No different than what I wrote before – just install a CAS instead of a multi-role server. ☺
Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Harry Singh [mailto:hbo...@gmail.com] Sent: Wednesday, November 09, 2011 5:22 PM To: MS-Exchange Admin Issues Subject: Re: Ex2003 to 2010 Transition +1 on Michael's article, it certainly helped me through our transition earlier in the year. I now wonder if Michael has an article on installing the first CAS into the same AD site and Exch Org. :) (eventually want to build a CAS array but want to stand up a single CAS first) Not having started this project yet, I'm sure, like most things MS, technet is my friend. On Wednesday, November 9, 2011, Kurt Buff <kurt.b...@gmail.com<mailto:kurt.b...@gmail.com>> wrote: > Ah. It will be interesting to see what that will do. We've been > dithering between installing the current SCCM and waiting for 2012. > Not sure how we're going to land just yet. > > Kurt > > On Wed, Nov 9, 2011 at 12:59, Michael B. Smith > <mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote: >> The MDM solution is System Center Configuration Manager 2012. It's currently >> available in public beta. >> >> The _management_ piece comes from ActiveSync. I've only played with it using >> a 3rd party public cert. I don't know how it handles in-house CAs. AFAIK, >> Autodiscover doesn't have a mechanism for distributing certificates for >> ActiveSync, but that's not really my area of expertise. >> >> Regards, >> >> Michael B. Smith >> Consultant and Exchange MVP >> http://TheEssentialExchange.com >> >> >> -----Original Message----- >> From: Kurt Buff [mailto:kurt.b...@gmail.com<mailto:kurt.b...@gmail.com>] >> Sent: Wednesday, November 09, 2011 3:53 PM >> To: MS-Exchange Admin Issues >> Subject: Re: Ex2003 to 2010 Transition >> >> Yes, that follows. I think that's something we're going to have to >> evaluate later - it's certainly something to ponder. I expect that >> distributing the cert chain, even to the 50-75 iOS/Android units I >> expect will be active about then will not be a trivial task. OTOH, I >> hear that MSFT is prepping an MDM solution, which might alleviate >> those concerns. >> >> Kurt >> >> On Wed, Nov 9, 2011 at 11:44, Michael B. Smith >> <mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote: >>> The real question is whether you are going to use your internal CA for >>> Exchange and ActiveSync or not. >>> >>> If you are, then the root certificate and the chain to the root will need >>> to be loaded on all those devices (and any computers running Outlook that >>> are not part of the domain - I presume that you are/will be publishing >>> certificates to AD so that domain-joined devices can find the root). >>> >>> Regards, >>> >>> Michael B. Smith >>> Consultant and Exchange MVP >>> http://TheEssentialExchange.com >>> >>> >>> -----Original Message----- >>> From: Kurt Buff [mailto:kurt.b...@gmail.com<mailto:kurt.b...@gmail.com>] >>> Sent: Wednesday, November 09, 2011 2:34 PM >>> To: MS-Exchange Admin Issues >>> Subject: Re: Ex2003 to 2010 Transition >>> >>> I am (very slowly, amid other projects) standing up 2008R2 ADCS - >>> two-tier, with an offline root. I expect that around the middle of >>> next calendar year we'll be migrating from Exchange 2003 to 2010. We >>> are getting a lot of folks in with iPhones, and a few with Androids. >>> Any thoughts on how this will affect ActiveSync for those users? >>> >>> Kurt >>> >>> On Wed, Nov 9, 2011 at 11:06, Michael B. Smith >>> <mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote: >>>> You have touched on what, for some, is the most confusing aspect of a >>>> migration. >>>> >>>> >>>> >>>> If you are going to be in coexistence mode, you will need at least one >>>> additional certificate – the legacy certificate. This is used to securely >>>> redirect users on the new server to the old server when necessary. >>>> >>>> >>>> >>>> You MAY require a second name – the autodiscover name. You will require it >>>> if some of your computers are not domain joined. AND if you don’t have it, >>>> you’ll need to create a SRV record >>>> >>>> >>>> >>>> I RECOMMEND you get a new UCC certificate that has 3 names: mail, >>>> autodiscover, legacy – available for about USD $60 per year from >>>> certificatesforexchange.com<http://certificatesforexchange.com>. It really >>>> makes configuring things much easier. >>>> >>>> >>>> >>>> I wrote a mini-sidebar-article for EMO early last year that covers this: >>>> >>>> >>>> >>>> You’ve decided to upgrade from Exchange 2003 to Exchange 2007/2010 and you >>>> don’t want to replace your existing SSL certificate. What can you do? >>>> >>>> >>>> >>>> First, be aware that the so-called --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist