Things that frequently get forgotten when migrating

Public Folders are not replicated or moved

To replicate public folders:

Use either PFDAVADMIN or Exchange system manager from 2003


  • image 


  • You can set by adding the replication partners on each folder by right click the folder -> properties -> replication tab -> add
  • image
  • Or by right click the folder -> all tasks -> manage settings -> next -> modify list of replica servers -> -> add servers

To move public folder replicas

  • From Exchange Powershell “.\MoveAllReplicas.ps1 -Server <MySourceServer> -NewServer <MyTargetServer>”

Exchange Team Article on the matter

Address Lists are not upgraded

To upgrade all address lists: (Just the default lists)

set-EmailAddressPolicy “Default Policy” -IncludedRecipients AllRecipients
Set-AddressList “All Users” -IncludedRecipients MailboxUsers
Set-AddressList “All Groups” -IncludedRecipients MailGroups
Set-AddressList “All Contacts” -IncludedRecipients MailContacts
Set-AddressList “Public Folders” -RecipientFilter { RecipientType -eq ‘PublicFolder’ }
Set-GlobalAddressList “Default Global Address List” -RecipientFilter {(Alias -ne $null -and (ObjectClass -eq ‘user’ -or ObjectClass -eq ‘contact’ -or ObjectClass -eq ‘msExchSystemMailbox’ -or ObjectClass -eq ‘msExchDynamicDistributionList’ -or ObjectClass -eq ‘group’ -or ObjectClass -eq ‘publicFolder’))}

OAB is not moved or upgraded

  • From Powershell: Move-OfflineAddressBook -Identity <OfflineAddressBookIdParameter> -Server <ServerIdParameter>

Quick and Easy Remote ExchangePowerShell

  1. Configure the powershell virtual directory with basic auth
    1. image
    2. image
  2. Forward 443 through your firewall (or publish with ISA)
  3. Copy this script, change the FQDN to match your server and save as RemoteExchange.ps1
      $usercredential = get-credential
      $pso = new-pssessionoption -skipcacheck -SkipCNCheck -SkipRevocationCheck
      $session= New-PSSession -configuration Microsoft.EXchange -ConnectionUri
      https://FQDN/powershell -credential $usercredential -authentication basic -sessionoption $pso
      import-pssession $session
  4. open powershell and run the script ./RemoteExchange.ps1
  5. Disconnect with “Remove-PSSession $Session”

Note: this script ignores Certificate checks, only use if you can trust the server you are connecting to!

You may need to set the Powershell Execution Policy so you can run the scripts

Set-ExecutionPolicy Unrestricted or Set-ExecutionPolicy RemoteSigned

*Note: you do have to enable remote powershell access for the user

Problem logging into OWA after installing Exchange 2010

(UPDATE: This is resolved by Exchange RU9)

Do you still have have Exchange 2007 and 2010  coexisting in the same environment and after you installed 2010 come users couldn’t access OWA anymore.?

Your getting this error:

“The mailbox you’re trying to access isn’t currently available. If the problem continues, contact your helpdesk”

AND in the application event log you have and Event ID 46 source MSExchange OWA

The issue may be you are trying to us CAS 2010 to CAS 2007 proxy and you don’t have the correct files on the 2010 server.

To resolve

1. From the 2007 Exchange server copy the following folder to 2010:

      “\Program Files\Microsoft\Exchange Server\Client Access\Owa\

Copy the highest numbered folder to the Exchange 2010 Client Access server:

      “\Program Files\Microsoft\Exchange Server\V14\Client Access\Owa”

the 2010 OWA directory should look some thing like this


2. Then run IISRESET from and elevated command prompt

SBS 2008 and RU3 and Outlook Repeat Login Prompt

UPDATE Exchange RU9 is supposed to fix this

On Small Business Server 2008 we have see that if you install RU3 you may start getting repeatedly prompted for log in credentials when opening outlook.

I believe that is because of some additional NTLM security that is put in place which I believe is included with RU3 based on this blurb in the update documentation

“After you install this update, the authentication mode that is set for the Web site at http://companyweb changes from the NTLM authentication to the Kerberos authentication. The reason this change occurs is because we recommend that you use the Kerberos authentication instead of the NTLM authentication.”

The solution I found so far was

  1. Remove RU3 for now.
  2. re-apply the Windows Authentication on the EWS, OAB, and Autodiscover virtual directories
    1. Open Internet information Services (IIS) Manager
    2. Expand the Server -> Sites -> SBS Web Applications
    3. Click on autodiscover -> authentication ->
    4. windows Authentication -> Disable -> enable
    5. Repeat for OAB and EWS virtual directories
  3. restart the server

Note: It may be necessary to add the root exchange URL to the “intranet sites” for on the clients

Tools -> Internet options -> security tab -> Local Intranet -> Sites -> advanced -> add ->


Mail Flow Troubleshooting

Mail flow issues should be troubleshot by first determining what direction the issue

  • Internal to Internal
  • Internal to External
  • External to Internal

MX Record – You need to make sure that the MX record for you domain points to a host record that points to your IP

Example(purely theory): If my IP was and my domain is then I my MX should look something like this

Domain Pref Hostname IP Address TTL 10 60


Make sure the services are running (in order 2003, 2007, 2010)





Email uses port 25(SMTP) primarily for mailflow, you need to be sure that port 25 is forwarded through your firewall to the exchange server
Also if you have (you can test with or Manual SMTP test (below) to verify that you can get to the mail server.

Accepted domains

In order to receive mail to a domain name you need to have that name listed in the  accepted domains (2007\2010)


Email Address Policy (2007\2010)

In addition to the accepted domains you need your users to have the domain address stamped on the users, to do that you need to add it to the Address Policy

(Left is 2010\2007, Right is 2003)image

image image


Next -> Next -> Finish

Active directory lookups

Make sure you can access a Global catalog Domain controller in your site

Also make sure that replication is ok between servers
(Active Directory Sites and Services -> Site Name -> Servers -> ServerName -> NDTS Settings -> Rt Click the connection in the right window and choose “Replicate Now”)

Manual SMTP Testing (Red TXT is typed commands)

Click Start -> run -> CMD (enter)

telnet 25220 Microsoft ESMTP MAIL Service ready at Sat, 19 Dec 20
09 15:57:35 -0600
ehlo Hello []
mail from:
250 2.1.0 Sender OK
rcpt to: administrator@domain.com250 2.1.5 Recipient OK
354 Start mail input; end with <CRLF>.<CRLF>
this is a test
250 2.6.0 <> Queued mail for delivery

Problem after deleting legacy exchange administrative group

To start with you generally do not want to delete it but if you already did…..Start ADSI Edit. In the CN=Configuration container, locate the following container:

CN=Services,CN=Microsoft Exchange,CN=ORGANIZATION,CN=Administrative Groups,CN=administrative_group,

Now we were missing the ‘Folder Hierarchies’ folder – All we have to do is recreate it as follows:
Create the “Folder Hierarchies” under the Exchange Administrative Group

1. Right click on Exchange Administrative Group
2. Select New Object
3. Select msExchPublicFolderTreeContainer for the class and click Next
4. Enter the following for the value: Folder Hierarchies, click Next
5. Click Finish

Create Public Folder Tree Object

1. Right click CN=Folder Hierarchies -> New Object
2. Selected msExchPFTree for the class
3. For the value we entered, “Public Folders” and clicked next
4. Clicked on the “More Attributes” button, selected msExchPFTreeType and set the
value to 1. Note: This is very important that this value is set to a value of 1 as
this tells Exchange that this is a MAPI Tree
5. Click Ok and then finish

Populate msExchOwningPFTreeBL attribute object of the PF Stores in the organization
(Since this attribute is not directly editable, you have to follow the below steps
to do this for each PF store)

1. Get properties of the newly created “Public Folders” Tree object in ADSIEdit.
2. Copy the distinguishedname value to the clipboard and then click cancel.
3. Navigate to the Storage group that contains the Public Folder Store for this
server and get properties of the server database.
4. Locate the msExchOwningPFTree attribute and paste in the value that was copied
to the clipboard in step 2. Click OK.
5. Restart the Information Store Service

Set permissions on the Public Folders

  1. Start ADSI Edit. In the CN=Configuration container, locate the following container:
    • CN=Services,CN=Microsoft Exchange,CN=ORGANIZATION,CN=Administrative Groups,CN=administrative_group,CN=Folder Hierarchies,CN=Public Folders
    • Note In this container, ORGANIZATION is the name of the Exchange Server organization and administrative_group is the name of your administrative group.
  2. Right-click CN=Public Folders, and then click Properties.
  3. Click the Security tab.
  4. Make sure that the Allow inheritable permissions from parent to propagate to this object check box is selected.
  5. Make sure that the Everyone group has the following Allow permissions:
    • Create named properties in the information store
    • Create public folder
    • Create top level public folder
    • If the Allow inheritable permissions from parent to propagate to this object check box is selected, the Everyone group should already have these permissions. Make sure that the Deny check boxes are not selected.
  6. Now try to mount the PF store and see if we can access it fine now.

Exchange Prerequisites Scripts

Exchange 2010 on windows 2008 R2

Copy this to a notepad and save with a .ps1 extension to install pre-req, run From elevated Powershell prompt  – Kudos to Anderson Patricio for the script

or you can get the version that downloads the filter pack from Bhargav

You also need to set the Powershell Execution Policy so you can run the scripts

Set-ExecutionPolicy Unrestricted or Set-ExecutionPolicy RemoteSigned

write-host Exchange Server 2010 – Pre-requisites script
write-host Please, select which role you are going to install..
write-host ‘1) Hub Transport’
write-host ‘2) Client Access Server’
write-host ‘3) Mailbox’
write-host ‘4) Unified Messaging’
write-host ‘5) Edge’
write-host ‘6) Typical (CAS/HUB/Mailbox)’
write-host ‘7) Client Access and Hub Transport’
write-host ‘9) Configure NetTCP Port Sharing service’
write-host ’10) Install 2007 Office System Converter: Microsoft Filter Pack – Only if you are installing Hub or Mailbox Server role’
write-host ’13) Restart the computer’
write-host “Select an option.. [1-13]? ”
$opt = read-host

Import-module ServerManager

switch ($opt)
        1 { Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server }
        2 { Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy }
        3 { Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server}
        4 { Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Desktop-Experience }
        5 { Add-WindowsFeature NET-Framework,RSAT-ADDS,ADLDS }
        6 { Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy }
        7 { Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy }
        9 { Set-Service NetTcpPortSharing -StartupType Automatic }
        10 { Write-warning ‘Download it from here:’}
        13 { restart-computer }
        default {write-host “You haven’t selected any of the available options. “}

Exchange 2010 on windows 2008 R1

Dejan Foro has made a script to install 2010 on 2008 R1

Exchange 2007 on windows 2008 R1

Simon Gallagher has a script for 2k7/R1

Exchange 2007 on windows 2003

Still have to do it manually 😦

MS KBS with prerequisite info