In order to force a proxy scenario, the external URL value for 2007 is set to $null.
The internal URL on 2007 should be configured with https://legacy.domain.com/Microsoft-Server-Active Sync Set-Active Sync Virtual Directory –Identity “Ex2013\Microsoft-Server-Active Sync (Default Web Site)” –Internal URL https://webmail.domain.com/Microsoft-Server-Active Sync –External URL https://webmail.domain.com/Microsoft-Server-Active Sync Outlook Anywhere – (Proxy) All OA connections, both 2007 mailboxes and 2013 mailboxes will now connect via the 2013 CAS.
The first step in the migration process is to update these values so that all users connect to OWA, EAS, and OA via Exchange 2013. OWA – (Redirect) Should be pretty straight forward.
Again, I won’t go into the details of why, but essentially Exchange 2013 can proxy and redirect back to 2007, but 2007 cannot proxy forward to Exchange 2013. When a user whose mailbox still resides on 2007, accesses OWA via the 2013 CAS, they will be redirected back to 2007 via external URL value: https://legacy.domain.com/owa Active Sync – (Proxy) I prefer to force Active Sync to proxy from 2013 to 2007 as some Active Sync devices don’t handle the redirect correctly.
Likewise, when Exchange 2013 is introduced into the environment, the default values are derived from the server FQDN. The configurations that we will make should look something like this: Now, let’s look at some of the configuration.
For Coexistence and interoperability between Exchange 20, these values all need to be changed. NOTE: It should go without saying, but the certificate on the Exchange 2007 server should have been replaced by this time with a certificate that contains legacy.
Introducing Exchange 2013 into an Exchange 2007 environment can be a challenging task.
One of the most overlooked, and least documented topics I see is the proper configuration of URLs for Proxy and Redirection. I wouldn’t worry about that little guy.” Yes, I personally like to test everything prior to making any change to the existing 2007 environment.
This tool can be downloaded from Microsoft and upgraded in-place, in many instances. I will oftentimes move this utility to the same server where I intend to install Exchange 2016.
Microsoft’s official stance regarding hybrid is this: If you remove the last legacy Exchange server from your domain in a hybrid environment, then you should also remove Azure Active Directory Connect (your ability to synchronize passwords to the cloud).
to lose the ability to synchronize local AD passwords and enable self-service password resets. If all you care about is password sync, and you have less than 100 users in your organization, you might consider switching to the Windows Server Essentials Experience password synchronization feature, instead.
For OA to proxy from 2013 to 2007, the IISAuthentication Methods on 2007 must be reconfigured to support both Basic and NTLM.
By default, Exchange 2007 IISAuthentication Methods is set to just Basic. Set-Outlook Anywhere –Identity “Ex2013\Rpc (Default Web Site)” –Internal Hostname webmail.–External Host Name webmail.–External Client Authentication Method Basic –IISAuthentication Methods Basic, NTLM Auto Discover – Both the 20 SCP locator can be configured to point to the Autodiscover URL https://autodiscover.domain.com/Autodiscover/
Exchange 2007 does not support “Negotiate” authentication (See image below).