Texas A&M University



centercenterTexas a&M Information technology | Infrastructure & OperationsTexas A&M UniversityExchange Migration & Administration Guide00Texas a&M Information technology | Infrastructure & OperationsTexas A&M UniversityExchange Migration & Administration GuideTable of Contents TOC \o "1-3" \h \z \u Section I - Service Information PAGEREF _Toc411349083 \h 2Introduction PAGEREF _Toc411349084 \h 2Service Architecture PAGEREF _Toc411349085 \h 2Shared Administrative Model PAGEREF _Toc411349086 \h 2Support Resources PAGEREF _Toc411349087 \h 2Section II – Migration Procedures PAGEREF _Toc411349088 \h 3Migration Overview PAGEREF _Toc411349089 \h 3Planning & Information Gathering PAGEREF _Toc411349090 \h 3Customer Setup PAGEREF _Toc411349091 \h 5Migration PAGEREF _Toc411349092 \h 6Post-Migration Cleanup PAGEREF _Toc411349093 \h 7Ongoing Support PAGEREF _Toc411349094 \h 8Section III – Administration PAGEREF _Toc411349095 \h 10Administration Overview PAGEREF _Toc411349096 \h 10Exchange Management App PAGEREF _Toc411349097 \h 10Exchange Admin Center PAGEREF _Toc411349098 \h 11Additional Information PAGEREF _Toc411349099 \h 13Section I - Service InformationIntroductionThe Texas A&M Exchange Email service (TAMU Exchange) is a centrally funded shared service paid for by the Offices of the President and Provost at Texas A&M University. It is intended for use by faculty, staff, student workers and paid graduate assistants. The service, which consists of Microsoft Exchange and the Lync instant messaging service, is run by Texas A&M Information Technology. Official information about the service can be found at . Information about the email consolidation project can be found at ArchitectureThe TAMU Exchange service is hosted on equipment in the Main and West Campus data centers on the primary campus of Texas A&M University in College Station, TX. The service is set up in a highly available, active/active configuration to maximize utilization and efficiency. Individual components of the service are hosted on both physical and virtual hardware.Shared Administrative ModelOne of the goals in providing a shared service is to consolidate and more effectively utilize resources, both in equipment and personnel. The shared services model provides funding for installation, maintenance, upgrades, service improvement and support of the service. Shared services do not provide adequate funding to completely centralize and replace all levels of support required to provide an enterprise messaging service. Instead, the shared services model relies on cooperation and collaboration between TAMU Exchange administrative staff and IT support personnel at the business unit level. As such, the service was designed from the outset to support federated administration, with some administrative functions reserved for the TAMU Exchange administrative group and other functions delegated to the units IT administrators.Support ResourcesFor information about the email consolidation project or to get on the migration calendar, please email email-transition@tamu.edu. For general support issues that cannot be resolved by unit-level IT staff, please email exchange-request@tamu.edu or contact Help Desk Central at 979.845.8300 or helpdesk@tamu.edu.Section II – Migration ProceduresMigration OverviewThe process of migrating from one email service to another can be challenging, especially when different messaging platforms are involved. However, the process can be managed effectively by following well-defined procedures. This section attempts to define those procedures and identify when each IT support group is involved. The following is a basic overview of the migration process for a single mailbox. This process can be scaled out to support a few or hundreds mailboxes as part of a unit's email migration.Planning and information gathering – both TAMU Exchange administrators and unit-level IT staff gather as much information as possible about the customer’s environment, as well as the shared service environment. Unit-level IT staff gather information about their existing email installation and provide it to the TAMU Exchange team. Exchange administrators share information with unit-level IT staff about the migration process and ongoing support after migration. A migration timeline is identified, and any extenuating circumstances are discussed.Customer setup – TAMU Exchange administrators use the information gathered in the first stage to set up the infrastructure and objects necessary to support the customer in the shared services environment. This includes administrative groups, permissions and identities within the service. Once completed, the customer unit should be ready for onboarding at the time agreed upon in the first stage.Migration – this is when user mailbox data is migrated to the TAMU Exchange service, and user client devices are reconfigured to connect to the shared service.Post-migration cleanup – TAMU Exchange administrators work with unit-level IT staff to address any remaining migration issues, including missed items, DNS record updates, and developing a decommissioning plan for the deprecated messaging system.Ongoing support – this is when the customer is considered to be in “maintenance mode,” and on-going support for the service is provided by administrators and support personnel of the TAMU Exchange service.Planning & Information GatheringTo set up the business unit as a customer within the service, TAMU Exchange administrators need to collect the following information listed below in the priority order in which it is anization information –information about the overall organizationCommon name – what the department/unit is commonly known asAbbreviation – three- or four-letter code, if available – typically used with HR processesOrganizational hierarchy – how it fits within Texas A&M UniversityExisting email service – the system from which the customer is migratingMailbox count and approximate storage usageEmail policies and business requirements for these policiesEmail domain information – information about email domains in useDomain names to be migratedPrimary/From address format – current and going forwardAny special MX routing informationUser information – user metadata needed to pre-populate accounts in Active DirectoryNetID and/or UINUnit/department affiliationWhether setting up as a mailbox or a contactMailbox information – more detailed information about user mailboxesSMTP addresses, including the primary/from addressX400/X500 addresses, including the LegacyExchangeDN attributeDistribution list information - information about service-wide distribution listsDisplay nameTAMU role account, if applicableSMTP addresses, including the primary/from addressX400/X500 addresses, including the LegacyExchangeDN attributeDistribution list membershipShared/resource mailbox information – information about shared resourcesDisplay nameTAMU role account, if applicableFor room mailboxes, the room number and building abbreviationSMTP addresses, including the primary/from addressX400/X500 addresses, including the LegacyExchangeDN attributeProxy accessService account mailbox information – information about shared accounts with passwordsDisplay nameTAMU role account, if applicableSMTP addresses, including the primary/from addressX400/X500 addresses, including the LegacyExchangeDN attributeProxy accessHow the account is usedPublic folder information – for Microsoft Exchange installations, information about public folders that need to be migratedFolder nameFolder typeIf mail-enabled, SMTP addresses and X400/X500 addresses, including the LegacyExchangeDN attributeFolder permissionsWhen gathering the above information, understanding the relevance of the LegacyExchangeDN attribute within existing Exchange organizations is important. This attribute is used by Exchange for the delivery of all internal email within Exchange. The LegacyExchangeDN attribute is an X500 address that includes information in the string about the Exchange organization name, as it is known to Active Directory. If this object is included as an additional X500 address on the mailbox in the TAMU Exchange service, it will prevent messages from being rejected when someone attempts to reply to existing email or meeting requests that were imported from the previous Exchange system. Without this attribute, a significant number of migrated users will receive non-deliverable reports (NDRs) when they attempt to reply to email messages that would have, prior to the migration, been deliverable. We strongly encourage the inclusion of this address on the TAMU Exchange mailboxes and distribution lists.Customer SetupInformation gathered during the first stage is used to set up the following:Active DirectoryOrganizational unitsManagement groupsDelegated OU permissionsExchangeUsers accounts as MailUser objects within ExchangeDistribution groups, including membershipShared/resource/service mailboxes and proxy security groupsPublic foldersAddress lists in the global address bookRBAC-based scoped administration to departmental objectsManagement ApplicationBusiness unitsEmail domains associated with each business unitUnit-level administratorsWindows DFS file shareImport foldersAccess permissions to unit-level administrators defined in previous step.MigrationAt the designated cutover time, use the following migration procedures for each mailbox:Mailbox provisioning – create the user’s mailbox by using the provisioning/management app located at . The app uses CAS NetID authentication. You are prompted to choose a mailbox size and associate the mailbox with a unit-level management group. Once provisioned, you can edit the mailbox claim and add custom email addresses from email domains that have been associated with that particular business unit. See additional information in Section III – Administration.Mailbox forwarding (Will be handled by AIT) – once the TAMU Exchange mailbox has been created, configure the user’s existing mailbox to forward all mail to the following email address: netid@exchange.tamu.edu. The forwarding can be done using an internal contact object or, if Exchange 2010 and above, by configuring the ForwardingSMTPAddress property of the mailbox.Powershell: Set-Mailbox <Mailbox_ID> -ForwardingSMTPAddress <NetID>@exchange.tamu.eduMailbox export – once forwarding is in place, the existing mailbox can be exported to a PST file and uploaded to a unit-specific folder in the following UNC path: \\ads.tamu.edu\Infrastructure\Customers\Mailbox ImportsFor user mailboxes, the PST file should be named netid.pst, or it will be rejected. For shared/resource/service mailboxes, the PST file should be named with the mailbox alias assigned to the mailbox (e.g., mailbox_alias.pst). The upload folder is named “Uploading” and is located beneath the unit-specific folder in the UNC path referenced above. Example:\\ads.tamu.edu\Infrastructure\Customers\Mailbox Imports\Some_Department\UploadingMailbox import – once the PST file is uploaded to the drop-off folder, it is renamed to include a timestamp, moved to a folder named “Importing,” and then queued up for import automatically within five minutes. Upon completion/termination of the import job, the renamed PST file is moved to one of the following folders, depending on the results:Completed – the mailbox was imported successfullyFailed – the mailbox import failed. Common causes for a failed import include attempting to import a PST file that exceeds the mailbox quota configured in step 1 above; trying to import a PST file for a user that does not yet have a mailbox setup; and corruption or excessive errors within the PST file exported from the previous system.Skipped – the mailbox import was skipped and no attempt to import was made. Common causes for this scenario include improperly named PST files, including using an alias instead of the actual NetID; and attempting to import a mailbox that is not managed by the business unit associated with the import directory.Public folder export – If applicable, the public folder hierarchy should be exported to a PST file using Outlook and uploaded to a folder named “Manual” in the UNC path mentioned in step 3 above. Example:\\ads.tamu.edu\Infrastructure\Customers\Mailbox Imports\Some_Department\Manual.Any filename ending in .PST is acceptable. An email request should also be submitted to exchange-request@tamu.edu requesting the PST file to be imported, along with any special instructions.Public folder import – unlike mailboxes, the process of importing data for public folders is not automated. This is why a separate email request is necessary. The request instructs the TAMU Exchange administration team to locate the PST file and import it manually using Outlook. The upload folder simply serves as a repository for passing data to the TAMU Exchange administrators.Post-Migration CleanupOnce the migration is complete, there are a number of follow-up procedures that need to be done to finish up the process. Some of these steps are specific to each mailbox, while others are aimed at the organization’s overall email configuration. The mailbox-specific can be performed all at once after all mailboxes have been migrated, or they can be performed individually after each mailbox ID forwarding – change the mail forwarding setting on the user’s NetID account (under Email Settings) to use the following option: Sent to and stored in my Texas A&M Exchange mailbox. This step can be performed any time after the user’s TAMU Exchange mailbox has been created in step 1 of the previous section labeled “Mailbox provisioning.” A useful side effect of making this change is that it alters the user’s FROM: address in the TAMU Exchange system to be their primary_alias@tamu.edu instead of netid@exchange.tamu.edu.Mailbox de-provisioning (Will be handled by AIT) – once a user’s mailbox has been migrated, it is recommended, but not required, that the user’s mailbox on the previous mail system be deleted and/or converted to a contact that forwards to netid@exchange.tamu.edu. This prevents users still on the previous mail system from attempting to schedule meetings with that individual based on free/busy information that is no longer up to date.MX records – once all mailboxes have been migrated and all mail is ultimately flowing to the TAMU Exchange system, the MX records for the various email domains that have been migrated can be changed to point to exchange.tamu.edu as the lowest weight/highest priority record. We recommend a weight of 10, assuming that no other MX records exist with a lower weight. Be sure and leave the default record for smtp-relay.tamu.edu (weight 100) in place.Server decommissioning – the final step is to uninstall and decommission the servers running the customer’s previous mail system. We recommend waiting at least two or three days after changing the MX records in step 3 above before decommissioning the old servers. We also recommend turning them off for an additional period of time defined by the customer before completely uninstalling them.Ongoing SupportOnce the migration is complete, the customer unit enters into a standard support agreement with Texas A&M IT. This agreement provides ongoing support for the customer through various channels. Customer support is intended to be a partner effort between TAMU Exchange administrators, Help Desk Central, and the unit IT administrators. If the customer does not employ unit IT administrators, contract-based support is available through Information Technology Solutions and Support (ITSS). Contact ITSS at 979.847.ITSS (4877) or visit for more information.The following outlines what is expected of each support group:Unit IT administrators – this is where the bulk of customer-level support is expected to remain. The TAMU Exchange service does not employ enough staff to provide adequate support for individual customer issues that can arise. Unit IT admins are expected to remain as the first point of contact during the support process. Functions expected of unit IT admins include, but are not limited to, the following:Mailbox provisioning – the management app, which is explained in detail in the next section, is the unit IT admin’s portal into Exchange mailbox provisioning and de-provisioning. It also is used for managing custom/departmental email addresses and mailbox quotas. For the functions supported by the app, the expectation is that unit IT admins use the app to perform those functions, rather than submitting requests to Help Desk Central or the TAMU Exchange administration team.Exchange object management – many Exchange administration abilities have been delegated to unit IT admins. These abilities are scoped to the units these IT admins support. These administration features are typically related to the management of recipient objects in Exchange, such as mailboxes, distribution lists and public folders. These management features are covered in detail in Section III. For the administration abilities that have been delegated to unit IT admins, the expectation is that they perform these wherever possible and only involve TAMU Exchange administrators when problems or special circumstances arise.Client support – unit IT admins are expected to provide Tier one support for all client devices and applications, including Outlook (Mac and Windows), ActiveSync mobile devices and POP/IMAP clients. While Help Desk Central does maintain standard client configuration documentation, they are not always familiar with particular customer configurations and local IT policies. Unit IT admins are expected to be the first-responders for client connectivity and configuration issues. If these issues cannot be resolved through sound troubleshooting practices, unit IT admins should submit incidents and requests by email to exchange-request@tamu.edu. Please include the following information in all requests involving end-user issues: user’s NetID, user’s employing department/unit, a statement of the problem experienced, a list of troubleshooting steps already taken by unit IT staff, and screen shots of any errors presented.Help Desk Central – Texas A&M IT’s Help Desk Central is a general-purpose IT help desk providing IT support to the students, faculty, and staff of Texas A&M University. HDC generally does not turn down anyone for support. However, they are not necessarily the best resource in some cases, because they have neither the background information nor the appropriate access level to fix many issues. Functions expected of the HDC include, but are not limited to, the following:Client support – HDC works with customers to walk through common client configuration and connectivity issues.Software support – HDC provides general help and support on usage of many mainstream software packages, including client software used to connect to the TAMU Exchange service.Problem/incident escalation – HDC is often the first support group to notice emerging trends in IT problems, including those with the TAMU Exchange service. HDC staff are trained to recognize problems, open incidents and assign them to TAMU Exchange administrators.Service requests – HDC is trained and equipped to fulfill some service requests for the TAMU Exchange service. However, HDC should not be the first line of support for these requests. Generally speaking, service requests should go through unit IT admins, who have been given the tools to perform most of those requests without involving HDC nor TAMU Exchange administrators.TAMU Exchange Administrators – the TAMU Exchange admin team is responsible for managing, supporting and improving the TAMU Exchange service. TAMU Exchange administrators should not be the first line of support for common client configuration and connectivity issues, software usage questions or service requests that can be addressed by unit IT admins. Functions expected of the TAMU Exchange administration team include, but are not limited to, the following:Service maintenance – TAMU Exchange administrators are responsible for all maintenance and upgrades to the hardware and software supporting the service.Management tool support – TAMU Exchange administrators are responsible for upgrades and improvements to management tools and processes.Problem/incident escalation – for problems that cannot be resolved by unit IT admins, TAMU Exchange administrators work directly with unit IT admins to resolve service-level problems. TAMU Exchange administrators also provide Tier 2 support for client configuration and connectivity issues when unit IT admins are unable to resolve them.Training – TAMU Exchange administrators also serve as a training resource for unit IT admins and HDC. As a support resource, the primary goal for TAMU Exchange administrators is to train and empower unit IT admins and HDC to provide high-quality support to the end user.Section III – AdministrationAdministration OverviewManaging and administering a complex IT system as a shared service often presents unique challenges. The goal for IT organizations is to provide quality and reliable service in a cost-effective manner. Providing Microsoft Exchange as a centralized and shared service allows unit-level IT staff to focus on supporting the services and applications that are more specific to their lines of business. It also allows Texas A&M University to operate more efficiently by reducing the duplication of work and resources that are common with managing messaging and collaboration infrastructures at multiple levels. But this efficiency can come at the expense of customer service if not correctly engineered and executed. When it comes to the support and administration of the TAMU Exchange service, the goal should not be to centralize every single administrative function. Such a move would only further remove the end user from the unit administrators and introduce unacceptable lag time into the process. Furthermore, it would necessarily require a major reallocation of IT resources (human and equipment) from the unit level to the shared service level.Instead, Texas A&M IT has opted for a shared administration model that keeps many, if not most, of the administrative functions at the business unit level, as it relates to the TAMU Exchange service. These administrative functions are available through two primary tools – the Exchange Management Application, and the Exchange Administration Center (EAC). This section covers the administrative features available through these two applications.Exchange Management AppThe Exchange Management App is a web-based application hosted on services.tamu.edu that was written in-house to address some of the challenges of providing a shared email service. While Microsoft Exchange includes an exhaustive set of administrative features in its GUI and command-line consoles, it does not tie in directly with the identity management solution used by Texas A&M, particularly the NetID identity object. The Exchange Management App was written to bridge the gap between Exchange administration and a user’s identity as a Texas A&M employee or student. The Exchange Management App is meant to be used by unit-level IT staff to perform the following day-to-day functions related to the TAMU Exchange service:Mailbox provisioning – the app allows unit IT admins to place a mailbox claim on a NetID. This does the following:Mailbox creation/unlocking/transfer – if the user does not have a mailbox on the TAMU Exchange service, it will provision a mailbox for them and associate that mailbox with the business unit for management and billing purposes. It also configures the mailbox with information from the user’s NetID identity, such as first and last name, display name, department, phone number, title and other attributes. If the user has an unmanaged mailbox that is not under the management authority of another business unit, it restores access by the user to the mailbox and brings it under the management authority of the new business unit. Lastly, if the user has a mailbox that is already under the management authority of another business unit, it requests a transfer of that mailbox to the new business unit for both management and billing purposes.Mailbox management – when a mailbox is associated with a business unit, the IT staff assigned to support that business unit become administrators over that individual’s Exchange mailbox. This allows them to perform delegated administration of the mailbox.Mailbox quota management – the app allows unit IT admins to control the maximum size of the mailbox. This is particularly important when provisioning a mailbox that is larger than the level paid by central funds. In that situation, the business unit associated with the mailbox is responsible for the additional storage costs incurred.Departmental email address management – this feature of the app allows unit IT admins to manage custom, or “boutique” addresses are assigned to the mailbox. IT admins also can designate one of these addresses as the primary/from address used in outgoing mail from the user’s mailbox.Mailbox de-provisioning – similar to provisioning, the app allows unit IT admins to release a claim on a NetID mailbox. This does the following:Mailbox locking – when a mailbox claim is removed, the user’s permissions to access the mailbox are removed, effectively “locking” the mailbox from access. The mailbox continues to accept mail, but the user can no longer access it.Mailbox forwarding – in addition to locking the mailbox, the de-provisioning process configures the mailbox to forward all new incoming mail to the following address: netid@tamu.edu. This effectively allows the user to continue receiving email sent to that mailbox, but at a destination address that they can control through the NetID management application at deletion – if, after 30 days, the user has not regained employment with another customer on the TAMU Exchange service, the mailbox is converted to a contact that also forwards to netid@tamu.edu. This allows other users of the TAMU Exchange service to continue sending email to the former employee and have it forward to them by way of the NetID forwarding process. The contact remains until the user’s NetID expires and is deleted through the normal identity management lifecycle process.Admin delegation – the app also allows unit IT admins to add and remove other IT admins responsible for providing support for a given business unit. This allows the unit IT admins to manage staff turnover and changing job duties within their own IT team without having to consult or involve TAMU Exchange administrators.Exchange Admin CenterThe Exchange Admin Center (EAC) is Microsoft’s native GUI-based administration tool for Microsoft Exchange. It allows administration of Exchange at various levels. The EAC allows very fine-grained delegation of Exchange administration features to designated unit IT admins. Through role-based access control, TAMU Exchange administrators can delegate specific admin functions to unit IT staff and scope those permissions so that unit IT admins can only perform those administrative functions against the mailboxes that are associated with business units that they support.Exchange admin functions within the EAC are tied very closely to the admin controls in the custom-written Exchange Management App. IT staff members designated as unit admins within the Exchange Management App also become delegated admins within the EAC. As such, access to the EAC is controlled through the Exchange Management App.The EAC is accessed through a web browser at the following URL: . It is recommended that Internet Explorer be used for the web browser, as a handful of features do not seem to work properly in some other browsers. The following are the administrative functions available through the EAC to unit IT admins. For each, the location of the administrative function is given, along with attributes that can be modified as delegated admins.Distribution groups – Manage My Organization | Users & Groups | Distribution GroupsDisplay name – what the group is called in the Address BookGroup membership – can contain mailboxes, contacts and other distribution groupsDelivery restrictions – who can send to the groupMailTips – warning text that appears when the group is added to an address fieldOwners – other individuals that can modify the group’s membershipModeration settings – settings that control whether and how messages sent to the list must be approved first by a moderatorUser mailboxes - Manage My Organization | Users & Groups | MailboxesMailTipsManagerLitigation holdUser mailboxes – Manage Another UserInbox rulesAuto-replies and out-of-office configurationDelivery reportsDistribution group membershipEmail signatureMessage format and stylingMessage optionsRead receiptsConversation settingsCalendar settingsSent items configurationActiveSync device managementJunk mail configurationShared/resource/service mailboxes – Manage Another UserAll settings for user mailboxesDisplay nameResource scheduling configurationAdditional InformationIn addition to the information contained in this document, the TAMU Exchange administration team is available to answer other questions you may have about the service, migration process or administration features. If you wish to set up a consultation or schedule an email migration for a department, please send an email to exchange-request@tamu.edu with the details of your request. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download