify that you have successfully configured the internal URL on the Client Access server virtual directories, do the following:
1. 2. 3. 4.
In the EAC, go to Servers > Virtual directories. In the Select server field, select the Internet-facing Client Access server. Select a virtual directory and then click Edit . Verify that the Internal URL field is populated with the correct FQDN and service as shown below:
Virtual directory Autodiscover ECP EWS Microsoft-Server-ActiveSync OAB OWA PowerShell
Internal URL value No internal URL displayed https://owa.contoso.com/ecp https://mail.contoso.com/EWS/Exchange.asmx https://mail.contoso.com/Microsoft-Server-ActiveSync https://mail.contoso.com/OAB https://owa.contoso.com/owa http://mail.contoso.com/PowerShell
Configure different internal and external URLs

1. 2. 3. 4. 5. Open the EAC by browsing to the URL of your Client Access server. For example, https://Ex2013/ECP. Go to Servers > Virtual directories. In the Select server field, select the Internet-facing Client Access server. Select the virtual directory you want to change, and then click Edit . In Internal URL, replace the host name between https:// and the first forward slash (/ ) with the new FQDN you want to use. For example, if you want to change the EWS virtual directory FQDN from Ex2013.corp.contoso.com to internal.contoso.com, change the internal URL from https://Ex2013.corp.contoso.com/ews/exchange.asmx to https://internal.contoso.com/ews/exchange.asmx. 6. Click Save. 7. Repeat steps 5 and 6 for each virtual directory you want to change. Note: The ECP and OWA virtual directory internal URLs must be the same. You cant set an internal URL on the Autodiscover virtual directory.

To verify that you have successfully configured the internal URL on the Client Access server virtual directories, do the following:
1. 2. 3. 4.
In the EAC, go to Servers > Virtual directories. In the Select server field, select the Internet-facing Client Access server. Select a virtual directory, and then click Edit . Verify that the Internal URL field is populated with the correct FQDN. For example, you may have set the internal URLs to use internal.contoso.com.
Virtual directory Autodiscover
Internal URL value No internal URL displayed
18 of 32
8/14/2013 6:34 PM
ECP EWS Microsoft-Server-ActiveSync OAB OWA PowerShell
https://internal.contoso.com/ecp https://internal.contoso.com/EWS/Exchange.asmx https://internal.contoso.com/Microsoft-Server-ActiveSync https://internal.contoso.com/OAB https://internal.contoso.com/owa http://internal.contoso.com/PowerShell
19 of 32
8/14/2013 6:34 PM
Exchange 2013 certificates

Estimated time to complete: 10 to 15 minutes (not including response time from the certificate authority) Some services, such as Outlook Anywhere and Exchange ActiveSync, require certificates to be configured on your Exchange 2013 server. The following steps show you how to configure an SSL certificate from a third-party certificate authority (CA). These steps also show you how to add the legacy host name that'll be configured on your Exchange 2007 server. In a later step, this certificate will be imported on your Exchange 2007 to help simplify the switch to the legacy host name.
How do I do this?
1. 2. 3. 4. 5. 6. 7. 8. Open the EAC by browsing to the URL of your Client Access server. For example, https://Ex2013/ECP. Enter your user name and password in Domain\user name and Password, and then click Sign in. Go to Servers > Certificates. On the Certificates page, make sure your Client Access server is selected in the Select server field, and then click New . In the New Exchange certificate wizard, select Create a request for a certificate from a certification authority and then click Next. Specify a name for this certificate and then click Next. If you want to request a wildcard certificate, select Request a wild-card certificate and then specify the root domain of all subdomains in the Root domain field. If you don't want to request a wildcard certificate and instead want to specify each domain you want to add to the certificate, leave this page blank. Click Next. Click Browse and specify an Exchange 2013 server to store the certificate on. The server you select should be the Internet-facing Exchange 2013 Client Access server. Click Next. For each service in the list shown, verify that the external or internal server names that users will use to connect to the Exchange server are correct. For example: If you configured your internal and external URLs to be the same, Outlook Web App (when accessed from the Internet) and Outlook Web App (when accessed from the Intranet) should show owa.contoso.com. OAB (when accessed from the Internet) and OAB (when accessed from the Intranet) should show mail.contoso.com. If you configured the internal URLs to be internal.contoso.com, Outlook Web App (when accessed from the Internet) should show owa.contoso.com and Outlook Web App (when accessed from the Intranet) should show internal.contoso.com. These domains will be used to create the SSL certificate request. Click Next. Click Add to add the legacy host name to the certificate. In the Domain name field, enter your legacy host name. For example, legacy.contoso.com. Click OK. Add any additional domains you want included on the SSL certificate. Select the domain that you want to be the common name for the certificate and click Set as common name. For example, contoso.com. Click Next. Provide information about your organization. This information will be included with the SSL certificate. Click Next. Specify the network location where you want this certificate request to be saved. Click Finish.
9. 10. 11. 12. 13. 14.
After you've saved the certificate request, submit the request to your certificate authority (CA). This can be an internal CA or a third-party CA, depending on your organization. Clients that connect to the Client Access server must trust the CA that you use. After you receive the certificate from the CA, complete the following steps:
1. 2. 3. 4. 5. 6.
On the Server > Certificates page in the EAC, select the certificate request you created in the previous steps. In the certificate request details pane, click Complete under Status. On the Complete pending request page, specify the path to the SSL certificate file and then click OK. Select the new certificate you just added, and then click Edit . On the certificate page, click Services. Select the services you want to assign to this certificate. At minimum, you should select IIS but you can also select IMAP, POP, and UM call router if you use these services. If you want to use secure transport, you can also select SMTP to make this certificate available to Exchange 2013 transport. Click Save. 7. If you receive the warning Overwrite the existing default SMTP certificate?, click Yes.

To verify that you have successfully added a new certificate, do the following:
1. In the EAC, go to Servers > Certificates. 2. Select the new certificate and then, in the certificate details pane, verify that the following are true: Status shows Valid Assigned to services shows, at minimum, IIS and optionally IMAP, POP, UM call router, and SMTP. Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection
20 of 32
8/14/2013 6:34 PM
Exchange 2007 certificates

Estimated time to complete: 10 to 15 minutes When you create the new third-party certificate for your Exchange 2013 server, you included the legacy host name as one of the host names on the certificate. The certificate includes both the primary host name your users use to connect to your organization, for example mail.contoso.com, and the new legacy host name, for example legacy.contoso.com. By importing this certificate on your Exchange 2007 server, you can avoid certificate errors when you configure your Exchange 2007 server to use the new legacy host name. If you have multiple Exchange 2007 Client Access servers in your organization, you need to import the third-party certificate and assign Exchange services on each Exchange 2007 Client Access server.
How do I do this?
First, you need to export your certificate from your Exchange 2013 server with the certificate's private key using the following steps.
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16.
Log on directly to your Exchange 2013 Client Access server with an administrator user account. Open an empty Microsoft Management Console (MMC). Click File, and then Add/Remove Snap-in. In the Add or Remove Snap-ins window, select Certificates and then click Add >. In the Certificates snap-in window that appears, select Computer account and then click Next. Select Local computer and click Finish. Then, click OK. Under Console Root, expand Certificates (Local Computer), Personal, and then Certificates. Select the third-party certificate you created in the previous step. Right-click on the certificate, select All Tasks, and then Export. In the Certificate Export Wizard, click Next. Select Yes, export the private key and then click Next. Make sure Personal Information Exchange - PKCS #12 (.PFX) and Include all certificates in the certification path if possible are selected. Make sure no other options are selected. Click Next. Select Password and then enter a password to help secure your certificate. Click Next. Specify a file name for the new certificate. Use the file extension .pfx. Click Next, and then click Finish. You'll receive a confirmation prompt if the certificate export was successful. Click OK to close it. Copy the .pfx file you created to your Exchange 2007 Client Access server.
After you've exported the certificate from your Exchange 2013 server, you need to import the certificate on your Exchange 2007 server using the following steps.
1. 2. 3. 4. 5. 6. 7. 8. 9. 10.
Log on directly to your Exchange 2007 Client Access server with an administrator user account. Open an empty Microsoft Management Console (MMC). Click File, and then Add/Remove Snap-in. In the Add or Remove Snap-ins window, select Certificates and then click Add >. In the Certificates snap-in window that appears, select Computer account and then click Next. Select Local computer and click Finish. Then, click OK. Under Console Root, expand Certificates (Local Computer), and then Personal. Right-click Personal , select All Tasks and then Import. In the Certificate Import Wizard, click Next. Click Browse and select the .pfx file you copied to your Exchange 2007 Client Access server. Click Open, and then click Next. Note: You may need to change the File name filter in the Open window to All Files (*.*) to see the .pfx file.
11. 12. 13. 14.
In the Password field, enter the password you used to help secure the certificate when you exported it on the Exchange 2013 Client Access server. Verify that Include all extended properties is selected and click Next. Verify that Place all certificates in the following store is selected and Personal is shown in Certificate store. Click Next. Click Finish. You'll receive a confirmation prompt if the certificate import was successful. Click OK to close it.
Now that the new certificate has been imported on your Exchange 2007 Client Access server, you need to assign it to your Exchange services using the following steps.
1. Open the Exchange Management Shell on your Exchange 2007 Client Access server. 2. Run the following command to list the certificates installed on the Exchange 2007 server. Get-ExchangeCertificate 3. Find the third-party certificate that contains the domain you configured on the certificate in the Subject column. 4. Copy the GUID of the certificate that's located in the Thumbprint column and save it. You'll use this value in the next step. 5. Run the following command to assign the certificate to the Internet Information Services (IIS), POP, IMAP, and Unified Messaging (UM) services. You'll need to paste the thumbprint you saved in the previous step into this command. The thumbprint GUID used in this example is BBF70EF91B214CCBC0D336EFA9BD9FE0035858C3. Enable-ExchangeCertificate BBF70EF91B214CCBC0D336EFA9BD9FE0035858C3 -Services IIS, POP, IMAP, UM
Note: Only include the Unified Messaging service in the command if you've installed the Unified Messaging (UM) server role on this Exchange 2007 server.

To verify that you've successfully imported the new third-party certificate on your Exchange 2007 Client Access server, do the following:
1. Open the Exchange Management Shell on your Exchange 2007 Client Access server. 2. Run the following command to list the certificates installed on the Exchange 2007 server. Get-ExchangeCertificate 3. Verify that the services that you assigned to the new third-party certificate are listed in the Services column of the certificate. The following characters are used to indicate each service:
Character I P U
Service IMAP POP Unified Messaging Note: This service will only be assigned to the certificate if you have the UM server role installed on this Exchange 2007 and included the UM service when you ran the Enable-ExchangeCertificate command.
IIS
21 of 32
8/14/2013 6:34 PM
SMTP Note: This service wasn't included in the Enable-ExchangeCertificate command in the procedure earlier in this topic. Unless you included the SMTP service in the command, this service will be assigned to a previously installed certificate.
22 of 32
8/14/2013 6:34 PM
Perform Switchover
Important note about switchover
Up until this point, you've been getting everything ready to bring your new Exchange 2013 server into production and switch some services from your Exchange 2007 server to your Exchange 2013. There has been no impact to your users. The next several steps in the checklist will transition Outlook Web App, Exchange Web Services, Autodiscover, and Exchange ActiveSync access from your Exchange 2007 server to your Exchange 2013 server. During this period, your users may experience some disruption as settings are updated and domain name configuration is replicated across the Internet. We recommend that you perform these steps outside of business hours and that you communicate possible service disruption to your users.
23 of 32
8/14/2013 6:34 PM
Enable and configure Outlook Anywhere

Estimated time to complete: 10 to 15 minutes To allow your Exchange 2013 Client Access server to redirect connections to your Exchange 2007 servers, you must enable and configure Outlook Anywhere on all of the Exchange 2007 servers in your organization. If some Exchange 2007 servers in your organization are already configured to use Outlook Anywhere, their configuration must also be updated to support Exchange 2013. When you use the steps below to configure Outlook Anywhere, the following configuration is set on each Exchange 2007 server:
The Outlook Anywhere external URL is set to the external hostname of the Exchange 2013 server. Client authentication, which is used to allow clients like Outlook 2013 to authenticate with Exchange, is set to Basic. Internet Information Services (IIS) authentication, which is used to allow Exchange servers to communicate, set to NTLM and Basic.
How do I do this?
Perform the following steps to enable and configure Outlook Anywhere on your Exchange 2007 servers.
1. Open the Exchange Management Shell on your Exchange 2007 Client Access server. 2. Store the external host name of your Exchange 2013 Client Access server in a variable that will be used in the next steps. For example, mail.contoso.com. $Exchange2013HostName = "mail.contoso.com" 3. Run the following command to configure Exchange 2007 servers that already have Outlook Anywhere enabled to accept connections from Exchange 2013 servers. Warning: The following command will change the configuration of Outlook Anywhere on any Exchange 2007 server in your organization on which it's already enabled.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like "Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} | Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq $True} | ForEach 4. Run the following command to enable Outlook Anywhere on the rest of your Exchange 2007 servers to accept connections from Exchange 2013 servers.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like "Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} | Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq $False} | Enable

To verify that you've successfully configured Outlook Anywhere on your Exchange 2007 servers to accept connections redirected from Exchange 2013, do the following:
1. Open the Exchange Management Shell on your Exchange 2007 Client Access server. 2. Run the following command to view the Outlook Anywhere configuration on your Exchange 2007 servers:
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like "Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} | Get-OutlookAnywhere | Format-Table Server, ClientAuthenticationMethod, IISAuth Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection
24 of 32
8/14/2013 6:34 PM
Configure service connection point

Estimated time to complete: 10 minutes Autodiscover uses an Active Directory object called the service connection point (SCP) to retrieve a list of AutoDiscover URLs for the forest in which Exchange is installed. When you install Exchange 2013, you need to update the SCP object to point to the Exchange 2013 server. This is necessary because Exchange 2013 servers provide additional AutoDiscover information to clients to improve the discovery process. You must update the SCP object configuration on every Exchange server in the organization. You need to use the version of the Exchange Management Shell that corresponds to the version of the Exchange servers you're updating.
How do I do this?
Perform the following steps to configure the SCP object on your Exchange 2007 servers.
1. Open the Exchange Management Shell on your Exchange 2007 Client Access server. 2. Store the AutoDiscover host name of your Exchange 2013 Client Access server in a variable that will be used in the next step. For example, autodiscover.contoso.com. $AutodiscoverHostName = "autodiscover.contoso.com" 3. Run the following command to set the SCP object on every Exchange 2007 server to the AutoDiscover URL of the new Exchange 2013 server.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like "Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://$AutodiscoverHo Perform the following steps to configure the SCP object on your Exchange 2013 servers.
1. Open the Exchange Management Shell on your Exchange 2013 Client Access server. 2. Store the AutoDiscover host name of your Exchange 2013 Client Access server in a variable that will be used in the next step. For example, autodiscover.contoso.com. $AutodiscoverHostName = "autodiscover.contoso.com" 3. Run the following command to set the SCP object on every Exchange 2013 server to the AutoDiscover URL of the new Exchange 2013 server.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like "Version 15*") -And ($_.ServerRole -Like "*ClientAccess*")} | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://$AutodiscoverH

To verify that you've successfully configured the AutoDiscoverServiceInternalUrl property on your Exchange 2007 servers with the value of the Exchange 2013 AutoDiscover URL, do the following:
Open the Exchange Management Shell on your Exchange 2007 Client Access server. Run the following command to view the SCP object configuration on Exchange 2007 servers.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like "Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} | Get-ClientAccessServer | Format-Table Name, AutoDiscoverServiceInternalUri -Au To verify that you've successfully configured the AutoDiscoverServiceInternalUrl property on your Exchange 2013 servers with the value of the Exchange 2013 AutoDiscover URL, do the following:
1. Open the Exchange Management Shell on your Exchange 2013 Client Access server. 2. Run the following command to view the SCP object configuration on Exchange 2013 servers.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like "Version 15*") -And ($_.ServerRole -Like "*ClientAccess*")} | Get-ClientAccessServer | Format-Table Name, AutoDiscoverServiceInternalUri -A Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection
25 of 32
8/14/2013 6:34 PM
Exchange 2007 URLs

Estimated time to complete: 10 minutes When a user with an Exchange 2007 mailbox connects to your Exchange 2013 Client Access server, Exchange 2013 will redirect the connection to the Exchange 2007 Client Access server. To do this redirection, the Exchange 2013 server uses the external hostname configured on the Exchange 2007 server's Outlook Web Access, Exchange Web Services, and Unified Messaging virtual directories. The external hostname of the Exchange 2007 server needs to be different from the hostname of the Exchange 2013 server and needs to be pointed to the Exchange 2007 server's own Internet-accessible IP address. You need to manually configure the external hostname of the Exchange 2007 server, for example legacy.contoso.com.
Warning: The commands in this step overwrite the value stored in the ExternalUrl property of the Outlook Web Access, Exchange Web Services, and Unified Messaging virtual directories on all the Exchange 2007 Client Access servers in your organization.
How do I do this?
1. Open the Shell on the Exchange 2007 Client Access server. 2. Run the commands in the "How do I know this worked" section to retrieve the current values of the ExternalUrl property of the Outlook Web Access, Exchange Web Services, and Unified Messaging virtual directories. Make note of these values in case you need to revert back to them. 3. Store the external host name of your Exchange 2007 Client Access server in a variable that will be used in the next steps. For example, legacy.contoso.com. $LegacyHostName = "legacy.contoso.com" 4. Run the following command to configure the external URL of the Outlook Web App virtual directory on the Exchange 2007 Client Access server using the external host name you stored in the $LegacyHostName variable. Get-OwaVirtualDirectory | Where {$_.OwaVersion -Eq "Exchange2007"} | Set-OwaVirtualDirectory -ExternalUrl https://$LegacyHostName/owa 5. Run the following command to configure the external URL of the Exchange Web Services virtual directory on the Exchange 2007 Client Access server using the external host name you stored in the $LegacyHostName variable.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like "Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} | Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -ExternalUrl 6. Run the following command to configure the external URL of the Unified Messaging virtual directory on the Exchange 2007 Client Access server using the external host name you stored in the $LegacyHostName variable.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like "Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} | Get-UMVirtualDirectory | Set-UMVirtualDirectory -ExternalUrl https://$LegacyHo

1. Run the following command to verify that the external URL of the Outlook Web Access virtual directory on all the Exchange 2007 servers in your organization has been configured correctly. Get-OwaVirtualDirectory | Where {$_.OwaVersion -Eq "Exchange2007"} | Format-Table Server, ExternalUrl -Auto 2. Run the following command to verify that the external URL of the Exchange Web Services virtual directory on all the Exchange 2007 servers in your organization has been configured correctly. Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like "Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} | Get-WebServicesVirtualDirectory | Format-Table Server, ExternalUrl -Auto 3. Run the following command to verify that the external URL of the Unified Messaging virtual directory on all the Exchange 2007 servers in your organization has been configured correctly. Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like "Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} | Get-UmVirtualDirectory | Format-Table Server, ExternalUrl -Auto Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection
26 of 32
8/14/2013 6:34 PM
Configure DNS records

Estimated time to complete: 15 to 20 minutes Now that you've configured your Exchange 2007 and Exchange 2013 servers, it's time to change your DNS records to direct connections to your new Exchange 2013 server. You'll move the host names (for example, mail.contoso.com) users have been using to connect to Outlook Web Access, Autodiscover, and so on from your Exchange 2007 server to your Exchange 2013 server. When an Exchange 2007 user tries to open their mailbox, the Exchange 2013 server will redirect them to the host name of the Exchange 2007 server (for example, legacy.contoso.com). Configuring DNS includes the following:
Verify that the Exchange 2007 host name resolves to the external publicly accessible IP address of the Exchange 2007 Client Access server. Change the primary host names, such as mail.contoso.com, autodiscover.contoso.com, and owa.contoso.com (if used) to point to the external publicly accessible IP address of the Exchange 2013 Client Access server with your public DNS provider. Change the primary host names, such as mail.contoso.com (or internal.contoso.com if you're using different internal host names), autodiscover.contoso.com, and owa.contoso.com (if used) to point to the internal machine name of the Exchange 2013 Client Access server on your internal DNS servers. Important: Read this topic completely before starting. You might need to make changes to your firewall to support the new Exchange 2013 server. You might need to add new firewall rules, add an external IP address for your Exchange 2013 server, or make other configuration changes. If your organization has a network management group, a security review process, or change management process, you may need to request permission to perform these changes or have someone else make them for you.
How do I verify my Exchange 2007 host name is properly configured?

Earlier in the checklist, you configured the host name of the Exchange 2007 server with your public Internet DNS provider. Now you need to verify that the host name of the Exchange 2007 server, for example legacy.contoso.com, resolves to the external IP address of the Exchange 2007 server and that you can access an Exchange 2007 mailbox. To verify that you've successfully configured your Exchange 2007 host name with your public DNS provider, do the following:
1. Open a command prompt and run nslookup.exe. 2. Change to a DNS server that can query your public DNS zone. 3. In nslookup, look up the record for the legacy.contoso.com host name you created. Verify that the IP address that's returned matches the external IP address of your Exchange 2007 server. Now, verify that you can access your Exchange 2007 server using the legacy host name. Using a computer outside of your internal network, open your favorite browser and browse to the Outlook Web Access URL of the Exchange 2007 server, for example, https://legacy.contoso.com/owa. Verify that you can connect to Outlook Web App, log in, and view the contents of an Exchange 2007 mailbox. Also verify that you don't receive any certificate warnings or errors. If you can access an Exchange 2007 mailbox and don't receive any certificate warnings or errors, you can continue on with the rest of this topic. If you do receive certificate errors or if you can't access the Exchange 2007 mailbox, do the following:
Make sure that you've created the legacy DNS host name. For more information, see "Create legacy Exchange host name" earlier in the checklist. Make sure that you've successfully requested and received the new certificate on your Exchange 2013 Client Access server and imported it on your Exchange 2007 server. For more information, see "Exchange 2013 certificates" and "Exchange 2007 certificates" earlier in the checklist. Make sure that you've correctly configured the internal and external URLs on your Exchange 2007 server. For more information, see "Configure Exchange 2007 URLs" earlier in the checklist. Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection
How do I configure my public DNS records?

To send users to your Exchange 2013 Client Access server, you need to configure the existing DNS host (A) record with your external DNS provider. The public DNS records should point to the external IP address or FQDN of your Internet-facing Exchange 2013 Client Access server and use the externally accessible FQDNs that you've configured on your Client Access server. The following are examples of recommended DNS records that you should create to enable mail flow and external client connectivity.
Important: Before you make any changes to your DNS records, we strongly recommend that you reduce the time to live (TTL) values of each DNS record you want to change to its minimum interval. The TTL value determines how long a DNS record stays cached on DNS servers. A smaller interval, such as 5 or 10 minutes, will allow you to reverse any changes faster in the event you need to revert back to your original configuration. If you do need to change the TTL of your DNS records, don't make any other changes until the original TTL interval has passed.
FQDN contoso.com mail.contoso.com owa.contoso.com autodiscover.contoso.com
DNS record type MX A CNAME A
Value Mail.contoso.com 172.16.10.11 Mail.contoso.com 172.16.10.11
How do I configure my internal DNS records?

You choose whether you want users to use the same URL on your intranet and on the Internet to access your Exchange server or whether they should use a different URL. What you choose depends on the addressing scheme you have in place already or that you want to implement. If youre implementing a new addressing scheme, we recommend that you use the same URL for both internal and external URLs. Using the same URL makes it easier for users to access your Exchange server because they only have to remember one address. Regardless of the choice you make, you need to make sure you configure a private DNS zone for the address space you configure. For more information about administering DNS zones, see Administering DNS Server.
Configure internal and external URLs to be the same

To send users to your Exchange 2013 Client Access server, you need to configure the existing DNS host (A) record on your internal DNS servers. The internal DNS records should point to the internal host name and IP address of your Exchange 2013 Client Access server. The internal host names you use should match the external host names, for example, mail.contoso.com and owa.contoso.com. The following are examples of recommended DNS records that you should create to enable mail flow and external client connectivity.
FQDN
DNS record type
Value
27 of 32
8/14/2013 6:34 PM
mail.contoso.com owa.contoso.com autodiscover.contoso.com
CNAME CNAME A
Ex2013.corp.contoso.com Ex2013.corp.contoso.com 192.168.10.10
Configure different internal and external URLs

To send users to your Exchange 2013 Client Access server, you need to configure the existing DNS host (A) record on your internal DNS servers. The internal DNS records should point to the internal host name and IP address of your Exchange 2013 Client Access server. The following are examples of recommended DNS records that you should create to enable mail flow and external client connectivity.
FQDN internal.contoso.com autodiscover.contoso.com
DNS record type CNAME A
Value Ex2013.corp.contoso.com 192.168.10.10

To verify that you have successfully configured your public DNS records, do the following:
1. Open a command prompt and run nslookup.exe. 2. Change to a DNS server that can query your public DNS zone. 3. In nslookup, look up the record of each FQDN you created. Verify that the value that's returned for each FQDN is correct. Now, verify that you can access your Exchange 2013 server using your primary host name. Using a computer outside of your internal network, open your favorite browser and browse to the Outlook Web Access URL of the Exchange 2013 server, for example, https://mail.contoso.com/owa. Perform the two following tests:
Log into an Exchange 2013 mailbox Log into an Exchange 2013 mailbox and verify that you can access the contents of the mailbox without any certificate warnings or other errors. Log out and close your browser. If you need to create a new Exchange 2013 mailbox, see Create User Mailboxes. Log into an Exchange 2007 mailbox Log into an Exchange 2007 mailbox. When you log into this mailbox, you will be redirected to your Exchange 2007 Client Access server (the URL in the browser address bar with switch from mail.contoso.com to legacy.contoso.com). Verify that you are logged in successfully, that you can access the contents of the mailbox, and that you don't receive any certificate warnings or other errors. Test inbound and outbound mail flow Send a message from an external mail provider, such as outlook.com, to Exchange 2013 and Exchange 2007 mailboxes. Verify that the message is received successfully. Reply to the message from each mailbox and verify that the external recipient receives the message. You can also examine the message headers of the messages you sent and received to verify the path the message took using the Message Analyzer in the Microsoft Remote Connectivity Analyzer. With the exception of the mail flow test, repeat the previous tests from a computer inside your network to test your internal DNS configuration. If you've configured your internal DNS records to use the same host names as your external DNS, attempt to access an Exchange 2013 and Exchange 2007 mailbox using those host names, for example mail.contoso.com or owa.contoso.com. If you've configured your internal DNS records to use a different host name, attempt to access an Exchange 2013 and Exchange 2007 mailbox using the internal host name, for example internal.contoso.com. Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection
28 of 32
8/14/2013 6:34 PM
Finalize Your Deployment
29 of 32
8/14/2013 6:34 PM
Post-configuration tasks
After you complete a new installation of Exchange 2013, add an additional Exchange 2013 server role to an existing Exchange 2013 server, or install Exchange 2013 in an existing organization, you should consider the post-installation tasks. The post-installation tasks will help you verify the installation and configure the components that you have just installed.
Product key
When you install Exchange 2013, your server is licensed as a trial edition. The trial edition expires 120 days after the date of installation. A server that has a trial edition license functions as an Exchange Standard Edition server, but it isn't eligible for support from Microsoft support services. If you have Exchange 2013 servers for which the trial edition has expired, Exchange displays a separate warning for each expired server. You need to enter a product key before the trial edition expires if you want to continue using Exchange 2013 on the server. Learn more: Enter Product Key
Permissions configuration
For the purposes of the Exchange Deployment Assistant, your administrator account was granted permissions that you might not need going forward. You should verify that this account doesn't have more permissions than required to configure and manage your Exchange 2013 environment. Role Based Access Control (RBAC), the permissions model in Exchange 2013, is extremely flexible. The built-in role groups are probably sufficient to manage most of your Exchange 2013 organization. You can simply add and remove members from the existing role groups to control permissions. The following topics provide more information and can help you configure the appropriate permissions for your Exchange 2013 tasks:
Permissions Manage Role Groups Manage Role Group Members Manage Role Assignment Policies Change the Assignment Policy on a Mailbox Built-in Role Groups Built-in Management Roles
Public folders
Public folders are designed for shared access and provide an easy and effective way to collect, organize, and share information with other people in your workgroup or organization. You can use them as an archive for distribution groups, as a simple document sharing solution, and more. Learn more: Public Folders Now that you've successfully installed Exchange 2013, you can migrate your public folders from Exchange Server 2010 SP3 or Exchange 2007 SP3 RU10 to Exchange Server 2013. Youll perform the migration by using the new *PublicFolderMigrationRequest cmdlets, in addition to several PowerShell scripts. These cmdlets use the Microsoft Exchange Mailbox Replication service to perform the migration. Learn more: Migrate Public Folders to Exchange 2013 From Previous Versions
Unified Messaging upgrade

When you upgrade an Exchange 2007 organization with Unified Messaging to Exchange 2013 Unified Messaging, there are a number of steps you must perform to complete the Unified Messaging upgrade. Depending on your telephony environment and the UM components that were created and configured to support Unified Messaging in Exchange 2007, you may need to deploy additional telephony equipment including VoIP gateways or IP PBXs and then create and configure any additional UM components that will be required for Exchange 2013 UM. Learn more: Upgrade Exchange 2007 UM to Exchange 2013 UM
High availability options for Mailbox servers

After deploying and verifying the successful installation of at least two Mailbox servers, you can configure your Mailbox servers and mailbox databases for high availability and site resilience. Exchange 2013 uses the concept of incremental deployment, which is the ability to configure high availability and site resilience for Mailbox servers after the servers have been deployed. Service and data redundancy is achieved by using features in Exchange 2013 such as database availability groups and database copies. Learn more: Managing High Availability and Site Resilience
Hybrid deployments with Office 365

A hybrid deployment offers organizations the ability to extend the feature-rich experience and administrative control they have with their existing on-premises Microsoft Exchange organization to the cloud. A hybrid deployment provides the seamless look and feel of a single Exchange organization between an on-premises Exchange 2013 organization and Exchange Online in Microsoft Office 365. In addition, a hybrid deployment can serve as an intermediate step to moving completely to an Exchange Online organization. To configure a hybrid deployment, select Hybrid in the Exchange 2013 Deployment Assistant, answer the questions, and complete the checklist steps. Learn more: Exchange Server 2013 Hybrid Deployments
Remove legacy Exchange versions

After you have completed deploying and configuring Exchange 2013 in your organization, you may be ready to remove previous versions of Exchange. For more information about removing legacy Exchange servers, see the following topics:
Modify or Remove Exchange 2010 How to Completely Remove Exchange 2007 from a Server
Maintaining and growing an Exchange organization

Now that youve installed Exchange 2013, learn more about how you can use Exchange to support your organization. For example, you could do the following:
Configure mobile device policies so users can only access their mail from approved devices. Add remote domains to apply custom configuration and security to mail sent to and from a partners mail servers. Configure backup and restore processes to help keep your data safe. In addition to enabling features to improve productivity, you might need to add servers so that you can deploy a high availability solution, service users in other locations, increase capacity, or meet a combination of those or other goals. As you install additional servers, youll need to think about things like Active Directory site design, load balancing Client Access servers, message routing and transport high availability, and so on. For more information, see the following topics:
Topic Active Directory
Description Learn how Exchange 2013 uses Active Directory sites, and why its important to have a good Active Directory site design to help ensure the correct and efficient functioning of Exchange Server.
30 of 32
8/14/2013 6:34 PM
Permissions
Smaller organizations can often manage Exchange with a single administrator account. However, you might want to delegate permission to additional administrators, give limited permission to specialist users, and more. Read this topic to learn more about how you can use Exchange to grant permissions to administrators, specialist users, or how you can give users access to control their own mailbox. Depending on the laws of your country or rules and regulations for your industry, you might be required to archive data for a certain period of time or provide documents in response to a legal court order. Read this topic to learn more about how Exchange can help you respond to these requirements and requests. As you add more Exchange 2013 servers, youll need to carefully plan message routing between servers in different Active Directory sites, other messaging products, and the Internet. Read this topic to learn more about how Exchange 2013 routes traffic, how you can configure efficient highly available mail routing, and how you can perform mail flow monitoring and diagnostics. The global address list (GAL) contains every recipient in the Exchange 2013 organization. Some organizations might not want every user to see every other recipient in the organization. Or, you might want some departments or business units to have a specific email address domain. Read this topic to learn more about how you can use Exchange 2013 to segment the GAL so that users only see the recipients you want them to see, how to apply the correct email address to recipients automatically, how to configure offline address books, and more.
Messaging Policy and Compliance Mail Flow
Email Addresses and Address Books
Clients and Mobile
Users no longer access their email only from their computer at work. They use their home computer, mobile device, tablet, airport kiosk, and other methods to access their email. Its important to understand how users access their email so that you can ensure your companys information stays safe. Read this topic to learn more about how Exchange can help you keep control of your companys information by applying policies to devices, specifying which methods users can use to access their email, and more.
Mailbox and Client Access Servers Managing High Availability and Site Resilience Install Exchange 2013 Using the Setup Wizard
Understanding the Mailbox and Client Access server roles is critical to maintaining a healthy Exchange organization. Read the topics in this node to learn more about how these roles function, how to move mailboxes, manage mailbox databases, configure load balancing, configure certificates, and more. Data integrity and server availability are critically important in an Exchange organization. You need to ensure that the data stored on your Exchange servers is safe, and that the availability of your Exchange servers meets your organizations requirements. Read this topic to learn more about how Exchange can help you meet your goals by configuring database availability groups, establishing and testing backup and restore processes, and more. Additional servers increase capacity and enable you to configure features like database availability groups. Read this topic to learn how to install additional Mailbox and Client Access servers.
31 of 32
8/14/2013 6:34 PM
Deployment checklist complete

Congratulations on successfully completing your checklist in the Exchange Server Deployment Assistant!
Tools you can use

The Microsoft Remote Connectivity Analyzer tool is a free Web-based tool that helps you troubleshoot connectivity issues. The tool simulates several client logon and mail flow scenarios. When a test fails, troubleshooting tips can assist you in correcting the problem. Take a look at: Microsoft Remote Connectivity Analyzer Tool And, for more information about Exchange planning and deployment, you can always review the related content in the Exchange TechCenter Library. Find it all at: Planning and Deployment
Give us feedback please

We would really appreciate your feedback about the Exchange Server Deployment Assistant. What worked for you? What could we have done better? What do you recommend we change for the next version? Tell us what you think at: Feedback: Exchange 2013 Deployment Assistant
32 of 32
8/14/2013 6:34 PM

Exchange 2013 Deployment Assistant

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Exchange 2013 Deployment Assistant

Transféré par

Droits d'auteur :

Formats disponibles

Exchange 2013 Deployment Assistant