Upgrade Azure AD Connect

Upgrade Azure AD Connect KB ID 0001813

Problem

On 15th March 2023 support for the following Azure AD Connect sync versions will be removed;

  • 2.0.91.0
  • 2.0.89.
  • 2.0.88.0
  • 2.0.28.0
  • 2.0.25.1
  • 2.0.10.0
  • 2.0.9.0
  • 2.0.8.0
  • 2.0.3.0

So plan in some maintenence and upgrade yours, at time of writing the current version is 2.1.20.0, so you can still upgrade if you running an older version.

Upgrade Azure AD Connect: Solution

Before you start it’s worth taking a few minutes to see how your current connector is configured, by simply running the shortcut it will stop replication and give you the option to look at how its currently configured.

Find Azure AD Connect Version

To check what version you are actually running;

[box]

Import-Module ADSync
(Get-ADSyncGlobalSettings).Parameters | select Name,Value

[/box]

Note: Above you can see I’m running 2.1.16.0 so I would still be OK, but let’s upgrade it anyway.

Test Azure AD Connector Health

Open the Syncronisation Service Manager, and have a look in your 365 portal, to make sure everything is running healthily.

Upgrade Azure AD Connect

This could not be simpler, download the new software, run it and supply an administrative account for your subscription, the upgrade will take about 10 – 15  minutes, go grab a coffee.

Once complete, rerun the same command you used above, to ensure the version number is now updated.

Then force a sync with the following command, and watch the service manager while it runs though each stage (it may take a few minutes, and look like it’s doing nothing, be patient!)

[box]

Start-ADSyncSyncCycle -PolicyType Delta

[/box]

Note: You can use PolicyType Initial that will take a LOT longer, (and sync everything). Usually a delta sync will be absolutely fine.

Related Articles, References, Credits, or External Links

NA

Find Modified Files In a Folder (By Age and Date)

Find Modified Files In a Folder KB ID 0001812

Problem

You need to find a modified file in a folder, there are a few ways to do this, the best options are via PowerShell, but you can also use the search function in Normal Windows Explorer.

Solution Find Modified Files In a Folder: Graphically

Strangely the option you want you cannot see unless you click into the search field, once you do that Search will be visible on the menu ribbon.

Seelct Date Modified, then choose an option.

Solution Find Modified Files In a Folder: PowerShell

Any ‘mundane’ task is always done better with a bit of scripting!

Find Modified Files in a Folder (In the last month)

Use the following syntax,

[box]

$timerange (Get-Date).AddMonths(-1)
Get-Children C:\FOLDER-NAME -File | Where-Object {$_.LastWriteTime -ge $timerange}

[/box]

Note: you can use something like .AddDays(-30)  also if you prefer.

Find Modified Files in a Folder and all sub-folders (In the last month)

Use the following syntax,

[box]

$timerange (Get-Date).AddMonths(-1)
Get-Children C:\FOLDER-NAME -File -Recurse | Where-Object {$_.LastWriteTime -ge $timerange}

[/box]

Find Modified Files in a Folder and all sub-folders (and output to CSV)

To take that output and put it into a CSV file use the following synatax.

[box]

$timerange (Get-Date).AddMonths(-1)
Get-ChildItem E:\Dropbox -File -Recurse | Where-Object {$_.LastWriteTime -ge $timerange} | Select-Object -Property Name, BaseName, Extension, FullName, DirectoryName, LastWriteTime, Length | Export-Csv -NoTypeInformation -Path C:\Temp\MODIFIED-FILES.csv

[/box]

Find Modified Files in a Folder and all sub-folders (Between Certain Dates)

Use the following syntax

[box]

Get-ChildItem E:\Dropbox -File -Recurse | Where-Object {($_.LastWriteTime -ge '2022-01-01') -and ($_.LastWriteTime -le '2022-12-31')} | Select-Object FullName, LastWriteTime

[/box]

Note: Unfortunately you have to format the dates in YYYY-MM-DD format.

Related Articles, References, Credits, or External Links

NA

Ads.txt Broken (https://linkprotect)

Ads.txt Broken KB ID 0001811

Problem

Here at PNL we had a problem with the sites ads.txt file recently. My ad vendor was telling me that it was being corrupted and my host was adding links that looked like I was behind a Barracuda. As I build the server from the ground up I knew this NOT to be the case.

Solution: Ads.txt Broken

The first thing I did was check the file I uploaded (from my LAPTOP before it was uploaded) and…

Which was exactly the same as when I checked the online version. So I was pretty sure I’d uploaded a broken one, I asked for a ‘known good working one‘ When the Engineer on the call said “Sometimes when these files are send via email a Barracuda will alter them”.

Penny Dropped

When I checked, I’d replied from my work email and the good folk at Newormedia had replied to that address, and indeed my coporate email  address is behind a Baracuda. I asked them to send the file to my personal address, and hey presto!

Here’s a before and after for clarity

Related Articles, References, Credits, or External Links

Massive shout out to Kawal at Newormedia!

StalledDueToTarget_Processor ?

StalledDueToTarget_Processor KB ID 0001810

Problem

If you have a mailbox move that’s showing as StalledDueToTarget_Processor, that’s quite common (I see that a lot).

Solution: StalledDueToTarget_Processor

Firstly how long have you waited? I see this when I’m moving a LOT of mailboxes, and most of the time this problem resolves itself – if you are patient enough, (and your users will be unaffected while this is going on).

If you have waited and there’s still no movement, you can try the following, locate the MSExchangeMailboxReplicaiton.exe.config file (it will be in your exchange/bin folder).

Edit the file, locate ‘MaxMRSConnections’ value and change it to 20, then save the file.

Note: I change these values on the source and destination Exchange servers, But documentation says you only need to do it on the sourse server.

Then restart the Microsodt Exchange Replication service on BOTH Exchange servers

[box]

Get-Service -Computername OTHER-EXCHANGE-SERVER -Name MSExchangeRepl | Restart-Service
Restart-Service MSExchangeRepl

[/box]

Update Feb 2023: I was moving about 1000 mialboxes, and roughly a third were stuck in StalledDueToTarget_Processor. So ‘after working hours‘ I rebooted both Exchange servers, and the status changed to failed. I cancelled the move requests, and restarted the migration, this time thay all completed sucessfully.(PL)

Related Articles, References, Credits, or External Links

Mailbox Move ‘StalledDueToMailboxLock’

Windows Server 2022 Domain Join

Server 2022 Domain Join KB ID 0001809

Problem

To join Windows Server 2022 to a Domain (Local Domain). The end proces is the same as it’s always been, they’ve just made the job of getting to there a little more convoluted, (this is the same with Windows 11).

Solution: Server 2022 Domain Join

Whilst logged in as a (local) administrative user, click the Windows button > Settings.

System.

About.

Advanced system settings.

Computer name > Change.

Select the domain radio button > Type in the domain name (must be resolvable in DNS, if in doubt try ‘pinging‘ the domain name” > OK > Enter a domain credential that has right to add machines to a domain. (Here I’m using the domain admin account, but normally a domain user can add a number (10 by default) of machines to a domain) > OK.

    

BUG / BAD UI ALERT: Minimise the window (because the popup box you are waiting for will appear behind it (please fix this Microsoft!)) > OK.

OK > OK.

Close.

Restart Now.

Post reboot, log in with domain credentials.

     

PowerShell: Server 2022 Domain Join

Open an Administrative PowerShell window.

Use the following command;

[box]

Add-Computer -DomainName pnl.com

[/box]

Enter a domain credential that has right to add machines to a domain. (Here I’m using the domain admin, but normally a user can add a number (10 by default) of machines to a domain) > OK.

After a few seconds, it should tell you to reboot, you can do so by entering;

[box]

Restart-Computer

[/box]

PowerShell: Remove Windows Server 2022 from a Domain

Open an Administrative PowerShell window. Use the following commands;

[box]

Remove-Computer
Restart-Computer

[/box]

Note: This will place the machine in a workgroup called WORKGROUP.

Related Articles, References, Credits, or External Links

How to Join Windows 11 to a Domain

How to Join a Windows Domain

Cannot Join Domain?

Exchange 2013 to 2019 Upgrade

Exchange 2013 to 2019 Upgrade KB ID 0001808

Exchange 2013 to 2019 Upgrade

With Exchange 2013 going end of support (11 Apr 2023) you should be migrating away from it as soon as you can, (as it’s only supported on up to Server 2012 R2), so you should have migrated off it already! It’s been some time since Exchange had any ‘major’ redesigns, 2013 was version 15, 2016 was version 15.1, and 2019 is Version 15.2.

So the Exchange 2013 > 2019 Migration is pretty much the same as it was from 2013 > 2016, or even 2016 > 2019. 

  •  There should be NO Exchange 2010 servers in existence before deploying Exchange 2019. You would need to upgrade to 2013 (CU21 minimum)/2016 (CU 11 minimum) first.
  • There’s no Unified Comms Role with Exchange any more! If you need to upgrade look at Microsoft Teams.
  • Forest Functional Levels should be, (at least) Server 2012 R2.
  • WARNING: Memory recommendations are 128GB (Mailbox server) and 64GB (Edge Transport server). Make sure you have enough compute!
  • Edge Server Role is still supported.
  • Windows Server Core (2019/2022) is supported with Exchange 2019.
  • Windows Server Nano is NOT supported.
  • Windows Server 2019 (Standard or Datacenter) and Windows Server 2022 (Standard or Datacenter) Note: Exchange 2019 CU 12 minimum, are supported host Operating systems.
  • Outlook 2013 (and newer), and Outlook for mac 2016 (and newer) is supported.

Exchange 2013 to 2019 Upgrade: Solution

As with all Exchange migrations make sure your Active Directory Domain/DNS/Existing Exchange organisation is healthy before you start. Then upgrade the existing Exchange to the latest cumulative update.

Exchange 2013 to 2019 Upgrade Prerequisites

You will need your Server 2019 or Server 2022 server fully updated and added to your domain, then to add the required roles and services use the following Powershell commands;

Exchange 2013 to 2019 Upgrade: Adding Exchange Server Roles

[box]Install-WindowsFeature NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS[/box]

Note: Now Required on Server 2019: You will need to install .Net 4.8 (link)

For Server 2022: You DON’T need to do this, (it’s already installed).

You need to install the Microsoft Unified Communications API 4.0 (link)

 

You will also need to install Microsoft Visual C++ (link)

You will also now have to install the ‘IIS Rewrite Module’ (link)

Either download the Exchange 2019 install media, or insert the Exchange 2019 DVD, and launch setup.exe > Next > Next > Files will be copied over.

Don’t I need to extend the schema, forest or domain? The setup does all this for you, you don’t need to do this manually anymore, (yes you can manually do this before installing, if you want to, but unless your schema master is in a different root domain, or you’re not a schema admin, then I don’t see the point!)

Introduction Page > Next > At the EULA tick “I Accept…” > Next > Tick “Use Recommended settings” > Next.

Select ‘Mailbox role’, and ‘Automatically install Windows Server roles and features…” > Next > Select the install directory, Note: In production you probably DON’T want this on the Windows System drive > Next > Unless you have a reason to disable Malware scanning then select ‘No’ > Next.

Readiness Checks > Fix any Errors and heed any warnings > Install > The product will install, this will take a long time!

Finish > Reboot the server.

And there’s our new Exchange 2019 Server.

Exchange 2019 EnterProduct Key

Servers > Servers > Select the 2019 Exchange Server > Enter Product Key  > Save

At the warning click OK.

Note: You can also enter the product key using the PoweShellCommand Shell’, if you prefer.

[box]

Set-ExchangeServer {Host-name} -ProductKey 12345-12345-12345-12345-12345

[/box]

 

As directed Restart the ‘Microsoft Exchange Information Store‘ service.

[box]

Restart-Service MSExchangeIS

[/box]

Transfer Exchange Certificate to Exchange 2019

Note: The ability to Export, Import & Renew certificates and creation/completion of certificate requests has been removed from the Exchange Admin Center. These changes will affect all cumulative update (CU) releases of Microsoft Exchange Server 2019 (CU12 and later) and Microsoft Exchange Server 2016 (CU23 and later).

I will leave the older (GUI) method, below for completeness – but all modern Exchange builds will need you to Open the Exchange Management Shell and perform the certificate migration via PowerShell

Transfer Certificates (PowerShell)

On your C: drive create a new folder called CERT  > Open an Administrative Exchange Managment Shell window on the SOURCE Exchange server.

[box]

Get-ExchangeCertificate -Server {Server-Name}

[/box]

Identify the certificate you require (by Subject) > Copy the Thumbprint text > Replace the thumbprint in this text with your thumbprint, then execute the following two  commands.

[box]

$Cert = Export-ExchangeCertificate -Thumbprint 4896265B267C38D39314121C7C6550C6E4DD23AB -BinaryEncoded -Password (ConvertTo-SecureString -String 'PASSWORD' -AsPlainText -Force)

[System.IO.File]::WriteAllBytes('\\New-Server-Name\C$\CERT\CertEx.pfx', $Cert.FileData)

[/box]

Remeber you will need to enable the certificate for the correct services also e.g.

[box]

Get-ExchangeCertificate -Server {New-Server-Name}

COPY the THUMBPRINT

Enable-Exchange Certificate –Thumbprint {Thumb-Print} -Service IIS,SMTP

[/box]

Transfer Certificates (ExchangeAdmin Centre {Older build versions only})

I’m using a wildcard certificate so I want to export the cert form my Exchange 2013 server and import it onto my new Exchange 2019 Server. You will want to do the same if you have a certificate with your public domain name on it and this will be your ‘internet facing’ Exchange server. Servers > Certificates > Select the Exchange 2013 Server, in the drop down menu > Select The Certificate > Click the ellipsis (three dots) > Export Exchange Certificate > Supply a UNC path and password > OK.

Change the Dropdown to the Exchange 2019 Server > Click the ellipsis > Import Exchange Certificate > Supply the UNC path and password you used (above) > Next.

Add in the Exchange 2019 Server > Finish.

Exchange 2013 to 2019 Upgrade Exchange 2019 Assign Services to Certificate

Select the newly imported certificate> Edit > Services > Select the services > Save > Note: Here I’m selecting SMTP and IIS. (You can’t use a wildcard cert for IMAP,POP).

Exchange 2019 Changing the Exchange Web Services URLs

Exchange relies heavily on web based services, and it needs the URLs setting accordingly (remember for Outlook Anywhere/OWA etc you might need to change firewall settings or repoint load balancers WAP server etc to the NEW 2019 server (and let it proxy these connections to the older Exchange servers, while they still exist).

[box]

Get-WebServicesVirtualDirectory -Server EXCH-2019 | Set-WebServicesVirtualDirectory -InternalUrl https://mail.domainx.com/ews/exchange.asmx -ExternalURL https://mail.domainx.com/ews/exchange.asmx

Set-OWAVirtualDirectory -identity "EXCH-2019\owa (Default Web Site)" -InternalURL https://mail.domainx.com/owa -ExternalURL https://mail.domainx.com/owa

Get-OABVirtualDirectory -Server EXCH-2019 | Set-OABVirtualDirectory -InternalURL https://mail.domainx.com/OAB -ExternalURL https://mail.domainx.com/OAB

Get-ECPVirtualDirectory -Server EXCH-2019 | Set-ECPVirtualDirectory -InternalURL https://mail.domainx.com/ECP -ExternalURL https://mail.domainx.com/ECP

Get-MAPIVirtualDirectory -Server EXCH-2019 | Set-MAPIVirtualDirectory -InternalURL https://mail.domainx.com/MAPI -ExternalURL https://mail.domainx.com/MAPI -IISAuthenticationMethods NTLM,Negotiate

Get-ActiveSyncVirtualDirectory -Server EXCH-2019 | Set-ActiveSyncVirtualDirectory -InternalURL https://mail.domainx.com/Microsoft-Server-ActiveSync -ExternalURL https://mail.domainx.com/Microsoft-Server-ActiveSync

Set-OutlookAnywhere -identity "EXCH-2019\RPC (Default Web Site)" -ExternalHostname mail.domainx.com -InternalHostname mail.domainx.com -InternalClientsRequireSSL $true -ExternalClientsRequireSsl $true -ExternalClientAuthenticationMethod:NTLM

Set-ClientAccessService -Identity EXCH-2019 -AutoDiscoverServiceInternalUri https://mail.domainx.com/Autodiscover/Autodiscover.xml

[/box]

Exchange 2019 Rename Mailbox Database

Servers > Databases > Exchange always gives databases annoying names > Select the Database on the 2019 Exchange Server > Edit > Rename it  > Save.

Note: The path to the Database retains the original name (we will fix that in the next step).

 

Exchange 2013 to 2019 Upgrade: Move Mailbox Database

I’m pretty old school, I like my Exchange databases on their own drive/partition, and I like the logs on another drive/partition. To move both the Database and the Logs;

[box]

Move-DatabasePath -Identity Database-Name -EdbFilePath X:\Folder\Database\Database-Name.edb -LogFolderPath L:\Folder\Log-Folder\

[/box]

Add Exchange 2019 to the Send Connector

Mail Flow > Send Connectors > Select your mail SMTP connector(s) > Edit > Scoping > Source Server section > Add > Add in the new server > OK > Save.

Note: The Exchange server will now need to have TCP port 25 (SMTP) open outbound on your corporate firewall.

Hybrid (On-Prem) Exchange Migration Note

If your on-premise Exchange is part of an Office 365 Hybrid deployment you will need to add the new server to the ‘scope’ for that connector also!

Exchange 2013 to 2019 Upgrade: Decommission Exchange 2013

From this point forward we are going to start getting rid of our Exchange 2013 server, they can of course coexist, (if you wanted to wait a while).

For that reason I change the ‘mail flow’ on the firewall to point to the new Exchange server at this point, and the HTTP access for OWA, Outlook Anywhere,  and Phone/Tablet access.

Exchange 2013 to 2019 Upgrade Exchange 2013 Mailbox Migration

Yes you can do this in the Exchange Admin Center (GUI), but I prefer to do this in PowerShell. But if I don’t put this here, I’ll get emails! Recipients > Migration  > Add > Move to a different Database > Add in the mailboxes/users > Next.

Give the ‘Batch’ a name > Select to move Archive mailboxes (if you have them) > Select the destination (Exchange 2019) Database > Again if using archive mailboxes, select the target archive mailbox database > Set the bad Item limit to 99 > Next > Select Automatically Start > Select Automatically Finish > New. 

From this point, this is where I don’t like the EAC it takes AGES to update with progress! From the Exchange Shell you can get an up to date view of that is going on!

[box]

Get-MoveRequest | Get-MoveRequestStatistics

[/box]

For a better list of commands for moving user mailboxes, monitoring the migration, (and removing the move requests when you are finished). See the following article;

Exchange: PowerShell Commands

With ALL Mailboxes migraitons, DON’T FORGET that on sucessfull completion, you need to remove the move requests. (If somehting fails, or displays an error, don’t forget to search for that error (above) before going to Google!

Exchange 2013 to 2019 Upgrade: Migrating Exchange System Mailboxes

Before you start issue the following command;

[box]

Set-AdServerSettings -ViewEntireForest $true

[/box]

In addition to the user mailboxes there are a multitude of different ‘System mailboxes’ that might be hanging around, before we can get rid of the Exchange 2013 Database(s) we need to migrate those.

Firstly AuditLog Mailboxes

[box]

Get-Mailbox -AuditLog -Database "Mailbox-Database-2013"

[/box]

If there are any!

[box]

Get-Mailbox -AuditLog -Database "Mailbox-Database-2013" | New-MoveRequest -TargetDatabase "Mailbox-Database-2019"

[/box]

Then Arbitration Mailboxes

[box]

Get-Mailbox -AuditLog -Database "Mailbox-Database-2013" -Arbitration

[/box]

If there are any!

[box]

Get-Mailbox -AuditLog -Database "Mailbox-Database-2013" -Arbitration | New-MoveRequest -TargetDatabase "Mailbox-Database-2019"

[/box]

Then Monitoring Mailboxes

[box]

Get-Mailbox -Monitoring -Server "Mail-2013"

[/box]

If there are any!

[box]

Get-Mailbox -Monitoring -Server "Mail-2013" | New-MoveRequest -TargetDatabase "Mailbox-Database-2019"

[/box]

Make sure there are no archive mailboxes;

[box]

Get-Mailbox -Auditlog -Database “Database-Name” -Archive

[/box]

If there are, move them, (as above).

Also move any  Discovery mailboxes, and move them to 2019;

[box]

Get-Mailbox DiscoverySearchMailbox* | New-MoveRequest -TargetDatabase “Mailbox-Database-2019

[/box]

Exchange 2013 to 2019 Upgrade Migrating Public Folders 

Remember after Exchange 2013 these are just mailboxes! You can move them like any other mailbox 🙂

Delete Exchange 2016 Database(s)

When you are 100% sure there’s nothing left on the old database(s) remove them;

[box]

Get-MailboxDatabase -Identity "Mailbox-Database-2013" | Remove-MailboxDatabase

[/box]

Uninstall Exchange 2013

Your install directory may not be on the C: drive so change your path accordingly;

[box]

cd "C:\Program Files\Microsoft\Exchange Server\V15\Bin
setup.exe /mode:uninstall

[/box]

At this point make sure your backup/replication software is pointed to the new Exchange 2019 Server.

 

Note: If you are running an On-Premise Exchange in Hybrid mode, and post migration if you have any mail flow problems see the following article;

No Mail Flow On-Premise To/From Office 365

Related Articles, References, Credits, or External Links

Exchange 2019 Migration from Exchange 2016

Exchange 2019 Migration from Exchange 2016

KB ID 0001472

Exchange 2019 Migration

If Exchange 2016 was Exchange 2013 in a pretty dress, then with Exchange 2019 it’s simply added a hat. In the past, every third Exchange release was a major rebuild, but Exchange 2016 is simply Exchange version 15.1 (Exchange 2013 was 15.0 and Exchange 2016 is version 15.1).

So the Exchange 2019 Migration is pretty much the same as it was from 2013 > 2016, or even 2016 > 2016. 

  •  There should be NO Exchange 2010 servers in existence before deploying Exchange 2019. You would need to upgrade to 2013 (CU21 minimum)/2016 (CU 11 minimum) first.
  • There’s no Unified Comms Role with Exchange any more! If you need to upgrade look at Microsoft Teams.
  • Forest Functional Levels should be, (at least) Server 2012 R2.
  • WARNING: Memory recommendations are 128GB (Mailbox server) and 64GB (Edge Transport server). Make sure you have enough compute!
  • Edge Server Role is still supported.
  • Windows Server Core (2019/2022) is supported with Exchange 2019.
  • Windows Server Nano is NOT supported.
  • Windows Server 2019 (Standard or Datacenter) and Windows Server 2022 (Standard or Datacenter) Note: Exchange 2019 CU 12 minimum, are supported host Operating systems.
  • Outlook 2013 (and newer), and Outlook for mac 2016 (and newer) is supported.

Solution

As with all Exchange migrations make sure your Active Directory Domain/DNS/Existing Exchange organisation is healthy before you start. Then upgrade the existing Exchange to the latest cumulative update.

Exchange 2019 Prerequisites

You will need your Server 2012R2 or Server 2016 server fully updated and added to your domain, then to add the required roles and services use the following Powershell commands for Server 2012, 2016 and 2019;

Server 2016 / 2012 R2

[box]Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS[/box]

Server 2019

[box]Install-WindowsFeature NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS[/box]

Now Required on Server 2012 R2, 2016, and 2019: You will need to install .Net 4.8 (link).

Server 2022: .Net 4.8 is already included in Server 2022!

You need to install the MS Unified Communications API 4.0 (link).

You will also need to install Microsoft Visual C++ (link)

You will also now have to install the ‘IIS Rewrite Module’ (link)

Either download the Exchange 2019 install media, or insert the Exchange 2019 DVD, and launch setup.exe > Next > Next > Files will be copied over.

Don’t I need to extend the schema, forest or domain? The setup does all this for you, you don’t need to do this manually anymore, (yes you can manually do this before installing, if you want to, but unless your schema master is in a different root domain, or you’re not a schema admin, then I don’t see the point!)

Introduction Page > Next > At the EULA tick “I Accept…” > Next > Tick “Use Recommended settings” > Next.

Select ‘Mailbox role’, and ‘Automatically install Windows Server roles and features…” > Next > Select the install directory, Note: In production you probably DON’T want this on the Windows System drive > Next > Unless you have a reason to disable Malware scanning then select ‘No’ > Next.

Readiness Checks > Fix and Errors and heed any warnings > Install > The product will install, this will take a long time!

Finish > Reboot the server.

An there’s our new Exchange 2019 Server.

Exchange 2019 EnterProduct Key

Servers > Servers > Select the 2019 Exchange Server > Enter Product Key  > Save

Note: On the pre-release version of Exchange 2019, the Exchange 2016 keys worked fine.

At the warning click OK.

Note: You can also enter the product key using the Command Shell, if you prefer.

[box]

Set-ExchangeServer {Host-name} -ProductKey 12345-12345-12345-12345-12345

[/box]

As directed Restart the ‘Microsoft Exchange Information Store’ service.

[box]Restart-Service MSExchangeIS[/box]

Transfer Exchange Certificate to Exchange 2019

Note: The ability to Export, Import & Renew certificates and creation/completion of certificate requests has been removed from the Exchange Admin Center. These changes will affect all cumulative update (CU) releases of Microsoft Exchange Server 2019 (CU12 and later) and Microsoft Exchange Server 2016 (CU23 and later).

I will leave the older (GUI) method, below for completeness – but all modern Exchange builds will need you to Open the Exchange Management Shell and perform the certificate migration via PowerShell

Transfer Certificates (PowerShell)

On your C: drive create a new folder called CERT  > Open an Administrative Exchange Managment Shell window on the SOURCE Exchange server.

[box]

Get-ExchangeCertificate -Server {Server-Name}

[/box]

Identify the certificate you require (by Subject) > Copy the Thumbprint text > Replace the thumbprint in this text with your thumbprint, then execute the following two  commands.

[box]

$Cert = Export-ExchangeCertificate -Thumbprint 4896265B267C38D39314121C7C6550C6E4DD23AB -BinaryEncoded -Password (ConvertTo-SecureString -String 'PASSWORD' -AsPlainText -Force)

[System.IO.File]::WriteAllBytes('\\New-Server-Name\C$\CERT\CertEx.pfx', $Cert.FileData)

[/box]

Remeber you will need to enable the certificate for the correct services also e.g.

[box]

Get-ExchangeCertificate -Server {New-Server-Name}

COPY the THUMBPRINT

Enable-Exchange Certificate –Thumbprint {Thumb-Print} -Service IIS,SMTP

[/box]

Transfer Certificates (ExchangeAdmin Centre {Older build versions only})

I’m using a wildcard certificate so I want to export the cert form my Exchange 2016 server and import it onto my new Exchange 2019 Server. You will want to do the same if you have a certificate with your public domain name on it and this will be your ‘internet facing’ Exchange server. Servers > Certificates > Select the Exchange 2016 Server, in the drop down menu > Select The Certificate > Click the ellipses (three dots) > Export Exchange Certificate > Supply a UNC path and password > OK.

Change the Dropdown to the Exchange 2019 Server > Click the ellipsis > Import Exchange Certificate > Supply the UNC path and password you used (above) > Next.

Add in the Exchange 2019 Server > Finish.

Exchange 2019 Assign Services to Certificate

Select the newly imported certificate> Edit > Services > Select the services > Save > Note: Here I’m selecting SMTP and IIS. (You cant use a wildcard cert for IMAP,POP).

Exchange 2019 Changing the Exchange Web Services URLs

Exchange relies heavily on web based services, and it needs the URLs setting accordingly. (remeber for Outlook Anywhere/OWA ets you might need to change firewall settings or repoint load balancers WAP server etc to the NEW 2019 server (and let it proxy these connections to the olde rExchange servers, while they still exist).

[box]

Get-WebServicesVirtualDirectory -Server EXCH-2019 | Set-WebServicesVirtualDirectory -InternalUrl https://mail.domainx.com/ews/exchange.asmx -ExternalURL https://mail.domainx.com/ews/exchange.asmx

Set-OWAVirtualDirectory -identity "EXCH-2019\owa (Default Web Site)" -InternalURL https://mail.domainx.com/owa -ExternalURL https://mail.domainx.com/owa

Get-OABVirtualDirectory -Server EXCH-2019 | Set-OABVirtualDirectory -InternalURL https://mail.domainx.com/OAB -ExternalURL https://mail.domainx.com/OAB

Get-ECPVirtualDirectory -Server EXCH-2019 | Set-ECPVirtualDirectory -InternalURL https://mail.domainx.com/ECP -ExternalURL https://mail.domainx.com/ECP

Get-MAPIVirtualDirectory -Server EXCH-2019 | Set-MAPIVirtualDirectory -InternalURL https://mail.domainx.com/MAPI -ExternalURL https://mail.domainx.com/MAPI -IISAuthenticationMethods NTLM,Negotiate

Get-ActiveSyncVirtualDirectory -Server EXCH-2019 | Set-ActiveSyncVirtualDirectory -InternalURL https://mail.domainx.com/Microsoft-Server-ActiveSync -ExternalURL https://mail.domainx.com/Microsoft-Server-ActiveSync

Set-OutlookAnywhere -identity "EXCH-2019\RPC (Default Web Site)" -ExternalHostname mail.domainx.com -InternalHostname mail.domainx.com -InternalClientsRequireSSL $true -ExternalClientsRequireSsl $true -ExternalClientAuthenticationMethod:NTLM

Set-ClientAccessService -Identity EXCH-2019 -AutoDiscoverServiceInternalUri https://mail.domainx.com/Autodiscover/Autodiscover.xml

[/box]

Exchange 2019 Rename Mailbox Database

Servers > Databases > Exchange always gives databases annoying names > Select the Database on the 2019 Exchange Server > Edit > Rename it  > Save.

Note: The path to the Database retains the original name (we will fix that in the next step).

Exchange 2019 Migration Move Mailbox Database

I’m pretty old school, I like my Exchange databases on their own drive/partition, and I like the logs on another drive/partition. To move both the Database and the Logs;

[box]Move-DatabasePath -Identity Database-Name -EdbFilePath X:\Folder\Database\Database-Name.edb -LogFolderPath L:\Folder\Log-Folder\[/box]

Add Exchange 2019 to the Send Connector

Mail Flow > Send Connectors > Select your mail SMTP connector(s) > Edit > Scoping > Source Server section > Add > Add in the new server > OK > Save.

Note: The Exchange server will now need to have TCP port 25 (SMTP) open outbound on your corporate firewall.

Hybrid (On-Prem) Exchange Migration Note

If your on-premise Exchange is part of an Office 365 Hybrid deployment you will need to add the new server to the ‘scope’ for that connector also!

Decommission Exchange 2016

From this point forward we are going to start getting rid of our Exchange 2016 server, they can of course coexist, (if you wanted to wait a while).

For that reason I change the ‘mail flow’ on the firewall to point to the new Exchange server at this point, and the HTTP access for OWA, Outlook Anywhere,  and Phone/Tablet access

Exchange 2019 Mailbox Migration

Yes you can do this in the EAC, but I prefer to do this in PowerShell. But If I don’t put this here, I’ll get emails! Recipients > Migration  > Add > Move to a different Database > Add in the mailboxes/users > Next.

Give the ‘Batch’ a name > Select to move Archive mailboxes (if you have them) > Select the destination (Exchange 2019) Database > Again if using archive mailboxes, select the target archive mailbox database > Set the bad Item limit to 99 > Next > Select Automatically Start > Select Automatically Finish > New. 

From this point, this is where I don’t like the EAC it takes AGES to update with progress! From the Exchange Shell you can get an up to date view of that is going on!

[box]Get-MoveRequest | Get-MoveRequestStatistics[/box]

For a better list of commands for moving user mailboxes, and monitoring the migration, and removing the move requests when you are finished, see the following article;

Exchange: PowerShell Commands

 

Migrating Exchange System Mailboxes

Before you start issue the following command;

[box]Set-AdServerSettings -ViewEntireForest $true[/box]

In addition to the user mailboxes there are a multitude of different ‘System mailboxes’ that might be hanging around, before we can get rid of the Exchange 2016 Database we need to migrate those.

Firstly AuditLog Mailboxes

[box]Get-Mailbox -AuditLog -Database “Mailbox-Database-2016

If there are any!

Get-Mailbox -AuditLog -Database “Mailbox-Database-2016” | New-MoveRequest -TargetDatabase “Mailbox-Database-2019“[/box]

Then Arbitration Mailboxes

[box]Get-Mailbox -AuditLog -Database “Mailbox-Database-2016” -Arbitration

If there are any!

Get-Mailbox -AuditLog -Database “Mailbox-Database-2016” -Arbitration | New-MoveRequest -TargetDatabase “Mailbox-Database-2019“[/box]

Then Monitoring Mailboxes

[box]Get-Mailbox -Monitoring -Server “Mail-2016

If there are any!

Get-Mailbox -Monitoring -Server “Mail-2016” | New-MoveRequest -TargetDatabase “Mailbox-Database-2019“[/box]

Make sure there are no archive mailboxes;

[box]Get-Mailbox -Auditlog -Database “Database-Name” -Archive[/box]

If there are, move them, (as above.)

Also move any  Discovery mailboxes, and move them to 2019;

[box]Get-Mailbox DiscoverySearchMailbox* | New-MoveRequest -TargetDatabase “Mailbox-Database-2019“[/box]

Migrating Public Folder Mailboxes

Remember after Exchange 2013 these are just mailboxes! you can move them like any other mailbox 🙂

Delete Exchange 2016 Database(s)

When you are 100% sure theres nothing left on the old database(s) remove them;

[box]Get-MailboxDatabase -Identity “Mailbox-Database-2016” | Remove-MailboxDatabase[/box]

Uninstall Exchange 2016

Your install directory may not be on the C: drive so change your path accordingly;

[box]cd “C:\Program Files\Microsoft\Exchange Server\V15\Bin

setup.exe /mode:uninstall[/box]

At this point make sure your backup/replication software is pointed to the new Exchange 2019 Server.

 

Note: If you are running an On-Premise Exchange in Hybrid mode, and post migration if you have any mail flow problems see the following article;

No Mail Flow On-Premise To/From Office 365

Related Articles, References, Credits, or External Links

NA