Important Commands for a Multi-tenant Exchange 2019
CHUONG K. NGUYEN – BSc., MCSEx2, MCSAx2, MCP, MCTS, MCITP, CCNA
In this lab we will install and configure Exchange 2019 on a two server setup. Assume that the first server is for Active Directory and the second one is for Exchange Server 2019. On the Exchange Server 2019, launch PowerShell as Administrator, enter the command below to install RSAT-ADDS.
Install-WindowsFeatures RSAT-ADDS
Next, install Visual C++ Redist
Then, install Unified Communication Managed API 4.0
Run PowerShell as Administrator to install all necessary packages:
Install-WindowsFeature Server-Media-Foundation, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS
Check for Windows updates to ensure all updates are installed successfully, especially the .NET framework 4.7.2
Prepare Schema:
.\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema .\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD /OrganizationName: "TestOrganization" .\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAllDomains
Run E:\Setup.exe as Administrator
Choose:
Don’t check for update right now.
Click Finish and restart the server.
Verify the installation:
Get-ExchangeServer | ft -AutoSize
Rename Mailbox Database:
[PS] C:\Windows\system32>Get-MailboxDatabase |ft identity
Identity
——–
Mailbox Database 0585070405
[PS] C:\Windows\system32>Set-MailboxDatabase -Identity “Mailbox Database 0585070405″ -Name “MyDB”
[PS] C:\Windows\system32>Get-MailboxDatabase |ft identity
Identity
——–
MyDB
Enter Product key:
Set-ExchangeServer EXCH2019 -ProductKey 12345-ABCDE-XXYYY-ABCDE-12345
Restart-Service MSExchangeIS
Create Send Connector.
Log in to the Exchange Admin Centre as Administrator.
Click Mail Flow, Send Connectors and follow the instruction to create a new Send connector for the Internet.
Configure Virtual Directories for OWA
Get-OwaVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
$domain = “webmail.test.com”
Set-OwaVirtualDirectory -Identity “EXCH2019\OWA (Default Web Site)” -ExternalUrl https://$domain/owa -InternalUrl https://$domain/owa
Get-OwaVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
Configure Virtual Directories for ECP
Get-EcpVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
$domain = “webmail.test.com”
Set-EcpVirtualDirectory -Identity “EXCH2019\ECP (Default Web Site)” -ExternalUrl https://$domain/ecp -InternalUrl https://$domain/ecp
Get-EcpVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
Configure OutlookAnywhere
Get-OutlookAnywhere | Select Server,ExternalHostname,Internalhostname | fl
Set-OutlookAnywhere -Identity “EXCH2019\RPC (Default Web Site)” -ExternalHostname $domain -InternalHostname $domain -ExternalClientsRequireSsl $true -InternalClientsRequireSsl $true -DefaultAuthenticationMethod NTLM
Get-OutlookAnywhere | Select Server,ExternalHostname,Internalhostname | fl
Configure ActiveSync Virtual Directory
Get-ActiveSyncVirtualDirectory | select server,externalurl,internalurl | fl
Set-ActiveSyncVirtualDirectory -Identity “EXCH2019\Microsoft-Server-ActiveSync (Default Web Site)” -ExternalUrl https://$domain/Microsoft-Server-ActiveSync -InternalUrl https://$domain/Microsoft-Server-ActiveSync
Get-ActiveSyncVirtualDirectory | select server,externalurl,internalurl | fl
Configure Exchange Web Services Virtual Directory
Get-WebServicesVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
Set-WebServicesVirtualDirectory -Identity “EXCH2019\EWS (Default Web Site)” -ExternalUrl https://$domain/EWS/Exchange.asmx -InternalUrl https://$domain/EWS/Exchange.asmx
Get-WebServicesVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
Configure OWA Virtual Directory
Get-OabVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
Set-OabVirtualDirectory -Identity “EXCH2019\OAB (Default Web Site)” -ExternalUrl https://$domain/OAB -InternalUrl https://$domain/OAB
Get-OabVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
Configure AutoDiscover Virtual Directory
Get-ClientAccessService | fl identity,autodiscoverserviceinternaluri
Set-ClientAccessService -Identity “EXCH2019″ –AutoDiscoverServiceInternalUri “https://autodiscover.test.com/Autodiscover/Autodiscover.xml”
Get-ClientAccessService | fl identity,autodiscoverserviceinternaluri
Configure MAPI Virtual Directory
Get-MapiVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
Set-MapiVirtualDirectory -Identity “EXCH2019\mapi (Default Web Site)” -ExternalUrl https://$domain/mapi -InternalUrl https://$domain/mapi
Get-MapiVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
Restart IIS
IISReset
Create a new Accepted Domain
Mail flow, Accepted Domain, create a new Authorotative Domain.
Create new Email Address Policy
Mail flow, EMail Address Policy
Apply the policy when done creating it.
Now create a new user account and test sending and receiving.
Use Active Directory Users and Computers, create Two new OU and name them CompanyA and CompanyB. Inside each of these OUs, create a couple of email accounts.
Enter the following commands:
Get-Mailbox -OrganizationalUnit test.local/CompanyA | Set-Mailbox -CustomAttribute15 CompanyA
Get-MailUser -OrganizationalUnit test.local/CompanyA | Set-MailUser -CustomAttribute15 CompanyA
Get-DistributionGroup -OrganizationalUnit test.local/CompanyA | Set-DistributionGroup -CustomAttribute15 CompanyA
Do the same three commands for CompanyB
Get-Mailbox -OrganizationalUnit test.local/CompanyB | Set-Mailbox -CustomAttribute15 CompanyB
Get-MailUser -OrganizationalUnit test.local/CompanyB | Set-MailUser -CustomAttribute15 CompanyB
Get-DistributionGroup -OrganizationalUnit test.local/CompanyB | Set-DistributionGroup -CustomAttribute15 CompanyB
Now we will create the new GALs for each company, referencing the CustomAttribute15 and its value
New-GlobalAddressList “CompanyA Global Address List” -RecipientFilter {(CustomAttribute15 -eq “CompanyA”)} | Update-GlobalAddressList
New-GlobalAddressList “CompanyB Global Address List” -RecipientFilter {(CustomAttribute15 -eq “CompanyB”)} | Update-GlobalAddressList
Now we shall create the address lists. Address lists are “Folders” within the GAL that end users use to view lists of mailboxes, distribution groups,
contacts and room mailboxes.
Create CompanyA Address Lists:
New-AddressList “CompanyA Users” -RecipientFilter {((CustomAttribute15 -eq “CompanyA”) -and (RecipientType -eq ‘UserMailbox’))} | Update-AddressList
New-AddressList “CompanyA Groups” -RecipientFilter {((CustomAttribute15 -eq “CompanyA”) -and (RecipientType -eq ‘MailUniversalDistributionGroup’ -or RecipientType -eq ‘MailUniversalSecurityGroup’ -or RecipientType -eq ‘MailNonUniversalGroup’ -or RecipientType -eq ‘DynamicDistributionGroup’))} | Update-AddressList
New-AddressList “CompanyA Contacts” -RecipientFilter {((CustomAttribute15 -eq “CompanyA”) -and (RecipientType -eq ‘MailContact’))} | Update-AddressList
New-AddressList “CompanyA Rooms” -RecipientFilter {((CustomAttribute15 -eq “CompanyA”) -and (Alias -ne $null) -and ((RecipientDisplayType -eq ‘ConferenceRoomMailbox’) -or (RecipientDisplayType -eq ‘SyncedConferenceRoomMailbox’)))} | Update-AddressList
Create CompanyB Address Lists:
New-AddressList “CompanyB Users” -RecipientFilter {((CustomAttribute15 -eq “CompanyB”) -and (RecipientType -eq ‘UserMailbox’))} | Update-AddressList
New-AddressList “CompanyB Groups” -RecipientFilter {((CustomAttribute15 -eq “CompanyB”) -and (RecipientType -eq ‘MailUniversalDistributionGroup’ -or RecipientType -eq ‘MailUniversalSecurityGroup’ -or RecipientType -eq ‘MailNonUniversalGroup’ -or RecipientType -eq ‘DynamicDistributionGroup’))} | Update-AddressList
New-AddressList “CompanyB Contacts” -RecipientFilter {((CustomAttribute15 -eq “CompanyB”) -and (RecipientType -eq ‘MailContact’))} | Update-AddressList
New-AddressList “CompanyB Rooms” -RecipientFilter {((CustomAttribute15 -eq “CompanyB”) -and (Alias -ne $null) -and ((RecipientDisplayType -eq ‘ConferenceRoomMailbox’) -or (RecipientDisplayType -eq ‘SyncedConferenceRoomMailbox’)))} | Update-AddressList
Create two Offline Address Books:
New-OfflineAddressBook “CompanyA Offline Address Book” -AddressLists “CompanyA Global Address List”
New-OfflineAddressBook “CompanyB Offline Address Book” -AddressLists “CompanyB Global Address List”
Now we shall crate two Address Book Policies:
New-AddressBookPolicy -Name “CompanyA Address Book Policy” -AddressLists (Get-AddressList CompanyA*) -OfflineAddressBook “CompanyA Offline Address Book” -GlobalAddressList “\CompanyA Global Address List” -RoomList “\CompanyA Rooms”
New-AddressBookPolicy -Name “CompanyB Address Book Policy” -AddressLists (Get-AddressList CompanyB*) -OfflineAddressBook “CompanyB Offline Address Book” -GlobalAddressList “\CompanyB Global Address List” -RoomList “\CompanyB Rooms”
Assign the Address Book Policies to users:
Get-Mailbox -Filter {(CustomAttribute15 -eq “CompanyA”)} | Set-Mailbox -AddressBookPolicy “CompanyA Address Book Policy”
Get-Mailbox -Filter {(CustomAttribute15 -eq “CompanyB”)} | Set-Mailbox -AddressBookPolicy “CompanyB Address Book Policy”
When you create a new mailbox moving forward, you need to:
a/ Assign an Address Book Policy to that user
b/ Assign the company name to Attribute15
You can do that using the EMC or EMS:
New-Mailbox "CompanyAUser1" -OrganizationalUnit test.local/CompanyA -UserPrincipalName CompanyAUser1@test.local -AddressBookPolicy "CompanyA Address Book Policy" -Shared | Set-MailBox -CustomAttribute15 "CompanyA" $password = Read-Host "Enter password" -AsSecureString; New-Mailbox -UserPrincipalName chuong3@test.local -Alias chuong3 -Database "MyDB" -Name Chuong3 -OrganizationalUnit CompanyA -Password $password -FirstName Chuong -LastName Nguyen -DisplayName "Chuong Nguyen" -ResetPasswordOnNextLogon $false -AddressBookPolicy "CompanyA Address Book Policy" | Set-MailBox -CustomAttribute15 "CompanyA" $password = Read-Host "Enter password" -AsSecureString; New-Mailbox -UserPrincipalName joe@test.local -Alias joe -Database "MyDB" -Name joe -OrganizationalUnit CompanyB -Password $password -FirstName Joe -LastName Nguyen -DisplayName "Joe Nguyen" -ResetPasswordOnNextLogon $false -AddressBookPolicy "CompanyB Address Book Policy" | Set-MailBox -CustomAttribute15 "CompanyB"