Thursday, 10 December 2015

Exchange 2013 to 2016 Migration (Part 3)


In part 2, we discussed Exchange 2013 and 2016 CAS coexistence scenarios and demonstrated how to install the correct certificate on Exchange 2016.

In this part, we’ll configure the virtual directories and outlook anywhere settings on our new Exchange 2016 server and then we’ll change the A records to migrate clients over to the CAS service on Exchange 2016.

To read other parts in this series, go to:

Set virtual directories on Exchange 2016

The service connection point (AutodiscoverServiceInternalUri) has already been set in part 1 after we installed Exchange however there are a number of other services we need to configure so that Exchange pushes out the correct URLs and hostnames to clients in the autodiscover response.

We’ll go through how to set up these services which is all you’ll require:

  • Outlook Anywhere
  • Exchange Control Panel
  • Outlook Web Access
  • Exchange Web Services
  • ActiveSync
  • Offline Address Book
  • MAPI over HTTP

Exchange 2013 is currently configured to use the FQDN for all the above services and we’ll be configuring our Exchange 2016 server to use the same name before we move on to changing the DNS records. 

Set Outlook Anywhere

To set the hostnames used for Outlook Anywhere, use the below command run on a single line. Outlook Anywhere hostnames specify what addresses Outlook connects to.

Get-OutlookAnywhere -Server litex02 | Set-OutlookAnywhere -InternalHostname -InternalClientAuthenticationMethod Ntlm -InternalClientsRequireSsl $true -ExternalHostname -ExternalClientAuthenticationMethod Basic -ExternalClientsRequireSsl $true -IISAuthenticationMethods Negotiate,NTLM,Basic


Set Exchange Control Panel URLs

Get-EcpVirtualDirectory -Server litex02 | Set-EcpVirtualDirectory -InternalUrl -ExternalUrl


Here you can see a warning that we need to change the URLs for OWA to be the same. We’ll move onto this next.

Set Outlook Web Access URLs

Get-OwaVirtualDirectory -Server litex02 | Set-OwaVirtualDirectory -InternalUrl -ExternalUrl


Set Exchange Web Services URLs

Get-WebServicesVirtualDirectory -Server litex02 | Set-WebServicesVirtualDirectory -InternalUrl -ExternalUrl


Set ActiveSync URLs

Get-ActiveSyncVirtualDirectory -Server litex02 | Set-ActiveSyncVirtualDirectory -InternalUrl -ExternalUrl


Set Offline Address Book URLs

Get-OabVirtualDirectory -Server litex02 | Set-OabVirtualDirectory -InternalUrl -ExternalUrl


Set MAPI Virtual Directory

This is only really needed if you have configured Exchange to use MAPI over HTTP. For more information on this, see here.

Get-MapiVirtualDirectory -Server litex02 | Set-MapiVirtualDirectory -InternalUrl -ExternalUrl


Recycle the MSExchangeAutodiscoverAppPool

To force the autodiscover service to use the new URLs immediately, recycle the MSExchangeAutodiscoverAppPool app pool. No downtime is needed for this.


Configure a firewall NAT rule

Open up port 443 from the internet to your new Exchange 2016 server and assign a static one-to-one NAT rule so that your new server has a static public IP that can be used for external client connections.

CAS server migration testing

With Exchange 2013 in our environment, we only used the A record for client connections. was also required by external or non-domain joined clients to retrieve autodiscover settings. Now that we’ve configured our Exchange 2016 virtual directories and Outlook Anywhere settings, we can migrate clients over.

It’s best to test this out with a few clients by adding an A record in their host file to direct them to the new Exchange 2016 server when they go to and To do this, open the hosts file (“C:\Windows\system32\drivers\etc\hosts”) using notepad running as an administrator then add a lines like these to direct and to the IP of your new Exchange server:


Now, restart Outlook, confirm that the client can connect to Exchange without a problem. We can confirm that Outlook is connected to the new Exchange server by opening up Resource Monitor and then clicking on the Network tab. Here we filter TCP connections made by outlook.exe and we see that it is connected to our new Exchange server IP,


Now, we can do some testing. Start with the list below:

  • Access to shared calendars
  • Access to shared mailboxes
  • Send and receive internal and external email
  • Open public folders
  • Download Offline Address Book

Once done, change the hosts file to resolve and to the public IP of your Exchange 2016 server, place the client on an external network and test again to test the same services externally.

When you're done testing, remove the entries from the hosts file.

CAS server migration

Now that testing is complete, you’re ready to change the internal A records for and to resolve to the internal IP for your Exchange 2016 server. 


Once done, log into your public DNS provider and then change the public A records for and to resolve to the public IP of your Exchange 2016 server.


In this post, we have migrated the CAS role from Exchange 2013 to Exchange 2016. We first configured the hostnames and URLs on the Exchange 2016 server then changed the A records used by the clients so that they are now directed to the Exchange 2016 server.
In part 4, we’ll cover how to move mailboxes and public folders from our old Exchange 2013 server to our new Exchange 2016 server. 


  1. This comment has been removed by the author.

  2. Legend. Great info, very helpful indeed. Thanks for this.

  3. good job, plz add that u need also change server in send connector or outgoing mails will go throw old exchange and they will be rejected as spam...

  4. Really good article, It provides the step by step guide to exchange server 2007 sp3and I saw more information about this topic from that helps to migrate any exchange server to exchange server

  5. First, let me say this has been a great help in our Exchange migration. That said, at the end of Part 3 it says to "update the public DNS provider and change the public A records to resolve to the public IP of your Exchange 2016 server". However, since the MX Record points to the A record, doing this will break your email because email will start routing to the new 2016 server, which doesn't have an Internet SMTP connector yet (Part 5).

  6. Excellent write up! In my limited experience, however, I’ve found out that to Convert edb to pst - EdbMails is the best option as it can handle most exchange recovery tasks gracefully. It supports export of mailboxes to PSTs and also has an extensive range of filtering options. It is a forensic recovery that can extract most data from even corrupt or inaccessible exchange databases.It supports public, private folder recovery along with migration to Live exchange and Office 365. Archive mailbox migration is also supported by edbmails

  7. This comment has been removed by the author.

  8. Thanks for the post it was helpful. One thing I had trouble with and this may help others. After changing the hosts file for testing, if your Outlook fails to connect and prompts for a password over and over then it is because you need an SPN with ASA credential for the shared namespace in the coexistence. Take a look at these articles or maybe just turn off Kerberos.

  9. There's nothing in any of your article re: *local* DNS settings during co-existence as relates to the autodiscover & mail records. Could you address that perhaps? We're currently running a split-DNS and I can't find a single article re: what *local* DNS records should be configured for in a co-existence environment. Thanks!