Forum Discussion
bkedp
Feb 25, 2021Copper Contributor
Exchange 2010 migration to a newer version and Exchange Management Shell mailbox anchoring
Hello, I'm in the process of migrating my Exchange server to a newer version. I'm aware of this EMS (Exchange Management Shell) behavior change: https://techcommunity.microsoft.com/t5/exchange-team-b...
RobYarde
Mar 05, 2021Copper Contributor
Hi Francesco,
As ever, it depends! When you install the new version of Exchange it will add it's own SCP into AD pointing to itself. If you have a self-signed certificate on the Exchange server that corresponds to the server name the clients will see that as trusted and not kick up a warning box to Outlook. If you are using a 3rd party cert and a vanity alias (mail.domain.com) there is a period where we'll want to upload the cert, update the virtual directories and amend the SCP to make it more elegant where the users may get the annoying Outlook cert warning before we've completed the configuration changes. You're only looking at a period of several minutes during the install before you can use the Exchange 2016 EMS console to set the SCP to the DNS address of the Exchange 2010 servers but that is enough for a handful of Outlook clients to potentially try and connect.
You've got a couple of options -
You can deploy the Exchange server to a separate AD site with no clients and then move it to the "live" AD site - probably more hassle then is necessary.
Out of hours deployment, email comms before hand asking users to close Outlook overnight and ignore any certificate warnings.
Certainly once Exchange has installed you'll be able to use the EMS on the new server to run any powershell commands necessary.
As ever, it depends! When you install the new version of Exchange it will add it's own SCP into AD pointing to itself. If you have a self-signed certificate on the Exchange server that corresponds to the server name the clients will see that as trusted and not kick up a warning box to Outlook. If you are using a 3rd party cert and a vanity alias (mail.domain.com) there is a period where we'll want to upload the cert, update the virtual directories and amend the SCP to make it more elegant where the users may get the annoying Outlook cert warning before we've completed the configuration changes. You're only looking at a period of several minutes during the install before you can use the Exchange 2016 EMS console to set the SCP to the DNS address of the Exchange 2010 servers but that is enough for a handful of Outlook clients to potentially try and connect.
You've got a couple of options -
You can deploy the Exchange server to a separate AD site with no clients and then move it to the "live" AD site - probably more hassle then is necessary.
Out of hours deployment, email comms before hand asking users to close Outlook overnight and ignore any certificate warnings.
Certainly once Exchange has installed you'll be able to use the EMS on the new server to run any powershell commands necessary.
bkedp
Mar 08, 2021Copper Contributor
Hi, I think you (too) did not read properly the question. I'm fully aware of the SCP record and how to workaround it. But that's not the problem for which I asked help.
However, the correct answer has been already provided on Microsoft Q&A (Technet community):
https://docs.microsoft.com/answers/answers/288999/view.html
No valid answers have been provided here. Hence I cannot mark as a valid answer any of the replies given to this question.
Regards,
Francesco B. B.
However, the correct answer has been already provided on Microsoft Q&A (Technet community):
https://docs.microsoft.com/answers/answers/288999/view.html
No valid answers have been provided here. Hence I cannot mark as a valid answer any of the replies given to this question.
Regards,
Francesco B. B.