Texas A&M University
EXCHANGE MIGRATION & ADMINISTRATION GUIDE
TEXAS A&M INFORMATION TECHNOLOGY | INFRASTRUCTURE & OPERATIONS
Table of Contents
Section I - Service Information ...................................................................................................................... 2
Introduction .............................................................................................................................................. 2
Service Architecture .................................................................................................................................. 2
Shared Administrative Model ................................................................................................................... 2
Support Resources .................................................................................................................................... 2
Section II – Migration Procedures................................................................................................................. 3
Migration Overview .................................................................................................................................. 3
Planning & Information Gathering............................................................................................................ 3
Customer Setup ........................................................................................................................................ 5
Migration .................................................................................................................................................. 6
Post-Migration Cleanup ............................................................................................................................ 7
Ongoing Support ....................................................................................................................................... 8
Section III – Administration......................................................................................................................... 10
Administration Overview ........................................................................................................................ 10
Exchange Management App ................................................................................................................... 10
Exchange Admin Center .......................................................................................................................... 11
Additional Information................................................................................................................................ 13
1
Section I - Service Information
Introduction
The Texas A&M Exchange Email service (TAMU Exchange) is a centrally funded shared service paid for by
the Offices of the President and Provost at Texas A&M University. It is intended for use by faculty, staff,
student workers and paid graduate assistants. The service, which consists of Microsoft Exchange and
the Lync instant messaging service, is run by Texas A&M Information Technology. Official information
about the service can be found at http://cis.tamu.edu/Services/Email/Exchange_Email.php. Information
about the email consolidation project can be found at http://cio.tamu.edu/initiatives/currentprojects/Exchange_Email_Consolidation.php.
Service Architecture
The TAMU Exchange service is hosted on equipment in the Main and West Campus data centers on the
primary campus of Texas A&M University in College Station, TX. The service is set up in a highly
available, active/active configuration to maximize utilization and efficiency. Individual components of
the service are hosted on both physical and virtual hardware.
Shared Administrative Model
One of the goals in providing a shared service is to consolidate and more effectively utilize resources,
both in equipment and personnel. The shared services model provides funding for installation,
maintenance, upgrades, service improvement and support of the service. Shared services do not
provide adequate funding to completely centralize and replace all levels of support required to provide
an enterprise messaging service. Instead, the shared services model relies on cooperation and
collaboration between TAMU Exchange administrative staff and IT support personnel at the business
unit level. As such, the service was designed from the outset to support federated administration, with
some administrative functions reserved for the TAMU Exchange administrative group and other
functions delegated to the units IT administrators.
Support Resources
For information about the email consolidation project or to get on the migration calendar, please email
email-transition@tamu.edu. For general support issues that cannot be resolved by unit-level IT staff,
please email exchange-request@tamu.edu or contact Help Desk Central at 979.845.8300 or
helpdesk@tamu.edu.
2
Section II – Migration Procedures
Migration Overview
The process of migrating from one email service to another can be challenging, especially when different
messaging platforms are involved. However, the process can be managed effectively by following welldefined procedures. This section attempts to define those procedures and identify when each IT
support group is involved. The following is a basic overview of the migration process for a single
mailbox. This process can be scaled out to support a few or hundreds mailboxes as part of a unit's email
migration.
1. Planning and information gathering – both TAMU Exchange administrators and unit-level IT
staff gather as much information as possible about the customer’s environment, as well as the
shared service environment. Unit-level IT staff gather information about their existing email
installation and provide it to the TAMU Exchange team. Exchange administrators share
information with unit-level IT staff about the migration process and ongoing support after
migration. A migration timeline is identified, and any extenuating circumstances are discussed.
2. Customer setup – TAMU Exchange administrators use the information gathered in the first
stage to set up the infrastructure and objects necessary to support the customer in the shared
services environment. This includes administrative groups, permissions and identities within the
service. Once completed, the customer unit should be ready for onboarding at the time agreed
upon in the first stage.
3. Migration – this is when user mailbox data is migrated to the TAMU Exchange service, and user
client devices are reconfigured to connect to the shared service.
4. Post-migration cleanup – TAMU Exchange administrators work with unit-level IT staff to address
any remaining migration issues, including missed items, DNS record updates, and developing a
decommissioning plan for the deprecated messaging system.
5. Ongoing support – this is when the customer is considered to be in “maintenance mode,” and
on-going support for the service is provided by administrators and support personnel of the
TAMU Exchange service.
Planning & Information Gathering
To set up the business unit as a customer within the service, TAMU Exchange administrators need to
collect the following information listed below in the priority order in which it is needed.
1. Organization information –information about the overall organization
 Common name – what the department/unit is commonly known as
 Abbreviation – three- or four-letter code, if available – typically used with HR processes
 Organizational hierarchy – how it fits within Texas A&M University
 Existing email service – the system from which the customer is migrating
3


Mailbox count and approximate storage usage
Email policies and business requirements for these policies
2. Email domain information – information about email domains in use
 Domain names to be migrated
 Primary/From address format – current and going forward
 Any special MX routing information
3. User information – user metadata needed to pre-populate accounts in Active Directory
 NetID and/or UIN
 Unit/department affiliation
 Whether setting up as a mailbox or a contact
4. Mailbox information – more detailed information about user mailboxes
 SMTP addresses, including the primary/from address
 X400/X500 addresses, including the LegacyExchangeDN attribute
5. Distribution list information - information about service-wide distribution lists
 Display name
 TAMU role account, if applicable
 SMTP addresses, including the primary/from address
 X400/X500 addresses, including the LegacyExchangeDN attribute
 Distribution list membership
6. Shared/resource mailbox information – information about shared resources
 Display name
 TAMU role account, if applicable
 For room mailboxes, the room number and building abbreviation
 SMTP addresses, including the primary/from address
 X400/X500 addresses, including the LegacyExchangeDN attribute
 Proxy access
7. Service account mailbox information – information about shared accounts with passwords
 Display name
 TAMU role account, if applicable
 SMTP addresses, including the primary/from address
 X400/X500 addresses, including the LegacyExchangeDN attribute
 Proxy access
 How the account is used
8. Public folder information – for Microsoft Exchange installations, information about public
folders that need to be migrated
 Folder name
4



Folder type
If mail-enabled, SMTP addresses and X400/X500 addresses, including the
LegacyExchangeDN attribute
Folder permissions
When gathering the above information, understanding the relevance of the LegacyExchangeDN
attribute within existing Exchange organizations is important. This attribute is used by Exchange for the
delivery of all internal email within Exchange. The LegacyExchangeDN attribute is an X500 address that
includes information in the string about the Exchange organization name, as it is known to Active
Directory. If this object is included as an additional X500 address on the mailbox in the TAMU Exchange
service, it will prevent messages from being rejected when someone attempts to reply to existing email
or meeting requests that were imported from the previous Exchange system. Without this attribute, a
significant number of migrated users will receive non-deliverable reports (NDRs) when they attempt to
reply to email messages that would have, prior to the migration, been deliverable. We strongly
encourage the inclusion of this address on the TAMU Exchange mailboxes and distribution lists.
Customer Setup
Information gathered during the first stage is used to set up the following:
1. Active Directory
 Organizational units
 Management groups
 Delegated OU permissions
2. Exchange
 Users accounts as MailUser objects within Exchange
 Distribution groups, including membership
 Shared/resource/service mailboxes and proxy security groups
 Public folders
 Address lists in the global address book
 RBAC-based scoped administration to departmental objects
3. Management Application
 Business units
 Email domains associated with each business unit
 Unit-level administrators
4. Windows DFS file share
 Import folders
 Access permissions to unit-level administrators defined in previous step.
5
Migration
At the designated cutover time, use the following migration procedures for each mailbox:
1. Mailbox provisioning – create the user’s mailbox by using the provisioning/management app
located at https://services.tamu.edu/exchange. The app uses CAS NetID authentication. You
are prompted to choose a mailbox size and associate the mailbox with a unit-level management
group. Once provisioned, you can edit the mailbox claim and add custom email addresses from
email domains that have been associated with that particular business unit. See additional
information in Section III – Administration.
2. Mailbox forwarding (Will be handled by AIT) – once the TAMU Exchange mailbox has been
created, configure the user’s existing mailbox to forward all mail to the following email address:
netid@exchange.tamu.edu. The forwarding can be done using an internal contact object or, if
Exchange 2010 and above, by configuring the ForwardingSMTPAddress property of the mailbox.
Powershell: Set-Mailbox <Mailbox_ID> -ForwardingSMTPAddress <NetID>@exchange.tamu.edu
3. Mailbox export – once forwarding is in place, the existing mailbox can be exported to a PST file
and uploaded to a unit-specific folder in the following UNC path:
\\ads.tamu.edu\Infrastructure\Customers\Mailbox Imports
For user mailboxes, the PST file should be named netid.pst, or it will be rejected. For
shared/resource/service mailboxes, the PST file should be named with the mailbox alias
assigned to the mailbox (e.g., mailbox_alias.pst). The upload folder is named “Uploading” and is
located beneath the unit-specific folder in the UNC path referenced above. Example:
\\ads.tamu.edu\Infrastructure\Customers\Mailbox Imports\Some_Department\Uploading
4. Mailbox import – once the PST file is uploaded to the drop-off folder, it is renamed to include a
timestamp, moved to a folder named “Importing,” and then queued up for import automatically
within five minutes. Upon completion/termination of the import job, the renamed PST file is
moved to one of the following folders, depending on the results:
 Completed – the mailbox was imported successfully
 Failed – the mailbox import failed. Common causes for a failed import include
attempting to import a PST file that exceeds the mailbox quota configured in step 1
above; trying to import a PST file for a user that does not yet have a mailbox setup; and
corruption or excessive errors within the PST file exported from the previous system.
 Skipped – the mailbox import was skipped and no attempt to import was made.
Common causes for this scenario include improperly named PST files, including using an
alias instead of the actual NetID; and attempting to import a mailbox that is not
managed by the business unit associated with the import directory.
6
5. Public folder export – If applicable, the public folder hierarchy should be exported to a PST file
using Outlook and uploaded to a folder named “Manual” in the UNC path mentioned in step 3
above. Example:
\\ads.tamu.edu\Infrastructure\Customers\Mailbox Imports\Some_Department\Manual.
Any filename ending in .PST is acceptable. An email request should also be submitted to
exchange-request@tamu.edu requesting the PST file to be imported, along with any special
instructions.
6. Public folder import – unlike mailboxes, the process of importing data for public folders is not
automated. This is why a separate email request is necessary. The request instructs the TAMU
Exchange administration team to locate the PST file and import it manually using Outlook. The
upload folder simply serves as a repository for passing data to the TAMU Exchange
administrators.
Post-Migration Cleanup
Once the migration is complete, there are a number of follow-up procedures that need to be done to
finish up the process. Some of these steps are specific to each mailbox, while others are aimed at the
organization’s overall email configuration. The mailbox-specific can be performed all at once after all
mailboxes have been migrated, or they can be performed individually after each mailbox migration.
1. NetID forwarding – change the mail forwarding setting on the user’s NetID account (under
Email Settings) to use the following option: Sent to and stored in my Texas A&M Exchange
mailbox. This step can be performed any time after the user’s TAMU Exchange mailbox has
been created in step 1 of the previous section labeled “Mailbox provisioning.” A useful side
effect of making this change is that it alters the user’s FROM: address in the TAMU Exchange
system to be their primary_alias@tamu.edu instead of netid@exchange.tamu.edu.
2. Mailbox de-provisioning (Will be handled by AIT) – once a user’s mailbox has been migrated, it
is recommended, but not required, that the user’s mailbox on the previous mail system be
deleted and/or converted to a contact that forwards to netid@exchange.tamu.edu. This
prevents users still on the previous mail system from attempting to schedule meetings with that
individual based on free/busy information that is no longer up to date.
3. MX records – once all mailboxes have been migrated and all mail is ultimately flowing to the
TAMU Exchange system, the MX records for the various email domains that have been migrated
can be changed to point to exchange.tamu.edu as the lowest weight/highest priority record.
We recommend a weight of 10, assuming that no other MX records exist with a lower weight.
Be sure and leave the default record for smtp-relay.tamu.edu (weight 100) in place.
4. Server decommissioning – the final step is to uninstall and decommission the servers running
the customer’s previous mail system. We recommend waiting at least two or three days after
changing the MX records in step 3 above before decommissioning the old servers. We also
7
recommend turning them off for an additional period of time defined by the customer before
completely uninstalling them.
Ongoing Support
Once the migration is complete, the customer unit enters into a standard support agreement with Texas
A&M IT. This agreement provides ongoing support for the customer through various channels.
Customer support is intended to be a partner effort between TAMU Exchange administrators, Help Desk
Central, and the unit IT administrators. If the customer does not employ unit IT administrators,
contract-based support is available through Information Technology Solutions and Support (ITSS).
Contact ITSS at 979.847.ITSS (4877) or visit http://itss.tamu.edu/ for more information.
The following outlines what is expected of each support group:
1. Unit IT administrators – this is where the bulk of customer-level support is expected to remain.
The TAMU Exchange service does not employ enough staff to provide adequate support for
individual customer issues that can arise. Unit IT admins are expected to remain as the first
point of contact during the support process. Functions expected of unit IT admins include, but
are not limited to, the following:
 Mailbox provisioning – the management app, which is explained in detail in the next
section, is the unit IT admin’s portal into Exchange mailbox provisioning and deprovisioning. It also is used for managing custom/departmental email addresses and
mailbox quotas. For the functions supported by the app, the expectation is that unit IT
admins use the app to perform those functions, rather than submitting requests to Help
Desk Central or the TAMU Exchange administration team.
 Exchange object management – many Exchange administration abilities have been
delegated to unit IT admins. These abilities are scoped to the units these IT admins
support. These administration features are typically related to the management of
recipient objects in Exchange, such as mailboxes, distribution lists and public folders.
These management features are covered in detail in Section III. For the administration
abilities that have been delegated to unit IT admins, the expectation is that they
perform these wherever possible and only involve TAMU Exchange administrators when
problems or special circumstances arise.
 Client support – unit IT admins are expected to provide Tier one support for all client
devices and applications, including Outlook (Mac and Windows), ActiveSync mobile
devices and POP/IMAP clients. While Help Desk Central does maintain standard client
configuration documentation, they are not always familiar with particular customer
configurations and local IT policies. Unit IT admins are expected to be the firstresponders for client connectivity and configuration issues. If these issues cannot be
resolved through sound troubleshooting practices, unit IT admins should submit
incidents and requests by email to exchange-request@tamu.edu. Please include the
following information in all requests involving end-user issues: user’s NetID, user’s
employing department/unit, a statement of the problem experienced, a list of
troubleshooting steps already taken by unit IT staff, and screen shots of any errors
presented.
8
2. Help Desk Central – Texas A&M IT’s Help Desk Central is a general-purpose IT help desk
providing IT support to the students, faculty, and staff of Texas A&M University. HDC generally
does not turn down anyone for support. However, they are not necessarily the best resource in
some cases, because they have neither the background information nor the appropriate access
level to fix many issues. Functions expected of the HDC include, but are not limited to, the
following:
 Client support – HDC works with customers to walk through common client
configuration and connectivity issues.
 Software support – HDC provides general help and support on usage of many
mainstream software packages, including client software used to connect to the TAMU
Exchange service.
 Problem/incident escalation – HDC is often the first support group to notice emerging
trends in IT problems, including those with the TAMU Exchange service. HDC staff are
trained to recognize problems, open incidents and assign them to TAMU Exchange
administrators.
 Service requests – HDC is trained and equipped to fulfill some service requests for the
TAMU Exchange service. However, HDC should not be the first line of support for these
requests. Generally speaking, service requests should go through unit IT admins, who
have been given the tools to perform most of those requests without involving HDC nor
TAMU Exchange administrators.
3. TAMU Exchange Administrators – the TAMU Exchange admin team is responsible for managing,
supporting and improving the TAMU Exchange service. TAMU Exchange administrators should
not be the first line of support for common client configuration and connectivity issues, software
usage questions or service requests that can be addressed by unit IT admins. Functions
expected of the TAMU Exchange administration team include, but are not limited to, the
following:
 Service maintenance – TAMU Exchange administrators are responsible for all
maintenance and upgrades to the hardware and software supporting the service.
 Management tool support – TAMU Exchange administrators are responsible for
upgrades and improvements to management tools and processes.
 Problem/incident escalation – for problems that cannot be resolved by unit IT admins,
TAMU Exchange administrators work directly with unit IT admins to resolve service-level
problems. TAMU Exchange administrators also provide Tier 2 support for client
configuration and connectivity issues when unit IT admins are unable to resolve them.
 Training – TAMU Exchange administrators also serve as a training resource for unit IT
admins and HDC. As a support resource, the primary goal for TAMU Exchange
administrators is to train and empower unit IT admins and HDC to provide high-quality
support to the end user.
9
Section III – Administration
Administration Overview
Managing and administering a complex IT system as a shared service often presents unique challenges.
The goal for IT organizations is to provide quality and reliable service in a cost-effective manner.
Providing Microsoft Exchange as a centralized and shared service allows unit-level IT staff to focus on
supporting the services and applications that are more specific to their lines of business. It also allows
Texas A&M University to operate more efficiently by reducing the duplication of work and resources
that are common with managing messaging and collaboration infrastructures at multiple levels. But this
efficiency can come at the expense of customer service if not correctly engineered and executed. When
it comes to the support and administration of the TAMU Exchange service, the goal should not be to
centralize every single administrative function. Such a move would only further remove the end user
from the unit administrators and introduce unacceptable lag time into the process. Furthermore, it
would necessarily require a major reallocation of IT resources (human and equipment) from the unit
level to the shared service level.
Instead, Texas A&M IT has opted for a shared administration model that keeps many, if not most, of the
administrative functions at the business unit level, as it relates to the TAMU Exchange service. These
administrative functions are available through two primary tools – the Exchange Management
Application, and the Exchange Administration Center (EAC). This section covers the administrative
features available through these two applications.
Exchange Management App
The Exchange Management App is a web-based application hosted on services.tamu.edu that was
written in-house to address some of the challenges of providing a shared email service. While Microsoft
Exchange includes an exhaustive set of administrative features in its GUI and command-line consoles, it
does not tie in directly with the identity management solution used by Texas A&M, particularly the
NetID identity object. The Exchange Management App was written to bridge the gap between Exchange
administration and a user’s identity as a Texas A&M employee or student. The Exchange Management
App is meant to be used by unit-level IT staff to perform the following day-to-day functions related to
the TAMU Exchange service:
1. Mailbox provisioning – the app allows unit IT admins to place a mailbox claim on a NetID. This
does the following:
 Mailbox creation/unlocking/transfer – if the user does not have a mailbox on the
TAMU Exchange service, it will provision a mailbox for them and associate that mailbox
with the business unit for management and billing purposes. It also configures the
mailbox with information from the user’s NetID identity, such as first and last name,
display name, department, phone number, title and other attributes. If the user has an
unmanaged mailbox that is not under the management authority of another business
unit, it restores access by the user to the mailbox and brings it under the management
authority of the new business unit. Lastly, if the user has a mailbox that is already under
the management authority of another business unit, it requests a transfer of that
mailbox to the new business unit for both management and billing purposes.
10



Mailbox management – when a mailbox is associated with a business unit, the IT staff
assigned to support that business unit become administrators over that individual’s
Exchange mailbox. This allows them to perform delegated administration of the
mailbox.
Mailbox quota management – the app allows unit IT admins to control the maximum
size of the mailbox. This is particularly important when provisioning a mailbox that is
larger than the level paid by central funds. In that situation, the business unit associated
with the mailbox is responsible for the additional storage costs incurred.
Departmental email address management – this feature of the app allows unit IT
admins to manage custom, or “boutique” addresses are assigned to the mailbox. IT
admins also can designate one of these addresses as the primary/from address used in
outgoing mail from the user’s mailbox.
2. Mailbox de-provisioning – similar to provisioning, the app allows unit IT admins to release a
claim on a NetID mailbox. This does the following:
 Mailbox locking – when a mailbox claim is removed, the user’s permissions to access
the mailbox are removed, effectively “locking” the mailbox from access. The mailbox
continues to accept mail, but the user can no longer access it.
 Mailbox forwarding – in addition to locking the mailbox, the de-provisioning process
configures the mailbox to forward all new incoming mail to the following address:
netid@tamu.edu. This effectively allows the user to continue receiving email sent to
that mailbox, but at a destination address that they can control through the NetID
management application at http://gateway.tamu.edu/.
 Mailbox deletion – if, after 30 days, the user has not regained employment with
another customer on the TAMU Exchange service, the mailbox is converted to a contact
that also forwards to netid@tamu.edu. This allows other users of the TAMU Exchange
service to continue sending email to the former employee and have it forward to them
by way of the NetID forwarding process. The contact remains until the user’s NetID
expires and is deleted through the normal identity management lifecycle process.
3. Admin delegation – the app also allows unit IT admins to add and remove other IT admins
responsible for providing support for a given business unit. This allows the unit IT admins to
manage staff turnover and changing job duties within their own IT team without having to
consult or involve TAMU Exchange administrators.
Exchange Admin Center
The Exchange Admin Center (EAC) is Microsoft’s native GUI-based administration tool for Microsoft
Exchange. It allows administration of Exchange at various levels. The EAC allows very fine-grained
delegation of Exchange administration features to designated unit IT admins. Through role-based access
control, TAMU Exchange administrators can delegate specific admin functions to unit IT staff and scope
those permissions so that unit IT admins can only perform those administrative functions against the
mailboxes that are associated with business units that they support.
11
Exchange admin functions within the EAC are tied very closely to the admin controls in the customwritten Exchange Management App. IT staff members designated as unit admins within the Exchange
Management App also become delegated admins within the EAC. As such, access to the EAC is
controlled through the Exchange Management App.
The EAC is accessed through a web browser at the following URL: https://exchange.tamu.edu/ecp. It is
recommended that Internet Explorer be used for the web browser, as a handful of features do not seem
to work properly in some other browsers. The following are the administrative functions available
through the EAC to unit IT admins. For each, the location of the administrative function is given, along
with attributes that can be modified as delegated admins.
1. Distribution groups – Manage My Organization | Users & Groups | Distribution Groups
 Display name – what the group is called in the Address Book
 Group membership – can contain mailboxes, contacts and other distribution groups
 Delivery restrictions – who can send to the group
 MailTips – warning text that appears when the group is added to an address field
 Owners – other individuals that can modify the group’s membership
 Moderation settings – settings that control whether and how messages sent to the list
must be approved first by a moderator
2. User mailboxes - Manage My Organization | Users & Groups | Mailboxes
 MailTips
 Manager
 Litigation hold
3. User mailboxes – Manage Another User
 Inbox rules
 Auto-replies and out-of-office configuration
 Delivery reports
 Distribution group membership
 Email signature
 Message format and styling
 Message options
 Read receipts
 Conversation settings
 Calendar settings
 Sent items configuration
 ActiveSync device management
 Junk mail configuration
4. Shared/resource/service mailboxes – Manage Another User
 All settings for user mailboxes
 Display name
 Resource scheduling configuration
12
Additional Information
In addition to the information contained in this document, the TAMU Exchange administration team is
available to answer other questions you may have about the service, migration process or
administration features. If you wish to set up a consultation or schedule an email migration for a
department, please send an email to exchange-request@tamu.edu with the details of your request.
13