Last modified 7 months ago Last modified on 10/28/11 08:06:27

Microsoft Exchange migration to Linux with Zentyal and Zarafa Groupware

This documentation will describe the process of migrating users from an existing Microsoft Exchange server to a Linux server running Zentyal and Zarafa Groupware.

One of the highlights of this procedure is that migration is done seamlessly and both systems coexist as users are being migrated from the old Microsoft system to the new Zentyal system. Both will work under the same mail domain and Distribution Lists or group alias will work with users already migrated and still in the old system.

Set up the new Zentyal server

Make sure you choose to install the new Migration Tool module, or if you have already installed your server, please install it following the Installation in Zentyal instructions.

To set up the new Zentyal server you will first need to configure it as an slave of a Microsoft Active Directory or slave of a Zentyal LDAP master which is synchronized against an Active Directory. Then you will install Mail and Groupware (Zarafa) modules and configure a virtual domain for them (e.g. zentyal.me).

On /etc/zentyal/zarafa.conf you will open Zarafa SOAP connections to the network (required for Zarafa Migration tool): 

# zarafa.conf - configuration file for Zentyal Zarafa module

# whether zarafa to listen only on localhost or allow outlook access
# (license may be required, use 0.0.0.0 to listen on all interfaces)
zarafa_server_bind = 0.0.0.0

and you will allow the service Groupware (port 236/TCP), in Firewall -> Packet Filter -> Filtering rules from internal networks to Zentyal. After this you run: sudo /etc/init.d/zentyal zarafa restart to apply the changes made in zarafa.conf.

Also a user with Zarafa Administration privileges will be required to import users mailboxes to the new system. Give one of the users these capabilities on User edit context by clicking on Administration rights checkbox.

On Mail configuration, inside the Relay policy tab you need to create an object with allowed to send mail through your Zentyal server.

And then on the Microsoft Exchange server, launch the Exchange System Manager and setup the SMTP Connector to relay mail via the Zentyal server by setting the option Forward all mail through this connector to the following smart hosts with the value [ZENTYAL_IP_ADDR].

Next step will be to configure /etc/zentyal/migration_mail.conf with your mail domain settings: 

# migration_mail.conf - configuration file for Zentyal migration tools (mail)

# WARNING: this file is sourced should be kept bash valid syntax

# main mail domain
# (this domain is configured in the old mail server and in Zentyal)
migration_mail_domain=zentyal.me

# IP address of the old mail server
migration_mail_ipaddr=10.50.0.10

# Fake domain for mail transport to the old server
# (this domain will only appear on mail headers, not relevant for end users)
migration_mail_fakename=exchange.zentyal.lan

To finish, copy and customize (if required) the Mail module hook which generates internal transport:

sudo cp /usr/share/doc/zentyal-migration-tool/mail.postsetconf /etc/zentyal/hooks/

sudo chmod +x /etc/zentyal/hooks/mail.postsetconf

Previous migration steps

Before proceeding with the migration of any user to Zarafa, provide them with training and documentation on the new mail system, best available documentation for them is Zarafa User Manual.

If you want to migrate all their current Outlook content to the new server, make sure they don't have any local PST profile, otherwise they should just drag & drop the mail into their Inbox so mail is stored in the Exchange server and not in their personal computer.

Some users use the nickname cache feature of Outlook, a temporal addressbook of the latest 100 mail addresses used. If you want to have these in the new system, the addresses should be imported into Outlook contacts. See Microsoft Article ID: 980542. If you need third party tools to edit this addressbook have a look at the freeware NK2View or NK2.info.

Migration steps

Once the migration is scheduled, first you need to disable user mail account on Microsoft Exchange and convert it to a contact. Rename the mail address of this contact to a non-existent fake domain (e.g. user@…) and in Exchange Advanced Tab you will Hide from Exchange Address Lists.

Now you will use the Microsoft Exchange Merge tool to export this user's mailbox to a PST file that we will import later via Zarafa Migration tool.

You will need to install the Microsoft Exchange Server Mailbox Merge Wizard (ExMerge) on the Microsoft Exchange server. You can read more about this tool in the Microsoft Support Article ID: 174197.

The Microsoft Exchange Mailbox Merge Wizard.

Extract mailboxes into Personal Folders (PST) files.

You want to extract the mailboxes from the existing Exchange server.

Introduce Exchange server name and Domain Controller name, both can be the NetBIOS names.

Users to be exported will be selected.

Then the locale used for the export process.

And finally, the folder where you want to store the exported mailboxes.

Now the process will start, showing the progress.

You can save this process setting for later if required.

And once the operation is finished, you will be shown a report window with some statistics.

After this we you add this user to the file /etc/zentyal/migrated.users and regenerate the configuration with sudo /etc/init.d/zentyal mail restart.

To finish the process, import the user mailbox into the new Linux server by using the Zarafa Migration tool. You can read more about this tool in the Zarafa Migration Manual.

The Zarafa Server Migration Wizard.

Select the folder where the mailboxes were exported.

A list of the mailboxes found will be shown.

Introduce Zarafa server name, and the username and password of the user with Zarafa Administration rights you gave before.

A list of users found in the Zarafa server will be shown.

You can select how mailboxes are matched with the new users, match on filenames will work.

A list of the matched mailboxes and users will be shown.

Now, the import process will start showing us the progress.

Internals

These scripts generate on LDAP a mail alias equal to the real mail account which is resolved to the local account in the server and to an external alias using the fake mail domain (e.g. exchange.zentyal.lan). Configure a special transport on Postfix so mail going to this fake mail domain is delivered via an external relay (the old mail server). Before the mail leaves the system, make Postfix by using generic rewrite, change back the address from the fake mail domain to the original one (e.g. @exchange.zentyal.lan into @zentyal.me).

See this example of a not migrated user: 

1241 mail=jsalamero@zentyal.me,ou=mailalias,ou=postfix,dc=zentyal,dc=me
objectClass: CourierMailAlias
objectClass: account
uid: @zentyal.me
mail: jsalamero@zentyal.me
maildrop: jsalamero@exchange.zentyal.lan

529 uid=jsalamero,ou=Users,dc=zentyal,dc=me
cn: Jorge Salamero
uid: jsalamero
sn: Salamero
loginShell: /usr/sbin/nologin
uidNumber: 2683
gidNumber: 1901
homeDirectory: /home/jsalamero
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: passwordHolder
objectClass: CourierMailAccount
objectClass: usereboxmail
objectClass: fetchmailUser
objectClass: zarafa-contact
givenName: Jorge
description: Zentyal Support
userPassword: {SHA}6/x58Ad3iMg0D2POLcoqdfEgRE8=
eboxSha1Password: {SHA}6/x5aAd3cMg0d2PNLCoqwfEgRE8=
eboxMd5Password: {MD5}1k6Y0rr6bWAR09cPGlwS8A==
eboxLmPassword: B24CE522C3E9C8774A39108F32A63B6D
eboxNtPassword: A87X3A337D73985C4dF941IBE5A87D86
eboxDigestPassword: {MD5}aAKkBoj+TuaJlXZsj0az/Q==
eboxRealmPassword: {MD5}69e2230684ae4ea68d95d66csfs3bdfd
mailHomeDirectory: /var/vmail/
quota: 0
userMaildirSize: 0
mailbox: zentyal.me/jsalamero/
mail: jsalamero@zentyal.me

And this for a already migrated user: 

107 uid=zentyal.support,ou=Users,dc=zentyal,dc=me
cn: zentyal.support
uid: zentyal.support
sn: zentyal.support
loginShell: /usr/sbin/nologin
uidNumber: 2135
gidNumber: 1901
homeDirectory: /home/zentyal.support
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: passwordHolder
objectClass: CourierMailAccount
objectClass: usereboxmail
objectClass: fetchmailUser
objectClass: zarafa-user
objectClass: zarafa-contact
description: Zentyal Support
userPassword: {SHA}6/x58Ad3iMg0D2POLcoqdfEgRE8=
eboxSha1Password: {SHA}6/x5aAd3cMg0d2PNLCoqwfEgRE8=
eboxMd5Password: {MD5}1k6Y0rr6bWAR09cPGlwS8A==
eboxLmPassword: B24CE522C3E9C8774A39108F32A63B6D
eboxNtPassword: A87X3A337D73985C4dF941IBE5A87D86
eboxDigestPassword: {MD5}aAKkBoj+TuaJlXZsj0az/Q==
eboxRealmPassword: {MD5}69e2230684ae4ea68d95d66csfs3bdfd
zarafaAdmin: 1
zarafaQuotaHard: 0
zarafaQuotaSoft: 0
zarafaQuotaWarn: 0
zarafaQuotaOverride: 0
zarafaAccount: 1
mailHomeDirectory: /var/vmail/
quota: 0
userMaildirSize: 0
mailbox: zentyal.me/zentyal.support/
mail: zentyal.support@zentyal.me

On this last example you don't have the alias and you have the zarafa-user objectClass and some attributes as it has Zarafa account enabled.

Attachments