Migrating a small organization from Exchange 2010 to Exchange 2016 (Part 4)

If you would like to read the other parts in this article series please go to:

Completing Post Installation Configuration

Configuring Receive Connectors

We’ll need to ensure that the same settings are applied to Receive Connectors on Exchange 2016 as per Exchange 2010. Default and Client connectors are already created and do not typically need to be altered. The defaults for Exchange Server 2016 allow email from the internet or spam filter to be delivered without adding an additional permission.

Many organizations do allow users to relay mail through Exchange from application servers, so we will use this as an example to illustrate how the process is slightly different when compared to Exchange 2010.

To begin, launch the Exchange Admin Center and navigate to Mail Flow>Receive Connectors and after selecting the Exchange 2016 server from the list, then choose Add (+) to create a new Receive Connector:

Figure 1: Creating a new Receive Connector

On the first page of the wizard, enter the name for the receive connector. For consistency we’ve specified the server name after entering Anonymous Relay.

Select Frontend Transport as the role and choose Custom as the type:

Figure 2: Naming the connector and specifying core options

On the next page, we’ll be provided with the opportunity to specify Network Adapter Bindings – the IP address and TCP/IP port that the receive connector will listen on. Our example receive connector will listen on the standard port for SMTP, port 25:

Figure 3: Leaving TCP/IP listener settings as default

On the final page of the wizard, we’ll choose which IP addresses that the receive connector will accept mail for.

This allows multiple receive connectors to listen on the same TCP/IP port and IP address and perform an action depending on the remote IP address of a client.

As an example, if our anonymous connector on Exchange 2010 only allowed mail relay from the IP addresses, we’ll specify that range here:

Figure 4: Specifying IP addresses that can use this connector

After completing the wizard, we will then open the new Receive Connector’s properties page by selecting it from the list, then choosing Edit, as shown below:

Figure 5: Editing connector settings after creation

In the Exchange Receive Connector window, select the Security tab. Then within the Authentication section select Externally secured to indicate our anonymous relay is from secure IPs; then under Permission Groups, choose Exchange Servers and Anonymous users:

Figure 6: Allowing anonymous relay

Moving Default Mailbox Databases

We will move the initial database created by Exchange Server 2016 setup and make it our first Mailbox Database.

To perform this action, we will perform a two-step process using the Exchange Management Shell.

First, launch the Exchange Management Shell and use the following command to rename the database to DB01:

Get-MailboxDatabase -Server <Server> | Set-MailboxDatabase -Name DB01


Figure 7:
Renaming the default database

In the example above you’ll see that by executing the Get-MailboxDatabase cmdlet before making the change we see its default name – “Mailbox Database” with a random suffix. After making the change, the name is changed to something more appropriate.

With the database name changed, it still remains in the same location. Move both the Database file and the associated log files to their respective final destinations using the Move-DatabasePath cmdlet with the -EdbFilePath and -LogFolderPath parameters:

Move-DatabasePath -Identity DB01 -EdbFilePath C:\ExchangeDatabases\DB01\DB01.EDB -LogFolderPath C:\ExchangeDatabases\DB01_Log


Figure 8: Moving the default database path

When moving the database, it will be dismounted. The files will then be moved to the new location and the database and log locations updated in Active Directory. Finally the database will be re-mounted.

Creating Additional Mailbox Databases

Next, create additional Mailbox Databases to match our design specifications. We can create the mailbox databases using either the Exchange Admin Center or the Exchange Management Shell.

In this example we will use the Exchange Management Shell, which for a larger number of databases will be faster and more accurate.

The cmdlets used are New-MailboxDatabase, Restart-Service, Get-MailboxDatabase and Mount-Database.

In the example shown below we will use the first cmdlet to create the databases, restart the Information Store to ensure it allocates the correct amount of RAM, then after retrieving a list of all databases we will ensure they are mounted:

New-MailboxDatabase -Name DB02 -Server <Server> -EdbFilePath C:\ExchangeDatabases\DB02\DB02.EDB -LogFolderPath C:\ExchangeDatabases\DB02_Log


New-MailboxDatabase -Name DB03 -Server <Server> -EdbFilePath C:\ExchangeDatabases\DB03\DB03.EDB -LogFolderPath C:\ExchangeDatabases\DB03_Log


New-MailboxDatabase -Name DB04 -Server <Server> -EdbFilePath C:\ExchangeDatabases\DB04\DB04.EDB -LogFolderPath C:\ExchangeDatabases\DB04_Log


Restart-Service MSExchangeIS


Get-MailboxDatabase -Server <Server>| Mount-Database


Figure 9: Creating additional databases

Configuring Mailbox Database Settings

After we have moved our first Mailbox Database and created our additional mailbox databases, we will now need to configure each database with the correct limits.

The limits chosen for our example environment are shown below, along with retention settings for mailboxes:

Warning Limit – 4.8GB

Prohibit Send Limit – 4.9GB

Prohibit Send/Receive Limit – 5GB

Keep Deleted Items for (days) – 14

Keep Deleted Mailboxes for (days) – 30


It’s possible to configure this using the Exchange Admin Center, but for multiple databases, use Exchange Management Shell to ensure consistency. Using a combination of the Get-MailboxDatabase cmdlet and Set-MailboxDatabase cmdlet make the changes, using the values from the table above:

Get-MailboxDatabase -Server <Server> | Set-MailboxDatabase -IssueWarningQuota 4.8GB -ProhibitSendQuota 4.9GB -ProhibitSendReceiveQuota 5GB -DeletedItemRetention “14:00:00” -MailboxRetention “30:00:00”


Figure 10: Updating mailbox database settings

Preparing for Exchange 2016 Migration

Testing base functionality

Before we can move namespaces and mailboxes across to Exchange Server 2016 we need to test that the new server is fully functional.

We’ll start by creating a test mailbox to use on Exchange 2016. To do this, navigate to the Exchange Admin Center and within Recipients choose Add, then User Mailbox:

Figure 11: Creating a test mailbox

There is no prescriptive name for a basic test account, so enter suitable unique and identifiable details:

Figure 12: Specifying test mailbox settings

After creating our test mailbox we’ll now need to test that they are functional from a client perspective.

Navigate to OWA via the server’s name. As a minimum test mail flow works correctly between our new Exchange 2016 test user and existing Exchange 2010 users.

Figure 13: Testing OWA and other services

Updating Exchange 2010 Virtual Directory URLs

Exchange 2016 supports acting as a proxy for Exchange 2010 services. This means that it is easy to allow Exchange 2010 and Exchange 2016 to co-exist using the same URLs.

We decided earlier in this guide that we would use the same names for both Exchange 2016 and 2010.

It is now time to move the autodiscover.goodmanindustries.com and mail.goodmanindustries.com names across from Exchange 2010 to Exchange 2016.

This, along with the respective DNS / firewall changes, will result in HTTPS client traffic for Exchange 2010 going via the Exchange 2016 server.

We will update our core URLs for Exchange 2010 to remove the ExternalURL value. We’ll also enable Outlook Anywhere, configuring it with the HTTPS name that will move to Exchange 2016.

To do this we will login to the Exchange 2010 server and launch the Exchange Management Shell. Enter the following PowerShell commands, substituting the $Server and $HTTPS_FQDN variables for appropriate values.

$Server = “EX1401”


$HTTPS_FQDN = “mail.goodmanindustries.com”


Get-OWAVirtualDirectory -Server $Server | Set-OWAVirtualDirectory -ExternalURL $null


Get-ECPVirtualDirectory -Server $Server | Set-ECPVirtualDirectory -ExternalURL $null


Get-OABVirtualDirectory -Server $Server | Set-OABVirtualDirectory -ExternalURL $null


Get-ActiveSyncVirtualDirectory -Server $Server | Set-ActiveSyncVirtualDirectory  -ExternalURL $null


Get-WebServicesVirtualDirectory -Server $Server | Set-WebServicesVirtualDirectory  -ExternalURL $null


Enable-OutlookAnywhere -Server $Server -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName $HTTPS_FQDN -IISAuthenticationMethods NTLM, Basic


Figure 14: Updating Exchange 2010 URL and Outlook Anywhere configuration

From a client perspective this should not have any immediate effect. The Exchange 2016 server will provide External URL values via Autodiscover, but in the meantime client traffic will still be directed at the Exchange 2010 staging server.

Updating Internal DNS records and switching external HTTPS connectivity

To direct traffic internally at the Exchange 2016 server we need to change internal DNS records so that both the Autodiscover name and HTTPS namespace (in our case, mail.goodmanindustries.com) are configured with the IP address of the new Exchange 2016 server.

On a server with access to DNS Manager, such as an Active Directory domain controller, update both records from the IP address of the Exchange 2010 server to the Exchange 2016 server:

Figure 15: Updating internal DNS entries

Clients will not be immediately redirected to use the Exchange 2016 server as the proxy for client access, and instead will do so once their cached records expire. As soon as clients can access the server retry login and client access to ensure no issues exist.

If internal access works without issue, update the external HTTPS publishing – which in our example organization is a NAT rule configured via the router.


In part four of this series, we’ve completed the post-install configuration and began preparation for the migration. Base functionality has been tested and we have updated records to direct client access to the server. In the next part of this series we’ll begin by updating mail flow.

If you would like to read the other parts in this article series please go to:

34 thoughts on “Migrating a small organization from Exchange 2010 to Exchange 2016 (Part 4)”

  1. On Part 4, updating the Exchange 2010 Virtual Directory URLs, When running the last command, Enable-OutlookAnywhere -Server $Server -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName $HTTPS_FQDN -IISAuthenticationMethods NTLM, Basic
    I get the following error:
    The virtual directory ‘Rpc’ already exists under ‘FNSSERVER.feedns.local/Default Web Site’.
    Parameter name: VirtualDirectoryName
    + CategoryInfo : InvalidArgument: (FNSSERVER\Rpc (Default Web Site):ADObjectId) [Enable-OutlookAnywhere],
    + FullyQualifiedErrorId : 78452C6B,Microsoft.Exchange.Management.SystemConfigurationTasks.EnableRpcHttp

    1. I guess this should be

      Set-OutlookAnywhere -Server $Server -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName $HTTPS_FQDN -IISAuthenticationMethods NTLM, Basic

  2. Every guide for creating a receive connector has had the same “use defaults” listed and it has never worked for me. It breaks the transport service because multiple connectors are attempting to listen on the same port apparently. If I change it from 25 to 2526 as an example and restart Transport role mail starts flowing normally again. Still not sure why this is but it has always been like this for me.

  3. Enable-OutlookAnywhere -Server $Server -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName $HTTPS_FQDN -IISAuthenticationMethods NTLM, Basic

    Gives an error. A positional parameter cannot be found that accepts argument ‘=ISSAuthenticationMethods’

  4. Your guide is great! I just have one question. You stated you were setting up 4 databases and a recovery. What were the 4 databases for and how do you set up the VSS and Recovery drive?

  5. Steve Goodman


    The four databases are for mailboxes and based on the output of the Exchange role calculator and to ensure we make good use of the Exchange Standard edition licence to spread mailboxes across DBs, whilst leaving the potential to add one more database for maintenance.

    The recovery disk is unused until a recovery is required. The VSS configuration will depend on the backup software you use and may be automatically managed and configured by that software.



  6. Hi Steve,
    We currently have Exchange 2010 installed on Windows Server 2008 R2. This is also our Domain Controller. It is time for us to upgrade and/or migrate but read somewhere that once Exchange is installed it is very hard to upgrade Windows.
    So my sort of plan would be to create a new Windows 2016 server and install Exchange 2016 and migrate mailboxes from Exchange 2010 server.
    However, one other complication is that client would like this new server in the cloud at AWS. The existing servers are HyperV and for a single domain. So the complication is do we also move the Domain Controller to AWS or attempt to split the DC to its own server at AWS which I understand is best practice.
    I wondered if you had any thoughts on this.

  7. Regarding the error in the first comment; this is because Outlook Anywhere is still enabled on Exchange 2010 and the command is telling it to be enabled again. Open the EMC on 2010, navigate to Server Configuration on the left then Client Access, and on the right click “Disable Outlook Anywhere”. Then try running the command again, it should work this time with the new settings.

  8. Hi, after step 4 : Updating Exchange 2010 Virtual Directory URLs : Enable-OutlookAnywhere -Server $Server -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName $HTTPS_FQDN -IISAuthenticationMethods NTLM, Basic

    If first receive an error that the RPC connection allready exists.

    and after updating the DNS records from mail.

    I am unable to get the Outlook clients connected to the new mailserver 2016. it constantly asks for credentials and is unable to start outlook.

    I think this can also be because the first IT provider has called the exchange 2010 server “mail”.
    after changing the A records Mail. the new 2016 server loses connection with 2010.

    any tips? can i rename the old server without any problems? so i can easily change the A record?

  9. Same here.
    Changed Exchange 2010 Outlook Anywhere external host mail.domain.com => autodiscover.domain.com. Now Outlook client works from outside.

  10. Hi Steve,
    What namespace do you have configured for CAS Array object for Exchange 2010? If you use one of the two mentioned (mail.domain.com and autodiscover.domain.com), what will happen with RPC connection for Exchange 2010 Outlook Users when you update both DNS records to redirect traffic to Exch2016?

  11. Great article. The enviornment I am currently working on is very similar to the example here: one single Exchange 2010 server handling all roles. Now I have followed the instruction to have the first Exchange 2016 server installed. I created a new database in Exchange 2016 and also create a new mailbox there. When launch outlook, it can automatically find my mailbox on exchange 2016 and configure it to run. However I found all emails I sent from 2016 mailbox to 2010 mailbox were simply not delivered. Nothing coming in 2010 mailbox. Then I tried to send email from 2010 to 2016, suprisely the 2016 mailbox can’t be solved in outlook connected with 2010. The 2016 mailbox not showing in the reciepient list. However in outlook connected with 2016 server, I can see it in the list. I also tried to use delivery report on exchange 2016 server, but I got error as this “400 Outlook Web App Options :(” Any suggestion? Thanks!

  12. James, Thomas,

    I was having similar issues with sending mail from recipient on 2010 to newly-created recipient on 2016. I removed the “Anonymous Receive Connector” on 2016 and the emails successfully delivered to the newly-created recipient’s mailbox on Exchange 2016.

    1. I too have never been able to get that working. I use port 2526 for it and it works fine. I think it has to do with how Exchange binds to IP’s.

  13. “We’ll also enable Outlook Anywhere, configuring it with the HTTPS name that will move to Exchange 2016.”

    Can someone explain how enabling Outlook Anywhere on the 2010 server, enables it on the 2016 server?

  14. Martin Painter-Sims

    Hi Steve,

    Great guide, really easy to follow.

    I have been stuck for the last few days getting 2 way communication from and to a 2016 and 2010 test mailbox. I believe it is something to do with the receive/ send connectors, however I have tried restoring these back to the defaults and had no luck.

    Sorry I know you must get lots of questions but if you could help it would be a lifesaver and it looks like from the other comments other people are having the same problem.



    1. Martin Painter-Sims

      This turned out to be a internal DNS issue. Removing references to external DNS servers on both servers resolved the issue.

  15. In Exchange 2016, is there a way to restrict OWA access to users by location and AD group? Basically, we only want a small handful of users to access OWA externally when they are not at work by adding them to an AD Group.

    In Exchange 2010, we could do this by adding the following code to the basicmessageview.aspx and startpage.aspx files to get this to work.

    However, the startpage.aspx doesn’t seem to exist in Exchange 2016 and changing the basicmessageview.aspx file doesn’t appear to work.

    Any ideas on if this is possible in Exchange 2016? And if so, how would one go about it?


  16. Hi,
    I have installed exchange 2016 in co-existence with 2010. But i got stuck here that i can send emails from exchange 2010 mailbox user to exchagne 2016 mail box user. But i when i send emails from exchange 2016 mail box user to exchange 2010 mailbox user, 2010 mail box user is not receiving email. What could be wrong here. Where could be the issue please.

  17. Anthony Johnston

    Same here as Zahoor
    I am able to send email from 2010 users to 2016 internal users..
    I can send email from 2016 user to EXTERNAL..
    but cannot send from 2016 user to any internal user on 2010..
    get the ol error “400 Outlook Web App Options :(” displayed in the queue on 2016 server..

  18. Excellent guide, thank you. I am having trouble sending mail from recipient on old server to the newly created recepeint on Exchange 2016. Anyone face the same or can point me to a possible solution for this issue?

    1. It’s probably old news for you now, but I’m doing this migration and had a similar issue. I checked the receive connector on Exchange 2010, then added a new receive connector to accept internal traffic from the Exchange 2016 server. Everything started working.

  19. I am having the same exact problem of not being able to send from newly created users in 2016 to existing users in 2010; but not vice versa. I can’t seem to figure this out. Any suggestions as to what might be occuring?

  20. A very helpful article. One thing we found, which there may be a fix is that changing the DNS for internal purposes broke the export and import of public folders.

  21. With mail still flowing through 2010 Exchange, and prior to changing DNS records should activesync work on a mailbox that is on the 2016 exchange.

  22. I have used this guide to migrate at least 5 different environments from exchange 2010 to 2016 so far, some tweaks here and there as the prerequisites in the latest CU19 are different to those for RTM (now requires .net 4.8 for example) but this is obvious when attempting the initial install.

    For those struggling with mail flow between Exchange 2010 and 2016 this is common and usually has to do with the receive connectors but to find out exactly I’d recommend opening the Exchange tools on both exchange servers and viewing the mail queues. Most of the time if mail is not going one way or the other it’ll be stuck in one of the queues and there should be an error message on there explaining what the issue is, making it easier to troubleshoot.

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top