I am preparing for an Exchange 2007 to 2013 Migration. I wanted to stand the servers up and not yet point to them.

I learned the hard way the once you install the CAS role, it inserts itself into AD and clients will attempt to connect to it right away. I had not yet changed the DNS and added the legacy DNS record.  I received various pop ups about the names on the security certificate not matching  the name of the site. I ended up uninstalling the CAS servers.

What I want to know is, once I re-install the CAS role, do I have to cut over all the URLs and DNS right away? It appears so.  If so, I will want to plan this for weekend.

Hello

tip: after install CAS create new cert with all domain name what is used client connect to exchange.

Hi,

Generally, when you install the Exchange server, a self-signed certificate with the Exchange server FQDN would be installed in Exchange server automatically.

Also confirm if you install a third-party certificate in Exchange server. If that is the case, please note to change the Exchange service URL to match the namespace contained in the certificate. Here is a similar KB for your reference:

https://support.microsoft.com/en-us/kb/940726

Regards,

You dont have to cut over to Exchange 2013 right away. If you configure Exchange 2013 to Point to Exchange 2007 the clients will continue to connect to Exchange 2007 instead and you can work on 2013 in the pace you like. You can start with configuring the SCP for autodiscover to Point to 2007. You can do that using the following command:

Set-ClientAccessServer <exchange2013server> -AutoDiscoverServiceInternalUri "<SCPuriconfiguredinexchange2007>"

Example:
Set-ClientAccessServer excsrv2013 -AutoDiscoverServiceInternalUri "https://excsrv2007.domain.com/Autodiscover/Autodiscover.xml"

To find the SCP uri used today try the following command:
Get-ClientAccessServer <exchange2007server> | Name,AutoDiscoverServiceInternalUri

I would strongly recommend you to install a trusted certificate on the 2013 servers immediately after adding them to prevent unwanted certificate errors for the clients.

Have you had a look at the deployment assistant for Exchange? Most of the info is in there and it is a very good checklist to follow, have a look here:
https://technet.microsoft.com/en-us/office/dn756393.aspx?f=255&MSPPError=-2147217396

You dont have to cut over to Exchange 2013 right away. If you configure Exchange 2013 to Point to Exchange 2007 the clients will continue to connect to Exchange 2007 instead and you can work on 2013 in the pace you like. You can start with configuring the SCP for autodiscover to Point to 2007. You can do that using the following command:

Set-ClientAccessServer <exchange2013server> -AutoDiscoverServiceInternalUri "<SCPuriconfiguredinexchange2007>"

Example:
Set-ClientAccessServer excsrv2013 -AutoDiscoverServiceInternalUri "https://excsrv2007.domain.com/Autodiscover/Autodiscover.xml"

To find the SCP uri used today try the following command:
Get-ClientAccessServer <exchange2007server> | Name,AutoDiscoverServiceInternalUri

I would strongly recommend you to install a trusted certificate on the 2013 servers immediately after adding them to prevent unwanted certificate errors for the clients.

Have you had a look at the deployment assistant for Exchange? Most of the info is in there and it is a very good checklist to follow, have a look here:
https://technet.microsoft.com/en-us/office/dn756393.aspx?f=255&MSPPError=-2147217396