Contents Navigate your checklist .................................................................................................................... 3 Confirm prerequisite steps are done ............................................................................................... 4 Install the Client Access server role ................................................................................................ 5 Add digital certificates on the Client Access server ......................................................................... 9 Enable Exchange 2010 Outlook Anywhere ................................................................................... 14 Configure OAB and Web Services virtual directories .................................................................... 15 Configure settings on virtual directories ........................................................................................ 16 Install the Hub Transport server role ............................................................................................. 17 Configure Exchange ActiveSync authentication ............................................................................ 21 Configure a legacy host name ....................................................................................................... 22 Install the Mailbox server role ........................................................................................................ 23 Change the OAB generation server .............................................................................................. 27 Create Send connectors ................................................................................................................ 28 Move mailboxes to Exchange 2010............................................................................................... 30 Move public folder data to Exchange 2010 ................................................................................... 31 Post-installation tasks .................................................................................................................... 32 Checklist complete......................................................................................................................... 34
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Contents
Navigate your checklist .................................................................................................................... 3
Confirm prerequisite steps are done ............................................................................................... 4
Install the Client Access server role ................................................................................................ 5
Add digital certificates on the Client Access server ......................................................................... 9
Enable Exchange 2010 Outlook Anywhere ................................................................................... 14
Configure OAB and Web Services virtual directories .................................................................... 15
Configure settings on virtual directories ........................................................................................ 16
Install the Hub Transport server role ............................................................................................. 17
Now that we’ve asked you a few questions about your environment, it’s time to review how to use
your Exchange 2010 Deployment Checklist.
How can I see my answers to the environment questions? That's easy. There are two ways: Click the left arrow at the bottom of this page or, click Review
your answers at the top of the left pane. Then you can see a summary of how you answered the
questions.
How can I change my answers? Go to the Review your answers page. Right after the summary of your responses, you'll see
where you can click to make changes. You can also click Start Over at the top of any page.
When you change your answers, you'll get a whole new checklist that's tailored to those answers.
How can I move through the checklist? You can browse the checklist by clicking a step in the left pane or by using the right and left arrow
buttons. While you can browse in any order you want, you do need to complete the steps in the
order shown. If you try to jump ahead and complete a step, you'll find that you won't be able to
mark the step as complete. That's because the previous steps were skipped.
What do I do when I finish a step? Pat yourself on the back! Then, you can either click the check box to the left of the step or the
check box icon at the bottom of the screen. Then, you can move on to the next step. The
progress bar will change as you mark steps complete so you can easily track your progress.
What if I get interrupted? You can exit the Exchange Deployment Assistant at any time and return to the same computer
later to continue. Please be aware that if you access the Deployment Assistant from a different
computer, progress from your session on the original computer is not available.
Can I print this stuff? Yes! See the Print | Send | Download Checklist icons at the top of this page? They're on every
page of the checklist. You can print the step you're working on, and you can even download the
4
entire checklist. Also, if you'd like to send mail to someone about a step, click Send. A link to the
step is automatically included in the mail.
Confirm prerequisite steps are done
Before you go any further with the Exchange Deployment Assistant, make sure that your
organization's operating system, hardware, software, clients, and other elements meet the
requirements for Exchange 2010. If they don't, you won't be able to complete the steps in the
Deployment Assistant and you won't be able to deploy Exchange 2010.
We recommend that you run the Exchange Pre-Deployment Analyzer (ExPDA) to perform an
overall topology readiness scan of your environment. ExPDA provides a detailed report that will
alert you if there are any issues within your organization before you install Exchange 2010. If
ExPDA reports any warnings or errors, take care of those issues before you proceed any further.
To get ExPDA from the Microsoft Download Center, see: Exchange Pre-Deployment Analyzer
Learn more at: Understanding Exchange 2003 Upgrade Prerequisites
To successfully install Exchange 2010, the following components are required. If you run ExPDA,
it will check to make sure your environment has these components.
Directory Servers Schema master The latest 32-bit or 64-bit edition of the Windows Server 2003 SP1
Standard or Enterprise operating system or later or the latest 32-bit or 64-bit edition of the
Windows Server 2008 Standard or Enterprise operating system or later.
Global catalog server In every Active Directory site where you plan to install
Exchange 2010, you must have at least one global catalog server that is either the latest 32-
bit or 64-bit edition of Windows Server 2003 SP1 Standard or Enterprise, the latest 32-bit or
64-bit edition of Windows Server 2008 Standard or Enterprise, or the latest 32-bit or 64-bit
edition of Windows Server 2008 R2 Standard or Enterprise.
Active Directory Forest The Active Directory forest must be Windows Server 2003 forest
functional mode.
Domain Controller You must have the latest 32-bit or 64-bit
Windows Server 2003 Standard Edition or Enterprise Edition with Service Pack 1 (SP1)
operating system or the latest 32-bit or 64-bit edition of the Windows Server 2008 Standard
or Enterprise operating system or the Windows Server 2008 R2 Standard or Enterprise
operating system or the Windows Server 2008 Datacenter or Windows Server 2008 R2
Datacenter.
Operating Systems 64-bit edition of Windows Server 2008 Standard Service Pack 2
64-bit edition of Windows Server 2008 Enterprise Service Pack 2
There can only be one Client Access array per Active Directory site. After you've created the
array, you can manage which Client Access server computers are part of the array through your
load balancer configuration.
Learn more at: Understanding RPC Client Access
If you're unfamiliar with the Shell, learn more at: Overview of Exchange Management Shell
How do I know this worked? The successful completion of the Exchange Setup wizard will be your first indication that the
installation process worked as expected. To further verify that the Client Access server
role installed successfully, you can run Get-ExchangeServer <server name> | format-
list in the Exchange Management Shell, which can be launched from the
Exchange Server 2010 program group on the Windows Start Menu. This cmdlet outputs a list of
the Exchange 2010 server roles that are installed on the specified server.
You can also check the Exchange setup log (ExchangeSetup.log), located in
<system drive>\ExchangeSetupLogs to verify that the Client Access role was installed as
expected.
9
Learn more at: Verify an Exchange 2010 Installation
Add digital certificates on the Client Access server
For secure external access to Exchange, you'll need a digital certificate. This certificate will
include an exportable private key in X.509 format (DER encoded binary or Base-64 encoded). We
recommend you procure, import, and enable a Subject Alternative Name (SAN) certificate that
contains the names for the current namespace, a legacy namespace, and the Autodiscover
namespace.
The names you need to include in your Exchange certificate are the fully qualified domain
names (FQDNs) used by client applications to connect to Exchange. For example, a company
named Contoso that uses contoso.com can use just three hostnames for all client connectivity
within an Active Directory site:
mail.contoso.com This name can cover nearly all client connections to Exchange,
including Microsoft Office Outlook, Outlook Anywhere, offline address book (OAB) downloads
(by Outlook), Exchange Web Services (for Outlook 2007 and later, and Entourage 2008),
POP3, IMAP4, SMTP (both client and other SMTP server connections), Outlook Web App,
the Exchange Control Panel, Exchange ActiveSync, and Unified Messaging.
autodiscover.contoso.com This name is used for Autodiscover, which is used by
Outlook 2007 and later, Outlook Anywhere, Exchange ActiveSync, Exchange Web Services
clients, and Windows Mobile 6.1 and later.
legacy.contoso.com This name is used to maintain Internet access to an older version of
Exchange while you transition to Exchange 2010. This is necessary during transition because
some Exchange services (for example, Outlook Web App, Exchange ActiveSync, and
services that send configuration information through Autodiscover) tell clients to connect
directly with the old Exchange servers if they see requests to access a mailbox on an older
version of Exchange.
In addition to these three names, your root domain (for example, contoso.com) will also be added
as a name.
There are three steps to adding certificates to your Client Access server(s):
1. If you don't already have a digital certificate, you can use the New Certificate Request Wizard
in Exchange 2010 to generate a certificate request file, which you can then submit to your
selected Certification Authority.
2. After you have the digital certificate from your Certification Authority, you then complete the
certificate request process by importing the certificate into your Client Access server.
3. After the certificate has been imported, you assign one or more client access services to it.
Before proceeding with these steps, we recommend that you review this topic: Understanding
Digital Certificates and SSL
10
In addition, the configuration settings used in the Exchange Deployment Assistant assume that
you are using split DNS for client access.
To learn more, see: Understanding DNS Requirements
How do I create a certificate request file for a new certificate? You can use the New Exchange Certificate wizard to create your certificate request.
1. In the Console tree, click Server Configuration.
2. From the Actions pane, click New Exchange Certificate to open the New Exchange
Certificate wizard.
3. On the Introduction page, enter a friendly name for the certificate (for example,
Contoso.com Exchange certificate) and then click Next.
4. On the Domain Scope page, if you plan on using a wildcard certificate, check the box for
Enable wildcard certificate, enter the root portion of your domain (for example contoso.com
or *.contoso.com), and then click Next. If you're not using a wildcard certificate, just click
Next.
Note:
It's a best practice to not use wildcard certificates because they represent a potential
security risk. Like a SAN certificate, a wildcard certificate (for example,
*.contoso.com) can support multiple names. There are security implications to
consider because the certificate can be used for any sub-domain, including those
outside the control of the actual domain owner. A more secure alternative is to list
each of the required domains as Subject Alternative Names in the certificate. By
default, this approach is used when certificate requests are generated by Exchange.
5. On the Exchange Configuration page, expand and configure each area as follows:
a. Federated Sharing Federated Sharing allows you to enable users to share information
with recipients in external federated organizations by creating organization relationships
between two Exchange 2010 organizations, or using a sharing policy to allow users to
create sharing relationships on an individual basis. If you plan on using this feature,
expand Federated Sharing and select the Public certificate check box.
b. Client Access server (Outlook Web App) Expand this option and select the check
box(es) that are appropriate for your Outlook Web App usage (Intranet and/or Internet). If
you're using Outlook Web App internally, then in the Domain name you use to access
Outlook Web App internally field, remove the existing server names and enter the
FQDN you configured for external access to the Client Access server during Setup of the
Client Access server (for example, mail.contoso.com). This is the same FQDN that is
listed in the domain name field for Outlook Web App on the Internet.
c. Client Access server (Exchange ActiveSync) Exchange ActiveSync should already
be selected and the domain name field should be configured with the same FQDN used
for Outlook Web App.
11
d. Client Access server (Web Services, Outlook Anywhere, and
Autodiscover) Exchange Web Services, Outlook Anywhere, and Autodiscover on the
Internet should already be selected. Outlook Anywhere should already be configured to
use two FQDNs: one that is the same FQDN used by Outlook Web App (for example,
mail.contoso.com) and one that is the root domain for that FQDN (for example,
contoso.com). Autodiscover should already be configured to use a long URL, which
should automatically be configured as autodiscover.rootdomain (for example,
autodiscover.contoso.com).
e. Client Access server (POP/IMAP) If you plan on using secure POP or secure IMAP
internally or over the Internet, expand this option and select the appropriate check box. In
the domain name field for each protocol, remove the individual server names and enter
the same FQDN you're using for Outlook Web App.
f. Unified Messaging server If you plan on using Unified Messaging (UM) features, you
can use a certificate that is self-signed by an Exchange 2010 UM server (which is the
default option). If you're integrating UM with Office Communications Server (OCS), you'll
need to use a public certificate. We recommend using a separate certificate for UM and
OCS integration.
g. Hub Transport server Hub Transport servers can use certificates to secure Internet
mail, as well as POP and IMAP client submission. If you plan on using mutual TLS or if
you're using POP or IMAP clients and want to secure their SMTP submissions, select the
appropriate check box and in the FQDN field, enter the same FQDN you're using for
Outlook Web App.
h. Legacy Exchange Server This option is used to add the legacy namespace to the
certificate, which will be used only during the period of coexistence between
Exchange 2010 and the legacy version(s). Expand this option, select the Use legacy
domains check box, and in the FQDN field, enter the FQDN you are using for your
legacy namespace.
6. On the Certificate Domains page, review the list of domains that will be added to the
certificate. If the names are correct, click Next. If any names are missing or incorrect, you can
click Add to add missing names, or select a name and click Edit to modify the name. Click
Next.
7. On the Organization and Location page, fill in the Organization, Organization unit,
Location, Country/region, City/locality, and State/province fields. Click Browse and
browse to the location where you want the certificate request file created. In the File name
field, enter a name for the request file (for example, Exchange Certificate Request.req) and
click Save. Click Next.
8. On the Certificate Configuration page, review the configuration summary. If any changes
need to be made, click Back, and make the necessary changes. If everything is correct, click
New to generate the certificate request file.
9. On the Completion page, review the output of the wizard. Click Finish to close the wizard.
12
10. Transmit the certificate request file to your selected Certification Authority, who will then
generate the certificate and transmit it to you. After you have the certificate file, you can use
the Complete Pending Request wizard to import the certificate file into Exchange 2010.
11. In the Console tree, click Server Configuration.
12. In the Work pane, right-click the certificate request you created and click Complete Pending
Request.
13. On the Introduction page, click Browse to select the certificate file provided to you by your
selected Certification Authority. Enter the private key password for the certificate, and then
click Complete.
14. On the Completion page, verify that the request completed successfully. Click Finish to
close the Complete Pending Request wizard.
How do I assign services to the certificate? You can use the Assign Services to Certificate wizard to assign the appropriate services to the
imported certificate.
1. After the certificate has been successfully imported, you can assign services to it. Select the
certificate in the Work pane, and then from the Actions pane, click Assign Services to
Certificate to open the Assign Services to Certificate wizard.
2. On the Select Servers page, the Exchange server into which you imported the certificate
is shown. Click Next.
3. On the Select Services page, select the check box for each service you want assigned to
the selected certificate and then click Next. For example, select the check box for Internet
Information Services (IIS) to assign services for Outlook Web App, Exchange ActiveSync,
and other Exchange services that are integrated with IIS.
4. On the Assign Services page, review the configuration summary. If any changes need to be
made, click Back. If the configuration summary is correct, click Assign to assign the
specified services to the selected certificate.
5. On the Completion page, verify that each step completed successfully. Click Finish to close
the wizard.
How do I install the certificate on the legacy Exchange Server? In addition to installing the SSL certificate on the Exchange 2010 Client Access server, you'll also
need to install the certificate on the Exchange 2007 Client Access server or the Exchange 2003
server so that users with mailboxes on Exchange 2007 or Exchange 2003 can use SSL to
connect to their mailboxes.
13
Note:
If you'll be moving all mailboxes from Exchange 2003 or Exchange 2007 to
Exchange 2010 over a short period of downtime, such as a weekend, you can skip these
steps.
Before you install the digital certificate on the legacy Exchange server you must first export it from
the Exchange 2010 Client Access server. To export your digital certificate, use the following
steps.
1. Export the digital certificate to the variable $file using the following command.
How do I install the Hub Transport server role on dedicated hardware? The Exchange Server 2010 Setup wizard helps you install the Hub Transport role:
1. Insert the Exchange 2010 DVD into the DVD drive. When the AutoPlay dialog appears, click
Run Setup.exe under Install or run program. If the AutoPlay dialog doesn't appear,
navigate to the root of the DVD and double-click Setup.exe. Alternatively, browse to the
location of your Exchange 2010 installation files and double-click Setup.exe.
2. TheExchange Server 2010 Setup welcome screen appears. In the Install section, the
software listed for Steps 1 and 2 was installed with the Exchange 2010 prerequisites. If these
prerequisites are not already installed, click on the appropriate step to install them.
3. When Steps 1 and 2 are listed as Installed, click Step 3 to expand the Exchange language
options, and then choose the appropriate option:
a. Install all languages from the language bundle This option installs all the Exchange
2010 languages from an Exchange 2010 language bundle. You can connect to the
Internet to download the latest applicable language bundle or to use a previously
downloaded language bundle on a local drive or network share. Internet connectivity is
required for Exchange Setup to download the language pack bundle.
b. Install only languages from the DVD This option installs only the languages included
with the Setup DVD. The installation of additional languages support requires installing
the languages from the language bundle.
4. After Step 3 is complete, click Step 4: Install Microsoft Exchange.
5. On the Introduction page, click Next.
6. On the License Agreement page, review the software license terms. If you agree to the
terms, select I accept the terms in the license agreement, and click Next.
7. On the Error Reporting page, select Yes or No to enable the Exchange Error Reporting
feature, and click Next.
8. On the Installation Type page, select Custom Exchange Server Installation. For
Exchange 2010 SP1, you can select to automatically install all required Windows roles and
features for this server. To optionally change the installation path for Exchange 2010, click
Browse, locate the appropriate folder in the folder tree, and then click OK. Click Next.
9. On the Server Role Selection page, select the Hub Transport Role, and click Next. The
Management Tools option, which installs the Exchange Management Console and the
Exchange Management Shell, will also be selected and installed.
19
10. On the Readiness Checks page, review the Summary to determine if the system and server
are ready for the Hub Transport role to be installed. If all prerequisite checks completed
successfully, click Install. If any of the prerequisite checks failed, you must resolve the
displayed error before you can proceed with installing the Hub Transport role. In many cases,
you don't need to exit Setup while you're fixing issues. After you resolve an error, click Retry
to run the prerequisite check again. Also, be sure to review any warnings that are reported.
11. The Progress page displays the progress and elapsed time for each phase of the
installation. As each phase ends, it's marked completed and the next phase proceeds. If any
errors are encountered, the phase will end as incomplete and unsuccessful. If that happens,
you must exit Setup, resolve any errors, and then restart Setup.
12. When all phases have finished, the Completion page displays. Review the results, and verify
that each phase completed successfully. Clear the check box for Finalize this installation
using the Exchange Management Console, and then click Finish to exit Setup.
13. When you're returned to the Setup welcome screen, click Close. On the Confirm Exit prompt,
click Yes.
14. Restart the computer to complete the installation of the Hub Transport role.
20
How do I add the Hub Transport server role to my Client Access server? You can also use the Exchange Server 2010 Setup wizard to add the Hub Transport role to your
existing Client Access server.
1. Open the Windows Control Panel and launch the Programs and Features applet.
2. Select Microsoft Exchange Server 2010 from the list of installed programs, and then click
Change.
3. The Exchange Server 2010 Setup wizard will start in Exchange Maintenance Mode. Click
Next.
4. On the Server Role Selection page, select the check box for Hub Transport Role and then
click Next.
5. On the Readiness Checks page, review the Summary to determine if the system and server
are ready for the Hub Transport role to be installed. If all prerequisite checks completed
successfully, click Install. If any of the prerequisite checks failed, you must resolve the
displayed error before you can proceed with installing the Hub Transport role. In many cases,
you don't need to exit Setup while you're fixing issues. After you resolve an error, click Retry
to run the prerequisite check again. Also, be sure to review any warnings that are reported.
6. The Progress page will display the progress and elapsed time for each phase of the
installation. As each phase ends, it will be marked completed and the next phase will
proceed. If any errors are encountered, the phase will end as incomplete and unsuccessful.
In this event, you must exit Setup, resolve any errors, and then restart Setup in Maintenance
Mode.
7. When all phases have finished, the Completion page will be displayed. Review the results
and verify that each phase completed successfully. Click Finish to exit Setup.
8. Restart the computer to complete the installation of the Hub Transport role.
How do I know this worked? The successful completion of the Exchange Setup wizard will be your first indication that the
installation process worked as expected. To further verify that the Hub Transport server
role installed successfully, you can run Get-ExchangeServer <server name> | format-
list in the Exchange Management Shell, which can be launched from the Exchange Server
2010 program group on the Windows Start Menu. This cmdlet outputs a list of the Exchange 2010
server roles that are installed on the specified server.
You can also review the contents of the Exchange setup log file (ExchangeSetup.log), located in
<system drive>\ExchangeSetupLogs to verify that the Hub Transport role was installed as
expected.
Learn more at: Verify an Exchange 2010 Installation
21
Configure Exchange ActiveSync authentication
For Exchange ActiveSync to function during Exchange 2003 and Exchange 2010 coexistence,
you must configure Integrated Windows authentication on the Microsoft-Server-ActiveSync virtual
directory on the Exchange 2003 server. During this procedure, services will be restarted on the
Exchange 2003 server, resulting in a brief interruption in service.
Learn more at: Understanding Exchange ActiveSync Coexistence
How do I do this? There are two methods you can use to complete this task. Here's one method:
1. Install this hotfix for the Exchange 2003 server: "Event ID 1036 is logged on an
Exchange 2007 server that is running the CAS role when mobile devices connect to the
Exchange 2007 server to access mailboxes on an Exchange 2003 back-end server."
Get the hotfix from: Microsoft Support site
2. Using Exchange System Manager on the Exchange 2003 server, adjust the authentication
settings of the Exchange ActiveSync virtual directory.
3. Repeat these steps for all Exchange 2003 servers in your organization that contain
mailboxes.
Alternatively, you can do the following:
Set to a value of 6 the msExchAuthenticationFlags attribute on the Microsoft-Server-
ActiveSync object within the configuration container on each Exchange 2003 server that
contains mailboxes.
To review sample scripts for this change, see: Server Build DVD Visual Basic Script
Examples
How do I know this worked? To verify that this worked, do the following in your capacity as a user with a mailbox on
Exchange 2003.
1. Using a mobile phone or mobile phone emulator, create an Exchange ActiveSync connection
to the Exchange 2010 server.
2. Verify that mail can be sent and received through Exchange ActiveSync.
You can also use the Exchange Remote Connectivity Analyzer (ExRCA) to verify authentication
has been configured correctly. ExRCA is a free Web-based tool provided by Microsoft.
You can find ExRCA at https://www.testexchangeconnectivity.com
10. On the Client Settings page, select Yes if your organization has client computers running
either Microsoft Outlook 2003 or Microsoft Entourage 2004 or earlier. Select No if you don't.
11. On the Readiness Checks page, review the Summary to determine if the system and server
are ready for the Mailbox role to be installed. If all prerequisite checks completed
successfully, click Install. If any of the prerequisite checks failed, you must resolve the
displayed error before you can proceed with installing the Mailbox role. In many cases, you
don't need to exit Setup while you're fixing issues. After you resolve an error, click Retry to
run the prerequisite check again. Also, be sure to review any warnings that are reported.
12. The Progress page displays the progress and elapsed time for each phase of the
installation. As each phase ends, it's marked completed and the next phase proceeds. If any
errors are encountered, the phase will end as incomplete and unsuccessful. If that happens,
you must exit Setup, resolve any errors, and then restart Setup.
13. When all phases have finished, the Completion page displays. Review the results, and verify
that each phase completed successfully. Clear the check box for Finalize this installation
using the Exchange Management Console, and then click Finish to exit Setup.
14. When you are returned to the Setup welcome screen, click Close. On the Confirm Exit
prompt, click Yes.
15. Restart the computer to complete the installation of the Mailbox role.
26
How do I add the Mailbox server role to an existing Exchange 2010 server? You can also use the Exchange Server 2010 Setup wizard to add the Mailbox role to an existing
Exchange 2010 server.
1. Open the Windows Control Panel and launch the Programs and Features applet.
2. Select Microsoft Exchange Server 2010 from the list of installed programs, and then click
Change.
3. The Exchange Server 2010 Setup wizard will launch in Exchange Maintenance Mode. Click
Next.
4. On the Server Role Selection page, select the check box for Mailbox Role and then click
Next.
5. On the Readiness Checks page, review the Summary to determine if the system and server
are ready for the Mailbox role to be installed. If all prerequisite checks completed
successfully, click Install. If any of the prerequisite checks failed, you must resolve the
displayed error before you can proceed with installing the Mailbox role. In many cases, you
don't need to exit Setup while you're fixing issues. After you resolve an error, click Retry to
run the prerequisite check again. Also, be sure to review any warnings that are reported.
6. The Progress page will display the progress and elapsed time for each phase of the
installation. As each phase ends, it will be marked completed and the next phase will
proceed. If any errors are encountered, the phase will end as incomplete and unsuccessful.
In this event, you must exit Setup, resolve any errors, and then restart Setup in Maintenance
Mode.
7. When all phases have finished, the Completion page will be displayed. Review the results
and verify that each phase completed successfully. Click Finish to exit Setup.
8. Restart the computer to complete the installation of the Mailbox role.
How do I know this worked? The successful completion of the Exchange Setup wizard will be your first indication that the
installation process worked as expected. To further verify that the Mailbox server role installed
successfully, you can run Get-ExchangeServer <server name> | format-list in the
Exchange Management Shell, which can be launched from the Exchange Server 2010 program
group on the Windows Start Menu. This cmdlet outputs a list of the Exchange 2010 server roles
that are installed on the specified server.
You can also review the contents of the Exchange setup log file (ExchangeSetup.log), located in
<system drive>\ExchangeSetupLogs to verify that the Mailbox role was installed as expected.
Learn more at: Verify an Exchange 2010 Installation
27
Change the OAB generation server
Offline address book (OAB) generation is the process by which Exchange creates and updates
the OAB. To do that, an internal process called OABGen runs on a Mailbox server that has been
designated as the OAB generation server. When OAB generation occurs, Exchange generates
new OAB files, compresses the files, and then shares the files to client computers.
Outlook 2003 and earlier clients require OAB distribution to occur using public folders. In
Exchange 2010, OABs can be distributed using public folders to support Outlook 2003 clients.
OABs can also be distributed using Web services to support Outlook 2007 and Outlook 2010.
You can generate the OAB from an Exchange 2003 server provided that public folder distribution
is enabled in Exchange 2010. However, be aware that if you generate the OAB from an
Exchange 2003 server, you will lose the following functionality:
Japanese phonetic display name, phonetic surname, phonetic given name, phonetic
company name, and phonetic department name
PR_DISPLAY_TYPE_EX, which is used by Office Outlook 2007 and later to render the
correct icon for objects that are replicated across the forest.
To ensure full functionality with Exchange 2010 features, we recommend that you move the OAB
generation to an Exchange 2010 mailbox server. Moving the OAB generation to a new server will
result in a full OAB download for all clients.
Learn more at: Understanding Offline Address Books
How do I do this? You can use the Move Offline Address Book wizard in the Exchange Management Console to
perform this procedure.
1. In the Console tree, navigate to Organization Configuration > Mailbox.
2. In the Result pane, click the Offline Address Book tab, and then select the OAB for which
you want to move the generation to a new server.
3. In the Actions pane, click Properties. On the Distribution tab, select the Enable Web-
based distribution and the Enable public folder distribution check boxes and then click
OK.
4. In the Actions pane, click Move.
5. On the Move Offline Address Book page, click Browse to select the server to which you
want to move the OAB generation process, and then click OK.
6. Click Move to move the OAB generation process to the selected server.
7. On the Completion page, verify that the operation completed successfully. Click Finish to
close the Move Offline Address Book wizard.
28
How do I know this worked? The successful completion of the Move Offline Address Book wizard will indicate that the
command worked as expected. To further verify that the OAB generation server is the server
selected in Step 5 above, examine the value for Generation Server on the Offline Address
Book tab in the Exchange Management Console.
Create Send connectors
During your upgrade from Exchange 2003 to Exchange 2010 you will move outbound Internet
mail flow from Exchange 2003 to 2010. If you are using an Edge Transport server and have
completed the steps described in this tool for installing the Edge Transport server role and
subscribing the Edge Transport server, then outbound Internet mail flow is already configured in
Exchange 2010, and all you will need to do is delete the Exchange 2003 SMTP Connector.
If you are not using an Edge Transport server, then you must create at least one Send connector
configured with the appropriate address space, and then delete the existing Exchange 2003
SMTP connector(s).
Learn more at: Understanding Send Connectors
How do I create a Send connector? You can use the New Send Connector wizard in the Exchange Management Console to perform
this procedure.
1. In the Console tree, expand Organization Configuration and select Hub Transport.
2. In the result pane, click the Send Connectors tab.
3. In the Actions pane, click New Send Connector. The New SMTP Send Connector wizard
starts.
4. On the Introduction page, follow these steps:
a. In the Name field, type a meaningful name for this connector. Specify a name for the
Send connector that helps you distinguish this Send connector from other Send
connectors in your configuration.
b. In the Select the intended use for this connector field, select Internet and click Next.
5. On the Address space page, click Add.
6. In the Address field, enter * and click OK. Click Next.
7. On the Network settings page, review the available options and select how to send e-mail
with the Send connector. (If you need more information about the settings, click F1.)
Select the Use the External DNS Lookup settings on the transport server check box if
you want to use a specific list of DNS servers instead of the DNS server(s) configured for the
Hub Transport server's network adapter. After you finish, click Next.
29
Important:
Verify that you have configured the external DNS servers list by using the Set-
TransportServer cmdlet, or by using the External DNS Lookups tab in the
properties of the Hub Transport server.
If you're using a smart host, the Configure smart host authentication settings page
appears. By default, no authentication is used. To configure the smart host authentication
settings, click Change. Select the method you want to use to authenticate to the smart host,
and then click Next.
Note:
Here are some things to be aware of if the smart host requires Basic authentication.
Basic authentication requires that you provide a user name and password. We
strongly recommend that you use an encrypted connection if you're using Basic
authentication because the user name and password are sent in clear text. Select the
Basic Authentication over TLS check box to enable encryption on the connection.
Also, if you specify more than one smart host for this Send connector, all the
specified smart hosts must accept the same user name and password.
How do I delete an Exchange 2003 SMTP connector? 1. When each Send connector is created and verified, the corresponding SMTP connector can
be deleted.
2. In Exchange System Manager, expand the Organization node, expand Administrative
After you complete a new installation of Exchange 2010 or after you add an additional
Exchange 2010 server role to an existing Exchange 2010 server, you should complete the post-
installation tasks. The post-installation tasks will help you verify the installation and configure the
components that you have just installed.
33
Tasks to complete on all server roles For all server roles, we recommend that you verify the installation immediately after you install
Exchange 2010. If you install the Hub Transport or Edge Transport server roles, you should also
verify the agent configuration. For more information, see the following topics:
Verify an Exchange 2010 Installation
Enter Product Key
Transport Server Post-Deployment Tasks
Finalize Deployment Tasks
End-to-End Scenario Tasks
Additional Post-Installation Tasks
If you're upgrading from an Exchange 2003 or a mixed Exchange 2003 and Exchange 2007
organization, see: Upgrade Custom LDAP Filters to OPATH Filters
Optional tasks to complete on the Mailbox server role After deploying and verifying the successful installation of at least two Mailbox servers, you can
configure your Mailbox servers and mailbox databases for high availability and site resilience.
Exchange 2010 uses the concept of incremental deployment, which is the ability to configure high
availability and site resilience for Mailbox servers after the servers have been deployed. Service
and data redundancy is achieved by using new features in Exchange 2010 such as database
availability groups and database copies.
For more information about configuring your Mailbox servers for high availability or site resilience,
see: Managing High Availability and Site Resilience
Optional tasks to complete on the Hub Transport server role After deploying and verifying the installation of the Hub Transport server role, you might be
interested in enabling anti-spam functionality on your Hub Transport server. In some small
organizations, it may make sense to run Exchange 2010 anti-spam features on Hub Transport
servers. For example, some organizations may not have enough e-mail volume to justify the cost
of installing and maintaining a full perimeter network together with an Edge Transport server.
Learn more at: Enable Anti-Spam Functionality on a Hub Transport Server
Optional tasks to complete on the Unified Messaging server role After deploying and verifying the installation of your Unified Messaging (UM) server(s), you might
be interested in integrating UM services with Microsoft Office Communications Server (OCS)
34
2007 R2. Exchange 2010 UM combines voice messaging and e-mail messaging into a single
messaging infrastructure. Enterprise Voice in OCS 2007 R2 makes use of the UM infrastructure
to provide call answering, subscriber access, call notification, and auto attendant services.
Implementing these services requires integrating Exchange UM and OCS in a shared
Active Directory topology, careful planning, and a clear understanding of the technologies
involved, the features you want to enable, and important configuration details that you must be
aware of to successfully complete your deployment.
For more information about integrating UM with OCS, see: Enterprise Voice and Unified
Communications
Permissions configuration For the purposes of the Exchange Deployment Assistant, your administrator account was granted
permissions that you might not need going forward. You should verify that this account doesn't
have more permissions than required to configure and manage your Exchange 2010
environment.
Role Based Access Control (RBAC), the new permissions model in Exchange 2010, is extremely
flexible. The built-in role groups are probably sufficient to manage most of your Exchange 2010
organization. You can simply add and remove members from the existing role groups to control
permissions. The following topics will provide more information and help you configure the
appropriate permissions for your Exchange 2010 tasks:
Understanding Permissions
Understanding Role Based Access Control
Understanding Management Role Groups
Understanding Management Role Scopes
Built-in Role Groups
Built-in Management Roles
Understanding Permissions Coexistence with Exchange 2003
Remove legacy Exchange versions After you have completed deploying Exchange 2010 into your organization, you may be ready to
remove previous versions of Exchange. For more information about removing legacy Exchange
servers, see the following topics:
How to Uninstall Exchange Server 2003
How to Completely Remove Exchange 2007 from a Server
Checklist complete
Congratulations on successfully completing your checklist in the Exchange Deployment Assistant!