Microsoft® Official Course

Module 11

Designing and Implementing Messaging Coexistence

Module Overview

Designing and Implementing Federation

Designing Coexistence Between Exchange Server Organizations•Designing and Implementing Cross-Forest Mailbox Moves

Lesson 1: Designing and Implementing Federation

Scenarios for Integrating with Other Exchange Server Organizations

What Is Federation?

Federation Deployment Components

Considerations for Designing Federated Trusts and Certificates

Configuring Organization Relationships•Designing Sharing Policies

Scenarios for Integrating with Other Exchange Server Organizations

•Reasons for integration with other Exchange Server organizations:• Merger of two organizations• Close partnership of two organizations

•You can implement Exchange federation between two organizations to enhance collaboration

What Is Federation?

•By default, Exchange organizations do not share address books and availability details with external users• Federation is a trust infrastructure that provides an easy way for users to share information with users in external, federated organizations•With federation delegation, an Exchange Server 2013 organization can share the following:• Availability• Calendar• Contacts

Federation Deployment Components

•Components of an Exchange Server federation deployment:• Federation trust with the Microsoft Federation Gateway• Used as a trust broker

• AppID• Organization unique identifier

• OrgID• Federated domain identifier

• Self-signed certificate• To sign and encrypt delegation tokens

• TXT resource record in DNS• To validate domain ownership

Considerations for Designing Federated Trusts and Certificates

•Microsoft Federation Gateway has two instances:• Business• Consumer

•The business instance is used by organizations running:• Exchange Server 2013• Exchange Server 2010 with SP1 or later • Exchange Online

•The consumer instance is used by organizations:• Running Exchange Server 2010 (RTM version)• Hosted by Microsoft Live@edu

Configuring Organization Relationships

• Organization relationships enable federated delegation with another organization• Add an organizational relationship for each organization that you want to share information with• Specify the free/busy level that you want:• None• Time only• Time, subject, and location

• Limit user participation by specifying a security distribution group• Simplify configuration by automatically discovering configuration information

Designing Sharing Policies

•Sharing policies define how users can share information with other users•Sharing policies are an alternative to organization relationships•Select appropriate mailboxes•Select appropriate domains for the policy•Select appropriate sharing actions:•Calendar―free/busy, subject, location, body•Contacts•Default policy:• Shares free/busy information only• Applies to all mailboxes

Lesson 2: Designing Coexistence Between Exchange Server Organizations

Multi-Forest Exchange Server 2013 Deployments

Designing Message Routing

Designing GAL Synchronization

Designing Calendar Interoperability

Designing Administration Between Exchange Organizations•Discussion: Experience with Configuring Coexistence

Multi-Forest Exchange Server 2013 Deployments

•Exchange Server organizations do not automatically synchronize the GAL or calendars•Reasons for integrating with other Exchange Server organizations:• Merger of two organizations• Close partnership of two organizations

•When designing integration, you should determine:• Which namespace to use• Whether to synchronize the GAL• Whether to share free/busy information

Designing Message Routing

•Designing message routing that uses different SMTP namespaces• Use two separate domain names• Or use a domain and a subdomain

•Designing message routing that uses the same SMTP namespace1. Configure connectivity2. Configure the shared namespace as an

accepted internal relay domain3. Configure a Send connector for the shared

namespace4. Configure mail exchanger (MX) resource

records

Designing GAL Synchronization

•You need to synchronize the GAL to make external recipients available in the address book•Considerations for synchronizing the GAL:• In a small organization, you can manually update recipients• For large organizations, you should update recipients automatically, by using:• LDAP replication scripts• Forefront Identity Manager• Federated sharing to share contacts

Designing Calendar Interoperability

•Calendar interoperability is typically used only for other Exchange Server organizations•Options for sharing calendar data:• Availability service in Exchange Server 2010 or Exchange Server 2007• Federated delegation for Exchange Server 2010

•Alternatives to sharing calendar data:• Mailboxes in both systems• Shared calendar in SharePoint

Designing Administration Between Exchange Organizations

•Exchange Server 2013 can work in a multiple forest topology, in two modes:• Cross-forest• Resource forest

•You can use cross boundary permissions an linked role groups to centralize management

Discussion: Experience with Configuring Coexistence

• Have you ever implemented an account forest or resource forest scenario? If yes, how did you manage that solution?

• Have you ever needed to share data between Exchange Server organizations?

• Do you have scenarios in your environment where multiple forest coexistence might be necessary?

• Can you think of any alternatives for a cross boundary permissions solution?

Lesson 3: Designing and Implementing Cross-Forest Mailbox Moves

Cross-Forest Mailbox Move Scenarios

Options for Implementing Cross-Forest Mailbox Moves

Prerequisites for Implementing Cross-Forest Mailbox Moves

Preparing for and Implementing Cross-Forest Mailbox Moves

Considerations for Cross-Forest Mailbox Moves

Demonstration: Moving Mailboxes Between Forests•Recommendations for Implementing Cross-Forest Mailbox Moves

Cross-Forest Mailbox Move Scenarios

•By design, Exchange Server is in a one-to-one relationship with an AD DS forest•Scenarios that require moving mailboxes between Exchange Server organizations:• Mergers and acquisitions of companies• Want to start fresh with AD DS• Company reorganization

•Exchange Server 2013 has a way to move mailboxes between different organizations

Options for Implementing Cross-Forest Mailbox Moves

•AD DS accounts must be moved or synced before you move mailboxes•AD DS accounts must have several mandatory attributes for the mailbox move to succeed•You can move or sync AD DS accounts by using FIM or ADMT•You can use the PrepareMoveRequest.ps1 script to prepare AD DS accounts for moving mailboxes•Be aware of ADMT limitations for moving Exchange related attributes• For small environments, exporting and importing .PST files can be an option

Prerequisites for Implementing Cross-Forest Mailbox Moves

•Before starting the mailbox moves, do the following:• Establish reliable network communication • Configure the DNS infrastructure • Establish forest trusts• Deploy trusted certificates • Start the Mailbox Replication Proxy service

• Check for the Handler Mappings issue

• Choose how to migrate or provision user accounts • Set permissions for the migration account

Preparing for and Implementing Cross-Forest Mailbox Moves

To prepare and implement a mailbox move, do the following:1. Store credentials in Windows PowerShell

variables2. Run the Prepare-MoveRequest.ps1 script

in Exchange Management Shell3. Run the New-MoveRequest cmdlet in

the Exchange Management Shell4. Verify that the move is finished5. Sign in to the target forest with a moved

account and check the mailbox contentConsider new features of batch move architecture

Considerations for Cross-Forest Mailbox Moves

•The moving process depends on network connection bandwidth• Impact of mailbox moves:• The on-premises mailbox is soft deleted• The user account becomes mail-enabled• Distribution list memberships are not affected• Delegate and folder permissions are migrated• Send As and Full mailbox permissions are migrated if they are applied directly to the mailbox

•Cached mailboxes are preserved and do not need to be resynchronized

Demonstration: Moving Mailboxes Between Forests

• In this demonstration, your instructor shows you how to move mailboxes between forests

Recommendations for Implementing Cross-Forest Mailbox Moves

•Consider importing and exporting PST files in small and legacy organizations •Back up the AD DS and Exchange server •Consider using identity management software •Be aware of ADTM limitations• Implement publicly trusted certificates on the Client Access servers•Adjust the value of MaxMRSConnections •Use batch moves if you move a large number of mailboxes

Lab: Implementing Messaging Coexistence

Exercise 1: Implementing Message Routing Coexistence• Exercise 2: Migrate User MailboxesVirtual machines

20342A-LON-DC120342A-LON-CAS120342A-LON-CAS220342A-LON-MBX120342A-LON-CL120342A-TREY-DC120342A-TREY-EX1

Logon informationUser Name Adatum\AdministratorPassword Pa$$w0rd

Estimated Time: 60 minutes

Lab Scenario

A. Datum has purchased Trey Research and is exploring options for implementing coexistence with Trey Research’s messaging organization. Trey Research is currently running Exchange Server 2010 in a separate Exchange Server organization. The A. Datum management team has not yet finalized how to integrate the business units, but it wants to explore how the messaging organizations can be integrated. As a proof of concept, you need to configure messaging coexistence between the two Exchange Server organizations. You also need to evaluate the process for migrating mailboxes from Trey Research to the A. Datum Exchange Server 2013 servers.

Lab Review

If you are using the internal public key infrastructure (PKI) to issue certificates in both Exchange organizations, why do you need to set up a certification authority (CA) cross-forest trust before you establish a relationship between the organizations?•Why is the user object that is copied from the source domain in a disabled state?

Module Review and Takeaways

Review Questions

Best Practice•Common Issues and Troubleshooting Tips