• Preparation
  • Prepare
    • “Exchange Deployment Assistant” – available on TechNet
    • Verify Prerequisites
    • Install Exchange SP and/or updates across the ORG
      • Exchange 2007 will be a RU, therefore it cannot verify in AD that all servers are at the same level
      • UPDATES WILL NOT BE AVAILABLE UNTIL AFTER THE FIRST OF THE YEAR
        • Meaning you can deploy a fresh environment on RTM, no coexistence until 1Q13
    • Prepare AD with E2013 Schema
    • Validate Client Access
      • Outlook 2003 not supported
      • Entourage 2008 EWS supported
  • Deploy Exchange 2013 Servers
    • Install both E2013 MBX and CAS servers
  • Create Legacy Namespace
    • Create DNS record to point to legacy E2007 CAS
  • Obtain and Deploy Certificates
    • Obtain and deploy certificates on E2013 CAS
    • Deploy certificates on Exchange 2007 CAS
      • For the legacy.contoso.com namespace
  • Switch Primary Namespace to Exchange 2013 CAS
    • Validate client access
  • Move Mailboxes
    • Build out DAG
    • Move users to E2013 MBX
  • Repeat for additional sites
• Hosting Multiple Roles
  • Recommend NOT consolidating roles to 1 server so that you can take full advantage of the stateless CAS architecture
• Client Protocol Connectivity Flow
  • Autodiscover
    • 2007 requires the legacy namespace because it doesn’t have the logic to handle the requests
    • 2010 – set the internal autodiscover uri to 2013
      • Outlook clients will lookup the SCP records in AD (oldest first)
    • 2007 – set the internal autodiscover uri to 2013
      • Outlook clients will lookup the SCP records in AD (oldest first)
  • Clients
    • Site scope is still controlling the SCP lookup
      • Prevents cross-site lookups
    • 2007 – Outlook clients go directly to mbx on RPC/TCP
    • 2010 – Outlook clients go to CAS array on RPC/TCP
  • Outlook Anywhere
    • 2007 – IIS Auth: NTLM is required and must be manually configured
    • 2010 – IIS Auth: NTLM is required and configured by SP3
    • 2013 – Connects to legacy servers and authenticates via NTLM
    • If you have an intranet site, you would likely not have OA on the internal side, but you need to do so in the coexistence scenario
    • Client settings need to match what is on the Ex2013 CAS
    • Remember
      • Enable Outlook Anywhere on intranet 2007/2010 servers
      • Make 2007/2010 client settings the same as 2013 server
      • IIS Authentication methods must include NTLM
  • OWA
    • 2010 – single sign on, Ex2013 CAS proxies for Ex2010
    • 2007 – 2013 will auth user on mail.contoso.com, lookup cas, issues redirect to legacy.mail.contoso.com, user logs into 2007
      • Yes, that means dual logons K
      • No really, that means your users will have to logon twice.
      • Seriously, get ready to piss off a lot of people.
      • If you happen to have a TMG deployment, you don’ t have to piss people off.
      • It will HTTP proxy to the internal sites for you.
      • If you have a 2^nd site with a unique external namespace, then you’re better off as you will get automatically routed there without the double authentication.
  • EAS/EWS
    • 2010 – You’re good, SSO via SP3, even proxies 2^nd sites with external namespaces
    • 2007 – From client to LB to mail.contoso.com to EX2013 CAS to EX2013 MBX to EX2007 CAS to EX2007MBX
      • No, really.
      • Has to be this way because of code handling of phone devices that don’t go through multiple autodiscovers
      • Same for intranet sites
        • Though if you have a separate namespace you route directly there
  • POP/IMAP
    • 2010 – Proxies to appropriate CAS
    • 2007 – Same, proxies to appropriate CAS
  • SMTP
    • Handled on the MBX

Let me make the Cliff’s Notes simple:

If you are on Exchange 2010, it will be a cakewalk.

If you are on Exchange 2007, you are going to have a lot of fun and it will be more painful for everyone – not only yourself, but your users as well.