eimagine recently underwent a rebranding which included changing our domain from thinketg.com to eimagine.com. Normally this would require clicking through a multitude of menus and screens, but fortunately this can all be accomplished with Powershell.
Fortunately our setup is fairly simple with a single server hosting the CAS, Mailbox, and Edge roles. The manual portion of the setup was to deploy a Server 2012 R2 VM, installed Exchange 2013 CU 8 (Build 15.0.1076.9), install my public CA wildcard certificate in the Local Machine Personal store, and then run the below Powershell commands from the EMS.
First, I need to grab the thumbprint of my wildcard certificate:
$domainname = "eimagine" get-exchangecertificate | Where Subject -like "CN=*.$domainname.com*"
Copy the thumbprint and insert it below:
$wildcardCertificateThumbprint = '<insert thumbprint here.'
Setup POP and IMAP (if needed):
Set-POPSettings -X509CertificateName pop.$domainname.com Set-IMAPSettings -X509CertificateName imap.$domainname.com
Setup UM and assign the certificate to all Exchange services:
Set-UMService -Identity etgex1 -UMStartUpMode TLS Enable-ExchangeCertificate -Thumbprint $wildcardCertificateThumbprint -Services POP,IMAP,SMTP,IIS #Thumbprint of *.eimagine.com certificate Enable-ExchangeCertificate -Thumbprint $exchangeServerCertificateThumbprint -Services 'UM, UMCallRouter' -Confirm #Thumbprint of etgex1.eimagine.local certificate Restart-Service MSExchangeUM
Enter the old server name and the new server to copy all of the receive connectors:
$OldServer = "exchange-old" $NewServer = "echange-new" [array]$ReceiveConnectors = Get-ReceiveConnector -Server $OldServer | Where {$_.Name -notlike “Default Frontend $($OldServer)” -and $_.Name -notlike “Client Frontend $($OldServer)”} $ReceiveConnectors | foreach { New-ReceiveConnector -Name $_.Name -RemoteIPRanges $_.RemoteIPRanges -bindings $_.Bindings -Banner $_.Banner -ChunkingEnabled $_.ChunkingEnabled -DefaultDomain $_.DefaultDomain -DeliveryStatusNotificationEnabled $_.DeliveryStatusNotificationEnabled -EightBitMimeEnabled $_.EightBitMimeEnabled -DomainSecureEnabled $_.DomainSecureEnabled -LongAddressesEnabled $_.LongAddressesEnabled -OrarEnabled $_.OrarEnabled -Comment $_.Comment -Enabled $_.Enabled -ConnectionTimeout $_.ConnectionTimeout -ConnectionInactivityTimeout $_.ConnectionInactivityTimeout -MessageRateLimit $_.MessageRateLimit -MaxInboundConnection $_.MaxInboundConnection -MaxInboundConnectionPerSource $_.MaxInboundConnectionPerSource -MaxInboundConnectionPercentagePerSource $_.MaxInboundConnectionPercentagePerSource -MaxHeaderSize $_.MaxHeaderSize -MaxHopCount $_.MaxHopCount -MaxLocalHopCount $_.MaxLocalHopCount -MaxLogonFailures $_.MaxLogonFailures -MaxMessageSize $_.MaxMessageSize -MaxProtocolErrors $_.MaxProtocolErrors -MaxRecipientsPerMessage $_.MaxRecipientsPerMessage -PermissionGroups $_.PermissionGroups -PipeliningEnabled $_.PipeLiningEnabled -ProtocolLoggingLevel $_.ProtocolLoggingLevel -RequireEHLODomain $_.RequireEHLODomain -RequireTLS $_.RequireTLS -EnableAuthGSSAPI $_.EnableAuthGSSAPI -ExtendedProtectionPolicy $_.ExtendedProtectionPolicy -SizeEnabled $_.SizeEnabled -TarpitInterval $_.TarpitInterval -Server $NewServer }
Enter the URL you wish to use for all of the web services:
$URLName="webmail.$domainname.com" $ComputerName="eimagine-new" Get-WebServicesVirtualDirectory -Server $ComputerName | Set-WebServicesVirtualDirectory -InternalUrl https://$URLNAME/ews/exchange.asmx -ExternalURL https://$URLNAME/ews/exchange.asmx Set-OWAVirtualDirectory -identity "$computername\owa (Default Web Site)" -InternalURL https://$URLNAME/owa -ExternalURL https://$URLNAME/owa Get-OABVirtualDirectory -Server $ComputerName | Set-OABVirtualDirectory -InternalURL https://$URLNAME/OAB -ExternalURL https://$URLNAME/OAB Get-ECPVirtualDirectory -Server $ComputerName | Set-ECPVirtualDirectory -InternalURL https://$URLNAME/ECP -ExternalURL https://$URLNAME/ECP Get-MAPIVirtualDirectory -Server $ComputerName | Set-MAPIVirtualDirectory -InternalURL https://$URLNAME/MAPI -ExternalURL https://$URLNAME/MAPI -IISAuthenticationMethods NTLM,Negotiate Get-ActiveSyncVirtualDirectory -Server $ComputerName | Set-ActiveSyncVirtualDirectory -InternalURL https://$URLNAME/Microsoft-Server-ActiveSync -ExternalURL https://$URLNAME/Microsoft-Server-ActiveSync Set-OutlookAnywhere -identity "$computername\RPC (Default Web Site)" -ExternalHostname $URLNAME -InternalHostname $URLNAME -InternalClientsRequireSSL $true -ExternalClientsRequireSsl $true -ExternalClientAuthenticationMethod:NTLM Set-ClientAccessServer -Identity $ComputerName -AutodiscoverServiceInternalUri https://$URLNAME/Autodiscover/Autodiscover.xml Set-OutlookProvider expr -CertPrincipalName:"msstd:$URLName"
Setup Office Web Apps:
Set-OrganizationConfig -WACDiscoveryEndpoint https://officewebapps.$domainname.com/hosting/discovery
Run these commands to set up Outlook Web App integration:
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -InstantMessagingEnable $True -InstantMessagingType OCS Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -InstantMessagingEnabled $true –InstantMessagingType OCS
If you have Macs running Office 2016, you will need to add the below key to the registry (see https://support.microsoft.com/EN-US/kb/980436 for more details):
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL] "AllowInsecureRenegoClients"=dword:00000001
Setup Skype for Business/Lync Integration (if applicable):
First, find the thumbprint of the local machine’s domain CA certificate by running:
$sysinfo = Get-WmiObject -Class Win32_ComputerSystem $server = “{0}.{1}” -f $sysinfo.Name, $sysinfo.Domain $serverCertificateThumbprint = get-exchangecertificate | Where Subject -like "CN=$server*" | select Thumbprint $serverCertificateThumbprint
Then add the below 2 lines to C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\Owa\web.config under <appSettings> replacing the thumbprint with the value returned above:
<add key="IMCertificateThumbprint" value="<Local Machine Domain CA Certificate Thumbprint>"/> <add key="IMServerName" value="<Skype Front-End FQDN"/>
Setup the trusted application pool on the Skype Front-end server (requires downtime):
#Run on Skype Front-end as Administrator New-CsTrustedApplicationPool -Identity <Exchange server FQDN> -Registrar <Skype Front-end FQDN> -Site "<Skype Site Name>" -RequiresReplication $False New-CsTrustedApplication -ApplicationId OutlookWebAccess -TrustedApplicationPoolFqdn etgex1.eimagine.local -Port 8081 Enable-CsTopology iisreset C:\Windows\System32\Inetsrv\Appcmd.exe recycle apppool /apppool.name:"MSExchangeOWAAppPool"
Run a final IISRESET on your Exchange server and then your Exchange server will be fully migrated to the new domain name.
Now you’ll need to set the new email address for all of your users by adding the new domain as an accepted domain in Exchange:
New-AcceptedDomain -Name "$domainname" -DomainName $domainname -DomainType Authoritative
Now set the email address policy to use your new domain name (this will overwrite the default policy making the new domain primary and the old domain secondary):
Set-EmailAddressPolicy -Identity 'Default Policy' -Name 'Default Policy' -IncludedRecipients 'AllRecipients" -Priority "Lowest" -EnabledEmailAddressTemplates 'SMTP:@$domainname.com,smtp:@<olddomain>.com'
That’s it!
Please let us know in the comments if you have any questions or need guidance.