-
WelcomeDeployment Options
The Exchange 2013 Deployment Assistant is the IT pros source for
Exchange deployment technical guidance. Tell us what kind of
deploymentyoure interested in, answer a few questions about your
environment, and then view Exchange deployment instructions created
just for you.
On-Premises
Install a new on-premisesExchange 2013 deploymentor upgrade your
currentenvironment to Exchange2013
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
1 of 32 8/14/2013 6:34 PM
-
On-Premises Deployment QuestionsSelect your on-premises
deployment
Select your deployment scenario to get started
New installation of Exchange 2013
Upgrade from Exchange 2007Upgrade from Exchange 2010
Upgrade from Exchange 2007 and Exchange 2010
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
2 of 32 8/14/2013 6:34 PM
-
Client Access and Mailbox server installation location
Are you planning to install the Client Access and Mailbox server
roles on the same or a different server?
Exchange 2013 has two server roles: Mailbox and Client Access.
During deployment, you can install the server roles on the same
server or on different servers. Where you install these roles
depends on the number of serversavailable, their physical
capacities, and the layout of your network. For example, you might
want to dedicate certain servers to specific functions. For more
information, see Exchange 2013 System Requirements.
Same server
Different servers
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
3 of 32 8/14/2013 6:34 PM
-
Disjoint namespace
Are you running a disjoint namespace?
In most domain topologies, the primary DNS suffix of the
computers in the domain is the same as the DNS domain name. In some
cases, you may require that these namespaces be different from one
another. This is called a disjointnamespace. For example, a merger
or acquisition may cause you to have a topology with a disjoint
namespace. In addition, if DNS management in your organization is
split between administrators who manage Active Directory
andadministrators who manage networks, you may need to have a
topology with a disjoint namespace. For more information, see
Disjoint Namespace Scenarios.
Yes
No
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
4 of 32 8/14/2013 6:34 PM
-
Edge coexistence
Do you have an existing Edge Transport server?
The Edge Transport server isnt currently available in Exchange
2013. However, you can continue to use an existing Edge Transport
server from your legacy Exchange organization.
Note:
The Deployment Assistant checklist steps show you how to
configure an existing Edge Transport server. The Deployment
Assistant doesnt cover installing a new Edge Transport server in
the Exchange 2013 organization.
Yes
No
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
5 of 32 8/14/2013 6:34 PM
-
On-Premises Deployment StepsNavigate your checklist Now that
weve asked you a few questions about the type of deployment you
want, its time to review how to use your Exchange 2013 deployment
checklist.
How can I see my answers to the deployment questions?
That's easy. Simply expand the deployment questions section in
the left menu of this page, and select a question to see how you
answered it.
How can I change my answers?
Go to the deployment questions section in the left menu. Select
the question youd like to change the answer for, revise your
answer, and then click Next . You can also click Start Over at the
top of any page. When youchange your answers, you'll get a whole
new checklist that's tailored to those answers.
How can I move through the checklist?
You can browse the checklist by clicking a step in the left pane
or by using the Previous and Next buttons. While you can browse in
any order you want, you do need to complete the steps in the order
shown.
What do I do when I finish a step?
Pat yourself on the back! Then you can move on to the next step
by clicking Next .
How long will it take to complete the checklist?
Good question! It depends. The checklist is based on answers you
gave to the questions about your environment, and because there are
many possible combinations of answers, its hard to know the total
time it will take you tocomplete the entire process. Plus, youll
need to do some planning before you start the configuration steps.
However, to give you some idea as to how long a step should take,
weve included an estimate of time to complete at thebeginning of
each configuration step in your checklist.
What if I get interrupted?
You can exit the Exchange Deployment Assistant at any time and
return to the same computer later to continue where you left off.
Please be aware that if you access the Deployment Assistant from a
different computer, progressfrom your session on the original
computer is not available.
Can I print this stuff?
Yes! See Print Checklist at the top of this page? Use that icon
to print the entire deployment checklist. You can also use Print
This Page at the bottom of each page to print just a single
checklist step.
Can I copy and paste?
You can copy the code examples while youre in the checklist.
Just click Copy in the code example to copy the code to your
clipboard. For everything else, you can just highlight any text
passage and copy to your clipboard andpaste into the text editor of
your choice.
How do I tell you what I think about this?
We'd love to hear what you think of the Deployment Assistant.
Your feedback is encouraged and welcome! See Feedback at the top of
the page? Click it to send feedback to us via email anytime.
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
6 of 32 8/14/2013 6:34 PM
-
Before you begin Welcome to Exchange 2013! Before you deploy
Exchange 2013 in your organization, you'll need to first do some
careful planning. Before you go any further with the Exchange 2013
Deployment Assistant (ExDeploy), we urge you toreview this entire
topic to make sure that you fully understand how deploying Exchange
2013 could affect your existing network and Exchange
organization.
Things to consider before deploying Exchange 2013
Before you deploy Exchange 2013, you need to carefully consider
some important issues. Its important that you understand these
issues before you begin your deployment so you dont run into any
surprises along the way.
Server roles
Exchange 2013 includes two server roles; the Mailbox and Client
Access server roles. Each organization requires at a minimum one
Client Access server and one Mailbox server in the Active Directory
forest. Additionally, each ActiveDirectory site that contains a
Mailbox server must also contain at least one Client Access server.
If you're separating your server roles, we recommend installing the
Mailbox server role first.
The Mailbox server includes the Client Access protocols, the
Transport service, the Mailbox databases, and Unified Messaging
(the Client Access server redirects SIP traffic generated from
incoming calls to the Mailbox server). TheMailbox server handles
all activity for the active mailboxes on that server. The Client
Access server provides authentication, limited redirection, and
proxy services for all of the usual client access protocols: HTTP,
POP and IMAP, andSMTP. The Client Access server, a thin and
stateless server, doesnt do any data rendering. With the exception
of diagnostic logs, nothing is queued or stored on the Client
Access server.
Learn more at: Mailbox and Client Access Servers
Active Directory schema update
When you install Exchange 2013 for the first time, your Active
Directory schema will be updated. This schema update is required to
add objects and attributes to Active Directory to support Exchange
2013. Depending on the size ofyour organization, and how
infrastructure responsibilities are divided within your
organization, the schema update may need to be done by another team
or department. Additionally, replicating the changes made to your
schemamay take several hours or days and is dependent on your
Active Directory replication schedule.
Before installing the first Exchange 2013 server, talk with your
Active Directory management team, if you have one, so they can
review, sign-off, and implement the schema update. We also
recommend that you test the schemaupdate in a lab environment and
back up your production Active Directory schema prior to applying
the schema update.
Learn more at: Exchange 2013 Active Directory Schema Changes,
Exchange Server 2003 to Exchange Server 2010 Active Directory
Schema Changes Reference, March 2013, Prepare Active Directory and
Domains, and Testing forActive Directory Schema Extension
Conflicts
Certificates
Secure Sockets Layer (SSL) certificates help to protect
communication between your Exchange servers and clients and other
mail servers by encrypting data and, optionally, identifying each
side of the connection. Certificates can beissued by third-party
certificate authorities (CAs), issued by an internal CA, or
self-signed. Heres a short description of each type of
certificate:
Third-party certificates Third-party certificates are issued by
a public CA such as GoDaddy, Verisign, Thawte, Comodo, or
GlobalSign. Certificates published by public CAs are trusted by
most operating systems andbrowsers. This is important if you want
to use certificates to help protect communications between your
Exchange 2013 organization and external organizations. The external
organization must trust the certificate you givethem. While you can
accomplish the same thing with certificates issued by internal CAs
or using self-signed certificates, the external organization must
manually trust the certificates on each computer that will
communicatewith your Exchange 2013.Some public CAs also offer
services to verify the identity of the organization theyre issuing
a certificate to. This can be useful when an external organization
must make sure theyre connecting to the correct organization.Public
CAs charge for each certificate they issue. The cost varies
depending on the type of certificate your purchase, the number of
domains that will be listed on the certificate, and the pricing
structure of the public CA.Private certificates Private
certificates are issued by an internal, private CA. A private CA is
hosted within your organization and issues certificates for your
internal use. Private CAs are useful because there is no cost
toissuing certificates, internal clients and servers can be
configured to trust them automatically, and you manage the issuance
process. However, the drawback is that external organizations dont
trust your internal CA bydefault. If you want to secure
communication between your Exchange 2013 and external organizations
using a private certificate, the external organization must
manually trust the certificates on each computer that
willcommunicate with your Exchange 2013.Self-signed certificates
Self-signed certificates are issued by an individual computer and
not by any CA. Self-signed certificates arent trusted by any other
computers, operating systems, or browsers. They dont allow
otherclients or servers to verify the identity of the organization.
To connect to a computer that uses a self-signed certificate, the
client or server thats connecting must manually trust the
certificate. This process must be repeatedeach time the certificate
expires. When you have clients or external organizations that need
to connect to your Exchange 2013 servers, using self-signed
certificates on your Client Access server isn't feasible.
When deploying Exchange 2013, we strongly recommend that you
obtain a certificate issued either by a third-party or internal CA
for use on your Client Access server. This certificate will be used
to help protect communicationbetween the Client Access server and
clients and other servers that are connecting to your server.
However, you dont need to get or configure certificates for
communication between your Mailbox server and Client Access
server.The certificates used for communication between internal
Exchange 2013 servers are managed automatically by Exchange. You
dont need to configure certificates on the Mailbox server.
Learn more at: Digital Certificates and SSL
Split DNS
Split domain name service (DNS) is a concept that allows you to
configure different IP addresses for the same host name, depending
on where the originating DNS request came from. This is also known
as split-horizon DNS,split-view DNS, or split-brain DNS. Split DNS
can help you reduce the number of host names that you must manage
for Exchange by allowing your clients to connect to Exchange
through the same host name whether they'reconnecting from the
Internet or from the Intranet. Split DNS allows requests that
originate from an intranet to receive a different IP address than
requests that originate from the Internet. For example, external
Internet users whovisit www.contoso.com will be sent to the
companys public website while employees on the internal intranet
will be sent to the companys private intranet site.
We recommend that you deploy Exchange 2013 in a split DNS
configuration. In addition to simplifying deployment, split DNS
also reduces the number of subject alternative names (SANs)
required on the SSL certificates youll useto help secure
connections to your Client Access server. The steps in this
checklist configure your new Exchange 2013 organization to use
split DNS. When youre done, youll be able to use the same URL, such
as owa.contoso.com,to access your Exchange 2013 server from your
intranet and the Internet.
Note:
ExDeploy configures your Exchange 2013 deployment so that the
URL internal and external users use to access your Exchange server
is the same. If you have a different addressing scheme for your
organization, you can changethe internal and external URLs to match
that scheme.
Supported clients
Exchange 2013 and Exchange Online support the following minimum
versions of Microsoft Outlook and Microsoft Entourage for Mac:
Outlook 2013 (15.0.4420.1017)Outlook 2010 Service Pack 1 with
the Outlook 2010 November 2012 update (14.0.6126.5000). For more
information, see Description of the Outlook 2010 update: November
13, 2012.Outlook 2007 Service Pack 3 with the Outlook 2007 November
2012 update (12.0.6665.5000). For more information, see Description
of the Outlook 2007 update: November 13, 2012.Entourage 2008 for
Mac, Web Services EditionOutlook for Mac 2011
Important:
The information above provides the minimum versions required for
a client to connect to Exchange and Exchange Online. We strongly
recommend that you install the latest available service packs and
updates available so thatyour users receive the best possible
experience when connecting to Exchange and Exchange Online.
Outlook clients earlier than Outlook 2007 are not supported.
Email clients on Mac operating systems that require DAV, such as
Entourage 2008 for Mac RTM and Entourage 2004, are not
supported.
Outlook Web App supports several browsers on a variety of
operating systems and devices. For detailed information, see What's
New for Outlook Web App in Exchange 2013.
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
7 of 32 8/14/2013 6:34 PM
-
Hybrid deployments with Office 365
A hybrid deployment offers organizations the ability to extend
the feature-rich experience and administrative control they have
with their existing on-premises Microsoft Exchange organization to
the cloud. A hybrid deploymentprovides the seamless look and feel
of a single Exchange organization between an on-premises Exchange
Server 2013 organization and Exchange Online in Microsoft Office
365. In addition, a hybrid deployment can serve as anintermediate
step to moving completely to an Exchange Online organization. To
configure a hybrid deployment after your initial Exchange 2013
installation is complete, select Hybrid in the Exchange 2013
Deployment Assistant andcomplete the checklist steps.
Learn more at: Exchange Server 2013 Hybrid Deployments
Accessibility
For information about keyboard shortcuts that may apply to the
procedures in this checklist, see Keyboard Shortcuts in the
Exchange Admin Center.
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
8 of 32 8/14/2013 6:34 PM
-
Prepare Organization
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
9 of 32 8/14/2013 6:34 PM
-
Verify prerequisites Before you go any further with the Exchange
Deployment Assistant, make sure that your organization's operating
system, hardware, software, clients, and other elements meet the
requirements for Exchange 2013. If they don't, youwon't be able to
complete the steps in the Deployment Assistant and you won't be
able to deploy Exchange 2013.
Release notes
Make sure you read the release notes before you begin your
deployment. The release notes contain important information about
issues you might encounter during and after your deployment.
Learn more at: Release Notes for Exchange 2013
System requirements
System requirements tell you what hardware and operating systems
are supported on the computer where you install Exchange 2013.
Youll also learn about what Active Directory configurations can be
used, which legacy Exchangeversions can coexist with Exchange 2013
in the same Active Directory forest, which email clients are
supported, and whats required for hybrid deployments with Office
365.
Learn more at: Exchange 2013 System Requirements
Exchange 2013 prerequisites
Prerequisites tell you what Windows components, software
packages, and updates need to be installed on the computer where
youll install Exchange 2013. These prerequisites need to be
installed on the computer before you beginyour Exchange 2013
installation.
To prepare the Exchange 2007 servers in your organization for
coexistence with for Exchange 2013, youll need to install Update
Rollup 10 (RU10) for Exchange 2007 Service Pack 3 (SP3) on all the
Exchange 2007 servers in yourorganization before you can install
Exchange 2013. The service pack is available in the Microsoft
Download Center at Exchange Server 2007 Service Pack 3. The update
rollup is available in the Microsoft Download Center at
UpdateRollup 10 for Exchange Server 2007 Service Pack 3
(KB2788321). (Although this topic isn't an exact match, you can
reference it for steps about how to upgrade to Exchange 2007 SP3:
How to Upgrade to Exchange 2007 SP1)
Also, in order for Exchange 2013 to coexist with previous
versions of Exchange, all your Exchange 2013 servers must be
running Cumulative Update 2 (CU2) for Exchange 2013. To download
Exchange 2013 CU2, see CumulativeUpdates for Exchange 2013.
Learn about all prerequisites at: Exchange 2013
Prerequisites
Permissions to install and manage Exchange 2013
Exchange 2013 requires different permissions to install and to
manage your server roles. When you're installing Exchange 2013
servers in your organization, the account you use might not be the
same account that you use foradministering and managing your server
roles. To manage your server roles, Exchange 2013 uses the Role
Based Access Control (RBAC) permissions model.
Exchange 2013 uses RBAC to manage permissions on the Mailbox and
Client Access server roles. With RBAC, you can control what
resources administrators can configure and what features users can
access. The RBAC model isflexible and provides you with several
ways to customize the default permissions.
RBAC has two primary ways of assigning permissions to users in
your organization, depending on whether the user is an
administrator or specialist user, or an end-user: Management role
groups and management role assignmentpolicies. Each method
associates users with the permissions they need to do their jobs.
The following tables list the tasks found in the Exchange
Deployment Assistant and the permissions required to complete the
task.
Note:
Some features may require that you have local administrator
permissions on the server you want to manage. To manage these
features, you must be a member of the Local Administrators group on
that server.
Learn more at: Permissions
Installation permissions
The table below lists the permissions that you need to
successfully use the Deployment Assistant and to install Exchange
2013. By default, the account that's used to install Exchange 2013
in the organization is added as a memberof the Organization
Management role group.
When you install the first Exchange 2013 server role (Mailbox)
into your Exchange 2013 organization, Exchange Setup will prepare
your Active Directory schema if you have the correct permissions.
If you want to separate your ActiveDirectory schema preparation
from the Exchange server installation, see Prepare Active Directory
and Domains.
For information about how to add permissions, see Manage Role
Group Members.
Task Permissions required
Install the Mailbox server role (first server role installed)
Local AdministratorEnterprise AdministratorSchema Admins
Install the second server Local AdministratorOrganization
Management or Delegated Setup
Exchange management permissions
The table below lists the configuration permissions that you
need to successfully use the Deployment Assistant. For information
about how to add permissions, see Manage Role Group Members.
Task Permissions required
Configure disjoint namespace Local AdministratorDomain
Administrator
Configure mail flow Organization Management
Configure accepted domains Organization Management
Configure email address policies Organization Management
Configure external URLs Organization Management or Server
Management
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
10 of 32 8/14/2013 6:34 PM
-
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
11 of 32 8/14/2013 6:34 PM
-
Collect required information Before you start your Exchange 2013
deployment, you're going to need information about your
organization. We suggest you print this step so you can record your
organization's information and have easy access to it as you
gothrough the checklist.
You can use the following table to gather information about your
organization that you're going to need before you get started. When
you're working through your checklist, replace the example
information that you see in thechecklist with the information
you've provided in this table. For example, if the external fully
qualified domain name (FQDN) of your Exchange 2013 server will be
exchange.adatum.com, enter that FQDN in the "Value in
yourorganization" field.
Description Example value in checklist Value in your
organization
Active Directory forest root corp.contoso.com
Internal Exchange 2013 computer name EX2013
Internal Exchange 2007 computer name EX2007
External Exchange 2013 FQDN for thefollowing services:
Outlook AnywhereOffline Address BookExchange Web Services
(EWS)Exchange ActiveSync
mail.contoso.com
Note:
This is the FQDN that, before installing Exchange 2013, points
to your Exchange 2007 server. As part of the upgrade process, this
FQDN will bemoved from your Exchange 2007 server to the new
Exchange 2013 server. Your Exchange 2007 server will be assigned a
new FQDN, such aslegacy.contoso.com.
Internal Exchange 2013 FQDN for thefollowing services:
Outlook AnywhereOffline Address BookRemote PowerShellExchange
Web Services (EWS)Exchange ActiveSync
Internal URL same as external URL mail.contoso.comInternal URL
different than external URL internal.contoso.com
External Exchange 2013 FQDN for thefollowing services:
Outlook Web AppECP (Exchange Admin Center)
owa.contoso.com
Internal Exchange 2013 FQDN for thefollowing services:
Outlook Web AppECP (Exchange Admin Center)
Internal URL same as external URL owa.contoso.comInternal URL
different than external URL internal.contoso.com
External Exchange 2007 FQDN for thefollowing services:
Outlook Web AccessEWSUnified Messaging
legacy.contoso.com
Note:
This FQDN doesn't need to start with "legacy". It can be any
available FQDN as long as it doesn't match any of the ones assigned
to theExchange 2013 server (for example, mail.contoso.com). You
could, for example, use oldmail.contoso.com instead of
legacy.contoso.com.
External Autodiscover FQDN autodiscover.contoso.com
Internal service connection point FQDN
autodiscover.contoso.com
Primary SMTP namespace contoso.com
User principal name domain
contoso.com
Having problems? Ask for help in the Exchange forums. Visit the
forums at: Exchange Server, Exchange Online, or Exchange Online
Protection
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
12 of 32 8/14/2013 6:34 PM
-
Configure default offline address book Estimated time to
complete: 5 minutes or longer, depending on the number of mailbox
databases in your organization
Before you install Exchange 2013, you need to make sure that all
of the existing Exchange mailboxes in your organization are
assigned a default offline address book (OAB). If you don't do
this, any mailbox that isn't assigned adefault OAB when Exchange
2013 is installed will automatically download the new OAB generated
by Exchange 2013. If you have hundreds or thousands of mailboxes,
this could cause significant network traffic and server load.
The steps below show you how to assign a default OAB to Exchange
mailbox databases. Assigning a default OAB to a mailbox database
has two advantages:
Mailboxes stored in a mailbox database will inherit the OAB
assigned to a mailbox database if the mailbox itself has no OAB
assigned. This allows you to assign an OAB to many mailboxes
without having to individuallyupdate each mailbox.When the mailbox
is moved from an existing Exchange server to Exchange 2013, the
mailbox will automatically begin using the new Exchange
2013-generated OAB if the mailbox itself isn't assigned an OAB.
How do I do this?
Open the Exchange Management Shell on your Exchange server.1.Run
the following command to retrieve a list of OABs.
Get-OfflineAddressBook
2.
Run the following command to view all the mailbox databases
(except Exchange 2013 mailbox databases) in your organization and
the OABs assigned to them.
Get-MailboxDatabase | Format-Table Name, Server,
OfflineAddressBook -Auto
3.
For every mailbox database that doesn't have an OAB assigned,
assign an OAB from the list you retrieved earlier. You can either
set the OAB on each mailbox database individually or set the OAB on
all mailbox databases atonce. Use the command below that best suits
your requirements.
To set the OAB on each mailbox database individually, run the
following command. The command example uses "Sales Employees" for
the mailbox database name on the Ex2007 server, and the "Default
OfflineAddress Book" for the name of the OAB.
Set-MailboxDatabase "Ex2007\Sales Employees" -OfflineAddressBook
"Default Offline Address Book"
To set the same OAB on all mailbox databases at once, run the
following command. The command example uses "Default Offline
Address Book" for the name of the OAB.
Warning:
The following command will overwrite the OAB assigned to every
mailbox database in your organization. If you want to verify the
command has the intended effect, run it with the WhatIf switch
parameter first.
Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook
"Default Offline Address Book"
4.
How do I know this worked?
To verify that every mailbox database in your organization is
assigned a default OAB, run the following command. Every mailbox
database should have an OAB listed in the OfflineAddressBook
column.
Get-MailboxDatabase | Format-Table Name, Server,
OfflineAddressBook -Auto
Having problems? Ask for help in the Exchange forums. Visit the
forums at: Exchange Server, Exchange Online, or Exchange Online
Protection
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
13 of 32 8/14/2013 6:34 PM
-
Create legacy Exchange host name Estimated time to complete: 5
minutes
You need to create a legacy domain name system (DNS) host name
so your legacy Exchange 2007 environment and Exchange 2013 can
coexist. For example, if your domain name is currently contoso.com,
you're likely using a hostname of mail.contoso.com or
www.contoso.com for external client access to Exchange. During
coexistence, we recommend creating and using, for example, a host
name of legacy.contoso.com. You'll associate the legacy host
namewith your existing Exchange 2007 server and associate your
current host name (for example, mail.contoso.com) with your
Exchange 2013 Client Access server. Your end users will not see or
use the legacy host name. It will be usedby Autodiscover and Client
Access servers when redirecting legacy users to a legacy
server.
All client connections will be redirected, including Exchange
ActiveSync, Outlook Web App, POP3, and IMAP4. After the legacy host
name has been configured, users will be able to access their
mailbox regardless of whether it's onExchange 2007 or Exchange
2013. If you're upgrading from Exchange 2007 to Exchange 2013,
Availability service requests will also be redirected.
How do I do this?
You need to create a public DNS record for the
legacy.contoso.com host name to point to the external IP address of
your Exchange 2007 server. The following is an example of the DNS
record that you'd create with your public DNSprovider, such as
GoDaddy.
Important:
You might need to make changes to your firewall to support this
new legacy host name. You might need to add new firewall rules, add
an external IP address for your Exchange 2007 server, or make other
configuration changes.If your organization has a network management
group, a security review process, or change management process, you
may need to request permission to perform these changes or have
someone else make them for you.
Host name DNS record type Value
Legacy.contoso.com A 172.16.10.10
How do I know this worked?
To verify that you've successfully configured your public DNS
records, do the following:
Open a command prompt and run nslookup.exe.1.Change to a DNS
server that can query your public DNS zone.2.In nslookup, look up
the record for the legacy.contoso.com host name you created. Verify
that the IP address that's returned matches the external IP address
of your Exchange 2007 server.3.
Having problems? Ask for help in the Exchange forums. Visit the
forums at: Exchange Server, Exchange Online, or Exchange Online
Protection
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
14 of 32 8/14/2013 6:34 PM
-
Install Exchange 2013 Estimated time to complete: 50 to 60
minutes
The Mailbox server role in Exchange 2013 hosts user mailboxes
and public folder mailboxes, provides Unified Messaging services,
generates the Offline Address Book (OAB), and more. In Exchange
2013, the Client Access server roleprovides clients with access to
mailboxes via Outlook, Outlook Web App, and other protocols;
accepts inbound SMTP connections from the Internet and other Active
Directory sites; accepts connections from telephony systems;
andmore.
Learn more at: Mailbox and Client Access Servers
Caution:
After you install Exchange 2013 on a server, you must not change
the server name. Renaming a server after you have installed an
Exchange 2013 server role is not supported.
How do I do this?
Important To prepare your organization for Exchange 2013, make
sure that youve done everything in the Verify prerequisites step
earlier in this checklist. That step has lots of important
information, like the following:
In order for Exchange 2013 to coexist with previous versions of
Exchange, all your Exchange 2013 servers must be running Cumulative
Update 2 (CU2) for Exchange 2013. For information on how to
download Exchange 2013,see Cumulative Updates for Exchange
2013.You'll also need to install Update Rollup 10 for Exchange 2007
Service Pack 3 (SP3) on all the Exchange 2007 servers in your
organization before you can install Exchange 2013. Download from
Exchange Server 2007 ServicePack 3 and Update Rollup 10 for
Exchange Server 2007 Service Pack 3(KB2788321).
In terms of the order in which to upgrade your sites, assuming
you have Exchange servers in more than one site, start with any
Internet-facing Active Directory sites, followed by the internal
sites. The first site you will want toupgrade is the one where
AutoDiscover requests from the Internet come in.
After you have downloaded Exchange 2013 CU2, log on to the
computer on which you want to install Exchange 2013.1.Navigate to
the network location of the Exchange 2013 installation
files.2.Start Exchange 2013 Setup by double-clicking Setup.exe.
Important:
If you have User Access Control (UAC) enabled, you must
right-click Setup.exe and select Run as administrator.
3.
On the Check for Updates page, choose whether you want Setup to
connect to the Internet and download product and security updates
for Exchange 2013. If you select Connect to the Internet and check
for updates,Setup will download updates and apply them prior to
continuing. If you select Don't check for updates right now, you
can download and install updates manually later. We recommend that
you download and installupdates now. Click Next to continue.
4.
The Introduction page begins the process of installing Exchange
into your organization. It will guide you through the installation.
Several links to helpful deployment content are listed. We
recommend that you visit theselinks prior to continuing setup.
Click Next to continue.
5.
On the License Agreement page, review the software license
terms. If you agree to the terms, select I accept the terms in the
license agreement, and then click Next.6.On the Recommended
settings page, select whether you want to use the recommended
settings. If you select Use recommended settings, Exchange will
automatically send error reports and information about yourcomputer
hardware and how you use Exchange to Microsoft. If you select Don't
use recommended settings, these settings remain disabled but you
can enable them at any time after Setup completes. For
moreinformation about these settings and how information sent to
Microsoft is used, click ?.
7.
On the Server Role Selection page, select both Mailbox role and
Client Access role. The management tools are installed
automatically if you install any other server role.Select
Automatically install Windows Server roles and features that are
required to install Exchange Server to have the Setup wizard
install required Windows prerequisites. You may need to reboot the
computer tocomplete the installation of some Windows features. If
you don't select this option, you must install the Windows features
manually.
Note:
This option installs only the Windows features required by
Exchange. You must install other prerequisites manually. For more
information, see Exchange 2013 Prerequisites.
Click Next to continue.
8.
On the Installation Space and Location page, either accept the
default installation location or click Browse to choose a new
location. Make sure that you have enough disk space available in
the location where you want toinstall Exchange. Click Next to
continue.
9.
On the Malware Protection Settings page, choose whether you want
to enable or disable malware scanning. If you disable malware
scanning, it can be enabled in the future. Unless you have a
specific reason to disablemalware scanning, we recommend that you
keep it enabled. Click Next to continue.
10.
On the Readiness Checks page, view the status to determine if
the organization and server role prerequisite checks completed
successfully. If they haven't completed successfully, you must
resolve any reported errorsbefore you can install Exchange 2013.
You don't need to exit Setup when resolving some of the
prerequisite errors. After resolving a reported error, click Back
and then click Next to run the prerequisite check again. Be sureto
also review any warnings that are reported. If all readiness checks
have completed successfully, click Install to install Exchange
2013.
11.
On the Completion page, click Finish.
Note:
If you didn't separate your Active Directory schema preparation
from the installation of Exchange 2013, the amount of time this
takes is dependent upon your Active Directory site topology. It
might take some time forthe changes to replicate across your
organization.
12.
Restart the computer after Exchange 2013 has completed.13.
How do I know this worked?
Run Get-ExchangeServer
To verify that Exchange 2013 installed successfully, run the
Get-ExchangeServer cmdlet in the Exchange Management Shell. A list
is displayed of all Exchange server roles that are installed on the
specified server when this cmdlet isrun.
For detailed syntax and parameter information, see
Get-ExchangeServer.
Review the setup log file
You can also learn more about the installation and configuration
of Exchange 2013 by reviewing the setup log file created during the
setup process.
During installation, Exchange Setup logs events in the
Application log of Event Viewer on computers that are running
Windows Server 2008 R2 with Service Pack 1 (SP1) and Windows Server
2012. Review the Application log, andmake sure there are no warning
or error messages related to Exchange setup. These log files
contain a history of each action that the system takes during
Exchange 2013 setup and any errors that may have occurred. By
default, thelogging method is set to Verbose. Information is
available for each installed server role.
You can find the setup log file at
\ExchangeSetupLogs\ExchangeSetup.log. The variable represents the
root directory of the drive where the operating system is
installed.
The setup log file tracks the progress of every task that is
performed during the Exchange 2013 installation and configuration.
The file contains information about the status of the prerequisite
and system readiness checks that areperformed before installation
starts, the application installation progress, and the
configuration changes that are made to the system. Check this log
file to verify that the server roles were installed as
expected.
We recommend that you start your review of the setup log file by
searching for any errors. If you find an entry that indicates that
an error occurred, read the associated text to figure out the cause
of the error.
Having problems? Ask for help in the Exchange forums. Visit the
forums at: Exchange Server, Exchange Online, or Exchange Online
Protection
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
15 of 32 8/14/2013 6:34 PM
-
Create an Exchange 2013 mailbox To simplify configuration of
Exchange 2013 and to help test your new server later on, you need
to create an Exchange 2013 mailbox. We'll make this new mailbox a
member of the Organization Management role group and you'lluse this
mailbox when you configure Exchange 2013.
Later on in the checklist you'll need to log into your Exchange
2013 servers. Log in using the Exchange 2013 mailbox you'll create
in this step. This will make sure you have the correct permissions
to perform each of the steps andthat the EAC opens correctly.
How do I do this?
Open the EAC by browsing to the URL of your Client Access
server. For example, https://Ex2013/ecp?ExchClientVer=15.
Important:
You need to include ?ExchClientVer=15 in the URL when you want
to open the EAC with a user that doesn't have an Exchange 2013
mailbox.
1.
Enter the user name and password of the account you used to
install Exchange 2013 in Domain\user name and Password, and then
click Sign in.2.Go to Recipients > Mailboxes. On the Mailboxes
page, click Add and then select User mailbox.3.Provide the
information required for the new user and then click Save.4.Go to
Permissions > Admin Roles. On the Admin Roles page, select
Organization Management and click Edit .5.Under Members, click Add
.6.Select the Exchange 2013 mailbox you just created, click Add,
then click OK. Then click Save.7.
How do I know this worked?
To verify that you've successfully created an Exchange 2013
mailbox and added it as a member of the Organization Management
role group, do the following:
In the EAC, go to Permissions > Admin Roles. On the Admin
Roles page, select Organization Management.1.In the details pane,
view the Members list. If the Exchange 2013 mailbox has been
successfully added as a member of the Organization Management role
group, the mailbox will be listed here.2.
Having problems? Ask for help in the Exchange forums. Visit the
forums at: Exchange Server, Exchange Online, or Exchange Online
Protection
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
16 of 32 8/14/2013 6:34 PM
-
Configure ServicesExchange 2013 external URLs Estimated time to
complete: 10 to 15 minutes
There are several settings that you need to configure on the
Exchange 2013 virtual directories, which include Outlook Anywhere,
Exchange ActiveSync, Exchange Web Services, Offline Address Book
(OAB), Outlook Web App, theExchange admin center, and the
availability service.
Learn more at: Virtual Directory Management
How do I do this?
Open the EAC by browsing to the URL of your Client Access
server. For example, https://Ex2013/ECP.1.Enter your user name and
password in Domain\user name and Password, and then click Sign
in.2.Go to Servers > Servers, select the name of the
Internet-facing Client Access server and then click Edit .3.Click
Outlook Anywhere.4.In the Specify the external hostname field,
specify the externally accessible FQDN of the Client Access server.
For example, mail.contoso.com.5.While youre here, lets also set the
internally accessible FQDN of the Client Access server. In the
Specify the internal hostname field, insert the FQDN you used in
the previous step. For example, mail.contoso.com.6.Click Save.7.Go
to Servers > Virtual directories and then click Configure
external access domain .8.Under Select the Client Access servers to
use with the external URL, click Add .9.Select the Client Access
servers you want to configure, and then click Add. After youve
added all the Client Access servers you want to configure, click
OK.10.In Enter the domain name you will use with your external
Client Access servers, type the external domain you want to apply.
For example, mail.contoso.com. Click Save.
Note:
Some organizations make the Outlook Web App FQDN unique to
protect users against changes to underlying server FQDN changes.
Many organizations use owa.contoso.com for their Outlook Web App
FQDN instead ofmail.contoso.com. If you want to configure a unique
Outlook Web App FQDN, do the following after you completed the
previous step. This checklist assumes you have configured a unique
Outlook Web App FQDN.
In Select server, choose your Exchange 2013 Client Access
server.1.Select owa (Default Web Site) and click Edit .2.In
External URL, type https://, then the unique Outlook Web App FQDN
you want to use, and then append /owa. For example,
https://owa.contoso.com/owa.3.Click Save.4.Select ecp (Default Web
Site) and click Edit .5.In External URL, type https://, then the
same Outlook Web App FQDN that you specified in the previous step,
and then append /ecp. For example,
https://owa.contoso.com/ecp.6.Click Save.7.
11.
How do I know this worked?
To verify that you have successfully configured the external URL
on the Client Access server virtual directories, do the
following:
In the EAC, go to Servers > Virtual directories.1.In the
Select server field, select the Internet-facing Client Access
server.2.Select a virtual directory and then, in the virtual
directory details pane, verify that the External URL field is
populated with the correct FQDN and service as shown below:
Virtual directory External URL value
Autodiscover No external URL displayed
ECP https://owa.contoso.com/ecp
EWS https://mail.contoso.com/EWS/Exchange.asmx
Microsoft-Server-ActiveSync
https://mail.contoso.com/Microsoft-Server-ActiveSync
OAB https://mail.contoso.com/OAB
OWA https://owa.contoso.com/owa
PowerShell http://mail.contoso.com/PowerShell
3.
Having problems? Ask for help in the Exchange forums. Visit the
forums at: Exchange Server, Exchange Online, or Exchange Online
Protection
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
17 of 32 8/14/2013 6:34 PM
-
Exchange 2013 internal URLs Estimated time to complete: 10 to 15
minutes
Before clients can connect to your new Exchange 2013 server from
your Intranet, you need to configure the internal domains, or URLs,
on the Exchange 2013 Client Access servers virtual directories.
You choose whether you want users to use the same URL on your
intranet and on the Internet to access your Exchange servers or
whether they should use a different URL. What you choose depends on
the addressing scheme youhave in place already or that you want to
implement. If youre implementing a new addressing scheme, we
recommend that you use the same URL for both internal and external
URLs. Using the same URL makes it easier for users toaccess your
Exchange servers because they only have to remember one address.
Regardless of the choice you make, you need to make sure you
configure a private DNS zone for the address space you configure.
For moreinformation about administering DNS zones, see
Administering DNS Server.
For more information internal and external URLs on virtual
directories, see Virtual Directory Management.
What do you want to do?
Configure internal and external URLs to be the same
Open the Exchange Management Shell on your Exchange 2013 Client
Access server.1.Store the host name of your Client Access server in
a variable that will be used in the next step. For example,
Ex2013.
$HostName = "Ex2013"
2.
Run each of the following commands in the Shell to configure
each internal URL to match the virtual directorys external URL.
Set-EcpVirtualDirectory "$HostName\ECP (Default Web Site)"
-InternalUrl ((Get-EcpVirtualDirectory "$HostName\ECP (Default Web
Site)").ExternalUrl)
Set-WebServicesVirtualDirectory "$HostName\EWS (Default Web
Site)" -InternalUrl ((get-WebServicesVirtualDirectory
"$HostName\EWS (Default Web Site)").ExternalUrl)
Set-ActiveSyncVirtualDirectory
"$HostName\Microsoft-Server-ActiveSync (Default Web Site)"
-InternalUrl ((Get-ActiveSyncVirtualDirectory
"$HostName\Microsoft-Server-ActiveSync (Default Web
Site)").Exter
Set-OabVirtualDirectory "$HostName\OAB (Default Web Site)"
-InternalUrl ((Get-OabVirtualDirectory "$HostName\OAB (Default Web
Site)").ExternalUrl)
Set-OwaVirtualDirectory "$HostName\OWA (Default Web Site)"
-InternalUrl ((Get-OwaVirtualDirectory "$HostName\OWA (Default Web
Site)").ExternalUrl)
Set-PowerShellVirtualDirectory "$HostName\PowerShell (Default
Web Site)" -InternalUrl ((Get-PowerShellVirtualDirectory
"$HostName\PowerShell (Default Web Site)").ExternalUrl)
3.
How do I know this worked?
To verify that you have successfully configured the internal URL
on the Client Access server virtual directories, do the
following:
In the EAC, go to Servers > Virtual directories.1.In the
Select server field, select the Internet-facing Client Access
server.2.Select a virtual directory and then click Edit .3.Verify
that the Internal URL field is populated with the correct FQDN and
service as shown below:
Virtual directory Internal URL value
Autodiscover No internal URL displayed
ECP https://owa.contoso.com/ecp
EWS https://mail.contoso.com/EWS/Exchange.asmx
Microsoft-Server-ActiveSync
https://mail.contoso.com/Microsoft-Server-ActiveSync
OAB https://mail.contoso.com/OAB
OWA https://owa.contoso.com/owa
PowerShell http://mail.contoso.com/PowerShell
4.
Having problems? Ask for help in the Exchange forums. Visit the
forums at: Exchange Server, Exchange Online, or Exchange Online
Protection
Configure different internal and external URLs
Open the EAC by browsing to the URL of your Client Access
server. For example, https://Ex2013/ECP.1.Go to Servers >
Virtual directories.2.In the Select server field, select the
Internet-facing Client Access server.3.Select the virtual directory
you want to change, and then click Edit .4.In Internal URL, replace
the host name between https:// and the first forward slash (/ )
with the new FQDN you want to use. For example, if you want to
change the EWS virtual directory FQDN fromEx2013.corp.contoso.com
to internal.contoso.com, change the internal URL from
https://Ex2013.corp.contoso.com/ews/exchange.asmx to
https://internal.contoso.com/ews/exchange.asmx.
5.
Click Save.6.Repeat steps 5 and 6 for each virtual directory you
want to change.
Note:
The ECP and OWA virtual directory internal URLs must be the
same.You cant set an internal URL on the Autodiscover virtual
directory.
7.
How do I know this worked?
To verify that you have successfully configured the internal URL
on the Client Access server virtual directories, do the
following:
In the EAC, go to Servers > Virtual directories.1.In the
Select server field, select the Internet-facing Client Access
server.2.Select a virtual directory, and then click Edit .3.Verify
that the Internal URL field is populated with the correct FQDN. For
example, you may have set the internal URLs to use
internal.contoso.com.
Virtual directory Internal URL value
Autodiscover No internal URL displayed
4.
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
18 of 32 8/14/2013 6:34 PM
-
ECP https://internal.contoso.com/ecp
EWS https://internal.contoso.com/EWS/Exchange.asmx
Microsoft-Server-ActiveSync
https://internal.contoso.com/Microsoft-Server-ActiveSync
OAB https://internal.contoso.com/OAB
OWA https://internal.contoso.com/owa
PowerShell http://internal.contoso.com/PowerShell
Having problems? Ask for help in the Exchange forums. Visit the
forums at: Exchange Server, Exchange Online, or Exchange Online
Protection
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
19 of 32 8/14/2013 6:34 PM
-
Exchange 2013 certificates Estimated time to complete: 10 to 15
minutes (not including response time from the certificate
authority)
Some services, such as Outlook Anywhere and Exchange ActiveSync,
require certificates to be configured on your Exchange 2013 server.
The following steps show you how to configure an SSL certificate
from a third-party certificateauthority (CA). These steps also show
you how to add the legacy host name that'll be configured on your
Exchange 2007 server. In a later step, this certificate will be
imported on your Exchange 2007 to help simplify the switch tothe
legacy host name.
How do I do this?
Open the EAC by browsing to the URL of your Client Access
server. For example, https://Ex2013/ECP.1.Enter your user name and
password in Domain\user name and Password, and then click Sign
in.2.Go to Servers > Certificates. On the Certificates page,
make sure your Client Access server is selected in the Select
server field, and then click New .3.In the New Exchange certificate
wizard, select Create a request for a certificate from a
certification authority and then click Next.4.Specify a name for
this certificate and then click Next.5.If you want to request a
wildcard certificate, select Request a wild-card certificate and
then specify the root domain of all subdomains in the Root domain
field. If you don't want to request a wildcard certificate
andinstead want to specify each domain you want to add to the
certificate, leave this page blank. Click Next.
6.
Click Browse and specify an Exchange 2013 server to store the
certificate on. The server you select should be the Internet-facing
Exchange 2013 Client Access server. Click Next.7.For each service
in the list shown, verify that the external or internal server
names that users will use to connect to the Exchange server are
correct. For example:
If you configured your internal and external URLs to be the
same, Outlook Web App (when accessed from the Internet) and Outlook
Web App (when accessed from the Intranet) should show
owa.contoso.com.OAB (when accessed from the Internet) and OAB (when
accessed from the Intranet) should show mail.contoso.com.If you
configured the internal URLs to be internal.contoso.com, Outlook
Web App (when accessed from the Internet) should show
owa.contoso.com and Outlook Web App (when accessed from the
Intranet)should show internal.contoso.com.
These domains will be used to create the SSL certificate
request. Click Next.
8.
Click Add to add the legacy host name to the certificate.9.In
the Domain name field, enter your legacy host name. For example,
legacy.contoso.com. Click OK.10.Add any additional domains you want
included on the SSL certificate.11.Select the domain that you want
to be the common name for the certificate and click Set as common
name. For example, contoso.com. Click Next.12.Provide information
about your organization. This information will be included with the
SSL certificate. Click Next.13.Specify the network location where
you want this certificate request to be saved. Click Finish.14.
After you've saved the certificate request, submit the request
to your certificate authority (CA). This can be an internal CA or a
third-party CA, depending on your organization. Clients that
connect to the Client Access server musttrust the CA that you use.
After you receive the certificate from the CA, complete the
following steps:
On the Server > Certificates page in the EAC, select the
certificate request you created in the previous steps.1.In the
certificate request details pane, click Complete under Status.2.On
the Complete pending request page, specify the path to the SSL
certificate file and then click OK.3.Select the new certificate you
just added, and then click Edit .4.On the certificate page, click
Services.5.Select the services you want to assign to this
certificate. At minimum, you should select IIS but you can also
select IMAP, POP, and UM call router if you use these services. If
you want to use secure transport, you can alsoselect SMTP to make
this certificate available to Exchange 2013 transport. Click
Save.
6.
If you receive the warning Overwrite the existing default SMTP
certificate?, click Yes.7.
How do I know this worked?
To verify that you have successfully added a new certificate, do
the following:
In the EAC, go to Servers > Certificates.1.Select the new
certificate and then, in the certificate details pane, verify that
the following are true:
Status shows ValidAssigned to services shows, at minimum, IIS
and optionally IMAP, POP, UM call router, and SMTP.
2.
Having problems? Ask for help in the Exchange forums. Visit the
forums at: Exchange Server, Exchange Online, or Exchange Online
Protection
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
20 of 32 8/14/2013 6:34 PM
-
Exchange 2007 certificates Estimated time to complete: 10 to 15
minutes
When you create the new third-party certificate for your
Exchange 2013 server, you included the legacy host name as one of
the host names on the certificate. The certificate includes both
the primary host name your users use toconnect to your
organization, for example mail.contoso.com, and the new legacy host
name, for example legacy.contoso.com. By importing this certificate
on your Exchange 2007 server, you can avoid certificate errors when
youconfigure your Exchange 2007 server to use the new legacy host
name.
If you have multiple Exchange 2007 Client Access servers in your
organization, you need to import the third-party certificate and
assign Exchange services on each Exchange 2007 Client Access
server.
How do I do this?
First, you need to export your certificate from your Exchange
2013 server with the certificate's private key using the following
steps.
Log on directly to your Exchange 2013 Client Access server with
an administrator user account.1.Open an empty Microsoft Management
Console (MMC).2.Click File, and then Add/Remove Snap-in.3.In the
Add or Remove Snap-ins window, select Certificates and then click
Add >.4.In the Certificates snap-in window that appears, select
Computer account and then click Next.5.Select Local computer and
click Finish. Then, click OK.6.Under Console Root, expand
Certificates (Local Computer), Personal, and then
Certificates.7.Select the third-party certificate you created in
the previous step.8.Right-click on the certificate, select All
Tasks, and then Export.9.In the Certificate Export Wizard, click
Next.10.Select Yes, export the private key and then click
Next.11.Make sure Personal Information Exchange - PKCS #12 (.PFX)
and Include all certificates in the certification path if possible
are selected. Make sure no other options are selected. Click
Next.12.Select Password and then enter a password to help secure
your certificate. Click Next.13.Specify a file name for the new
certificate. Use the file extension .pfx. Click Next, and then
click Finish.14.You'll receive a confirmation prompt if the
certificate export was successful. Click OK to close it.15.Copy the
.pfx file you created to your Exchange 2007 Client Access
server.16.
After you've exported the certificate from your Exchange 2013
server, you need to import the certificate on your Exchange 2007
server using the following steps.
Log on directly to your Exchange 2007 Client Access server with
an administrator user account.1.Open an empty Microsoft Management
Console (MMC).2.Click File, and then Add/Remove Snap-in.3.In the
Add or Remove Snap-ins window, select Certificates and then click
Add >.4.In the Certificates snap-in window that appears, select
Computer account and then click Next.5.Select Local computer and
click Finish. Then, click OK.6.Under Console Root, expand
Certificates (Local Computer), and then Personal.7.Right-click
Personal , select All Tasks and then Import.8.In the Certificate
Import Wizard, click Next.9.Click Browse and select the .pfx file
you copied to your Exchange 2007 Client Access server. Click Open,
and then click Next.
Note:
You may need to change the File name filter in the Open window
to All Files (*.*) to see the .pfx file.
10.
In the Password field, enter the password you used to help
secure the certificate when you exported it on the Exchange 2013
Client Access server.11.Verify that Include all extended properties
is selected and click Next.12.Verify that Place all certificates in
the following store is selected and Personal is shown in
Certificate store. Click Next. Click Finish.13.You'll receive a
confirmation prompt if the certificate import was successful. Click
OK to close it.14.
Now that the new certificate has been imported on your Exchange
2007 Client Access server, you need to assign it to your Exchange
services using the following steps.
Open the Exchange Management Shell on your Exchange 2007 Client
Access server.1.Run the following command to list the certificates
installed on the Exchange 2007 server.
Get-ExchangeCertificate
2.
Find the third-party certificate that contains the domain you
configured on the certificate in the Subject column.3.Copy the GUID
of the certificate that's located in the Thumbprint column and save
it. You'll use this value in the next step.4.Run the following
command to assign the certificate to the Internet Information
Services (IIS), POP, IMAP, and Unified Messaging (UM) services.
You'll need to paste the thumbprint you saved in the previous step
into thiscommand. The thumbprint GUID used in this example is
BBF70EF91B214CCBC0D336EFA9BD9FE0035858C3.
Enable-ExchangeCertificate
BBF70EF91B214CCBC0D336EFA9BD9FE0035858C3 -Services IIS, POP, IMAP,
UM
Note:
Only include the Unified Messaging service in the command if
you've installed the Unified Messaging (UM) server role on this
Exchange 2007 server.
5.
How do I know this worked?
To verify that you've successfully imported the new third-party
certificate on your Exchange 2007 Client Access server, do the
following:
Open the Exchange Management Shell on your Exchange 2007 Client
Access server.1.Run the following command to list the certificates
installed on the Exchange 2007 server.
Get-ExchangeCertificate
2.
Verify that the services that you assigned to the new
third-party certificate are listed in the Services column of the
certificate. The following characters are used to indicate each
service:
Character Service
I IMAP
P POP
U Unified Messaging
Note:
This service will only be assigned to the certificate if you
have the UM server role installed on this Exchange 2007 and
included the UM service when you ran the Enable-ExchangeCertificate
command.
W IIS
3.
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
21 of 32 8/14/2013 6:34 PM
-
S SMTP
Note:
This service wasn't included in the Enable-ExchangeCertificate
command in the procedure earlier in this topic. Unless you included
the SMTP service in the command, this service will be assigned to
apreviously installed certificate.
Having problems? Ask for help in the Exchange forums. Visit the
forums at: Exchange Server, Exchange Online, or Exchange Online
Protection
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
22 of 32 8/14/2013 6:34 PM
-
Perform SwitchoverImportant note about switchover Up until this
point, you've been getting everything ready to bring your new
Exchange 2013 server into production and switch some services from
your Exchange 2007 server to your Exchange 2013. There has been no
impact to yourusers. The next several steps in the checklist will
transition Outlook Web App, Exchange Web Services, Autodiscover,
and Exchange ActiveSync access from your Exchange 2007 server to
your Exchange 2013 server. During thisperiod, your users may
experience some disruption as settings are updated and domain name
configuration is replicated across the Internet. We recommend that
you perform these steps outside of business hours and that
youcommunicate possible service disruption to your users.
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
23 of 32 8/14/2013 6:34 PM
-
Enable and configure Outlook Anywhere Estimated time to
complete: 10 to 15 minutes
To allow your Exchange 2013 Client Access server to redirect
connections to your Exchange 2007 servers, you must enable and
configure Outlook Anywhere on all of the Exchange 2007 servers in
your organization. If someExchange 2007 servers in your
organization are already configured to use Outlook Anywhere, their
configuration must also be updated to support Exchange 2013. When
you use the steps below to configure Outlook Anywhere, thefollowing
configuration is set on each Exchange 2007 server:
The Outlook Anywhere external URL is set to the external
hostname of the Exchange 2013 server.Client authentication, which
is used to allow clients like Outlook 2013 to authenticate with
Exchange, is set to Basic.Internet Information Services (IIS)
authentication, which is used to allow Exchange servers to
communicate, set to NTLM and Basic.
How do I do this?
Perform the following steps to enable and configure Outlook
Anywhere on your Exchange 2007 servers.
Open the Exchange Management Shell on your Exchange 2007 Client
Access server.1.Store the external host name of your Exchange 2013
Client Access server in a variable that will be used in the next
steps. For example, mail.contoso.com.
$Exchange2013HostName = "mail.contoso.com"
2.
Run the following command to configure Exchange 2007 servers
that already have Outlook Anywhere enabled to accept connections
from Exchange 2013 servers.
Warning:
The following command will change the configuration of Outlook
Anywhere on any Exchange 2007 server in your organization on which
it's already enabled.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like
"Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} |
Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq
$True} | ForEach {Se
3.
Run the following command to enable Outlook Anywhere on the rest
of your Exchange 2007 servers to accept connections from Exchange
2013 servers.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like
"Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} |
Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq
$False} | Enable-Out
4.
How do I know this worked?
To verify that you've successfully configured Outlook Anywhere
on your Exchange 2007 servers to accept connections redirected from
Exchange 2013, do the following:
Open the Exchange Management Shell on your Exchange 2007 Client
Access server.1.Run the following command to view the Outlook
Anywhere configuration on your Exchange 2007 servers:
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like
"Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} |
Get-OutlookAnywhere | Format-Table Server,
ClientAuthenticationMethod, IISAuthenti
2.
Having problems? Ask for help in the Exchange forums. Visit the
forums at: Exchange Server, Exchange Online, or Exchange Online
Protection
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
24 of 32 8/14/2013 6:34 PM
-
Configure service connection point Estimated time to complete:
10 minutes
Autodiscover uses an Active Directory object called the service
connection point (SCP) to retrieve a list of AutoDiscover URLs for
the forest in which Exchange is installed. When you install
Exchange 2013, you need to update the SCPobject to point to the
Exchange 2013 server. This is necessary because Exchange 2013
servers provide additional AutoDiscover information to clients to
improve the discovery process.
You must update the SCP object configuration on every Exchange
server in the organization. You need to use the version of the
Exchange Management Shell that corresponds to the version of the
Exchange servers you're updating.
How do I do this?
Perform the following steps to configure the SCP object on your
Exchange 2007 servers.
Open the Exchange Management Shell on your Exchange 2007 Client
Access server.1.Store the AutoDiscover host name of your Exchange
2013 Client Access server in a variable that will be used in the
next step. For example, autodiscover.contoso.com.
$AutodiscoverHostName = "autodiscover.contoso.com"
2.
Run the following command to set the SCP object on every
Exchange 2007 server to the AutoDiscover URL of the new Exchange
2013 server.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like
"Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} |
Set-ClientAccessServer -AutoDiscoverServiceInternalUri
https://$AutodiscoverHostNa
3.
Perform the following steps to configure the SCP object on your
Exchange 2013 servers.
Open the Exchange Management Shell on your Exchange 2013 Client
Access server.1.Store the AutoDiscover host name of your Exchange
2013 Client Access server in a variable that will be used in the
next step. For example, autodiscover.contoso.com.
$AutodiscoverHostName = "autodiscover.contoso.com"
2.
Run the following command to set the SCP object on every
Exchange 2013 server to the AutoDiscover URL of the new Exchange
2013 server.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like
"Version 15*") -And ($_.ServerRole -Like "*ClientAccess*")} |
Set-ClientAccessServer -AutoDiscoverServiceInternalUri
https://$AutodiscoverHostN
3.
How do I know this worked?
To verify that you've successfully configured the
AutoDiscoverServiceInternalUrl property on your Exchange 2007
servers with the value of the Exchange 2013 AutoDiscover URL, do
the following:
Open the Exchange Management Shell on your Exchange 2007 Client
Access server.Run the following command to view the SCP object
configuration on Exchange 2007 servers.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like
"Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} |
Get-ClientAccessServer | Format-Table Name,
AutoDiscoverServiceInternalUri -Auto
To verify that you've successfully configured the
AutoDiscoverServiceInternalUrl property on your Exchange 2013
servers with the value of the Exchange 2013 AutoDiscover URL, do
the following:
Open the Exchange Management Shell on your Exchange 2013 Client
Access server.1.Run the following command to view the SCP object
configuration on Exchange 2013 servers.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like
"Version 15*") -And ($_.ServerRole -Like "*ClientAccess*")} |
Get-ClientAccessServer | Format-Table Name,
AutoDiscoverServiceInternalUri -Auto
2.
Having problems? Ask for help in the Exchange forums. Visit the
forums at: Exchange Server, Exchange Online, or Exchange Online
Protection
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
25 of 32 8/14/2013 6:34 PM
-
Exchange 2007 URLs Estimated time to complete: 10 minutes
When a user with an Exchange 2007 mailbox connects to your
Exchange 2013 Client Access server, Exchange 2013 will redirect the
connection to the Exchange 2007 Client Access server. To do this
redirection, the Exchange 2013server uses the external hostname
configured on the Exchange 2007 server's Outlook Web Access,
Exchange Web Services, and Unified Messaging virtual directories.
The external hostname of the Exchange 2007 server needs to
bedifferent from the hostname of the Exchange 2013 server and needs
to be pointed to the Exchange 2007 server's own Internet-accessible
IP address. You need to manually configure the external hostname of
the Exchange 2007server, for example legacy.contoso.com.
Warning:
The commands in this step overwrite the value stored in the
ExternalUrl property of the Outlook Web Access, Exchange Web
Services, and Unified Messaging virtual directories on all the
Exchange 2007 Client Access servers inyour organization.
How do I do this?
Open the Shell on the Exchange 2007 Client Access server.1.Run
the commands in the "How do I know this worked" section to retrieve
the current values of the ExternalUrl property of the Outlook Web
Access, Exchange Web Services, and Unified Messaging virtual
directories. Makenote of these values in case you need to revert
back to them.
2.
Store the external host name of your Exchange 2007 Client Access
server in a variable that will be used in the next steps. For
example, legacy.contoso.com.
$LegacyHostName = "legacy.contoso.com"
3.
Run the following command to configure the external URL of the
Outlook Web App virtual directory on the Exchange 2007 Client
Access server using the external host name you stored in the
$LegacyHostName variable.
Get-OwaVirtualDirectory | Where {$_.OwaVersion -Eq
"Exchange2007"} | Set-OwaVirtualDirectory -ExternalUrl
https://$LegacyHostName/owa
4.
Run the following command to configure the external URL of the
Exchange Web Services virtual directory on the Exchange 2007 Client
Access server using the external host name you stored in the
$LegacyHostNamevariable.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like
"Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} |
Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory
-ExternalUrl htt
5.
Run the following command to configure the external URL of the
Unified Messaging virtual directory on the Exchange 2007 Client
Access server using the external host name you stored in the
$LegacyHostName variable.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like
"Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} |
Get-UMVirtualDirectory | Set-UMVirtualDirectory -ExternalUrl
https://$LegacyHostNa
6.
How do I know this worked?
Run the following command to verify that the external URL of the
Outlook Web Access virtual directory on all the Exchange 2007
servers in your organization has been configured correctly.
Get-OwaVirtualDirectory | Where {$_.OwaVersion -Eq
"Exchange2007"} | Format-Table Server, ExternalUrl -Auto
1.
Run the following command to verify that the external URL of the
Exchange Web Services virtual directory on all the Exchange 2007
servers in your organization has been configured correctly.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like
"Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} |
Get-WebServicesVirtualDirectory | Format-Table Server, ExternalUrl
-Auto
2.
Run the following command to verify that the external URL of the
Unified Messaging virtual directory on all the Exchange 2007
servers in your organization has been configured correctly.
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like
"Version 8*") -And ($_.ServerRole -Like "*ClientAccess*")} |
Get-UmVirtualDirectory | Format-Table Server, ExternalUrl -Auto
3.
Having problems? Ask for help in the Exchange forums. Visit the
forums at: Exchange Server, Exchange Online, or Exchange Online
Protection
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
26 of 32 8/14/2013 6:34 PM
-
Configure DNS records Estimated time to complete: 15 to 20
minutes
Now that you've configured your Exchange 2007 and Exchange 2013
servers, it's time to change your DNS records to direct connections
to your new Exchange 2013 server. You'll move the host names (for
example,mail.contoso.com) users have been using to connect to
Outlook Web Access, Autodiscover, and so on from your Exchange 2007
server to your Exchange 2013 server. When an Exchange 2007 user
tries to open their mailbox, theExchange 2013 server will redirect
them to the host name of the Exchange 2007 server (for example,
legacy.contoso.com). Configuring DNS includes the following:
Verify that the Exchange 2007 host name resolves to the external
publicly accessible IP address of the Exchange 2007 Client Access
server.Change the primary host names, such as mail.contoso.com,
autodiscover.contoso.com, and owa.contoso.com (if used) to point to
the external publicly accessible IP address of the Exchange 2013
Client Access server withyour public DNS provider.Change the
primary host names, such as mail.contoso.com (or
internal.contoso.com if you're using different internal host
names), autodiscover.contoso.com, and owa.contoso.com (if used) to
point to the internal machinename of the Exchange 2013 Client
Access server on your internal DNS servers.
Important:
Read this topic completely before starting.You might need to
make changes to your firewall to support the new Exchange 2013
server. You might need to add new firewall rules, add an external
IP address for your Exchange 2013 server, or make other
configurationchanges. If your organization has a network management
group, a security review process, or change management process, you
may need to request permission to perform these changes or have
someone else make them foryou.
How do I verify my Exchange 2007 host name is properly
configured?
Earlier in the checklist, you configured the host name of the
Exchange 2007 server with your public Internet DNS provider. Now
you need to verify that the host name of the Exchange 2007 server,
for example legacy.contoso.com,resolves to the external IP address
of the Exchange 2007 server and that you can access an Exchange
2007 mailbox.
To verify that you've successfully configured your Exchange 2007
host name with your public DNS provider, do the following:
Open a command prompt and run nslookup.exe.1.Change to a DNS
server that can query your public DNS zone.2.In nslookup, look up
the record for the legacy.contoso.com host name you created. Verify
that the IP address that's returned matches the external IP address
of your Exchange 2007 server.3.
Now, verify that you can access your Exchange 2007 server using
the legacy host name. Using a computer outside of your internal
network, open your favorite browser and browse to the Outlook Web
Access URL of the Exchange2007 server, for example,
https://legacy.contoso.com/owa. Verify that you can connect to
Outlook Web App, log in, and view the contents of an Exchange 2007
mailbox. Also verify that you don't receive any certificate
warnings orerrors.
If you can access an Exchange 2007 mailbox and don't receive any
certificate warnings or errors, you can continue on with the rest
of this topic. If you do receive certificate errors or if you can't
access the Exchange 2007 mailbox, dothe following:
Make sure that you've created the legacy DNS host name. For more
information, see "Create legacy Exchange host name" earlier in the
checklist.Make sure that you've successfully requested and received
the new certificate on your Exchange 2013 Client Access server and
imported it on your Exchange 2007 server. For more information, see
"Exchange 2013certificates" and "Exchange 2007 certificates"
earlier in the checklist.Make sure that you've correctly configured
the internal and external URLs on your Exchange 2007 server. For
more information, see "Configure Exchange 2007 URLs" earlier in the
checklist.
Having problems? Ask for help in the Exchange forums. Visit the
forums at: Exchange Server, Exchange Online, or Exchange Online
Protection
How do I configure my public DNS records?
To send users to your Exchange 2013 Client Access server, you
need to configure the existing DNS host (A) record with your
external DNS provider. The public DNS records should point to the
external IP address or FQDN of yourInternet-facing Exchange 2013
Client Access server and use the externally accessible FQDNs that
you've configured on your Client Access server. The following are
examples of recommended DNS records that you should create toenable
mail flow and external client connectivity.
Important:
Before you make any changes to your DNS records, we strongly
recommend that you reduce the time to live (TTL) values of each DNS
record you want to change to its minimum interval. The TTL value
determines how long aDNS record stays cached on DNS servers. A
smaller interval, such as 5 or 10 minutes, will allow you to
reverse any changes faster in the event you need to revert back to
your original configuration. If you do need to change theTTL of
your DNS records, don't make any other changes until the original
TTL interval has passed.
FQDN DNS record type Value
contoso.com MX Mail.contoso.com
mail.contoso.com A 172.16.10.11
owa.contoso.com CNAME Mail.contoso.com
autodiscover.contoso.com A 172.16.10.11
How do I configure my internal DNS records?
You choose whether you want users to use the same URL on your
intranet and on the Internet to access your Exchange server or
whether they should use a different URL. What you choose depends on
the addressing scheme youhave in place already or that you want to
implement. If youre implementing a new addressing scheme, we
recommend that you use the same URL for both internal and external
URLs. Using the same URL makes it easier for users toaccess your
Exchange server because they only have to remember one address.
Regardless of the choice you make, you need to make sure you
configure a private DNS zone for the address space you configure.
For moreinformation about administering DNS zones, see
Administering DNS Server.
Configure internal and external URLs to be the same
To send users to your Exchange 2013 Client Access server, you
need to configure the existing DNS host (A) record on your internal
DNS servers. The internal DNS records should point to the internal
host name and IP address ofyour Exchange 2013 Client Access server.
The internal host names you use should match the external host
names, for example, mail.contoso.com and owa.contoso.com. The
following are examples of recommended DNS recordsthat you should
create to enable mail flow and external client connectivity.
Important:
Before you make any changes to your DNS records, we strongly
recommend that you reduce the time to live (TTL) values of each DNS
record you want to change to its minimum interval. The TTL value
determines how long aDNS record stays cached on DNS servers. A
smaller interval, such as 5 or 10 minutes, will allow you to
reverse any changes faster in the event you need to revert back to
your original configuration. If you do need to change theTTL of
your DNS records, don't make any other changes until the original
TTL interval has passed.
FQDN DNS record type Value
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
27 of 32 8/14/2013 6:34 PM
-
mail.contoso.com CNAME Ex2013.corp.contoso.com
owa.contoso.com CNAME Ex2013.corp.contoso.com
autodiscover.contoso.com A 192.168.10.10
Configure different internal and external URLs
To send users to your Exchange 2013 Client Access server, you
need to configure the existing DNS host (A) record on your internal
DNS servers. The internal DNS records should point to the internal
host name and IP address ofyour Exchange 2013 Client Access server.
The following are examples of recommended DNS records that you
should create to enable mail flow and external client
connectivity.
Important:
Before you make any changes to your DNS records, we strongly
recommend that you reduce the time to live (TTL) values of each DNS
record you want to change to its minimum interval. The TTL value
determines how long aDNS record stays cached on DNS servers. A
smaller interval, such as 5 or 10 minutes, will allow you to
reverse any changes faster in the event you need to revert back to
your original configuration. If you do need to change theTTL of
your DNS records, don't make any other changes until the original
TTL interval has passed.
FQDN DNS record type Value
internal.contoso.com CNAME Ex2013.corp.contoso.com
autodiscover.contoso.com A 192.168.10.10
How do I know this worked?
To verify that you have successfully configured your public DNS
records, do the following:
Open a command prompt and run nslookup.exe.1.Change to a DNS
server that can query your public DNS zone.2.In nslookup, look up
the record of each FQDN you created. Verify that the value that's
returned for each FQDN is correct.3.
Now, verify that you can access your Exchange 2013 server using
your primary host name. Using a computer outside of your internal
network, open your favorite browser and browse to the Outlook Web
Access URL of the Exchange2013 server, for example,
https://mail.contoso.com/owa. Perform the two following tests:
Log into an Exchange 2013 mailbox Log into an Exchange 2013
mailbox and verify that you can access the contents of the mailbox
without any certificate warnings or other errors. Log out and close
your browser. If youneed to create a new Exchange 2013 mailbox, see
Create User Mailboxes.Log into an Exchange 2007 mailbox Log into an
Exchange 2007 mailbox. When you log into this mailbox, you will be
redirected to your Exchange 2007 Client Access server (the URL in
the browser address bar with switchfrom mail.contoso.com to
legacy.contoso.com). Verify that you are logged in successfully,
that you can access the contents of the mailbox, and that you don't
receive any certificate warnings or other errors.Test inbound and
outbound mail flow Send a message from an external mail provider,
such as outlook.com, to Exchange 2013 and Exchange 2007 mailboxes.
Verify that the message is received successfully. Reply to
themessage from each mailbox and verify that the external recipient
receives the message. You can also examine the message headers of
the messages you sent and received to verify the path the message
took using theMessage Analyzer in the Microsoft Remote Connectivity
Analyzer.
With the exception of the mail flow test, repeat the previous
tests from a computer inside your network to test your internal DNS
configuration. If you've configured your internal DNS records to
use the same host names as yourexternal DNS, attempt to access an
Exchange 2013 and Exchange 2007 mailbox using those host names, for
example mail.contoso.com or owa.contoso.com. If you've configured
your internal DNS records to use a different hostname, attempt to
access an Exchange 2013 and Exchange 2007 mailbox using the
internal host name, for example internal.contoso.com.
Having problems? Ask for help in the Exchange forums. Visit the
forums at: Exchange Server, Exchange Online, or Exchange Online
Protection
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
28 of 32 8/14/2013 6:34 PM
-
Finalize Your Deployment
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-us/exdeploy2013/PrintChecklist?state=1...
29 of 32 8/14/2013 6:34 PM
-
Post-configuration tasks After you complete a new installation
of Exchange 2013, add an additional Exchange 2013 server role to an
existing Exchange 2013 server, or install Exchange 2013 in an
existing organization, you should consider thepost-installation
tasks. The post-installation tasks will help you verify the
installation and configure the components that you have just
installed.
Product key
When you install Exchange 2013, your server is licensed as a
trial edition. The trial edition expires 120 days after the date of
installation. A server that has a trial edition license functions
as an Exchange Standard Edition server, but itisn't eligible for
support from Microsoft support services. If you have Exchange 2013
servers for which the trial edition has expired, Exchange displays
a separate warning for each expired server. You need to enter a
product keybefore the trial edition expires if you want to continue
using Exchange 2013 on the server.
Learn more: Enter Product Key
Permissions configuration
For the purposes of the Exchange Deployment Assistant, your
administrator account was granted permissions that you might not
need going forward. You should verify that this account doesn't
have more permissions thanrequired to configure and manage your
Exchange 2013 environment.
Role Based Access Control