Important Commands for a Multi-tenant Exchange 2019

Important Commands for a Multi-tenant Exchange 2019

CHUONG K. NGUYEN – BSc., MCSEx2, MCSAx2, MCP, MCTS, MCITP, CCNA

In this lab we will install and configure Exchange 2019 on a two server setup.  Assume that the first server is for Active Directory and the second one is for Exchange Server 2019.  On the Exchange Server 2019, launch PowerShell as Administrator, enter the command below to install RSAT-ADDS.

Install-WindowsFeatures RSAT-ADDS

Next, install Visual C++ Redist

Then, install Unified Communication Managed API 4.0

Run PowerShell as Administrator to install all necessary packages:

Install-WindowsFeature Server-Media-Foundation, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS

Check for Windows updates to ensure all updates are installed successfully, especially the .NET framework 4.7.2

Prepare Schema:

.\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema
.\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD /OrganizationName: "TestOrganization"
.\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAllDomains

Run E:\Setup.exe as Administrator

Choose:

Don’t check for update right now.

Click Finish and restart the server.

Verify the installation:

Get-ExchangeServer | ft -AutoSize

Rename Mailbox Database:

[PS] C:\Windows\system32>Get-MailboxDatabase |ft identity

Identity

——–

Mailbox Database 0585070405

[PS] C:\Windows\system32>Set-MailboxDatabase -Identity “Mailbox Database 0585070405″ -Name “MyDB”

[PS] C:\Windows\system32>Get-MailboxDatabase |ft identity

Identity

——–

MyDB

Enter Product key:

Set-ExchangeServer EXCH2019 -ProductKey 12345-ABCDE-XXYYY-ABCDE-12345

Restart-Service MSExchangeIS

Create Send Connector.

Log in to the Exchange Admin Centre as Administrator.

Click Mail Flow, Send Connectors and follow the instruction to create a new Send connector for the Internet.

Configure Virtual Directories for OWA

Get-OwaVirtualDirectory | Select Server,ExternalURL,InternalURL | fl

$domain = “webmail.test.com”

Set-OwaVirtualDirectory -Identity “EXCH2019\OWA (Default Web Site)” -ExternalUrl https://$domain/owa -InternalUrl https://$domain/owa

Get-OwaVirtualDirectory | Select Server,ExternalURL,InternalURL | fl

Configure Virtual Directories for ECP

Get-EcpVirtualDirectory | Select Server,ExternalURL,InternalURL | fl

$domain = “webmail.test.com”

Set-EcpVirtualDirectory -Identity “EXCH2019\ECP (Default Web Site)” -ExternalUrl https://$domain/ecp -InternalUrl https://$domain/ecp

Get-EcpVirtualDirectory | Select Server,ExternalURL,InternalURL | fl

Configure OutlookAnywhere

Get-OutlookAnywhere | Select Server,ExternalHostname,Internalhostname | fl

Set-OutlookAnywhere -Identity “EXCH2019\RPC (Default Web Site)” -ExternalHostname $domain -InternalHostname $domain -ExternalClientsRequireSsl $true -InternalClientsRequireSsl $true -DefaultAuthenticationMethod NTLM

Get-OutlookAnywhere | Select Server,ExternalHostname,Internalhostname | fl

Configure ActiveSync Virtual Directory

Get-ActiveSyncVirtualDirectory | select server,externalurl,internalurl | fl

Set-ActiveSyncVirtualDirectory -Identity “EXCH2019\Microsoft-Server-ActiveSync (Default Web Site)” -ExternalUrl https://$domain/Microsoft-Server-ActiveSync -InternalUrl https://$domain/Microsoft-Server-ActiveSync

Get-ActiveSyncVirtualDirectory | select server,externalurl,internalurl | fl

Configure Exchange Web Services Virtual Directory

Get-WebServicesVirtualDirectory | Select Server,ExternalURL,InternalURL | fl

Set-WebServicesVirtualDirectory -Identity “EXCH2019\EWS (Default Web Site)” -ExternalUrl https://$domain/EWS/Exchange.asmx -InternalUrl https://$domain/EWS/Exchange.asmx

Get-WebServicesVirtualDirectory | Select Server,ExternalURL,InternalURL | fl

Configure OWA Virtual Directory

Get-OabVirtualDirectory | Select Server,ExternalURL,InternalURL | fl

Set-OabVirtualDirectory -Identity “EXCH2019\OAB (Default Web Site)” -ExternalUrl https://$domain/OAB -InternalUrl https://$domain/OAB

Get-OabVirtualDirectory | Select Server,ExternalURL,InternalURL | fl

Configure AutoDiscover Virtual Directory

Get-ClientAccessService | fl identity,autodiscoverserviceinternaluri

Set-ClientAccessService -Identity “EXCH2019″ –AutoDiscoverServiceInternalUri “https://autodiscover.test.com/Autodiscover/Autodiscover.xml”

Get-ClientAccessService | fl identity,autodiscoverserviceinternaluri

Configure MAPI Virtual Directory

Get-MapiVirtualDirectory | Select Server,ExternalURL,InternalURL | fl

Set-MapiVirtualDirectory -Identity “EXCH2019\mapi (Default Web Site)” -ExternalUrl https://$domain/mapi -InternalUrl https://$domain/mapi

Get-MapiVirtualDirectory | Select Server,ExternalURL,InternalURL | fl

Restart IIS

IISReset

Create a new Accepted Domain

Mail flow, Accepted Domain, create a new Authorotative Domain.

Create new Email Address Policy

Mail flow, EMail Address Policy

Apply the policy when done creating it.

Now create a new user account and test sending and receiving.

Use Active Directory Users and Computers, create Two new OU and name them CompanyA and CompanyB. Inside each of these OUs, create a couple of email accounts.

Enter the following commands:

Get-Mailbox -OrganizationalUnit test.local/CompanyA | Set-Mailbox -CustomAttribute15 CompanyA

Get-MailUser -OrganizationalUnit test.local/CompanyA | Set-MailUser -CustomAttribute15 CompanyA

Get-DistributionGroup -OrganizationalUnit test.local/CompanyA | Set-DistributionGroup -CustomAttribute15 CompanyA

Do the same three commands for CompanyB

Get-Mailbox -OrganizationalUnit test.local/CompanyB | Set-Mailbox -CustomAttribute15 CompanyB

Get-MailUser -OrganizationalUnit test.local/CompanyB | Set-MailUser -CustomAttribute15 CompanyB

Get-DistributionGroup -OrganizationalUnit test.local/CompanyB | Set-DistributionGroup -CustomAttribute15 CompanyB

Now we will create the new GALs for each company, referencing the CustomAttribute15 and its value

New-GlobalAddressList “CompanyA Global Address List” -RecipientFilter {(CustomAttribute15 -eq “CompanyA”)} | Update-GlobalAddressList

New-GlobalAddressList “CompanyB Global Address List” -RecipientFilter {(CustomAttribute15 -eq “CompanyB”)} | Update-GlobalAddressList

Now we shall create the address lists. Address lists are “Folders” within the GAL that end users use to view lists of mailboxes, distribution groups,

contacts and room mailboxes.

Create CompanyA Address Lists:

New-AddressList “CompanyA Users” -RecipientFilter {((CustomAttribute15 -eq “CompanyA”) -and (RecipientType -eq ‘UserMailbox’))} | Update-AddressList

New-AddressList “CompanyA Groups” -RecipientFilter {((CustomAttribute15 -eq “CompanyA”) -and (RecipientType -eq ‘MailUniversalDistributionGroup’ -or RecipientType -eq ‘MailUniversalSecurityGroup’ -or RecipientType -eq ‘MailNonUniversalGroup’ -or RecipientType -eq ‘DynamicDistributionGroup’))} | Update-AddressList

New-AddressList “CompanyA Contacts” -RecipientFilter {((CustomAttribute15 -eq “CompanyA”) -and (RecipientType -eq ‘MailContact’))} | Update-AddressList

New-AddressList “CompanyA Rooms” -RecipientFilter {((CustomAttribute15 -eq “CompanyA”) -and (Alias -ne $null) -and ((RecipientDisplayType -eq ‘ConferenceRoomMailbox’) -or (RecipientDisplayType -eq ‘SyncedConferenceRoomMailbox’)))} | Update-AddressList

Create CompanyB Address Lists:

New-AddressList “CompanyB Users” -RecipientFilter {((CustomAttribute15 -eq “CompanyB”) -and (RecipientType -eq ‘UserMailbox’))} | Update-AddressList

New-AddressList “CompanyB Groups” -RecipientFilter {((CustomAttribute15 -eq “CompanyB”) -and (RecipientType -eq ‘MailUniversalDistributionGroup’ -or RecipientType -eq ‘MailUniversalSecurityGroup’ -or RecipientType -eq ‘MailNonUniversalGroup’ -or RecipientType -eq ‘DynamicDistributionGroup’))} | Update-AddressList

New-AddressList “CompanyB Contacts” -RecipientFilter {((CustomAttribute15 -eq “CompanyB”) -and (RecipientType -eq ‘MailContact’))} | Update-AddressList

New-AddressList “CompanyB Rooms” -RecipientFilter {((CustomAttribute15 -eq “CompanyB”) -and (Alias -ne $null) -and ((RecipientDisplayType -eq ‘ConferenceRoomMailbox’) -or (RecipientDisplayType -eq ‘SyncedConferenceRoomMailbox’)))} | Update-AddressList

Create two Offline Address Books:

New-OfflineAddressBook “CompanyA Offline Address Book” -AddressLists “CompanyA Global Address List”

New-OfflineAddressBook “CompanyB Offline Address Book” -AddressLists “CompanyB Global Address List”

Now we shall crate two Address Book Policies:

New-AddressBookPolicy -Name “CompanyA Address Book Policy” -AddressLists (Get-AddressList CompanyA*) -OfflineAddressBook “CompanyA Offline Address Book” -GlobalAddressList “\CompanyA Global Address List” -RoomList “\CompanyA Rooms”

New-AddressBookPolicy -Name “CompanyB Address Book Policy” -AddressLists (Get-AddressList CompanyB*) -OfflineAddressBook “CompanyB Offline Address Book” -GlobalAddressList “\CompanyB Global Address List” -RoomList “\CompanyB Rooms”

Assign the Address Book Policies to users:

Get-Mailbox -Filter {(CustomAttribute15 -eq “CompanyA”)} | Set-Mailbox -AddressBookPolicy “CompanyA Address Book Policy”

Get-Mailbox -Filter {(CustomAttribute15 -eq “CompanyB”)} | Set-Mailbox -AddressBookPolicy “CompanyB Address Book Policy”

When you create a new mailbox moving forward, you need to:

a/ Assign an Address Book Policy to that user

b/ Assign the company name to Attribute15

You can do that using the EMC or EMS:

 

New-Mailbox "CompanyAUser1" -OrganizationalUnit test.local/CompanyA -UserPrincipalName CompanyAUser1@test.local -AddressBookPolicy "CompanyA Address Book Policy" -Shared | Set-MailBox -CustomAttribute15 "CompanyA"
$password = Read-Host "Enter password" -AsSecureString; New-Mailbox -UserPrincipalName chuong3@test.local -Alias chuong3 -Database "MyDB" -Name Chuong3 -OrganizationalUnit CompanyA -Password $password -FirstName Chuong -LastName Nguyen -DisplayName "Chuong Nguyen" -ResetPasswordOnNextLogon $false -AddressBookPolicy "CompanyA Address Book Policy" | Set-MailBox -CustomAttribute15 "CompanyA"
$password = Read-Host "Enter password" -AsSecureString; New-Mailbox -UserPrincipalName joe@test.local -Alias joe -Database "MyDB" -Name joe -OrganizationalUnit CompanyB -Password $password -FirstName Joe -LastName Nguyen -DisplayName "Joe Nguyen" -ResetPasswordOnNextLogon $false -AddressBookPolicy "CompanyB Address Book Policy" | Set-MailBox -CustomAttribute15 "CompanyB"