Exchange 2010 move to Kerberos

PaulH 41 Reputation points
2021-05-07T14:15:13.913+00:00

We are moving an Exchange 2010 cluster to Kerberos in prep for migration to Exchange online and have run into a problem regarding the script "ConvertOABDir.ps1". According to a few different sites I need to do the following:

  1. Create an ASA computer account.
  2. Run the script: .\RollAlternateserviceAccountPassword.ps1 -ToArrayMembers {CAS array name} -GenerateNewPasswordFor "{Domain}{ASA}" –Verbose
    (This script appears to be located in the SP3 scripts directory)
  3. Convert OAB virtual directory to web application with the script ConvertOABDir.ps1, just download and run.

The problem is I can't find that script. All the links that have been provided to Microsoft don't have this file. Searching Microsoft can't find this file. The closest I can get is post here which appears to have pasted the contents but I can't validate whether or not this is the actual script, unchanged for Exchange 2010 SP3.
https://social.technet.microsoft.com/Forums/lync/en-US/ab5409ff-f20c-4d66-a261-c3c73f01a919/cant-enable-kerberos-in-outlook-and-exchange-2013-bug-in-convertoabvdirps1?forum=exchangesvrclients

Can anyone help? Or is there a different way to achieve this same goal?

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,227 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Eric Yin-MSFT 4,386 Reputation points
    2021-05-10T02:05:30.56+00:00

    Hi,

    It's still in %Exchangeinstallpath\scripts folder in Exchange2016:

    95082-3.png

    In case your folder not complete, I post it here in txt:

    95045-1.txt


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. PaulH 41 Reputation points
    2021-05-10T14:48:48.533+00:00

    This is Exchange 2010. THAT script is not on either server. However I've modified my search and found the file "convertoabvdir.ps1". Is that the same thing?

    Edit: this is in the SP3 install directories. I assume it's the same but would like to know for sure.


  3. Andy David - MVP 138.6K Reputation points MVP
    2021-05-10T20:33:17.627+00:00

    Hmm, not sure what you are referring to, but there is no relationship between kerberos and migrating to Exchange Online. :)

    Moving to Kerberos auth only makes sense if you want to reduce the load mail clients have on Domain controllers, otherwise there is no reason to introduce this change now and it doesn't buy you anything if you are moving to Exchange Online.

    Another thing to remember is that kerberos auth only works for domain-joined clients, so enabling this wont make a difference for non-domain joined clients and won't have any benefit for this that you mentioned above "One of the strongly recommended things to do is to NOT allow NTLM traffic outside of your organization"