Double-hop public folder migration 2010>2013>O365 RRS feed

  • Question

  • We have a legacy Exchange 2010 SP3 RU26 environment (2 CAS virtual servers, 2 virtual HT servers , 1 physical MBX hosting PF), and Exchange 2013 CU (I think it's 21 or 22) acting as the hybrid connection to Office 365. All of our public DNS records point to the Exchange 2013 server. We've successfully migrated all of our production mailboxes off the Exchange 2010 environment using a hybrid connector pointing to the Exchange 2013 server.

    We need to get the public folders from Exchange 2010 to O365. The 2010 MBX server only ever had the MBX role installed on it, and we've allowed the old certificates on the 2010 CAS servers to expire. The Microsoft documentation on migration E2010 to O365 says the host containing the public folders (the 2010 mailbox role server) must support OutlookAnywhere. My impression is that we'd need to add the CA role to the MBX server, add a certificate, add firewall rules and add additional public DNS entries side-by-side with what we currently have for the 2013 server?

    So O365 support suggested migrating the public folders from on premise 2010 to on premise 2013 hybrid, then migrate from 2013 hybrid to O365 because our public DNS records already point to the hybrid server. They provided this link:

    I asked them the following questions and they said they are not the best resource since they primarily deal with Exchange Online.

    • I don’t see any reference to AutoDiscover on the legacy public folder server, that’s good.     
    • I see verbiage beginning with step 8 about testing with an on premise mailbox (all of our production mailboxes have already been migrated to O365). All of our O365 mailboxes already have access to the 2010 on premise public folders. Are there any special steps needed to ensure they do not lose access after the PFs are migrated to 2013?
    • The same step also mentions permissions for the Anonymous role on the public folders, but if necessary those permissions are there at this time. Are any client permissions going to be lost?
    • Our Exchange 2013 hybrid server was not built with the capacity to store databases. I've added a dedicated LUN to this server to contain the PF mailbox databases, and I need the PF mailbox databases created by the scripts to be created on this specific LUN.  How do I ensure that happens when creating the mailbox databases with powershell in Step 4?

    Thank you!

    Wednesday, May 15, 2019 4:20 PM

All replies

  • Frankly, if I were you, I'd migrate public folders from Exchange 2010 to Exchange Online and skip migrating to Exchange 2013.

    Autodiscover is a CAS function, and it should return the correct pointers to public folders for clients regardless of where the public folders are.

    You could do the client testing from Office 365, I believe.  But there are more potential issues because of the separate organization.  You're actually testing two things, the on-premises upgrade and cross-premises access.

    Client permissions should be preserved.

    You can move the public folder mailboxes afterward if you need to.  You could also move the existing mailbox database to the new LUN.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Wednesday, May 15, 2019 6:23 PM
  • I don't want to take the scenic route, believe me. What I'm not clear on are the specific steps I need to perform to get the autodiscover working from the existing 2010 mailbox server currently hosting the PFs. I can certainly install the CAS role on that server, but what else is needed? Does the connection route from O365 to the hybrid server to the PF server? Do I need to add or configure additional certificates, internal or external DNS entries, more NAT rules on my firewall, etc.? I don't want to have to buy another public certificate and I'm concerned about the additional changes in the environment breaking something else.

    Tangent; I never receive e-mail notifications for replies here, even though the "Alert Me" option is checked below.

    Wednesday, May 15, 2019 7:53 PM
  • Autodiscover can be served by the Exchange 2013 server.

    Exchange 2010 mailbox role servers serving public folders must have the CAS role installed on them for hybrid public folder access to work.  You also need to follow the other instructions to create the mailbox database and access mailbox because you'll specify that mailbox in Exchange Online for access.  The mailbox doesn't need any special permissions or anything like that, it just has to exist and it has to be synced to the cloud.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Wednesday, May 15, 2019 8:24 PM