Upload
bruno-martim-pereiro-romao
View
216
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Hyper-v
Citation preview
Microsoft® Official Course
Module 11
Designing and Implementing Messaging Coexistence
Module Overview
Designing and Implementing Federation
Designing Coexistence Between Exchange Server Organizations•Designing and Implementing Cross-Forest Mailbox Moves
Lesson 1: Designing and Implementing Federation
Scenarios for Integrating with Other Exchange Server Organizations
What Is Federation?
Federation Deployment Components
Considerations for Designing Federated Trusts and Certificates
Configuring Organization Relationships•Designing Sharing Policies
Scenarios for Integrating with Other Exchange Server Organizations
•Reasons for integration with other Exchange Server organizations:• Merger of two organizations• Close partnership of two organizations
•You can implement Exchange federation between two organizations to enhance collaboration
What Is Federation?
•By default, Exchange organizations do not share address books and availability details with external users• Federation is a trust infrastructure that provides an easy way for users to share information with users in external, federated organizations•With federation delegation, an Exchange Server 2013 organization can share the following:• Availability• Calendar• Contacts
Federation Deployment Components
•Components of an Exchange Server federation deployment:• Federation trust with the Microsoft Federation Gateway• Used as a trust broker
• AppID• Organization unique identifier
• OrgID• Federated domain identifier
• Self-signed certificate• To sign and encrypt delegation tokens
• TXT resource record in DNS• To validate domain ownership
Considerations for Designing Federated Trusts and Certificates
•Microsoft Federation Gateway has two instances:• Business• Consumer
•The business instance is used by organizations running:• Exchange Server 2013• Exchange Server 2010 with SP1 or later • Exchange Online
•The consumer instance is used by organizations:• Running Exchange Server 2010 (RTM version)• Hosted by Microsoft Live@edu
Configuring Organization Relationships
• Organization relationships enable federated delegation with another organization• Add an organizational relationship for each organization that you want to share information with• Specify the free/busy level that you want:• None• Time only• Time, subject, and location
• Limit user participation by specifying a security distribution group• Simplify configuration by automatically discovering configuration information
Designing Sharing Policies
•Sharing policies define how users can share information with other users•Sharing policies are an alternative to organization relationships•Select appropriate mailboxes•Select appropriate domains for the policy•Select appropriate sharing actions:•Calendar―free/busy, subject, location, body•Contacts•Default policy:• Shares free/busy information only• Applies to all mailboxes
Lesson 2: Designing Coexistence Between Exchange Server Organizations
Multi-Forest Exchange Server 2013 Deployments
Designing Message Routing
Designing GAL Synchronization
Designing Calendar Interoperability
Designing Administration Between Exchange Organizations•Discussion: Experience with Configuring Coexistence
Multi-Forest Exchange Server 2013 Deployments
•Exchange Server organizations do not automatically synchronize the GAL or calendars•Reasons for integrating with other Exchange Server organizations:• Merger of two organizations• Close partnership of two organizations
•When designing integration, you should determine:• Which namespace to use• Whether to synchronize the GAL• Whether to share free/busy information
Designing Message Routing
•Designing message routing that uses different SMTP namespaces• Use two separate domain names• Or use a domain and a subdomain
•Designing message routing that uses the same SMTP namespace1. Configure connectivity2. Configure the shared namespace as an
accepted internal relay domain3. Configure a Send connector for the shared
namespace4. Configure mail exchanger (MX) resource
records
Designing GAL Synchronization
•You need to synchronize the GAL to make external recipients available in the address book•Considerations for synchronizing the GAL:• In a small organization, you can manually update recipients• For large organizations, you should update recipients automatically, by using:• LDAP replication scripts• Forefront Identity Manager• Federated sharing to share contacts
Designing Calendar Interoperability
•Calendar interoperability is typically used only for other Exchange Server organizations•Options for sharing calendar data:• Availability service in Exchange Server 2010 or Exchange Server 2007• Federated delegation for Exchange Server 2010
•Alternatives to sharing calendar data:• Mailboxes in both systems• Shared calendar in SharePoint
Designing Administration Between Exchange Organizations
•Exchange Server 2013 can work in a multiple forest topology, in two modes:• Cross-forest• Resource forest
•You can use cross boundary permissions an linked role groups to centralize management
Discussion: Experience with Configuring Coexistence
• Have you ever implemented an account forest or resource forest scenario? If yes, how did you manage that solution?
• Have you ever needed to share data between Exchange Server organizations?
• Do you have scenarios in your environment where multiple forest coexistence might be necessary?
• Can you think of any alternatives for a cross boundary permissions solution?
Lesson 3: Designing and Implementing Cross-Forest Mailbox Moves
Cross-Forest Mailbox Move Scenarios
Options for Implementing Cross-Forest Mailbox Moves
Prerequisites for Implementing Cross-Forest Mailbox Moves
Preparing for and Implementing Cross-Forest Mailbox Moves
Considerations for Cross-Forest Mailbox Moves
Demonstration: Moving Mailboxes Between Forests•Recommendations for Implementing Cross-Forest Mailbox Moves
Cross-Forest Mailbox Move Scenarios
•By design, Exchange Server is in a one-to-one relationship with an AD DS forest•Scenarios that require moving mailboxes between Exchange Server organizations:• Mergers and acquisitions of companies• Want to start fresh with AD DS• Company reorganization
•Exchange Server 2013 has a way to move mailboxes between different organizations
Options for Implementing Cross-Forest Mailbox Moves
•AD DS accounts must be moved or synced before you move mailboxes•AD DS accounts must have several mandatory attributes for the mailbox move to succeed•You can move or sync AD DS accounts by using FIM or ADMT•You can use the PrepareMoveRequest.ps1 script to prepare AD DS accounts for moving mailboxes•Be aware of ADMT limitations for moving Exchange related attributes• For small environments, exporting and importing .PST files can be an option
Prerequisites for Implementing Cross-Forest Mailbox Moves
•Before starting the mailbox moves, do the following:• Establish reliable network communication • Configure the DNS infrastructure • Establish forest trusts• Deploy trusted certificates • Start the Mailbox Replication Proxy service
• Check for the Handler Mappings issue
• Choose how to migrate or provision user accounts • Set permissions for the migration account
Preparing for and Implementing Cross-Forest Mailbox Moves
To prepare and implement a mailbox move, do the following:1. Store credentials in Windows PowerShell
variables2. Run the Prepare-MoveRequest.ps1 script
in Exchange Management Shell3. Run the New-MoveRequest cmdlet in
the Exchange Management Shell4. Verify that the move is finished5. Sign in to the target forest with a moved
account and check the mailbox contentConsider new features of batch move architecture
Considerations for Cross-Forest Mailbox Moves
•The moving process depends on network connection bandwidth• Impact of mailbox moves:• The on-premises mailbox is soft deleted• The user account becomes mail-enabled• Distribution list memberships are not affected• Delegate and folder permissions are migrated• Send As and Full mailbox permissions are migrated if they are applied directly to the mailbox
•Cached mailboxes are preserved and do not need to be resynchronized
Demonstration: Moving Mailboxes Between Forests
• In this demonstration, your instructor shows you how to move mailboxes between forests
Recommendations for Implementing Cross-Forest Mailbox Moves
•Consider importing and exporting PST files in small and legacy organizations •Back up the AD DS and Exchange server •Consider using identity management software •Be aware of ADTM limitations• Implement publicly trusted certificates on the Client Access servers•Adjust the value of MaxMRSConnections •Use batch moves if you move a large number of mailboxes
Lab: Implementing Messaging Coexistence
Exercise 1: Implementing Message Routing Coexistence• Exercise 2: Migrate User MailboxesVirtual machines
20342A-LON-DC120342A-LON-CAS120342A-LON-CAS220342A-LON-MBX120342A-LON-CL120342A-TREY-DC120342A-TREY-EX1
Logon informationUser Name Adatum\AdministratorPassword Pa$$w0rd
Estimated Time: 60 minutes
Lab Scenario
A. Datum has purchased Trey Research and is exploring options for implementing coexistence with Trey Research’s messaging organization. Trey Research is currently running Exchange Server 2010 in a separate Exchange Server organization. The A. Datum management team has not yet finalized how to integrate the business units, but it wants to explore how the messaging organizations can be integrated. As a proof of concept, you need to configure messaging coexistence between the two Exchange Server organizations. You also need to evaluate the process for migrating mailboxes from Trey Research to the A. Datum Exchange Server 2013 servers.
Lab Review
If you are using the internal public key infrastructure (PKI) to issue certificates in both Exchange organizations, why do you need to set up a certification authority (CA) cross-forest trust before you establish a relationship between the organizations?•Why is the user object that is copied from the source domain in a disabled state?
Module Review and Takeaways
Review Questions
Best Practice•Common Issues and Troubleshooting Tips