Ciao a tutti,
ho deciso di condividere un po di appunti e di note che ho buttato giu per le installazioni di Exchange. Sono un insieme non troppo connesso, e per usarli occorre avere un minimo di conoscenza della materia (non fenomeni, ma neppure essere totalmente all'oscuro!). Se eseguite solo i comandi elencati, senza cognizione, ci sono forti probabilità che facciate un casino. Ma sono anche una buona traccia da cui partire e sulla quale effettuare gli aggiustamenti del vostro caso. :)
NOTE
Controllate molto bene le note di exchange, sulla coesistenza e sulla versione di net framework. La versione sbagliata di net framework puo fare veramente tanti danni.
REFERENCES
http://techgenix.com/migrating-small-organization-exchange-2010-exchange-2016-part6/
Aggiornamento Exchange versione ibrida
https://www.itpromentor.com/upgrade-hybrid-2016/
=========================================================================VERIFICA DELL'AMBIENTE (EXCHANGE 2010)
Start-Transcript EnvironmentBackup.txt
Get-OutlookProvider | Format-List
Get-OutlookAnywhere | Format-List
Get-ClientAccessServer | Format-List
Get-ActiveSyncVirtualDirectory | Format-List
Get-AutodiscoverVirtualDirectory | Format-List
Get-EcpVirtualDirectory | Format-List
Get-OabVirtualDirectory | Format-List
Get-OwaVirtualDirectory | Format-List
Get-PowerShellVirtualDirectory | Format-List
Get-WebServicesVirtualDirectory | Format-List
Get-SendConnector | Where-Object {$_.Enabled -eq $true} | Format-List
Get-SendConnector | Where-Object {$_.Enabled -eq $true} | Get-ADPermission | Where-Object { $_.extendedrights -like '*routing*' } | fl identity, user, *rights
nslookup -type=a mail.domain.com
nslookup -type=a autodiscover.domain.com
nslookup -type=a mail.domain.com 8.8.8.8
nslookup -type=a autodiscover.domain.com 8.8.8.8
nslookup -type=mx domain.com 8.8.8.8
nslookup -type=txt domain.com 8.8.8.8
nslookup -type=a i-should-not-exist.domain.com 8.8.8.8
Stop-Transcript
OPPURE
VERIFICA SPAZIO LIBERO SU DB DEI SERVER
https://gallery.technet.microsoft.com/office/Exchange-2010-Architecture-9368ff56
Get-MailboxDatabase (recupero il nome del DB)
Get-MailboxDatabase "Mailbox Database 1596579151" -status |fl ava*
=========================================================================
=========================================================================EXCHANGE 2010 - INSTALLAZIONE PREREQUISITI
https://technet.microsoft.com/en-us/library/bb691354(v=exchg.141)
http://www.telnetport25.com/2011/04/prerequisites-for-installing-exchange-2010-sp1-on-windows-2008-r2/
Import-Module ServerManager
MAILBOX
Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy,Web-WMI -Restart
CLIENT ACCESS/HUB TRANSPORT
Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy,Web-WMI -Restart
MAILBOX ONLY
Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server -Restart
IMPOSTAZIONE SERVIZIO
Set-Service NetTcpPortSharing -StartupType Automatic
=========================================================================
=========================================================================install exchange 2016 prereq
https://gallery.technet.microsoft.com/office/Install-Exchange-2016-48983e13
verificare lo schema di Exchange
https://blogs.technet.microsoft.com/rmilne/2015/03/17/how-to-check-exchange-schema-and-object-values-in-ad/
=========================================================================
=========================================================================Enable access from remote: winrm quickconfig
=========================================================================
=========================================================================VERIFICA NET FRAMEWORK INSTALLED
Verificare che i requisiti necessari alla versione di Exchnage che si sta installando siano coerenti con quella sul PC
https://gallery.technet.microsoft.com/scriptcenter/Detect-NET-Framework-120ec923
PATCH EXCHANGE SU WINDOWS SERVER 2016
https://blogs.technet.microsoft.com/exchange/2016/11/04/update-on-windows-server-2016-and-exchange-server-2016/
EXCHANGE 2016 CU6 - Blocco installazione .NET Framework 4.7
https://blogs.technet.microsoft.com/exchange/2017/06/13/net-framework-4-7-and-exchange-server/
https://support.microsoft.com/en-us/help/4024204/how-to-temporarily-block-installation-of-the-net-framework-4-7
=========================================================================
=========================================================================CREAZIONE FILE DUMMY VUOTO DA 1 GB
fsutil file createnew E:\dummy01.txt 1073741824
=========================================================================
=========================================================================AGGIORNAMENTO MANUALE SCHEMA - Se ambiente ibrido andare al passo successivo
eseguire dalla schema master - richiede i permessi di schema master (probabilmente occorre aggiungere l'utente al gruppo)
"exchange schema version = " + ([ADSI]("LDAP://CN=ms-Exch-Schema-Version-Pt," + ([ADSI]"LDAP://RootDSE").schemaNamingContext)).rangeUpper
N.B. se Exchange non e' mail stato installato prima dara un valore vuoto come risultato
setup /prepareschema /IAcceptExchangeServerLicenseTerms
"exchange schema version = " + ([ADSI]("LDAP://CN=ms-Exch-Schema-Version-Pt," + ([ADSI]"LDAP://RootDSE").schemaNamingContext)).rangeUpper
https://eightwone.com/references/schema-versions/
get-organizationconfig (x verificare il nime dell'organizzazione exchange, se gia esistente)
setup /preparead /Organizationname:PIPPO /IAcceptExchangeServerLicenseTerms
Verificare se viene creato la OU Microsoft Exchange Security Group (view advanced feature)
setup /preparealldomains /IAcceptExchangeServerLicenseTerms
Finite le operazioni preliminari per preparare AD
=========================================================================
=========================================================================AGGIORNAMENTO MANUALE SCHEMA - AMBIENTE IBRIDO
"A hybrid deployment with Office 365 has been detected. Please ensure that
you are running setup with the /TenantOrganizationConfig switch. To use the Ten
antOrganizationConfig switch you must first connect to your Exchange Online tena
nt via PowerShell and execute the following command: “Get-OrganizationConfig | E
xport-Clixml -Path MyTenantOrganizationConfig.XML”. Once the XML file has been
generated, run setup with the TenantOrganizationConfig switch as follows “/Tenan
tOrganizationConfig MyTenantOrganizationConfig.XML”."
d:\setup.exe /PrepareAD /TenantOrganizationconfig:C:\script\0365oconfig.xml /IAcceptExchangeServerLicenseTerms
UPGRADE ACTIVE DIRECTORY
Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms (requires Enterprise Admins and Schema Admins permissions, and must be performed in the same AD Site as the Schema Master on a server with the RSAT-ADDS-Tools feature installed – the Schema Master itself would meet these requirements)
Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms
Setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms
=========================================================================
=========================================================================Installazione a riga di comando
.\Setup.exe /mode:install /role:Mailbox /targetdir:"D:\Program Files\Microsoft\Exchange Server\V15" /MdbName:Mail01 /DbFilePath:"E:\DB\Mail01.edb" /LogFolderPath:"F:\Mail01" /DisableAMFiltering /InstallWindowsComponents /IAcceptExchangeServerLicenseTerms
.\Setup.exe /mode:install /role:Mailbox /targetdir:"D:\Program Files\Microsoft\Exchange Server\V15" /MdbName:Mail02 /DbFilePath:"E:\DB\Mail02.edb" /LogFolderPath:"F:\Mail02" /DisableAMFiltering /InstallWindowsComponents /IAcceptExchangeServerLicenseTerms
Al termine riavviare e cominciare la configurazione:
=========================================================================
=========================================================================EXCHANGE 2016 INSTALLAZIONE
L'installazione di Exchange 2016 in automatico effettua l'aggiornamento dello schema e del dominio. Nel caso di presenza di un abiente ibrido pogtrebbe apparire il seguente erore:
“A hybrid deployment with Office 365 has been detected. Please ensure that you are running setup with the /TenantOrganizationConfig switch”
Per risolvere occorre collegarsi al tenant per scaricare l'XML della configurazione dell'organizzazione e quindi eseguire il preparead.
Collegarsi in powershell al tenant ed eseguire il comando
Get-OrganizationConfig | Export-Clixml -Path MyTenantOrganizationConfig.XML
Montare la ISO di Exchange ed eseguire il seguente comando
Setup.exe /PrepareAD /TenantOrganizationConfig MyTenantOrganizationConfig.xml /IAcceptExchangeServerLicenseTerms
Questo comando esegue anche l'aggiornamento dello schema.
Per finire andare nella console di azure ad connect e fare un refresh dello schema
REFERENCE
https://practical365.com/installing-the-first-exchange-2016-server-fails-in-hybrid-environment/
=========================================================================
=========================================================================ACCEPTED DOMAIN (solo se serve aggiungere nuovi domini oltre a quelli gia presenti)
VERIFICA
Get-AcceptedDomain
AGGIUNTA
New-AcceptedDomain –Name “dominio.net” –DomainName dominio.net –DomainType Authoritative
MODIFICA DEFAULT ACCEPTED DOMAIN
Set-AcceptedDomain -identity dominio.net -MakeDefault $true
RIMOZIONE
Remove-AcceptedDomain –Identity dominio.net
=========================================================================
=========================================================================Impostare il certificato Exchange
Import-ExchangeCertificate -FileData ([Byte[]$(Get-content -Path c:\SSL\Wild-Trap.pfx -Encoding byte -ReadCount 0)) -Server EXCH2016 -FriendlyName WildTrap -Password:(Get-Credential).password
Get-ExchangeCertificate -Server EXCH2016 (da qui si ricava il thumbprint)
Enable-ExchangeCertificate -Thumbprint 834F2EAACF96260C399D9C32B862B14134B73931 -Services "IIS, SMTP, POP, IMAP" -Server EXCH2016
Oppure si puo procedere tramite GUI
Andare sul vecchio server aprire MMC - add/remove snapins - certificates - computer
Scegliere personal ed individuare il certificato utilizzato dal vecchio Exchange
Scegliere tutte le attivita - esporta
Esportare anche la chiave privata - esporta le proprieta estese e tutti i certificati
Verra chiesto di inserire una password ed infine verra creato un file .pfx
Copiare il file sul nuovo server ed importarlo dalla stessa console.
Quindi accedere ad Exchange e verificare la presenza del certificato (potrebbe servire il riavvio di qualche servizio, es IIS)
=========================================================================
=========================================================================Configurazione Autodiscovery - SCP
mail.dominio.net e' il "nome virtuale" del server che abbiamo creato. L'autodiscover va configurato per ogni server installato
Set-ClientAccessService -Identity EXCH2016 -AutodiscoverServiceInternalUri https://mail.dominio.net/Autodiscover/Autodiscover.xml
Get-ClientAccessService |fl Identity,AutoDiscoverServiceInternalUri,OutlookAnywhereEnabled
VERIFICA SCP IN ADSI EDIT
ESEMPIO DI PATH
CN=EXCH2016,CN=Autodiscover,CN=Protocols,CN=EXCH2016,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=testsrl,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=test,DC=local
https://EXCH2016.test.local/Autodiscover/Autodiscover.xml
verifica SCP in AD: adsi edit confguration/services/microsoft exchange/organization name/administrative groups/exchange administrative groups/servers/nome server/protocols/autodiscover
parametro ServiceBindingInformation
=========================================================================
=========================================================================Configurazione VirtualFolder
$Server = "EX1601"
$HTTPS_FQDN = "mail.dominio.net"
Get-OWAVirtualDirectory -Server $Server | Set-OWAVirtualDirectory -InternalURL "https://$($HTTPS_FQDN)/owa" -ExternalURL "https://$($HTTPS_FQDN)/owa"
Get-ECPVirtualDirectory -Server $Server | Set-ECPVirtualDirectory -InternalURL "https://$($HTTPS_FQDN)/ecp" -ExternalURL "https://$($HTTPS_FQDN)/ecp"
Get-OABVirtualDirectory -Server $Server | Set-OABVirtualDirectory -InternalURL "https://$($HTTPS_FQDN)/oab" -ExternalURL "https://$($HTTPS_FQDN)/oab"
Get-ActiveSyncVirtualDirectory -Server $Server | Set-ActiveSyncVirtualDirectory -InternalURL "https://$($HTTPS_FQDN)/Microsoft-Server-ActiveSync" -ExternalURL "https://$($HTTPS_FQDN)/Microsoft-Server-ActiveSync"
Get-WebServicesVirtualDirectory -Server $Server | Set-WebServicesVirtualDirectory -InternalURL "https://$($HTTPS_FQDN)/EWS/Exchange.asmx" -ExternalURL "https://$($HTTPS_FQDN)/EWS/Exchange.asmx"
Get-MapiVirtualDirectory -Server $Server | Set-MapiVirtualDirectory -InternalURL "https://$($HTTPS_FQDN)/mapi" -ExternalURL "https://$($HTTPS_FQDN)/mapi"
Get-PowerShellVirtualDirectory -Server $Server | Set-PowerShellVirtualDirectory -InternalURL "https://$($HTTPS_FQDN)/powershell" -ExternalURL "https://$($HTTPS_FQDN)/powershell"
iisreset (dalla console del server appena installato)
Verifica
Get-AutodiscoverVirtualDirectory |fl server,name,identity,internalurl,externalurl
Get-ClientAccessService |fl Identity,AutoDiscoverServiceInternalUri,OutlookAnywhereEnabledGet-OWAVirtualDirectory |fl server,name,identity,internalurl,externalurl
Get-ECPVirtualDirectory |fl server,name,identity,internalurl,externalurl
Get-OABVirtualDirectory |fl server,name,identity,internalurl,externalurl
Get-ActiveSyncVirtualDirectory |fl server,name,identity,internalurl,externalurl
Get-WebServicesVirtualDirectory |fl server,name,identity,internalurl,externalurl
Get-MapiVirtualDirectory |fl server,name,identity,internalurl,externalurl
Get-PowerShellVirtualDirectory |fl server,name,identity,internalurl,externalurl
For references
https://blogs.technet.microsoft.com/exchange/2010/09/23/default-settings-for-exchange-related-virtual-directories-in-exchange-server-2010/
https://technet.microsoft.com/en-us/library/gg247612(v=exchg.160).aspx
MANAGE VIRTUAL DIRECTORIES
https://social.technet.microsoft.com/wiki/contents/articles/5163.managing-exchange-2010-externalinternal-url-s-via-powershell.aspx
RESET VIRTUAL DIRECTORIES
https://technet.microsoft.com/en-us/library/ff629372(v=exchg.141).aspx
=========================================================================
=========================================================================Rimuovere le external URL dalle virtual directory - solo per info, non e' da fare
$Server = "EXCH2016"
Get-OWAVirtualDirectory -Server $Server | Set-OWAVirtualDirectory -ExternalURL $null
Get-ECPVirtualDirectory -Server $Server | Set-ECPVirtualDirectory -ExternalURL $null
Get-OABVirtualDirectory -Server $Server | Set-OABVirtualDirectory -ExternalURL $null
Get-ActiveSyncVirtualDirectory -Server $Server | Set-ActiveSyncVirtualDirectory-ExternalURL $null
Get-WebServicesVirtualDirectory -Server $Server | Set-WebServicesVirtualDirectory-ExternalURL $null
=========================================================================
=========================================================================Configurazione OutlookAnywhere
Set-OutlookAnywhere -identity "EXCH2016\Rpc (Default Web Site)" -ExternalHostname "mail.dominio.net" -ExternalClientAuthenticationMethod Negotiate -ExternalClientsRequireSsl:$True
Set-OutlookAnywhere -identity "EXCH2016\Rpc (Default Web Site)" -InternalHostname "mail.dominio.net" -InternalClientAuthenticationMethod ntlm -InternalClientsRequireSsl:$True
Set-OutlookAnywhere -identity "TESTEX1602\Rpc (Default Web Site)" -ExternalHostname "mail.dominio.net" -ExternalClientAuthenticationMethod Negotiate -ExternalClientsRequireSsl:$True
Set-OutlookAnywhere -identity "TESTEX1602\Rpc (Default Web Site)" -InternalHostname "mail.dominio.net" -InternalClientAuthenticationMethod ntlm -InternalClientsRequireSsl:$True
Get-OutlookAnywhere | fl Identity,ExchangeVersion,*hostname*,*Client*,IISAuthenticationMethods,SSLOffloading
Get-OutlookAnywhere | fl server,identity,*host*,*auth*,SSLOffloading (come sopra)
=========================================================================
=========================================================================OUTLOOK ANYWHERE NOTES
https://blogs.technet.microsoft.com/exchange/2013/05/23/ambiguous-urls-and-their-effect-on-exchange-2010-to-exchange-2013-migrations/
https://technet.microsoft.com/en-us/library/bb123741(v=exchg.141).aspx
Enable-OutlookAnywhere -Server $Server -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName $HTTPS_FQDN -IISAuthenticationMethods NTLM, Basic
then change dns name to point exchange 2013 instead of 2010
Moving Mailboxes creates logs, the more you move, the more logs it creates. The only way to clear these logs properly is to do an Exchange Aware/VSS Level backup. If you just start moving mailboxes without keeping an eye on this you can fill up a volume with logs, and if you are daft enough to have this on our system volume you can take the server down, you have been warned!
Under Microsoft Exchange proxy settings, the default are:
- on fast network connect using http first, then using tcp/ip
X on slow network connect using http first, then using tcp/ip
To use OutlookAnywhere to force the HTTP protocol we need this:
--> X on fast network connect using http first, then using tcp/ip <--
X on slow network connect using http first, then using tcp/ip
to check also the first option
this allow Outlook to be forced to use http connection over TCP, which is needeed for coexistence and migration
This is made by autodiscover service by changing the outlook provider
CHECK THE SETTINGS BEFORE ANY CHANGES
Get-OutlookProvider EXPR |fl name, OutlookProviderFlags
Get-OutlookProvider EXCH |fl name, OutlookProviderFlags
Get-OutlookProvider WEB |fl name, OutlookProviderFlags
FORCE CLIENTS CONNECTED TO EXCHANGE 2010 USING OUTLOKANYWHERE TO USE HTTPS
The following commands are executed from the Exchange 2010 Management Shell.
Set-OutlookProvider EXPR -OutlookProviderFlags:ServerExclusiveConnect
Set-OutlookProvider EXCH -OutlookProviderFlags:ServerExclusiveConnect
If for any reason you need to put the configuration back to its default settings, issue the following commands and clients will no longer prefer HTTP on Fast Networks.
RESTORE DEFAULT SETTINGS
Set-OutlookProvider EXPR -OutlookProviderFlags:None
Set-OutlookProvider EXCH -OutlookProviderFlags:None
=========================================================================
=========================================================================CREAZIONE SEND CONNECTOR
New-SendConnector -Name "InternetEXCH2016" -Usage Internet -AddressSpaces '*' -SourceTransportServers EXCH2016 -DNSRoutingEnabled:$True
#New-SendConnector -Name "InternetEXCH2016" -Usage Internet -AddressSpaces {smtp:*;10} -SourceTransportServers TESTEX1602 -DNSRoutingEnabled:$True
=========================================================================
=========================================================================CREAZIONE RECEIVE CONNECTOR
Se fosse utilizzato un connettore per mandare le scansioni x email agli utenti interni, e' necessario icreare il connettore di ricezione.
Controllare ed importare le impostazioni da quello precedente
New-ReceiveConnector -Name “Allowed Anonymous Relay” -Usage Custom -TransportRole FrontEnd -PermissionGroups AnonymousUsers,ExchangeServers -AuthMechanism Tls,ExternalAuthoritative -Bindings 10.11.12.37:25 -RemoteIPRanges 10.11.12.250-10.11.12.251,10.11.12.240,10.11.12.230
=========================================================================
=========================================================================SPOSTAMENTO DATABASE (SE NECESSARIO)
Move-DatabasePath -Identity Mail01 -EdbFilePath E:\Mail01\Mail01.edb -LogFolderPath E:\Mail01
Move-DatabasePath -Identity Mail02 -EdbFilePath E:\Mail02\Mail02.edb -LogFolderPath E:\Mail02
=========================================================================
=========================================================================SPOSTAMENTO MAILBOX DI SISTEMA
Get-Mailbox –RecipientTypeDetails DiscoveryMailbox | Format-Table Name, Database
Get-Mailbox -RecipientTypeDetails DiscoveryMailbox | New-MoveRequest -TargetDatabase db01
Get-Mailbox –Arbitration
Get-Mailbox -Arbitration | New-MoveRequest -TargetDatabase db01
REFERENCE
https://www.ntweekly.com/2016/01/04/find-and-move-discovery-mailboxes-exchange-server/
=========================================================================
=========================================================================CONFIGURAZIONE DNS
INTERNO
mail.dominio.net IN A 10.11.12.37
autodiscover.dominio.net IN CNAME mail.dominio.net (si puo mettere il CNAME, perche un server DNS non mette in cache i nomi del dominio di cui e' responsabile. IL dns dominio.net non mette in cache i risultati per il poprio dominio)
ESTERNO
mail.dominio.net IN A 89.96.73.33
autodiscover.dominio.net IN CNAME mail.dominio.net (vedi sopra)
=========================================================================
=========================================================================SPOSTAMENTO PUBLIC FOLDER
Potrebbe essere necessario spostare i public folder, se utilizzati. Da Exchange 2013 in poi i PF si appoggiano ad una mailbox, mentre fino a 2010 utilizzavano un proprio DB.
Da 2013 in poi si parla di "modern public fiolder", mentre quelly fino a 2010 sono legacy PF.
I modern public folder sono poco piu che lo spostamento di una mailbox.
LA migrazione dei PF da 2010 e molto piu complessa e presenta diversi step, ed una migrazione batch. Viene dato inoltre un certo periodo di disservizio.
E' importante ricordarsi che una volta che i PF sono su 2016, le mailbox su 2010 non potranno accedervi. E' consigliabile per questo motivo spostare tutte le mailbox su 2016 prima di iniziare la migrazione dei PF.
Scaricare da questo link gli script di migrazione
https://www.microsoft.com/download/details.aspx?id=38407
EXCHANGE 2010
Creare degli snapshot dei PF prima di iniziare. Ci serviranno successivamente per un confronto
Get-PublicFolder -Recurse | Export-CliXML C:\PFMigration\Legacy_PFStructure.xml
Get-PublicFolderStatistics | Export-CliXML C:\PFMigration\Legacy_PFStatistics.xml
Get-PublicFolder -Recurse | Get-PublicFolderClientPermission | Select-Object Identity,User -ExpandProperty AccessRights | Export-CliXML C:\PFMigration\Legacy_PFPerms.xml
EXCHANGE 2010
Verificare che non siano presenti dei PF con il carattere / o \ nel nome. Se presenti rinominarli
Get-PublicFolderStatistics -ResultSize Unlimited | Where {($_.Name -like "*\*") -or ($_.Name -like "*/*") } | Format-List Name, Identity
Comando per riinominare i PF se necessario
Set-PublicFolder -Identity <public folder identity> -Name <new public folder name>
EXCHANGE 2010
Verificare che non ci siano migrazioni iniziate, in corso oppure sospese. Se una delle proprieta sotto sono impostate a $true occorre riportarle a $false per portare avanti la migrazione
Get-OrganizationConfig | Format-List PublicFoldersLockedforMigration, PublicFolderMigrationComplete
Per modificare i valori, se necessario:
Set-OrganizationConfig -PublicFoldersLockedforMigration $false -PublicFolderMigrationComplete $false
Potrebbero volerci fino ad un paio di ore perche questi parametri si aggiornino.
EXCHANGE 2016
Adesso occorre verificare l'ambiente 2016 prima di cominciare
Se ci fosse in corso una migrazione occorre resettare alcuni parametri, ma anche capire perche e' stata interrotta.
$batch = Get-MigrationBatch | ?{$_.MigrationType.ToString() -eq "PublicFolder"}
Eseguire il comando seguente per rimuovere eventuali richieste di migrazione batch di cartelle pubbliche esistenti.
$batch | Remove-MigrationBatch -Confirm:$false
Verifica la presenza dei public folder
Get-Mailbox -PublicFolder
Get-PublicFolder
Se i PF su 2016 sono gia presenti, vanno rimossi per poter procedere con la migrazione. Fate attenzione perche se si procede, i dati nei PF andranno perduti!
Get-Mailbox -PublicFolder | Where {$_.IsRootPublicFolderMailbox -eq $false} | Remove-Mailbox -PublicFolder -Force -Confirm:$false
Get-Mailbox -PublicFolder | Remove-Mailbox -PublicFolder -Force -Confirm:$false
EXCHANGE 2010
Adesso useremo gli script scaricati per generare dei file csv che verranno usati successivamente
.\Export-PublicFolderStatistics.ps1 C:\PFMigration\name-to-folder.csv server2010.dominio.local
La dimensione dei PF su Exchange 2010 e' di 2 GB circa. Ho deciso di ijmpostar euna dimensione max di 10 GB, che in byte e' il numero sotto.
.\PublicFolderToMailboxMapGenerator.ps1 10.737.418.240 C:\PFMigration\name-to-folder.csv C:\PFMigration\folder-to-mailbox.csv
Adesso occorre copiare i csv creati su Exchange 2016
C:\PFMigration\name-to-folder.csv
C:\PFMigration\folder-to-mailbox.csv
EXCHANGE 2016
Creazione della mailbox x i PF su Exchange 2016
.\Create-PublicFolderMailboxesForMigration.ps1 -FolderMappingCsv C:\PFMigration\folder-to-mailbox.csv -EstimatedNumberOfConcurrentUsers:20
EXCHANGE 2016
Creazione del batch di migrazione dei PF
New-MigrationBatch -Name PFMigration -SourcePublicFolderDatabase (Get-PublicFolderDatabase -Server server2010.dominio.local) -CSVData (Get-Content C:\PFMigration\folder-to-mailbox.csv -Encoding Byte) -NotificationEmails administrator@dominio.it
Avvio del batch di migrazione
Start-MigrationBatch PFMigration
Adesso bisogna attendere un po fino allo stato sync
Per verificare lo stato di avanzamento usare il seguente comando
Get-PublicFolderMailboxMigrationRequest |fl
EXCHANGE 2010
Solo dopo che i PF sono arrivati allo stato sync eseguire il seguente comando.
Da adesso in poi i PF saranno bloccati e non disponibili
Set-OrganizationConfig -PublicFoldersLockedForMigration:$true
Potrebbe volerci un po di tempo per la propagazione.
EXCHANGE 2016
Eseguire adesso questi 2 comandi
Set-OrganizationConfig -PublicFoldersEnabled Remote
Complete-MigrationBatch PFMigration
Se ancora non fossero rilevati i PF bloccati, riavviare l'information store su Exchange 2010 e riprovare il completamento del batch di migrazione
Dopodiche aspettare, anche se a tratti potrebbe sembrare morto.
EXCHANGE 2016
Prima di passare definitivamente la gerarchia dei PF su 2016 e' bene fare un test di funzionamento.
Scegliamo un utente su 2016 ed eseguiamo il seguente comando
Se l'utente scelto si chiamo pippo e la mailbox dei PF si chiama mailbox1
Set-Mailbox -Identity pippo -DefaultPublicFolderMailbox mailbox1
Adesso configuriamo un profilo outlook e verifichiamo che sia possibile accedere ai PF ed effettuiamo qualche test (creazione, cancellazione, verifica permessi ecc. ecc.)
Se tutto e' andato bene possiamo andare avanti, altrimenti possiamo tornare indietro.
Con questo comando sblocchiamo i pf
Get-Mailbox -PublicFolder | Set-Mailbox -PublicFolder -IsExcludedFromServingHierarchy $false
EXCHANGE 2010
Set-OrganizationConfig -PublicFolderMigrationComplete:$true
EXCHANGE 2016
Set-OrganizationConfig -PublicFoldersEnabled Local
EXCHANGE 2016
Al termine della migrazione possiamo rigenerare gli stessi xml che abbiamo generato all'inizio ed effettuare un confronto per valutare il risultato finale
Get-PublicFolder -Recurse | Export-CliXML C:\PFMigration\Cloud_PFStructure.xml
Get-PublicFolderStatistics -ResultSize Unlimited | Export-CliXML C:\PFMigration\Cloud_PFStatistics.xml
Get-PublicFolder -Recurse | Get-PublicFolderClientPermission | Select-Object Identity,User -ExpandProperty AccessRights | Export-CliXML C:\PFMigration\Cloud_PFPerms.xml
EXCHANGE 2010
Adeeso siamo pronti a rimuovere il database dei public folder da Exchange 2010.
Remove-PublicFolderDatabase -Identity "PFDB01"
REFERENCE
https://docs.microsoft.com/it-it/exchange/collaboration/public-folders/batch-migration-from-previous-versions?view=exchserver-2016
https://assistants.microsoft.com/assistants/#/session/e119ee90-bbc7-4387-9094-6811dd11c829
https://docs.microsoft.com/it-it/exchange/decommission-on-premises-exchange
=========================================================================
=========================================================================ESEMPIO DI ANALISI LOG - utile, ad esempio, per verificare da quali connettori passano i messaggi
get-messagetrackinglog -Server "srvaep03b" -Start "09/19/2021 19:20:00" -End "09/19/2021 19:40:00" |Export-Csv C:\PFMigration\ccc.csv
=========================================================================
=========================================================================TEST EXCHANGE HEALTH SCRIPT
https://practical365.com/exchange-server/powershell-script-exchange-server-health-check-report/
PARAMETERS
-Server, Perform a health check of a single server
-ReportMode, Set to $true to generate a HTML report. A default file name is used if none is specified.
-ReportFile, Allows you to specify a different HTML report file name than the default.
-SendEmail, Sends the HTML report via email using the SMTP configuration within the script.
-AlertsOnly, Only sends the email report if at least one error or warning was detected.
-Log, Writes a log file to help with troubleshooting.
=========================================================================
=========================================================================NOTE SUI PROTOCOLLI
Inizialmente Outlook funzionava come MAPI Over RCP: mapi erano le istruzioni del client di posta incapsulate in un protocollo di trasporto (RCP). Tutto questo funzionava basandosi sul TCP.
Successivamente, per semplificare il passaggio dai firewall ed altri aspetti e' stato introdotto RPC over HTTPS, ridenominato in Exchange 2007 Outlook Anywhere.
In questo caso il mapi viene incapsulato nell'RPC, che a sua volta e' incapsulato nell'HTTPS (tre strati)
Infine da Exchnage 2013 CU qualche cosa SP1, il default e' diventato MAPI over HTTP. In questo caso viene completamente rimosso l'RPC e rimane il MAPI dentro l'HTTP, il che semplifica ulteriormente la gestione.
=========================================================================
=========================================================================RESOURCES
https://blogs.technet.microsoft.com/exchange/2015/10/12/the-exchange-2016-preferred-architecture/
https://blogs.technet.microsoft.com/exchange/2015/10/26/client-connectivity-in-an-exchange-2016-coexistence-environment-with-exchange-2010/
https://blogs.technet.microsoft.com/exchange/2015/05/05/exchange-server-2016-architecture/
https://blogs.technet.microsoft.com/exchange/2013/05/23/ambiguous-urls-and-their-effect-on-exchange-2010-to-exchange-2013-migrations/
http://techgenix.com/migrating-small-organization-exchange-2010-exchange-2016-part6/
https://gallery.technet.microsoft.com/office/Exchange-2010-Architecture-9368ff56
https://technet.microsoft.com/en-us/library/bb691354(v=exchg.141)
http://www.telnetport25.com/2011/04/prerequisites-for-installing-exchange-2010-sp1-on-windows-2008-r2/
https://gallery.technet.microsoft.com/office/Install-Exchange-2016-48983e13
https://blogs.technet.microsoft.com/rmilne/2015/03/17/how-to-check-exchange-schema-and-object-values-in-ad/
https://eightwone.com/references/schema-versions/
https://gallery.technet.microsoft.com/scriptcenter/Detect-NET-Framework-120ec923
https://blogs.technet.microsoft.com/exchange/2016/11/04/update-on-windows-server-2016-and-exchange-server-2016/
https://blogs.technet.microsoft.com/exchange/2017/06/13/net-framework-4-7-and-exchange-server/
https://support.microsoft.com/en-us/help/4024204/how-to-temporarily-block-installation-of-the-net-framework-4-7
http://markgossa.blogspot.it/2015/12/exchange-2016-dns-round-robin-load-balancing-part-1.html
https://blogs.technet.microsoft.com/exchange/2010/09/23/default-settings-for-exchange-related-virtual-directories-in-exchange-server-2010/
https://technet.microsoft.com/en-us/library/gg247612(v=exchg.160).aspx
https://social.technet.microsoft.com/wiki/contents/articles/5163.managing-exchange-2010-externalinternal-url-s-via-powershell.aspx
https://technet.microsoft.com/en-us/library/ff629372(v=exchg.141).aspx
http://markgossa.blogspot.it/2015/12/exchange-2016-database-availability-group-part-1.html
http://markgossa.blogspot.it/2015/12/exchange-2016-database-availability-group-troubleshooting-part1.html
http://markgossa.blogspot.it/2015/12/exchange-2016-balance-active-mailbox-databases.html
http://markgossa.blogspot.it/2015/12/exchange-2016-dns-round-robin-load-balancing-part-1.html
https://practical365.com/exchange-server/exchange-server-2013-lagged-database-copies-action/
https://practical365.com/exchange-server/powershell-script-exchange-server-health-check-report/
https://blogs.technet.microsoft.com/exchange/2013/05/23/ambiguous-urls-and-their-effect-on-exchange-2010-to-exchange-2013-migrations/
https://practical365.com/exchange-server/installing-cumulative-updates-on-exchange-server-2016/
https://blogs.technet.microsoft.com/exchange/2012/03/23/demystifying-the-cas-array-object-part-1/
https://blogs.technet.microsoft.com/exchange/2012/03/28/demystifying-the-cas-array-object-part-2/
https://technet.microsoft.com/en-us/library/bb123741(v=exchg.141).aspx
https://technet.microsoft.com/en-us/library/ff808312(v=exchg.160).aspx
https://blogs.technet.microsoft.com/exchange/2015/05/05/exchange-server-2016-architecture/
https://blogs.technet.microsoft.com/exchange/2015/10/12/the-exchange-2016-preferred-architecture/
https://blogs.it.ox.ac.uk/nexus/2014/05/12/mapihttp/
https://blogs.technet.microsoft.com/exchange/2015/10/12/the-exchange-2016-preferred-architecture/
https://blogs.technet.microsoft.com/exchange/2015/10/26/client-connectivity-in-an-exchange-2016-coexistence-environment-with-exchange-2010/
https://practical365.com/exchange-server/exchange-server-2016-migration-preparing-for-coexistence/
https://technet.microsoft.com/en-us/library/bb124904(v=exchg.160).aspx
https://technet.microsoft.com/en-us/library/aa998047(v=exchg.160).aspx
https://technet.microsoft.com/en-us/exdeploy2013/Checklist?state=3229-W-AAAAAAAAQAAAAAEAAAAAAAAAAAAAwAMAAAA%7e
https://docs.microsoft.com/it-it/exchange/high-availability/manage-ha/monitor-dags?view=exchserver-2019
https://blog.myvmx.com/2013/04/exchange-2013-crimson-channel-event-logs.html
https://techgenix.com/exchange-2013-crimson-channel-event-logs/
=========================================================================
Nessun commento:
Posta un commento