Exchange 2019: Peaceful coexistence with Exchange 2016

Exchange coexistence has been around for a long time. This can be having Exchange 2010 and 2013 in the same environment or Exchange 2010 and 2016 coexisting or Exchange 2013 and 2016 running in the same environment. The process is exactly the same for having Exchange 2016 and Exchange 2019 coexist. Just remember, if you have Exchange 2010 in your environment, you cannot introduce Exchange 2019 until migrations are done to a newer version of Exchange — for example, 2016 — and then decommissioning Exchange 2010.

One of the mistakes made by IT admins is bringing in a new Exchange server and thinking nothing bad will happen. Too often, clients start to get certificate popups on Outlook or get disconnected.

When you plan on bringing in Exchange 2019 into your Exchange 2016 environment, there are a few things that need to be done. Here is a checklist of a few to-do items:

  • Do you have the correct domain controllers to support Exchange 2019?
  • Is your forest and domain level on the correct level to support Exchange 2019?
  • Are you going to be using the same namespace or a new one? For example, are you going to be using mail.domain.com for OWA or webmail.domain.com?
  • If you are going to be using a new namespace, do you have your new SSL certificate or are you using a wildcard?
  • Do you have the hardware to run Exchange 2019?
  • Are your clients running a newer version of Office to support Exchange 2019?
  • Do you have access to download the Exchange 2019 software?
  • Are you going to be installing Exchange 2019 on Server 2019 Core or the GUI?
  • Do you have to use a change advisory board (CAB) to discuss your new changes and agree on timelines and interruption to business and clients?
  • Are you going to be building a highly available solution (DAG) to ensure uptime in your environment?
  • Are you using multiple datacenters or just a single site?
  • Does your underlying infrastructure allow for failover between servers if you need to do maintenance?
  • One of the most important questions: Have you configured your URLs on Exchange to avoid disruption to clients?

These are just a few high-level questions that you need to answer to ensure your senior management is comfortable and also that you can ensure a smooth coexistence.

Domain controllers

Shutterstock

Let’s talk about domain controllers. One thing to note is that you can only upgrade your domain and forest level to the lowest domain controller in your environment. So, if you have Server 2008 R2 domain controllers and Server 2016 domain controllers, for example, you can only upgrade to Server 2008 R2.

To be able to move to a higher domain and functional level, you need to move your FSMO roles to the newer domain controllers and then dcpromo the 2008 R2 ones down.

Once that is done, you need to ensure that Exchange 2016 is on the correct Cumulative Update (CU) to support an upgrade and also to bring in Windows Server 2019 domain controllers. You need to be on a minimum of CU12 for Exchange 2016 to have 2019 domain controllers. Always refer to the Exchange support matrix to see what is supported.

You will notice that you can go up to Windows Server 2016 AD forest functional level when you have Windows Server 2019 domain controllers and Windows Server 2016 domain controllers.

Schema and Active Directory upgrades

When a cumulative update is released, it will advise you on the technical section if there is an update. If you are moving from an early Cumulative Update in Exchange 2016 to the latest one, for example, to support Exchange 2019, there will definitely be an upgrade that needs to be done before you do the installation. Also, running the setup command with the /PrepareAD switch will either create new security groups in Active Directory if the others are missing or corrupt or they will stay unchanged if everything is fine.

Namespace

This is generally a section where most admins find themselves asking that one question: Should I change the namespace or keep the same one? Whether you keep the current namespace like mail.domain.com or webmail.domain.com, you still need to configure your URLs to match what you have on your SSL certificate. More and more admins are going for wildcard certificates as they can change without having to reissue a cert or pay for multiple certs.

Outlook clients

Shutterstock

Outlook will connect to your new Exchange server so when you install a new Exchange server, make sure you get your URLs and SSL certificates done so you do not have unnecessary helpdesk calls for popups on Outlook.

If you are running legacy outlook clients like Office 2007, then it’s time to upgrade to a version that will work with Exchange 2016 and 2019. It does not mean you now need to fork out $$$ for the latest and greatest version, but take a look at when support ends for Office 2016 as an example and make your decision. You might decide in the future to upgrade to Office 365 and depending on the license you choose, you will get the latest version of Office.

Exchange 2019: GUI or Core?

We know that patching has been taken to a new level with all the security loopholes being closed and exploits found in Windows. The big change with Exchange 2019 is that you can install it on Windows Server 2019 core edition. This means you do have less patching to do but you can only manage this server using PowerShell and a browser to login to the Exchange Admin Center (EAC). Some people don’t like working with just a command prompt and prefer the GUI.

Exchange 2019: A hardware beast

Exchange 2019 is not like previous versions where you can run it on lower RAM and CPUs. Exchange 2019 is a beast and if you look at requirements to run this optimally you need at least 128GB of ram and you need CPU power. Exchange 2019 also supports SSD disks so you can have your caching layer on the fast storage to ensure smooth transactions. If you think you are going to get away with running a virtual machine with less than 32GB of RAM, it is not going to work. I tested this in my lab, and 32GB as a lab requirement means warnings upon warnings about services that keep stopping. Make sure you have sufficient processing power and RAM in your hosts to cater to this virtual machine or multiple virtual machines. You don’t want to end up hitting backpressure constantly or having your clients disconnect.

Featured image: Shutterstock

Edward van Biljon

Edward van Biljon is an experienced messaging specialist working in the IT and services industry. He is skilled in WSUS, domain name system, datacenters, printer support, and System Center Configuration Manager (SCCM). He has a background as a strong IT professional and has an international diploma in programming focused on computer programming.

Share
Published by
Edward van Biljon

Recent Posts

5 ways to secure your applications from open-source vulnerabilities

No single tool acts as a silver bullet to slay all open-source vulnerabilities, but using…

2 hours ago

How to securely connect and manage remote workers

Reserve your place now to discover why a fully functional VPN solution can help you…

17 hours ago

Apple iOS contains vulnerability affecting VPN connections

A vulnerability affecting Apple iOS VPN connections could allow outsiders to see things you don’t…

20 hours ago

One hour to better security: How to leverage Azure MFA to secure an existing VPN solution

Deploying a VPN leveraging Azure MFA provides extra security and helps ensure that remote users…

24 hours ago

How one IT pro ramped-up his clients for remote work due to coronavirus

What’s it like being an IT consultant when your clients quickly need to transition their…

1 day ago

On being an MSP during the coronavirus pandemic

COVID-19 has upended everyone’s lives. For IT pros, there is added stress. Here’s how one…

2 days ago