Hybrid Exchange 2010 To Hybrid Exchange 2016 - Part Two

In this series of 2 articles, I have covered the migration from Hybrid Exchange 2010 to Hybrid Exchange 2016.

Part 1 of this article covered the basics, i.e., Exchange 2016 installation and side-by-side hybrid license activation. In this part 2, we will cover the configuration update and migration of Hybrid Exchange 2010 to Hybrid Exchange 2016.
 

Update the Service Connection Point (SCP)

 
Open Exchange Management Shell to run the following command.
 
Get-ClientAccessServer -Identity “Server Name” | fl
 
Hybrid Exchange 2010 To Hybrid Exchange 2016 
 
Note the auto discover URL https://<FQDN>/Autodiscover/Autodiscover.xml
 
Set-ClientAccessServer -Identity “New Server Name FQDN “ -AutoDiscoverServiceInternalURI https://<FQDN>/Autodiscover/Autodiscover.xml
 
To check the update, run this command.
 
Get-ClientAccessServer -Identity “New Server name” |fl
 
Hybrid Exchange 2010 To Hybrid Exchange 2016 
 

Import the Exchange UCC certificate

 
Note: Before importing the certificate, make sure you have added the new Exchange Server FQDN as DNS in your exchange certificate.
 
To import the certificate from the Exchange Admin Center, the file path should be \\Localhost\c$\Cert\cert.pfx
 
Put the certificate password if you are running ECA from the new Exchange Server.
 
Hybrid Exchange 2010 To Hybrid Exchange 2016
 
Hybrid Exchange 2010 To Hybrid Exchange 2016 
 

Update Exchange Virtual Directories & Outlook Anywhere settings

 
Hybrid Exchange 2010 To Hybrid Exchange 2016 
 
$ServerName = “Exch01(FQDN For server)”
$FQDN = “Web address you want to use” (Ie. Webmail.company.com)
 
Get-OWAVirtualDirectory -Server $ServerName | Set-OWAVirtualDirectory -InternalURL https://$($FQDN)/owa -ExternalURL “https://$($FQDN)/owa”
 
Get-ECPVirtualDirectory -Server $ServerName | Set-ECPVirtualDirectory -InternalURL “https://$($FQDN)/ecp” -ExternalURL “https://$($FQDN)/ecp”
 
Get-OABVirtualDirectory -Server $ServerName | Set-OABVirtualDirectory -InternalURL “https://$($FQDN)/oab” -ExternalURL “https://$($FQDN)/oab”
 
Get-ActiveSyncVirtualDirectory -Server $ServerName | Set-ActiveSyncVirtualDirectory -InternalURL https://$($FQDN)/Microsoft-Server-ActiveSync -ExternalURL “https://$($FQDN)/Microsoft-Server-ActiveSync”
 
Get-WebServicesVirtualDirectory -Server $ServerName | Set-WebServicesVirtualDirectory -InternalURL “https://$($FQDN)/EWS/Exchange.asmx” -ExternalURL https://$($FQDN)/EWS/Exchange.asmx -BasicAuthentication $true
 
Get-MapiVirtualDirectory -Server $ServerName | Set-MapiVirtualDirectory -InternalURL “https://$($FQDN)/mapi” -ExternalURL “https://$($FQDN)/mapi”
 
Get-OutlookAnywhere -Server $ServerName | Set-OutlookAnywhere -ExternalHostname $FQDN -InternalHostname $FQDN -ExternalClientsRequireSsl $true -InternalClientsRequireSsl $true -DefaultAuthenticationMethod NTLM
 
Hybrid Exchange 2010 To Hybrid Exchange 2016 
 
IIS setting to make sure everything works.
 
SSL Settings and HTTP Redirect settings for all virtual directories in Exchange 2016 and ensure it is set properly.
 
Virtual Directory SSL enabled HTTP Redirect
Default website NO Yes
aspnet_client Yes NO
Autodiscover Yes NO
ecp Yes NO
EWS Yes NO
owa Yes NO
Microsoft-Server-ActiveSync Yes NO
OAB Yes NO
PowerShell NO NO
Rpc Yes NO
 

Add anonymous SMTP relay connector

 
PowerShell to create custom Receive Connector
 
New-ReceiveConnector -Name "External" -Usage Custom -TransportRole FrontendTransport -AuthMechanism Tls,Integrated,BasicAuth,ExchangeServer -PermissionGroups AnonymousUsers, ExchangeUsers, ExchangeServers, ExchangeLegacyServers, Partners -Bindings X.X.X.X:25 -RemoteIPRanges Y.Y.Y.Y -MaxMessageSize 25MB
 
X.X.X.X will be your Exchange Server IP
Y.Y.Y.Y will be your client Application Server or IP pool
 

Update DNS and firewall rules, and update send connectors

 
Now, we can update any local DNS entries like “mail.” or “autodiscover.” The traffic on the local LAN segment will start to flow through the new Exchange Server.
 
To make the same change for external users/services, you can just update your firewall NAT rules to point at the new server as well update the send connectors to new Server For Outbound to EOP and Outbound to Office 365
 
Hybrid Exchange 2010 To Hybrid Exchange 2016 
 

Uninstall the Legacy Exchange Server

 
#Remove default Public folders
Get-PublicFolder "\" -Recurse -ResultSize:Unlimited |
Remove-PublicFolder -Recurse -ErrorAction:SilentlyContinue
 
#Remove system Public folders
Get-PublicFolder "\Non_Ipm_Subtree" -Recurse -ResultSize:Unlimited |
Remove-PublicFolder -Recurse -ErrorAction:SilentlyContinue
 
Hybrid Exchange 2010 To Hybrid Exchange 2016 
 
#Remove Offline Address Book
Get-OfflineAddressBook -Server “Old Server “ | Remove-OfflineAddressBook
 
Hybrid Exchange 2010 To Hybrid Exchange 2016 
 
#Remove Public Folder database (Exchange 2010 Only)
Get-PublicFolderDatabase | Remove-PublicFolderDatabase
 
#Remove arbitration mailboxes (Exchange 2010 Only)
Get-Mailbox -Arbitration | Disable-Mailbox -Arbitration -DisableLastArbitrationMailboxAllowed
 
Hybrid Exchange 2010 To Hybrid Exchange 2016 
 
#Remove mailboxes
Get-Mailbox -server “ Old Server “ | Disable-Mailbox
 
Exchange uninstaller -- Run command Prompt as administrator, Navigate to C:\Program Files\Microsoft\Exchange Server\v14\Bin and run:
setup.com /mode:uninstall
 

Run the new hybrid configuration wizard

 
By running Hybrid Configuration wizard we update all the setting between Exchange Online and Exchange On-Prem. Like Send connector, Receive connector, and certificate for Secure mail flow.
 
Hybrid Exchange 2010 To Hybrid Exchange 2016
 
Hybrid Exchange 2010 To Hybrid Exchange 2016
 
Hybrid Exchange 2010 To Hybrid Exchange 2016
 
Hybrid Exchange 2010 To Hybrid Exchange 2016
 
Hybrid Exchange 2010 To Hybrid Exchange 2016
 
Hybrid Exchange 2010 To Hybrid Exchange 2016
 
Hybrid Exchange 2010 To Hybrid Exchange 2016
 
Hybrid Exchange 2010 To Hybrid Exchange 2016 
 
In this part we have covered Step by Step configuration update and migration of Hybrid Exchange-2010 to Hybrid Exchange 2016.
 
Feel free to reach out if you have any question or concerns.
 
Thank you for reading.