Pepuri Server world Eng Version

Previous Post:

2024.12.17 - [Exchange] - Exchange Server 2019 Deployment (1): Installation (CU14, Nov24SU / Based on Windows Server 2022)

 

This time, following the installation, we will cover the basic configuration steps.

 

https://youtu.be/q0pk7JZlKlI

 

 

Step 1: Configure Send Connector (Must)

While receiving emails is possible without additional configuration, sending emails requires the Send Connector to be set up.

 

Mail flow -> send connectors -> New (+)

 

 

Specify the Connector Name -> Select Type: Internet -> Click Next.

 

 

Next

 

 

Add

 

 

Specify the FQDN (*)-> Save

 

 

Next

 

 

Click Add -> Specify the Source Server -> Click Finish.

 

 

Verify that the Send Connector has been successfully created.

 

 

Access https://localhost/owa, log in, and send a test email.

(As of the date written, emails can be sent to Outlook.com without registering an SPF record.) -> Verify the receipt of the email.

 

 

Step 2: Configure Virtual Directories (Recommended)

To enable connections from various clients like Outlook, proceed with configuring the virtual directories.

 

Run the Exchange Management Shell.

#Enter the URL to be used commonly across the virtual directories.
$url = "https://mail.wingtiptoys.kr"
$autodiscover = "https://autodiscover.wingtiptoys.kr"
 
#Set the Virtual Directory internal and external URLs to be identical.
#ECP
Get-EcpVirtualDirectory | Set-EcpVirtualDirectory -InternalUrl "$url/ecp"  -ExternalUrl "$url/ecp" 
#EWS
Get-WebservicesVirtualDirectory | Set-WebservicesVirtualDirectory -InternalUrl "$url/ews/Exchange.asmx"  -ExternalUrl "$url/ews/Exchange.asmx" 
#MAPI
Get-MapiVirtualDirectory | Set-MapiVirtualDirectory -InternalUrl "$url/mapi"  -ExternalUrl "$url/mapi"
#EAS
Get-ActiveSyncVirtualDirectory | Set-ActiveSyncVirtualDirectory -InternalUrl "$url/Microsoft-Server-ActiveSync"  -ExternalUrl "$url/Microsoft-Server-ActiveSync"
#OAB
Get-OabVirtualDirectory | Set-OabVirtualDirectory -InternalUrl "$url/oab"  -ExternalUrl "$url/oab"
#OWA
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -InternalUrl "$url/owa"  -ExternalUrl "$url/owa"

#Autodiscover
Get-ClientAccessService | Set-ClientAccessService -AutodiscoverServiceInternalUri "$autodiscover/autodiscover/autodiscover.xml"

#Run the following commands on each server.
IISReset

 

Step 3. Accepted Domain

If you create a domain like Corp. or .local in a test environment, you must add an accepted domain for the actual receiving address.

Go to Mail flow -> Accepted domains -> Click + (Add).

 

 

Add the domain.

 

 

Step 4. Modify Email Address Policies

To ensure that newly created mailboxes are automatically assigned to the added domain, you need to modify the Email Address Policies.

 

Mail flow -> email address policies -> Default Policy

 

 

Go to Email address format -> Make the necessary modifications.

 

 

Modify the Email Address Parameters.

 

 

Save

 

 

Step 5: DNS Configuration (Must)

Add the values for Autodiscover, OWA, SPF, and MX records to both the internal and external DNS servers. (Refer to the video for detailed instructions.)

 

Example: Internal DNS

 

Example: External DNS

 

 

Step 6: Install Certificates (Must)

Initially, certificate requests were created through the Exchange Server UI, but recently, I’ve been using the Tool provided by Digicert for its simplicity.

In practice, most of the process is typically handled by the certificate provider.

 

Create CSR

 

 

I purchased a Multi SAN (Subject Alternative Name) certificate and have written this guide based on that.

 

 

 

Copy the CSR

 

 

Proceed with the issuance process on the certificate provider’s website where you purchased the certificate.

 

 

For domain verification, you can either proceed with the DNS verification process or:

 

 

Verify the domain by receiving an email and completing the authentication process.

 

 

Import the issued certificate into the server.

 

 

Specify the certificate file.

 

 

Specify a name -> Click Finish.

 

 

Verify that the certificate has been successfully installed.

 

#View the installed certificate.
Get-ExchangeCertificate
#Certificate Binding
Enable-ExchangeCertificate -Thumbprint <Thumbprint> -Services IIS,SMTP -DoNotRequireSsl
#Restart the IIS service (requires running Exchange Management Shell with administrative privileges).
IISReset

 

 

Verify that the certificate has been correctly applied by accessing the Exchange Server from both internal and external networks.

 

 

Step 7. Manage Database (Optional)

In a company environment, it is uncommon to keep the database location and the installation path the same. Let's move it to the D drive.

 

First, navigate to Servers -> Databases to check the default database name.

 

 

Perform this process on each server.

#Change Database Name
Get-MailboxDatabase -Identity "old DB name"|Set-Mailboxdatabase -Name "New DB name"
#Change the database path
Move-DatabasePath "New DB name" -EdbFilePath "D:\EDB01\EDB01.edb" -LogFolderPath "D:\EDB01\"

 

 

You can verify that the .edb and log files have been moved to the specified path.

 

 

Check the updated information in the Admin Center.

 

 

Since the log files of the database can grow significantly, it is recommended to enable circular logging if you are not using a backup solution.

 

Servers -> databases -> maintenance -> Enable circular logging

 

 

Step 8. Enable and change the path for mail flow logging (Optional).

Only certain areas of logs related to SMTP are enabled by default.

For Mail Flow analysis, it is recommended to activate the relevant logs and manage their paths separately.

(Since most logs will be enabled, you can disable them if they take up too much space or are deemed unnecessary.)

 

Change it using the following command:

#Change the location of Exchange Mail Flow Logs.
$path= "D:\ExchangeLogs"

#Frontend Transport Service
Get-FrontendTransportService | Set-FrontendTransportService -ConnectivityLogPath "$path\Frontend\Connectivity" -ReceiveProtocolLogPath "$path\Frontend\ProtocolLog\SmtpReceive" -SendProtocolLogPath "$path\Frontend\ProtocolLog\SmtpSend" -AgentLogPath "$path\Frontend\AgentLog" -DnsLogPath "$path\Frontend\DNSLog" -DnsLogEnabled $true
Get-FrontendTransportService | Set-FrontendTransportService -IntraOrgConnectorProtocolLoggingLevel Verbose
 
#Transport Service
Get-Transportservice | Set-TransportService -ConnectivityLogPath "$path\Hub\Connectivity" -MessageTrackingLogPath "$path\MessageTracking" -IrmLogPath "$path\IRMLogs" -ActiveUserStatisticsLogPath "$path\Hub\ActiveUsersStats" -ServerStatisticsLogPath "$path\Hub\ServerStats" -ReceiveProtocolLogPath "$path\Hub\ProtocolLog\SmtpReceive" -SendProtocolLogPath "$path\Hub\ProtocolLog\SmtpSend" -QueueLogPath "$path\Hub\QueueViewer" -WlmLogPath "$path\Hub\WLM" -PipelineTracingPath "$path\Hub\PipelineTracing" -AgentLogPath "$path\Hub\AgentLog" -DNSLogEnabled $true -DnsLogPath "$path\Hub\DNSLog"
Get-TransportService | Set-TransportService -IntraOrgConnectorProtocolLoggingLevel Verbose
 
#Mailbox Transport Service
Get-MailboxTransportService | Set-MailboxTransportService -ConnectivityLogPath "$path\Mailbox\Connectivity" -ReceiveProtocolLogPath "$path\Mailbox\ProtocolLog\SmtpReceive" -SendProtocolLogPath "$path\Mailbox\ProtocolLog\SmtpSend" -MailboxDeliveryThrottlingLogPath "$path\Mailbox\ProtocolLog\Delivery" -MailboxDeliveryAgentLogPath "$path\Mailbox\AgentLog\Delivery" -MailboxSubmissionAgentLogPath "$path\Mailbox\AgentLog\Submission"
Get-MailboxTransportService | Set-MailboxTransportService -MailboxDeliveryConnectorProtocolLoggingLevel Verbose

#Enable Logging about Send & ReceiveConnector 
Get-SendConnector | Set-SendConnector -Protocollog Verbose
Get-ReceiveConnector | Set-ReceiveConnector -Protocollog Verbose

 

 

Verify the results.

 

 

Step 9. Disable unused Receive Connectors.

If POP3, IMAP, and Outbound Proxy are not being used, disable the connectors listed below.

 

 

Step 10. Change IIS Log Path (Optional).

One of the most resource-intensive areas in Exchange is IIS.

If not managed separately, IIS Logs can consume significant space on the C drive, so it is recommended to manage them in a separate path.

 

IIS Manager - [Server] - Logging

 

 

Make the following changes and apply them.

 

 

IISReset을 진행한 뒤, 아래와 같이 로그가 저장되는 것을 확인합니다.

 

 

Step 11. Configure http to https redirection (Optional)

In most corporate environments, an HTTP (port 80) request is configured to redirect to HTTPS (port 443).

The method for this is detailed in Microsoft’s technical documentation, and the following guide is based on that resource.

Configure http to https redirection for Outlook on the web in Exchange Server | Microsoft Learn

 

Use IIS Manager to remove the Require SSL setting from the Default Web Site.

%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site" -section:access -sslFlags:None -commit:APPHOST

 

 

Use IIS Manager to restore the Require SSL setting for other virtual directories under the Default Web Site.

%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/api" -section:Access -sslFlags:Ssl,Ssl128 -commit:APPHOST
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/aspnet_client" -section:Access -sslFlags:Ssl,Ssl128 -commit:APPHOST
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/Autodiscover" -section:Access -sslFlags:Ssl,Ssl128 -commit:APPHOST
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/ecp" -section:Access -sslFlags:Ssl,Ssl128 -commit:APPHOST
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/EWS" -section:Access -sslFlags:Ssl,Ssl128 -commit:APPHOST
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/mapi" -section:Access -sslFlags:Ssl,Ssl128 -commit:APPHOST
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/OAB" -section:Access -sslFlags:Ssl,Ssl128 -commit:APPHOST
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/owa" -section:Access -sslFlags:Ssl,Ssl128 -commit:APPHOST

 

 

Use IIS Manager to configure the Default Web Site to redirect to the /owa virtual directory. (Enter the actual URL you configured in this command)

%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site" -section:httpredirect -enabled:true -destination:"https://mail.wingtiptoys.kr/owa" -childOnly:true

 

 

Remove HTTP redirection for the sub-virtual directories.

%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/API" -section:httpredirect -enabled:false -destination:"" -childOnly:false
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/aspnet_client" -section:httpredirect -enabled:false -destination:"" -childOnly:false
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/ecp" -section:httpredirect -enabled:false -destination:"" -childOnly:false
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/ews" -section:httpredirect -enabled:false -destination:"" -childOnly:false
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/mapi" -section:httpredirect -enabled:false -destination:"" -childOnly:false
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/owa" -section:httpredirect -enabled:false -destination:"" -childOnly:false
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/powershell" -section:httpredirect -enabled:false -destination:"" -childOnly:false
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/rpc" -section:httpredirect -enabled:false -destination:"" -childOnly:false

 

 

Restart IIS

IISRESET

 

 

If there are multiple production servers, repeat the same process on all servers.

 

How to Verify Functionality:

1. On a client computer, open a web browser and enter the URL:
   http://<ServerName>
2. Verify that the request is redirected to Outlook on the Web (HTTPS) and confirm that you can log in.
3. Open the following URL in the browser:
   http://<ServerName>/owa
4. Check again that the request is redirected to Outlook on the Web (HTTPS) and ensure you can log in successfully.

 

Make sure the port 80 forwarding is set to point to the Exchange server.

 

When you input the following command and press Enter,

 

 

It will be redirected as shown below.

 

 

Step 12. Change Queue Database Location (Optional)

Change the location of the queue database | Microsoft Learn

 

Typically, the Queue Database (Queue DB) is located in the following path:

C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\data\Queue

 

 

When emails accumulate in the queue, the Mail.que file increases in size. If it reaches a level where disk space becomes insufficient, the Transport Service will stop. To prevent such service disruptions in advance, the location of the Queue DB is often changed and managed.

Create a new folder for the Queue DB. (In the test environment, it was set to the D drive, but in a production environment, it is recommended to use a location separate from the database.)

 

 

Run the Command Prompt as an administrator.

Execute the following command:

Notepad %ExchangeInstallPath%Bin\EdgeTransport.exe.config

 

 

Locate the following path:

<add key="QueueDatabasePath" value="<LocalPath>" />

<add key="QueueDatabaseLoggingPath" value="<LocalPath>" />

 

Make the following changes -> Save:

<add key="QueueDatabasePath" value="D:\Queue" />

<add key="QueueDatabaseLoggingPath" value="D:\Queue" />

 

 

Restart the Microsoft Exchange Transport Service.

 

 

You can verify the changes as shown below.

 

Step 13. Specify the Offline Address Book (OAB) (Optional)

Assign the Offline Address Book (OAB) to each database.

 

This concludes this post. When delving into details, each item has its own prerequisites. If the opportunity arises, I will cover each topic in greater detail.

Previous Post: 

2024.12.15 - [Windows Server] - Windows Server 2025. Configure Active Directory(AD) Domain Controller(DC)

 

Following the Domain Controller configuration, this time I will cover configuring Exchange Server 2019 on Windows Server 2022. It appears that Windows Server 2025 will be supported starting with CU15.

 

The VM environment is as follows:

DC: Windows Server 2025, 4 Core, RAM: 4GB

EX: Windows Server 2022, 8 Core, RAM: 10GB, Exchange Server 2019 CU12

 

This was written based on the following resources.

Exchange Server prerequisites, Exchange 2019 system requirements, Exchange 2019 requirements | Microsoft Learn

 

https://youtu.be/OV9L2GOKe2U

 

 

[Step 1] Pre-configuration

Create a service account to be used for Exchange Server.

 

 

Assign the Enterprise Admins and Schema Admins permissions to the service account.

 

 

Join the server to the Active Directory (AD) using the service account.

 

 

Run Netplwiz.

 

 

Grant Administrator permissions to the service account.

 

 

[Step 2] Virtual Memory Configuration

Since virtual memory can impact performance, it is highly recommended to set it to a fixed size.

 

System -> Advanced system settings -> Advanced -> Settings

 

 

Advanced -> Change

 

 

Specify the virtual memory size -> Click Set -> Click OK.

 

According to the 2019 technical documentation, virtual memory is recommended to be set to 25% of the configured RAM, likely because the minimum recommended RAM is 128GB.

(However, in a test environment, it is recommended to set it to RAM + 10MB.)

 

 

OK

 

 

Restart Now

 

 

[Step 3] Install Required Features and Roles

Install the following prerequisite components.

Visual C++ Redistributable Package for Visual Studio 2012

Download Visual C++ Redistributable for Visual Studio 2012 Update 4 from Official Microsoft Download Center

 

Visual C++ Redistributable Package for Visual Studio 2013

Update for Visual C++ 2013 Redistributable Package - Microsoft Support

 

Unified Communications Managed API 4.0 Runtime

Download Unified Communications Managed API 4.0 Runtime from Official Microsoft Download Center

 

 

Right-click on the Start button -> Run PowerShell as Administrator.

 

 

Install the required features and roles using the command below:

Install-WindowsFeature Server-Media-Foundation, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS, Failover-Clustering

#Failover-Clustering is required when configuring a Database Availability Group (DAG).

 

 

 

Click the link below to install the IIS URL Rewrite Module.

IIS URL Rewrite Module

 

 

[Step 4] Installation Process

Download the latest Cumulative Update (CU) for Exchange Server 2019 from the Build Number page linked below.

(Note: Security Updates (SU) should be applied after installing the CU.)

Exchange Server build numbers and release dates | Microsoft Learn

 

 

Run Setup from the installation disk or image.

 

 

Don’t' check for updates right now -> next

 

 

Next

 

 

Check the second option -> Click Next.

 

 

Don't user recommended settings -> Next

 

 

Mailbox role -> Next

 

 

Specify the installation path -> Click Next.

 

 

Enter the Organization Name -> Click Next.

 

 

Next

 

 

Install

 

 

Proceed with the installation process.

 

 

Installation complete.

 

 

[Step 5] Install SU (Security Update)

SU is a Security Update that must be installed after the Cumulative Update (CU).

Download the latest SU from the Build Number Page.

 

 

Proceed with the installation -> Click Next.

 

 

I accept the License Terms -> Next

 

 

The installation is in progress.

 

 

Finish

 

 

Click Yes -> The system will reboot.

 

 

Run the Exchange Admin Center (EAC).

 

 

Advanced

 

 

Click Continue to localhost (unsafe).

 

 

Sign in using the service account.

 

 

Verify that the connection is successful.

 

 

In the Servers menu, check the Build Number to confirm the version.

 

 

In the next post, I will cover the initial configuration steps.

I am starting my blog in English for the first time.

The purpose is to make it easier to use commands or scripts provided in the videos on YouTube.

The topic for this week is Cross-tenant Mailbox Migration.

I have carried out the process in the simplest Only Cloud environment, and I will cover Azure AD Sync and Exchange Hybrid scenarios later. To understand the principles of Migration, you need to understand the principles of Migration in Exchange Server. I will update this part later.

 

https://youtu.be/dNLLk-WNu24

 

 

I have referred to the following technical documentation to write this.

Cross-tenant mailbox migration - Microsoft 365 Enterprise | Microsoft Learn

 

Migration Scenario Diagram

 

 

[Test Environment]

Source Tenant

Tenant: M365x47686041.onmicrosoft.com

Custom domain: wingtiptoys.kr

 

 

Target tenant

Tenant: M365x79002307.onmicrosoft.com

Custom domain: tailspintoys.kr

 

 

Since it is a tenant environment, there is no process for assigning cross-tenant migration licenses.

Without the appropriate license, migration is not possible, so we conducted the test using a shared mailbox.

 

 

Step 1. Prepare the target (destination) tenant by creating the migration application and secret

 

 

Access https://entra.microsoft.com (Target Tenant) -> search for "app registrations" -> click

 

 

New Registration

 

 

 

Enter the information as shown below and then click Register

 

 

Record it as the AppID of the Target Tenant.

 

 

API Permissions -> Add a permission

 

 

APIs my organization uses -> Office 365 Exchange Online -> Office 365 Exchange Online

 

 

Application permissions -> Mailbox.Migration -> Add permission

 

 

Confirm

 

 

Certificates & secrets -> New client secret

 

Description -> Add

 

 

Copy & Record the Value

 

Enterprise Application -> Click the migration app

 

 

Permissions -> Grant admin for Tenant name

 

 

Accept

 

 

Confirm

 

 

After opening a new browser window, access the following URL: (Source Tenant + App ID)

https://login.microsoftonline.com/contoso.onmicrosoft.com/adminconsent?client_id=[application_id_of_the_app_you_just_created]&redirect_uri=https://office.com

#Example
https://login.microsoftonline.com/M365x85148890.onmicrosoft.com/adminconsent?client_id=d8afba35-2ae3-4b42-89f2-8511bfb42bd2&redirect_uri=https://office.com

 

 

Accept

 

 

Step 2. Prepare the target tenant by creating the Exchange Online migration endpoint and organization relationship

Connect Exchange Online Powershell (Target Tenant)

#Enable customization if tenant is dehydrated
Get-OrganizationConfig | select isdehydrated
Enable-OrganizationCustomization

$AppId = "[guid copied from the migrations app]"

$AppId = "d8afba35-2ae3-4b42-89f2-8511bfb42bd2"

 

 

#Create Migration Endpoint

$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $AppId, (ConvertTo-SecureString -String "[this is your secret password you saved in the previous steps]" -AsPlainText -Force)
New-MigrationEndpoint -RemoteServer outlook.office.com -RemoteTenant "sourcetenant" -Credentials $Credential -ExchangeRemoteMove:$true -Name "[the name of your migration endpoint]" -ApplicationId $AppId

#Sample
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $AppId, (ConvertTo-SecureString -String "1x38Q~7-d-hdD92Ue9Or5A2ilTkO-n7C1p2raaWX" -AsPlainText -Force)
New-MigrationEndpoint -RemoteServer outlook.office.com -RemoteTenant "M365x85148890.onmicrosoft.com" -Credentials $Credential -ExchangeRemoteMove:$true -Name "wingtiptoys" -ApplicationId $AppId

 

 

Looking at the command structure, you can think of the created Migration Application as being connected as follows.

 

 

The endpoint is connected by designating the Remote tenant as the Source tenant.

 

 

#Create Organization Relationship

$sourceTenantId="[tenant id of your trusted partner, where the source mailboxes are]"
$orgrels=Get-OrganizationRelationship
$existingOrgRel = $orgrels | ?{$_.DomainNames -like $sourceTenantId}
If ($null -ne $existingOrgRel)
{
    Set-OrganizationRelationship $existingOrgRel.Name -Enabled:$true -MailboxMoveEnabled:$true -MailboxMoveCapability Inbound
}
If ($null -eq $existingOrgRel)
{
    New-OrganizationRelationship "[name of the new organization relationship]" -Enabled:$true -MailboxMoveEnabled:$true -MailboxMoveCapability Inbound -DomainNames $sourceTenantId
}
---------------------------------------------------------------
$sourceTenantId="a18c909b-006a-404f-8666-c2ccae261bcd"
$orgrels=Get-OrganizationRelationship
$existingOrgRel = $orgrels | ?{$_.DomainNames -like $sourceTenantId}
If ($null -ne $existingOrgRel)
{
    Set-OrganizationRelationship $existingOrgRel.Name -Enabled:$true -MailboxMoveEnabled:$true -MailboxMoveCapability Inbound
}
If ($null -eq $existingOrgRel)
{
    New-OrganizationRelationship "wingtiptoys" -Enabled:$true -MailboxMoveEnabled:$true -MailboxMoveCapability Inbound -DomainNames $sourceTenantId
}

 

 

MailboxMoveCapability is understood as specifying the direction of Cross-Tenant Mailbox Migration.

 

 

Copy the Tenant ID from the Source Tenant

 

 

$sourceTenantId="a18c909b-006a-404f-8666-c2ccae261bcd"

 

 

It appears that the migration direction has been enabled as shown below.

 

 

Step3. Prepare the source (current mailbox location) tenant by accepting the migration application and configuring the organization relationship

It can be understood as granting permissions related to app usage in the Source Tenant as shown below.

 

 

Source Tenant -> Exchange Admin Center -> Create Mail-enabled security

 

 

Enter the name

 

 

Add the mailboxes to be migrated to the specified group.

 

 

Assign address -> Complete creation

 

 

Connect Exchange Online Powershell (Source Tenant)

 

 

Create Organization Relationship for the Source Tenant

$targetTenantId="[tenant id of your trusted partner, where the mailboxes are being moved to]"
$appId="[application id of the mailbox migration app you consented to]"
$scope="[name of the mail enabled security group that contains the list of users who are allowed to migrate]"
   $orgrels=Get-OrganizationRelationship
$existingOrgRel = $orgrels | ?{$_.DomainNames -like $targetTenantId}
If ($null -ne $existingOrgRel)
{
    Set-OrganizationRelationship $existingOrgRel.Name -Enabled:$true -MailboxMoveEnabled:$true -MailboxMoveCapability RemoteOutbound -OAuthApplicationId $appId -MailboxMovePublishedScopes $scope
}
If ($null -eq $existingOrgRel)
{
    New-OrganizationRelationship "[name of your organization relationship]" -Enabled:$true -MailboxMoveEnabled:$true -MailboxMoveCapability RemoteOutbound -DomainNames $targetTenantId -OAuthApplicationId $appId -MailboxMovePublishedScopes $scope
}

 

 

Example

$targetTenantId="27359b9a-645f-424d-b4f2-526903be2546"
$appId="d8afba35-2ae3-4b42-89f2-8511bfb42bd2"
$scope="Migrationgroup"
   $orgrels=Get-OrganizationRelationship
$existingOrgRel = $orgrels | ?{$_.DomainNames -like $targetTenantId}
If ($null -ne $existingOrgRel)
{
    Set-OrganizationRelationship $existingOrgRel.Name -Enabled:$true -MailboxMoveEnabled:$true -MailboxMoveCapability RemoteOutbound -OAuthApplicationId $appId -MailboxMovePublishedScopes $scope
}
If ($null -eq $existingOrgRel)
{
    New-OrganizationRelationship "ToTargetTenant" -Enabled:$true -MailboxMoveEnabled:$true -MailboxMoveCapability RemoteOutbound -DomainNames $targetTenantId -OAuthApplicationId $appId -MailboxMovePublishedScopes $scope
}

 

 

The RemoteOutbound and Inbound relationship settings have been completed through the Organization Relationship settings of each tenant.

 

 

Step 4.  Create MailUser

Check the properties of the migration mailbox in the Source Tenant

Get-Mailbox -Identity user01 |Select-Object PrimarySMTPAddress,Alias,SamAccountName,FirstName,LastName,DisplayName,Name,ExchangeGuid,ArchiveGuid,LegacyExchangeDn,EmailAddresses

 

 

Create a Mail User in the Target Tenant

New-MailUser -MicrosoftOnlineServicesID User01@tailspintoys.kr -PrimarySmtpAddress User01@tailspintoys.kr -ExternalEmailAddress user01@wingtiptoys.kr -Name User01 -DisplayName User01 -Alias User01 

Set-MailUser -Identity User01 -EmailAddresses @{add="X500:Type the LegacyExchangeDN"} -ExchangeGuid "Type the ExchangeGuid"

#In scenarios where the existing domain needs to be completely removed, enter the onmicrosoft.com address and designate it as the target delivery domain.
Set-MailUser -Identity User01 -EmailAddresses @{add="smtp:user01@M365x47686041.onmicrosoft.com"}

 

 

The attributes were created to map as follows.

 

 

Check the migration connection status with the following command.

Test-MigrationServerAvailability -Endpoint "wingtiptoys" -TestMailbox "user01@tailspintoys.kr"

 

 

Step 5. Migration

Migration -> Add Migration batch

 

 

Migration to Exchange Online -> Next

 

 

Cross tenant migration -> Next

 

 

Next

 

 

Select migration endpoint ->Next

 

 

Import CSV file

 

 

Create a CSV with the Target Email Address and proceed with the import.

 

 

Enter target delivery domain

 

 

Save

 

 

Synchronization proceeds as shown below.

 

 

 

After checking the license assignment status, click Complete migration batch. ->

If the migration is complete, remove the batch.

 

 

You can confirm the migrated mailboxes as shown below.

 

 

And the existing Source Mailbox is changed to a Mail User.

Since the External Address is the Target Tenant address, any emails received after the transition will be forwarded to the Target Tenant.

 

 

The overall migration flow is not significantly different from Exchange hybrid or Cross-Forest.