Migrate Exchange 2010 to Exchange 2016 or 2013

Part 2

Migrate Public Folders Exchange 2010 to Exchange 2013 / 2016

KB ID 0000789

Problem

Continued from Migration From Exchange 2010 to Exchange 2016 / 2013 Part 1

Solution

Exchange 2016 / 2013 Migration Step 7 “Migrate Public Folders”

Note: This article uses the newer ‘Batch Migration’ method. Make sure your exchange server is patched and up to date or the process will not work.

Minimum Patch Levels

  • Source: Exchange 2010 SP3 RU8 (At Least).
  • Source: Exchange 2007 SP3 RU15 (At Least).
  • Destination: Exchange 2013 CU7 (Or Later).
  • Destination: Exchange 2016 RTM.

The new migration scripts are here PF-Migration-Scripts-v2

1. Make sure the user you will be performing the migration as, is in the right security groups, (Organizational Management and Recipient Management).

2. On the Legacy Exchange server download the  PF-Migration-Scripts-v2 Then extract them to the servers C: drive.

3. Launch the Exchange Management Shell > Change to the script directory > Then create a folder name to folder size mapping file by running the Export-PublicFolderStatistics.ps1 script, supply the name of the file you want to create. (Here I use PublicFoldersStats.csv). Then supply the name of the server, (the legacy one, with the source public folders on it).

[box]

cd c:\Scripts
./Export-PublicFolderStatistics.ps1 PublicFoldersStats.csv Mail-Server 

[/box]

4. Create a Public Folder to Mailbox mapping file, by running the PublicFolderToMailboxMapGenerator.ps1 script, supply it with the maximum mailbox size (in bytes) Note: The Maximum size is 25GB. You will also need to supply the import file you created in step 3 (PublicFoldersStats.csv). Finally supply the name of the output file you wish to generate i.e. Folder2Mailbox.csv.

[box]

./PublicFolderToMailboxMapGenerator.ps1

[/box]

5. Open the last CSV file you created (Folder2Mailbox.csv) and take note of the TargetMailbox name. By default the first one is called Mailbox1, I’m changing it to Public-Folder-Mailbox and saving the change. Note: You may get more than one! If so take note of them all, or rename them accordingly.

6. Now copy the ‘Scripts’ Directory from your legacy 2010 Exchange server, to the new 2013 / 2016 Server.

7. Whilst still on the new Exchange 2013 / 2016 Server, you need to open a command shell, navigate to the scripts directory and then run the Create-PublicFolderMailboxesForMigration.ps1 script. Reply ‘A’ to run all the scripts, then supply the name of the mapping csv you created above, (Folder2Mailbox.csv). Supply the estimated concurrent users to this mailbox, and enter ‘Y’ to proceed. Now the public folder mailbox will be created.

(Note: Public folders are now in a Mailbox, NOT their own Mailbox database, as in older versions of Exchange).

[box]

cd c:\Scripts
./Create-PublicFolderMailboxesForMigration.ps1

[/box]

8. Next we need to create a ‘batch task’ much the same as when we migrate multiple mailboxes. This first command creates the task, and the second one sets it running. (Change the values in red to match your own). 

Update: 05/08/16: Make sure you have a ‘mailbox database’ mounted on the source Exchange server before proceeding, or you may see the following problem.

Public Folder Migration Error hr=0x80040111

[box]

New-MigrationBatch -Name PF-Migration -SourcePublicFolderDatabase (Get-PublicFolderDatabase -Server EX2010) -CSVData (Get-Content C:\Scripts\Folder2Mailbox.csv -Encoding Byte) -NotificationEmails info@petenetlive.com
Start-MigrationBatch PF-Migration

[/box]

9. There are two ways to check its progress, 

Check Public Folder Migration Progress Option 1 From Command Shell

[box]

Get-MigrationUser -Batch PF-Migration | Get-MigrationUserStatistics -IncludeReport | fl

[/box]

It might say Queued for quite a while, don’t worry!

Check Public Folder Migration Progress Option 2 From EAC

Open the Exchange Admin Center website and logon. Navigate to recipients > Migration > View Details

10. If you were looking at the progress you will see its stops just before 100%, this is because you need to “Lock” the source public folder and let the migration complete. WARNING this will involve downtime, so warn your users, or do this next step out of hours.

To MAKE SURE you are ready, check either the progress report like so;

Or, re-run the progress command above and look for 95% completion and ‘Automatically suspending job’

DOWNTIME FROM THIS POINT ONWARDS

11. Go to the legacy Exchange 2010 server and ‘lock’ the source public folders for migration, and restart the service.

[box]

Set-OrganizationConfig –PublicFoldersLockedForMigration:$true
Restart-Service MSExchangeIS

[/box]

12. Now access to the legacy Public Folder Database is shut down, but before replication to the new Public Folder Mailbox can be completed you need to return to the new Exchange 2013 / 2016 server and run the following commands;

[box]

Set-OrganizationConfig -PublicFoldersEnabled Remote
Complete-MigrationBatch PF-Migration

[/box]

13. Wait until it completes;

or in the shell

This can take a little time, I would wait least a couple of hours before proceeding (depending on your network topology, if you have a slow network or the Exchange 2010 server is on another network segment it may take longer).

Now to check the migration worked with a test user, and (provide everything is OK, unlock the Public Folders.

[box]Set-Mailbox -Identity {Test-Username} -DefaultPublicFolderMailbox {PF-Mailbox Name}[/box]

Log on as that user, (Outlook 2010 SP3 or Later.) Make sure the public folders are correct, you can expand them, the permissions are correct and you can create and delete entries. 

It’s All Gone Wrong!

Don’t panic! You can remove the migration request with the following command;

[box]

Get-PublicFolderMigrationRequest | Remove-PublicFolderMigrationRequest 

[/box]

Then complete the migration, with the following two commands;

[box]

Set-PublicFolderMigrationRequest –Identity PublicFolderMigration -PreventCompletion:$false
Resume-PublicFolderMigrationRequest –Identity PublicFolderMigration 

[/box]

13. Once you are ready to proceed, issue the following command, and onfirm that, the public folders are now correct and available.

[box]

Get-Mailbox -PublicFolder | Set-Mailbox -PublicFolder -IsExcludedFromServingHierarchy $false

[/box]

Note: As per feedback (from Tobias Gebler) Test mail flow to your public folders, you may need to manually “Mail Enable” them before they function properly, In some cases you need to disable then re-enable them before they work properly.

14. Remember in Outlook Web App 2013 / 2016, public folders are not visible until you add them!

Note: If, (post Migration to Exchange 2016). Your users cannot access the public folders, see the following article.

Users Cannot Access Public Folders Post Migration (Exchange 2016)

Related Articles, References, Credits, or External Links

Thanks to Brian L. Jensen, for the feedback about the new public folder migration procedure.

Thanks to Eske (Boxx Jakobsen), for the Public Folder Migration feedback and assistance.

Thanks to Tobias Gebler for the Public Folder mail flow feedback.

Migration From Exchange 2010 to Exchange 2016 Part 3

Covering transferring certificates from Exchange 2010, and decommissioning your old Exchange servers.

Original Article Written: 19/04/13

Deploying VMware View 5 – Part 1: Configure Active Directory and Deploy VMware Connection Server

KB ID 0000594

Problem

Note: This is an old post for VMware view version 5, you might want to read Deploying VMware Horizon View instead.

VMware View is a big product, deploying it can be daunting, and if you’re not sure what you’re doing it’s pretty easy to deploy ‘misconfigured’, or at the very least not configured as well as it should. I’m going to run though most requirements, but it would seem sensible to break this up into a few different articles.

Solution

Configuring Windows Active Directory for VMware View

1. Before you start, on your domain controller open active directory users and computers (dsa.msc). Create an OU for your View Desktops, also to make administration easier create a separate OU for any linked clones you are going to deploy. In the example below I’ve nested one inside the other to keep my AD neat and tidy.

2. Also whilst in AD users and computers, create some groups, one for ViewUsers, and one for ViewAdministrators. Add in your users to the groups as required.

Note: You can call the groups whatever you like, and have as many different groups as you like.

3. Now connect to your Virtual Center Server, and add the domain ViewAdministrators group to the LOCAL Administrators group on that server.

Installing and configuring VMware View 5

4. Run the installer for VMware Connection Server (there is a x32 and an x64 version, make sure you download the correct one as VMware call the x64 bit version VMware-viewconnectionserver-x86_64-5.0.1-640055.exe, which at first glance looks like a x32 bit file). Accept all the defaults until you see the following screen, and select View Standard Server.

View Standard Server: Select if this is the first Connection Server you are deploying. View Replica Server: Select this if you already have a connection server and you want to copy the configuration from that server, once in operation it just becomes a standard replica server. View Security Server: Usually placed on an edge network or in a DMZ to broker connection requests. View Transfer Server: Only required if your clients are going to use ‘Local Mode’ for their View desktops..

5. Accept all the defaults and finish the installation.

6. Connect to the VMware View administrator console, this is a web connection to https://{Connection-server-name/admin Note: Adobe Flash is required for it to work.

7. The first time you connect it will take you straight to View Configuration > Product Licencing and Usage > Select “Edit Licence” and type/paste in your licence key.

8. To point the connection server to your virtual center server, select View Configuration > Servers > vCenter Server section > Add.

9. Give it the vCenter server name, and a username and password for a user who is a member of your ViewAdministrators group.

Note: If your vCenter server has VMware composer installed this is where you would enable it. At this time I do not, but I will return here later after I’ve installed it when I cover VMware Composer and ‘linked clones’.

Related Articles, References, Credits, or External Links

Deploying VMware View 5 – Part 2: Configure Windows 7 to be a VMware View Desktop

Deploying VMware View 5 – Part 3: Creating a ‘Manual Pool’ and Connecting a View Client

KB ID 0000598

Problem

Note: This is an old post for VMware view version 5, you might want to read Deploying VMware Horizon View instead.

In Part 2 we got our machine ready to be delivered via VMware View. Now we need to create a ‘Pool’, grant users access to that pool, and finally connect to it from a VMware View Client.

Solution

VMware View – Creating a Manual Pool

1. Open a connection to your VMware View Administrator console (https://{connection-server-name}admin). Log in and navigate to Inventory > Pools > Add.

2. We are going to create a manual pool (Note: An automated pool will create machines dynamically as required).

3. I’m selecting dedicated (the machine will get allocated to the first user that connects to it, and remains theirs). With a floating Pool machines are returned to the pool after they are finished with to be given to the next user that requires a machine.

4. My machine is in vCenter.

5. And there’s my vCenter

6. Give the new pool a sensible name.

7. Change the settings for the pool as required, I pretty much accept the defaults, but I allow the users to “reset” their desktop.

8. Select the machine(s) you are going to add to the pool, and complete the wizard.

9. Now you have a new pool, you need to grant users/groups an ‘entitlement’ to use it.

10. Simply add in the users or groups from Active Directory as required.

VMware View – Installing the VMware View Client

11. You will find that there are x32 and x64 bit VMware client software installs. There are available in two flavours, (with local mode, or without local mode).

Note: Local Mode: This is a mechanism where users can ‘check out’ their virtual machines and work on them remotely, then ‘sync’ them back to the network when they return, it requires a VMware Transport Server (use the connection server install media and change the server type to Transport Server).

12. During setup it will ask you the name of your connection server.

13. Normally you would tick “Set default option to login as current user”. If not you will see the login option in step 16 below.

14. When you launch the software, you may want to change the certificate options. The Connection server will have installed with a ‘self signed’ certificate, (which is fine) but you might want to change the ‘Configure SSL” options.

15. Here I’ve set them to allow, it says not secure – but its still encrypted, it should really say ‘least secure’.

16. If you didn’t tick the box in step 13 above you will need to login again.

17. Now you will see all the pools you have an entitlement to, select as appropriate and click connect.

18. All being well the desktop will connect and dynamically resize to fit.

19. Whist connected you will can control your connection with the menu on the view client bar at the top of the screen, also here you will see options for connecting USB Devices (Note: USB will only be available if you had it selected when you installed the client, it IS selected by default).

Related Articles, References, Credits, or External Links

VMware View 5 – Part 4 Installing and Configuring SQL 2008 R2 and VMware Composer

Windows Server 2012 ‘Direct Access with Windows 8’

KB ID 0000842

Problem

In the following procedure I’m using Window Server 2012, and Windows 8 Enterprise, I am NOT configuring for Windows 7 so I don’t need to worry about PKI and certificates. (Other than the one the direct access server uses for https identification).

I’m not adding in any Application or Infrastructure servers, this is just a basic run through on setting up Direct Access to get you up and running.

Solution

Step 1 Create Direct Access Group

You can of course accept the default of allowing access to the domain computers group, but I would like to tie things down a little further.

1. Server Manager> Tools > Active Directory Administrative Center > Select the OU (or create one) where you want to create the group.

2.Give the group a sensible name like DirectAccessComputers.

3. Remember when you try and ‘add’ members it will by default NOT have computers listed you will need to add them in.

4. Add in your computer objects as required.

Step 2 Install Direct Access

5. You can simply execute the following command;

[box]
Install-WindowsFeature RemoteAccess -IncludeManagementTools[/box]

6. Or from Server Manager > Tools > Add Roles and Features.

7. Simply add in ‘Remote Access’ and accept all the defaults.

Step 3 Configure Remote Access

8. Once installed launch Remote Access Management.

9. Run the getting stated wizard.

10. Deploy Remote Access Only (I’m not deploying VPNs).

11. Select how the server will be deployed, mine has a single NIC and I’m going to port forward TCP Port 443 (https) to it from the firewall. Enter its Publicly addressable name > Next > Finish.

Note: If you get an error see here.

12. Configure Remote Clients > Edit.

13. I want both options > Next

14. Remove the domain computers and add in the group we created above. Untick the ‘mobile only’ option.

Note: Force Tunnelling means that the remote clients will access the internet though YOUR corporate network. This is only a good idea if you have internet filtering, AV or NAP that you want to take advantage of. (It’s literally the exact opposite of split tunnelling).

15. Remote Access Server > Edit.

16. Select an existing Cert or create a new one > Next.

17. Remember I’m just using Windows 8, if you see the Windows 7 box and think “ooh I’ll tick that!” Then you need to start using certificates > Finish.

18. Finish.

19. Review the settings > Apply.

20. Operation Status.

21. Press Refresh until all the services are green.

Step 4 Configure Clients

The title is a misnomer and to be honest there is no configuration to be done, but they have to get the settings through group policy, so log then onto the domain.

22. A quick simple check is to run the following command;

[box]
Get-DaConnectionStatus[/box]

Note: If you get an error message make sure you are not using Windows 8 Pro see here.

23. The client knows it’s ‘inside’ the LAN, because it has a Name Resolution Policy Table and it can see your internal DNS, you can prove this with the following command;

[box] Get-DNSClientNrptPolicy[/box]

Step 5 Test Clients Externally

Note: Before you proceed your Direct access server needs to be publicly available via the name you specified on the certificate in step 11, and needs to have https open to it.

25. Whilst out on the internet you can test your remote client by first making sure it’s pointing to the correct place;

[box]netsh interface httpstunnel show interface[/box]

This should give the the URL that is on the certificate you specified in step 11, when you ping it by name you should expect a reply (unless ICMP has been blocked by your edge device).

26. And to prove that the client knows it’s NOT on the corporate LAN execute the following;

[box]netsh dnsclient show state[/box]

27. So If i try to ping the internal FQDN of my Direct Access server it should respond (Note its IPv6 address will respond this is normal).

Note: Here I’ve only setup the one server, you can add more Infrastructure and Application servers in the Remote Access Management Console.

28. Because I can resolve that, I can access resources on that server like UNC paths.

29. To access shared resources.

Step 6 Monitoring Remote Access Clients

30. Back on the Direct Access server, you can see the remote clients under ‘Remote Client Status’.

31. Right click each one for a more detailed view.

Related Articles, References, Credits, or External Links

NA

Exchange – Enable ‘Out Of Office’ For Another User

KB ID 0000843

Problem

Got in the office to find a colleague was going to be on long term sick this morning, the boss asked, “Can we turn on his out of office?”. I could have simply changed the users password and logged into OWA and done it, but executing some PowerShell would be more elegant.

Note: You must be in one of the following groups to carry out this procedure, Organizational Management, Recipient Management, or Help Desk.

Solution

Powershell Syntax

[box]

Set-MailboxAutoReplyConfiguration -Identity username -AutoReplyState Enabled/Disabled/Scheduled [-EndTime DateTime] [-ExternalAudience None/Known/All] [-ExternalMessage message] -InternalMessage message [-StartTime DateTime]

[/box]

Note: Remember the dates need to be in ‘American date format’ or the command will fail.

Example

[box]

Set-MailboxAutoReplyConfiguration -Identity 'PeteL' -StartTime '08/12/2013 08:00' -AutoReplyState Enabled -EndTime '12/31/2013 23:59' -InternalMessage 'Pete is currently out of the office' -ExternalMessage 'Pete is currently out of the office, please contact the helpdesk for technical assistance' -ExternalAudience 'All'

[/box]

 

Related Articles, References, Credits, or External Links

NA