|
Exchange 2010 Hosting Part 1 - The Hard Way
![Paul Roman [MVP for Exchange, MCSE, MCSA, MCST, MCITP] Photo](authorphoto.aspx?i=12)
Paul is a Microsoft Certified System Engineer since 1999.
His experience covers a large number of Microsoft Exchange implementations starting from small infrastructures and going to large hosting infrastructures for thousands of users.
Starting with April 1st, 2010, Paul is MVP for Exchange.
More from Paul Roman [MVP for Exchange, MCSE, MCSA, MCST, MCITP]...
Hosting multiple Organizations on a single Exchange Infrastructure can give significant hardware consolidation advantages. Exchange 2010 has greatly simplified the setup of such an environment, giving us two implementation options, the hard and the easy way. Today we go down the hard way...
2. New Tenant Setup
Now that we completed the preparation steps, we are ready to setup a new Exchange Organization tenant. Here we will use:
- domain.com as an example domain;
- addomain.local as the local active directory domain;
- Exchange ORG as the Exchange Organization
- Server_name1 is the mailbox server
- Server_name2 is the Client Access Server CAS. Server_name1 and server_name2 can be the same.
-
Create a new OU for the new tenant.
Under the OU created in the previous step, create a new OU with the name of the email domain that you will host:
- Start Active Directory Users and Computers.
- At the left pane, right-click the Tenants OU.
- Click New, and select Organizational Unit.
- Type domain.com, and click OK.
-
Create a new UPN suffix for the newly created OU
- Open the ADSI Editor and connect to the Default Naming Context.
- Right click the OU and select Properties.
- Select the upnSuffixes attribute and click Edit.
- Enter the new company UPN suffix and click Add.
- Click OK twice to close out of the properties
-
Create a new security group that will host all the domain.com users.
Run the following cmdlet from Exchange Management Shell:
New-DistributionGroup -Name "domain.com Users" -OrganizationalUnit "addomain.local/Tenants/ domain.com" -SamAccountName "domain.comUsers" -Alias "domain.comUsers" -Type "Security"
-
Create a new accepted domain
Run the following cmdlet from Exchange Management Shell:
new-AcceptedDomain -Name 'domain.com' -DomainName 'domain.com' -DomainType 'Authoritative'
-
Create a new email address policy. The policy will be applied to all email enabled objects located under domain.com OU. The email address will be alias@domain.com. You can use other patterns like name.surname (%g.%s@domain.com) or "first letter from name".surname (%1g.%s@domain.com) and so on.
Run the following cmdlet from Exchange Management Shell:
new-EmailAddressPolicy -Name 'domain.com' -RecipientContainer 'addomain.local/tenants/domain.com' -IncludedRecipients 'AllRecipients' -Priority 'Lowest' -EnabledEmailAddressTemplates 'SMTP:%m@domain.com'
-
Create a new Global Address List. This will contain all the email enabled objects located under domain.com OU.
Run the following cmdlet from the Exchange Management Shell:
new-globalAddressList -Name 'domain.com GAL' -RecipientContainer 'addomain.local/tenants/domain.com' -IncludedRecipients 'AllRecipients'
-
Create a new Address List. This will contain all the email enabled objects located under domain.om OU
Run the following cmdlet from Exchange Management Shell:
new-AddressList -Name 'domain.com AL' -RecipientContainer 'addomain.local/ Tenants/domain.com' -IncludedRecipients 'AllRecipients' -Container '\' -DisplayName 'domain.com AL'
-
Create new Offline Address Book. This will contain all the email enabled objects located under domain.com OU. Here you have to pay attention to:
If you are using Outlook 2003 you need to enable the Offline Address Book distribution via public folders (-PublicFolderDistributionEnabled $true) Server_name1 is the name of the mailbox server that will be responsible for Offline Address Book generation Server_name2\OAB (Default Web Site) is the web virtual directory where you want to distribute the Offline Address Book. Server_name2 is the name of the Client Access Server that is hosting the web virtual directory. Server_name1 can be the same as Server_name2 if the Mailbox and Client Access Role are located on the same server
Run the following cmdlet from Exchange Management Shell:
new-OfflineAddressBook -Name 'domain.com' -Server 'Server_name1' -AddressLists '\domain.com AL' -PublicFolderDistributionEnabled $true -VirtualDirectories 'Server_name2\OAB (Default Web Site)'
-
Secure the Address Lists by allowing access only to the users from the security group created at 2.3 (domain.com Users)
Use the ADSI editor to clear Authenticated Users permission from recently created Global Address List, Address List and Offline Address Book as you did in 1.3 for the following containers:
CN=domain.com AL, CN=All Address Lists, CN=Address Lists Container, CN=Exchange ORG,CN=Microsoft Exchange, CN=Services, CN=Configuration, DC=addomain, DC=local CN=domain.com GAL, CN= All Global Address Lists, CN=Address Lists Container, CN=Exchange ORG,CN=Microsoft Exchange, CN=Services, CN=Configuration, DC=addomain, DC=local CN=domain.com OAB, CN= Offline Address Lists, CN=Address Lists Container, CN=Exchange ORG,CN=Microsoft Exchange, CN=Services, CN=Configuration, DC=addomain, DC=local
Run the following cmdlet from Exchange Management Shell to add permissions to the users from the security group created at 2.3 (domain.com Users):
$container = "CN=domain.com AL,CN=All Address Lists,CN=Address Lists Container,CN=Exchange ORG,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=addomain,DC=local"
Add-ADPermission $container -User "domain.com Users" -AccessRights GenericRead, ListChildren -ExtendedRights Open-Address-Book
$container = "CN=domain.com GAL,CN= All Global Address Lists,CN=Address Lists Container,CN=Exchange ORG,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=addomain, DC=local"
Add-ADPermission $container -User " domain.com Users " -AccessRights GenericRead, ListChildren -ExtendedRights Open-Address-Book
$container = "CN=domain.com OAB,CN= Offline Address Lists,CN=Address Lists Container,CN=Exchange ORG,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=addomain,DC=local"
Add-ADPermission $container -User " domain.com Users " -AccessRights GenericRead, ListChildren -ExtendedRights ms-Exch-Download-OAB
-
Create a new Mailbox Database to host the new tenant (This step is optional)
If using Exchange 2010 Standard Edition, you can create up to 5 databases per server, including the public folder database. In Exchange 2010 Enterprise Edition you can create up to 100 databases per server, including the public folder database.
Based on this, if the number of tenants that you will host is less than the number of databases supported, it is recommended to create a new database for each tenant. This will help you to easily manage the Offline Address Book for each user by assigning the tenant Offline Address Book for all user only once at the database proprieties. To create a new database, run the following cmdlet from Exchange Management Shell:
new-mailboxdatabase -Server 'Server_name1' -Name 'domain.com MB' -EdbFilePath '%database path%\domain.com MB.edb' -LogFolderPath '%log path% \domain.com MB'
For the newly created database, assign the domain.com OAB as the default Offline Address Book by running the following cmdlet from Exchange Management Shell:
Set-MailboxDatabase "domain.com MB" -OfflineAddressBook "domain.com OAB"
|