Microsoft Exchange 2013

Administrating

Microsoft

Exchange Server 2013

DEVARAJ.V.R

EXCHANGE SERVER 2013

Table of Contents

Introduction ................................................................................................................................................................... 1

Exchange Server 2013 System Requirements ......................................................................................................... 5

Installing Exchange Server 2013 (For Server 2012 R2 only) ............................................................................... 6

Migrating to Exchange Server 2013 ........................................................................................................................ 15

Enrolling Exchange Certificates ............................................................................................................................... 21

Mailbox Databases ...................................................................................................................................................... 24

User Mailbox ................................................................................................................................................................ 26

Distribution Group ...................................................................................................................................................... 34

Dynamic Distribution Group ..................................................................................................................................... 35

Resource Mailbox ........................................................................................................................................................ 36

Mail Contact .................................................................................................................................................................. 37

Shared Mailbox ............................................................................................................................................................ 38

Address List .................................................................................................................................................................. 39

Mail User ....................................................................................................................................................................... 41

Exchange Management Permissions ....................................................................................................................... 42

Outlook Web App Policy ............................................................................................................................................ 45

Messaging Records Management ............................................................................................................................. 47

Journaling ..................................................................................................................................................................... 51

Email Address Policy .................................................................................................................................................. 53

Transport Rule............................................................................................................................................................. 55

Delivery Report ........................................................................................................................................................... 57

Accepted Domains ....................................................................................................................................................... 58

Public Folders .............................................................................................................................................................. 59

Connectors .................................................................................................................................................................... 61

Offline Address Book .................................................................................................................................................. 64

Address Book Policies ................................................................................................................................................ 68

Linked Mailbox ............................................................................................................................................................ 71

Database Availability Group ..................................................................................................................................... 73

Backup and Restore Exchange Server 2013 .......................................................................................................... 86

Edge Transport Server ............................................................................................................................................. 102


1

Introduction

icrosoft Exchange Server is a calendaring software, a mail server and contact manager developed by

Microsoft. It is a server program that runs on Windows Server and part of the Microsoft Servers line of

products. Microsoft Exchange Server 2013 has a significantly different architecture than its predecessors.

Whereas Exchange Server 2007 and Exchange Server 2010 components were split into different server roles for

scaling out Exchange organizations, Exchange Server 2013 streamlines the server roles and architecture while still

allowing you to fully scale Exchange organizations to meet the needs of enterprises of all sizes. Exchange 2013 server

roles are loosely rather than tightly coupled, which eliminates any previous session affinity requirements. The

Mailbox server that stores the active database copy for a mailbox performs all the data processing, rendering, and

transformation required. The Client Access server is used only to connect the client to the Mailbox server. The Client

Access server provides authentication, redirection, and proxy services as needed. Session affinity between the

Mailbox server and the Client Access server is not required. Mailbox servers maintain the session affinity, and clients

always connect to the Mailbox server hosting the related user’s mailbox. For connections, the supported protocols

include HTTP, POP, IMAP, RPC over HTTP, and SMTP, but no longer include RPC. Exchange Server 2013 is designed to

work with Microsoft Outlook 2007 and later and also continues to support the Outlook Web App. Rather than

connecting to servers by using Fully Qualified Domain Names (FQDN) as was done in the past, Outlook 2007 and

later use Autodiscover to create connection points based on the domain portion of the user’s primary SMTP address

and the GUID of a user’s mailbox

Understanding Exchange Server 2013 organizations

The root of an Exchange environment is an organization. It’s the starting point for the Exchange hierarchy, and its

boundaries define the boundaries of any Exchange environment. Exchange Server 2013 organisations are nearly

identical to those of Exchange Server 2010.

Organizational architecture When you install Exchange Server 2013, you install your Exchange servers within the organizational context of the

domain in which the server is a member. The physical site boundaries and subnets defined for Active Directory

Domain Services are the same as those used by Exchange Server 2013, and the site details are determined by the IP

address assigned to the server. If you are installing the first Exchange server in a domain, you set the name of the

Exchange organization for that domain. The next Exchange server you install in the domain joins the existing

Exchange organization automatically. Exchange 2013 organizations natively have only two server types: Client Access

servers and Mailbox servers. In this new architecture, Client Access servers act as the front end for Exchange

services, and Mailbox servers act as the back end, as shown in Figure 1-1. Exchange 2013 does not have separate

server roles for Hub Transport servers or Unified Messaging servers; instead, the related components are now part

of the Mailbox server role.

M


2

The figure1-1 shows the client-server architecture of the Exchange 2013

As part of the major architecture changes for Exchange 2013, Client Access servers now act only as lightweight,

stateless proxy servers. They provide a unified namespace, authentication, and network security for the Exchange

organization. Although they also provide the proxy and redirection logic for client protocols, Client Access servers no

longer handle all of the client-related messaging tasks in an Exchange implementation, nor do they perform content

conversion. In addition, all other components that were previously associated with Client Access servers are now

moved to Mailbox servers. Client Access servers are designed to work with TCP affinity; therefore, load balancing is

easier because application session affinity is not required. RPC over TCP has been removed in Exchange 2013 as well,

and all Outlook connections now take place using Outlook Anywhere (RPC over HTTP). These changes have simplified

the protocol stack, eliminated the need for RPC Client Access arrays and the related namespace, and moved the

maintenance of the RPC sessions to the Mailbox servers.

Front-end transport

Mail transport is provided by the Front End Transport service, which provides mailbox locator services and proxy

services for incoming and outgoing SMTP messages, as shown in figure below. The Front End Transport service loads

routing tables based on information from Active Directory and uses this information to route messages to the

Transport service on Mailbox servers. The Mailbox server is selected based on the location of mailbox databases

associated with the recipients.


3

Figure 1-2 shows the Front-End Transport Service

Back-end transport The Transport service runs on all Mailbox servers and is responsible for all mail flow within an Exchange organization,

as shown figure below The Transport service relies on the Mailbox Transport service, which consists of two separate

helper services: the Mailbox Transport Delivery service used with incoming messages and the Mailbox Transport

Submission service used with outgoing messages. The Transport service receives SMTP messages from the Transport

service and establishes an RPC MAPI connection with the local mailbox database to deliver a message. The delivery

service connects to the local mailbox database by using RPC MAPI to retrieve messages and submits messages over

SMTP to the Transport service.


4

Figure 1-3 shows the Back-End Transport Service

Exchange Server 2013 Editions

Microsoft Exchange Server 2013 is available in two server editions: Standard Edition and Enterprise Edition.

Enterprise Edition can scale to 50 mounted databases per server in the RTM version and Cumulative Update 1

versions, and 100 mounted databases per server in Cumulative Update 2 and later versions; Standard Edition is

limited to 5 mounted databases per server. A mounted database can be an active mailbox database that is mounted

for use by clients, or a passive mailbox database that is mounted in recovery for log replication and replay.


5

Exchange Server 2013 System Requirements

Hardware

Processor: x64 architecture based either Intel x64 or AMD64

Memory: 8GB minimum for Mailbox role, 4GB minimum for client access role. 8GB for mailbox and client

access combined, 4GB for edge transport.

Disk Space: At least 30 GB on installation drive. Additional 200 MB on system drive

Software

Operating System: Windows Server 2008 R2 SP1 or Windows Server 2012, 2012 R2

Microsoft .NET Framework 4.5 and 3.0

Windows Media Foundation

Microsoft Unified Communications Managed API 4.0 (UCMA 4.0)

Microsoft Office Filter Pack 64 Bit

Microsoft Office Filter Pack SP1 64 Bit

Windows Identity Foundation (Microsoft Knowledge Base article KB974405)

Microsoft Knowledge Base article KB2619234

Microsoft Knowledge Base article KB2533623

Internet Information Service (IIS)


6

Installing Exchange Server 2013 (For Server 2012 R2 only)

Install all prerequisites as follows

Install Windows Media Foundation

Graphical

1. Open Server Manager

2. Select Add roles and features, Next

3. Skip Roles

4. Select feature Windows Media Foundation

5. Select install

PowerShell

install-WindowsFeature -Name Server-Media-Foundation

Download and install UCMA 4.0

Install Active Directory Administrative Tools if the server is not a domain controller

Graphical



3. Skip Roles

4. Select ADDS Tools from Remote Server Administrative Tools feature

5. Select Install

PowerShell

install-WindowsFeature -Name RSAT-ADDS

Install Internet Information Service (IIS)

Graphical



3. Select IIS(Web Server)

4. Select install


7

PowerShell

install-WindowsFeature -Name Web-Server,Web-Dyn-Compression,Web-Basic-Auth,Web-Digest-

Auth,Web-ISAPI-Filter,Web-Client-Auth,Web-Http-Redirect,Web-Http-Tracing,Web-Request-Monitor,AS-

NET-Framework,NET-WCF-HTTP-Activation45,Web-Mgmt-Service,Web-Windows-Auth,RPC-over-HTTP-

proxy,Web-Lgcy-Mgmt-Console,Web-Lgcy-Scripting,Web-WMI,Web-Mgmt-Console

Install Windows Identity Foundation 3.5

Graphical


2. Select Add roles and features

3. Skip Roles

4. Select Windows Identity Foundation 3.5 feature

5. Select Install

PowerShell

install-WindowsFeature -Name Windows-Identity-Foundation

Install Failover Clustering Remote server administrative Tools

Graphical



3. Skip Roles

4. Select Failover Clustering Tools from Remote Server Administrative Tools feature

5. Select Install

PowerShell

install-WindowsFeature -Name RSAT-Clustering,RSAT-Clustering-Mgmt,RSAT-Clustering-

PowerShell,RSAT-Clustering-AutomationServer,RSAT-Clustering-CmdInterface

Extract exchange server 2013 setup files into a proper folder

Prepare active directory

1. Prepare schema

setup.exe /prepareschema /IacceptExchangeserverlicenseterms

2. Prepare forest

setup.exe /preparead /Organizationname:test /IacceptExchangeserverlicenseterms


8

3. Prepare domain

setup.exe /preparedomain /IacceptExchangeserverlicenseterms

Installing Exchange Server 2013

Command Prompt

setup.exe /mode:install /roles:ca,mb,mt /IacceptExchangeserverlicenseterms

Graphical

1. Double click on setup.exe and start installation

2. Select Don’t check for updates right now, Next


9

3. Wait until file copying completes

4. Select Next from the introduction window.


10

5. Accept the license agreement, Next

6. Select Don’t use recommended settings, Next


11

7. Select Server Roles( Mailbox Role, Client Access Roles), Next

8. Select Installation Location, Next


12

9. Select Malware Protection Settings

10. Wait until Readiness Check completes


13

11. Select Install

12. Open Internet Explorer and type the URL https://<exchangeserveripaddress>/ecp. Log on as

Administrator


14

13. Select Servers from the list there you can see the product information

PowerShell

Open Exchange Management Shell from programs, run the following command

Get-ExchangeServer | fl Name,Edition,AdminDisplayVersion


15

Migrating to Exchange Server 2013

Exchange Server 2013 supports co-existence with following previous versions of exchange server.

Exchange Server 2010 SP3

Exchange Server 2007 SP3+ Update rollup 10

There will be no co-existence support for Exchange Server 2003. If you are running Exchange 2003 and are looking to

upgrade to exchange 2013 you will need to do an interim upgrade to Exchange 2010 or 2007.

Preparing for Exchange Server 2013 Installation process

1. Upgrade all Exchange 2010/2007 servers to Service Pack 3 with required update rollup

2. Install all pre-requisites of Exchange Server 2013

3. Extract exchange server 2013 setup files into a proper folder

4. Open Command Prompt and run the following commands to prepare active directory from the installation directory

Prepare schema setup.exe /prepareschema /IacceptExchangeserverlicenseterms

Prepare forest

setup.exe /preparead /IacceptExchangeserverlicenseterms

Prepare domain

setup.exe /preparedomain /IacceptExchangeserverlicenseterms

5. Open Setup.exe from installation directory and proceed through installation procedure

Preparing for migration process

1. In this co-existence scenario your administrator mailbox is still housed at the Exchange server 2010 mailbox

database. So the default ECP is load from the Exchange 2010 client access server. So create a new mailbox in

Exchange 2013 mailbox database to access Exchange 2013 ECP.

2. Open Exchange PowerShell.

Check the current exchange server status

Get-ExchangeServer


16

Check the user mailbox status

Get-Mailbox

3. Create a new user mailbox

New-Mailbox -Name <Name> -Database '<Exchange 2013 Database' -UserPrincipalName <UPN>

New-Mailbox -Name Admin -Database 'Mailbox Database 1083771917' -UserPrincipalName

[email protected]

4. Add the new user account to the following group to gain administrative privilege

Domain Admins

Schema Admins

Enterprise Admins

Organization Management

Add-ADGroupMember -Identity <Groupname> -Members <Username>

Add-ADGroupMember -Identity 'Enterprise Admins' -Members Admin

Add-ADGroupMember -Identity 'Schema Admins' -Members Admin

Add-ADGroupMember -Identity 'Domain Admins' -Members Admin

Add-ADGroupMember -Identity 'Organization Management' -Members Admin

5. Open ECP using the Exchange Server 2013 FQDN

https://<exchange2013FQDN>/ecp

6. Login as new mailbox user (e.g.: admin)

Migrating user mailbox

Migrate all or required mailbox from Exchange 2010 database to Exchange 2013 database through ECP, or

PowerShell

Graphical

1. Open ECP, recipients, mailboxes

2. Select Mailbox(e.g.: Administrator)

3. Select To another database from Move mailbox menu from the right side of the browser

4. Type New Migration Batch Name (e.g.: Move1)

5. Select Archive type

6. Select Target database from Exchange Server 2013 , Select Next

7. Select New

8. Open ECP, recipients, migration for migration status


17

PowerShell

New-MoveRequest -Identity <mailbox>-TargetDatabase <TargetDB> -ArchiveTargetDatabase <TargetArchiveDB>

-BatchName <Batchname>

New-MoveRequest -Identity User100 -TargetDatabase 'Mailbox Database 1083771917' -

ArchiveTargetDatabase 'Mailbox Database 1083771917'-BatchName Move1

Get-MoveRequest

Moving all mailbox to Exchange 2013 database

Get-Mailbox -Database ‘<Exchange 2010 Database>' | New-MoveRequest -TargetDatabase ‘<Exchange 2013

Database>

Get-Mailbox -Database 'Mailbox Database 0826366855' | New-MoveRequest -TargetDatabase

'MailboxDatabase 1083771917'

Exporting Exchange Certificate

Exchange certificate for IIS, SMTP, POP, IMAP and UM can be exported from old exchange server to Exchange

2013

1. Open EMC in Exchange 2010/2007

2. Open Server Configuration

3. Right click in certificate Export Certificate

4. Type File name and Password

5. Select Export

6. Open ECP, Servers, Certificates

7. Select Import Certificate

8. Type certificate path, name and password, Select Next

9. Select Add Button(+) to add server to apply certificate (eg: Exchange 2013 Server)

10. Select Finish

11. Double click on certificate, Select services

12. Select required services (e.g.: SMTP, IIS, POP, IMAP etc.)

13. Select Save


18

Moving Arbitration and Discovery mailboxes

Get-Mailbox -Arbitration | New-MoveRequest -TargetDatabase '<Exchange2013Database>’ Get-Mailbox '*Discovery*' | New-MoveRequest -TargetDatabase ‘<Exchange2013Database>’

Get-Mailbox -Arbitration | New-MoveRequest -TargetDatabase 'Mailbox Database 1083771917' Get-Mailbox '*Discovery*' | New-MoveRequest -TargetDatabase 'Mailbox Database 1083771917'

Setting Send/Receive connector

Send/Receive connector are required for proper mail flow in the exchange organization. Old send/receive

connector should be replaced with the new Exchange Server 2013 Hub transport server.

1. Open ECP, mail flow, send connectors

2. Double click on send connector

3. Select scoping

4. Select Remove button (-) to delete the old exchange source server.

5. Select Add button(+), select Exchange 2013 Server

6. Select save

7. Select Receive connectors

8. Double click on receive connector


19

9. Select scoping

10. Select remove button (-) from Network adapter binding

11. Select Add Button(+)

12. Specify Exchange Server 2013 IP address

13. Select Save

14. Type Exchange Server 2013 FQDN

15. Select Save

Demoting Legacy Exchange Server

You can demote old exchange server 2007/2010 if the newly promoted Exchange Server 2013 works just

fine.

1. Deleting legacy mailbox database of 2007/2010 Exchange Server

Remove-MailboxDatabase –Identity <oldDatbaseName>

Remove-MailboxDatabase –Identity 'Mailbox Database 0826366855'

2. Removing Offline address book

Remove-OfflineAddressBook -Identity 'Default Offline Address Book'

3. Open Programs and Features from control panel


20

4. Select Microsoft Exchange Server

5. Select Uninstall

6. Go through uninstallation process


21

Enrolling Exchange Certificates

You can enrol certificates for the exchange server for encrypted communication with the clients. Certificates can be

requested from either public certificate authorities (DIGICERT, GODADDY, THAWTHE, MICROSOFT, VERISIGN etc.)

Or private certificate authority like Microsoft CA (ADCS)

Install Active Directory Certificate Service in the domain controller for issuing certificates.

Export the root CA certificate from CA to exchange server from MMC

1. Open Microsoft Management Console (MMC) from Run.

2. Select File, Add /Remove Snap-ins

3. Select Certificates from the list then Add

4. Select Computer Account, Finish then Ok

5. Open Personal store from the Certificates

6. Right click on CA certificate All Tasks then Export.

7. Select Yes Export the private key

8. Type a secured password to restrict unauthorized certificate use.

9. Type a file name and location.

10. Select OK.

Install the certificate in the exchange server

1. Double click on the exported certificate.

2. Select Local Machine.

3. Type the Password

4. Select Trusted Root Certification authority from the list

5. Select Finish

Open Exchange Control Panel (ECP) from Internet Explorer, Log on as Administrator.

1. Select Servers , Certificates from the list

2. Select New(Add button)

3. Select Create a request for a certificate from a certification authority, Next

4. Type Friendly Name.

5. Skip wild card certificate.


22

6. Select the server name

7. Specify the domain name( mail.test.com)

8. Fill the organization information box (Organization, Department, Country etc.)

9. Type the network path to store the certificate request, Finish

PowerShell

New-ExchangeCertificate -GenerateRequest -Server <exchangeFQDN> -PrivateKeyExportable $true -

FriendlyName <name> -SubjectName <subjectparam> -DomainName <domainname> -RequestFile

<sharefoldername>

New-ExchangeCertificate -GenerateRequest -Server exch-2013-1.lab.com -PrivateKeyExportable $true -

FriendlyName Cert-Lab.com -SubjectName "c=In, s=Kerala, l=thrissur, ou=mail.lab.com" -DomainName

mail.lab.com -RequestFile \\200.100.100.3\root\request.txt

10. Open the certificate request file and copy every information(ctrl+A)

11. Open Internet Explorer and type http://<CAFQDN>/certsrv to open CA web interface

12. Log in as administrator

13. Select Request a Certificate, Advanced Certificate Request

14. Paste the copied information to the Saved Request text box

15. Select Certificate Template as Web Server

16. Select submit

17. Select download Certificate and download to proper location

18. Return to the ECP and complete the pending request from the certificates.

19. Type the certificate location and select OK

20. After completing the operation you can see the issued certificate with Valid status

PowerShell

Import-ExchangeCertificate -Server <exchangeFQDN> -FriendlyName <name> -FileName <certificate>

Import-ExchangeCertificate -Server exch-2013-1.lab.com -FriendlyName Cert-Lab.com -FileName

\\200.100.100.3\root\certnew.cer


23

21. Double click on the certificate select Services

22. Select proper services(IIS,SMTP,POP,IMAP), Save

23. Now create a host record to resolve the client request to match certificate name (MAIL.TEST.COM)

24. Afterwards you can see the protected icon when accessing the exchange web interface.

PowerShell

Enable-ExchangeCertificate -Services <services> -Server <exchangeFQDN> -Thumbprint <digitalthumbprint>

Enable-ExchangeCertificate -Services POP,IMAP,IIS,SMTP -Server exch-2013-1.lab.com -Thumbprint

C5918F10D5A6E18172816198917BBAFF11378A98


24

Mailbox Databases

A mailbox database is a unit of granularity where mailboxes are created and stored. A mailbox database is stored as

an Exchange database (.edb) file. In Microsoft Exchange Server 2013, each mailbox database has its own properties

that you can configure.

Creating Mailbox Database

Graphical

1. Open ECP(Exchange Control Panel)

2. Select Servers , databases

3. Select Add Button(+)

4. Type Mailbox Database Name(e.g.: DB1)

5. Browse Mailbox Server, OK

6. Select Save

PowerShell

New-MailboxDatabase -Name <Name> -Server <ServerFQDN> -EdbFilePath <databasePath> -LogFolderPath

<logfilePath>

New-MailboxDatabase -Name DB1 -Server Exch-Test

Mount-database -Identity <databaseName>

Mount-Database -Identity DB1

To display Exchange Mailbox Databases

Get-MailboxDatabase

Setting Mailbox Database Quota

Graphical

1. Open ECP, servers , databases

2. Double click on database

3. Select Limits

4. Type Issue a warning at (GB), Prohibit send at (GB) and Prohibit send and receive at (GB):

5. Select Save


25

PowerShell

Set-MailboxDatabase -Identity <databaseName> -IssueWarningQuota <sizeinGB> -ProhibitSendQuota

<sizeinGB> -ProhibitSendReceiveQuota <sizeinGB> -DeletedItemRetention <days> -MailboxRetention <days>

Set-MailboxDatabase -Identity DB1 -IssueWarningQuota 3GB -ProhibitSendQuota 4GB

-ProhibitSendReceiveQuota 4GB -DeletedItemRetention 50 -MailboxRetention 100

Dismount Database

Graphical


2. Select Database, Dismount

PowerShell

Dismount-Database -Identity <databaseName>

Dismount-Database -Identity DB1

Deleting Mailbox Database

Graphical


2. Select Database Delete

PowerShell

Remove-MailboxDatabase -Identity <Databasename>

Remove-MailboxDatabase -Identity DB1


26

User Mailbox

A mailbox that’s assigned to an individual user in your Exchange organization. It is typically contains messages,

calendar items, contacts, tasks, documents, and other important business data.

Creating User Mailbox

Graphical

1. Open ECP, recipients, Mailboxes

2. Select New(Add Button)

3. Type User information (First name, Last Name, Alias, Logon Name and Password)

4. Select More Options

5. Select Mailbox Database

6. Select Save

PowerShell

New-Mailbox -Name <username> -Database <database> -Alias <alias> -UserPrincipalName <UPN> -FirstName

<firstname> -Password (Read-Host -AsSecureString "Enter Password") -Initials <initial> -LastName <lastname>

New-Mailbox -Name user2 -Database DB1 -Alias user2 -UserPrincipalName [email protected] -Password

(Read-Host -AsSecureString "Enter Password")

Enter Password: Server123

To display Exchange mailboxes

Get-Mailbox

Enabling Mailbox Archive

Graphical

1. Open ECP, recipients, mailbox

2. Select Mailbox then select in-place archive Enable

3. Browse Mailbox database

4. Select OK


27

PowerShell

Enable-Mailbox -Identity <mailbox> -ArchiveName <archivename> -ArchiveDatabase <database>

Enable-Mailbox -Identity user2 -ArchiveName user2 -ArchiveDatabase db1

Log in as user to view archive status

Disabling Mailbox Archive

Graphical


2. Select Mailbox then select in-place archive Disable

PowerShell

Disable-Mailbox -Identity <mailbox> -Archive

Disable-Mailbox -Identity user2 -Archive


28

Setting Mailbox Quota

Graphical


2. Double click on mailbox, select Mailbox Usage, More Options

3. Select Customize the quota settings for this mailbox

4. Type Issue a warning at (GB):, Prohibit send at (GB): and Prohibit send and receive at (GB):

5. Select Save

PowerShell

Get-MailboxStatitics -Identity <mailbox>

Get-MailboxStatitics -Identity User1

Set-Mailbox -Identity <username> -UseDatabaseQuotaDefaults $false -IssueWarningQuota <warninglevel> -

ProhibitSendQuota <prohibitlevel>-ProhibitSendReceiveQuota <maxlevel>-UseDatabaseRetentionDefaults $false

-RetainDeletedItemsFor <retentionday>

Set-Mailbox -Identity user2 -UseDatabaseQuotaDefaults $false -IssueWarningQuota 500MB -

ProhibitSendQuota 600MB -ProhibitSendReceiveQuota 700MB -UseDatabaseRetentionDefaults $false -

RetainDeletedItemsFor 100

Mailbox Delegation

Mailbox delegation has 3 concepts

1. Send As Permission

2. Send On Behalf Of Permission

3. Full Access Permission

Send As Permission

Graphical


2. Double click Mailbox then select Mailbox Delegation

3. Select Add Button(+) from send As , Add user mailbox, Select OK

4. Select Save


29

PowerShell

Add-ADPermission -Identity <owner> -User <username> -ExtendedRights "Send as"

Add-ADPermission -Identity user2 -User user1 -ExtendedRights "Send as"

Removing permission

Remove-ADPermission -Identity <owner> -User <username> -ExtendedRights "Send as"

Remove-ADPermission -Identity user2 -User user1 -ExtendedRights "Send as"

Send On Behalf Of Permission

Graphical



3. Select Add Button(+) from Send On Behalf , Add user mailbox, Select OK

4. Select Save

PowerShell

Set-Mailbox -Identity <owner> -GrantSendOnBehalfTo <user>

Set-Mailbox -Identity user2 -GrantSendOnBehalfTo user1

Removing permission

Set-Mailbox <owner> -GrantSendOnBehalfTo @{remove="<username>"}

Set-Mailbox user2 -GrantSendOnBehalfTo @{remove="[email protected]"}

Full Access Permission

Graphical



3. Select Add Button(+) from Full access , Add user mailbox, Select OK

4. Select Save

PowerShell

Add-MailboxPermission -Identity <owner> -User<user> -AccessRights FULL

Add-MailboxPermission -Identity user2 -User user1 -AccessRights FULL


30

Removing permission

Remove-MailboxPermission -Identity <owner> -User<user> -AccessRights FULL

Remove-MailboxPermission -Identity user2 -User user1 -AccessRights FULL

Mail flow Settings

Mail flow settings contain delivery options, message size restrictions and message delivery restrictions.

Delivery Options contain forwarding address and recipient limit

Graphical


2. Double click on Mailbox, Mailbox features

3. Select Mail flow, Delivery options

4. Select View Details

5. Select Enable forwarding, browse User mailbox

6. Select Maximum recipients

7. Select OK, Save

PowerShell

Set-Mailbox -Identity <mailboxname> -ForwardingAddress <forwardingsmtpaddress>

-DeliverToMailboxAndForward $true -RecipientLimits <maxrecipients>

Set-Mailbox -Identity user1 -ForwardingAddress [email protected] -DeliverToMailboxAndForward $true

-RecipientLimits 100

Message size restrictions control the maximum size of messages that the recipient can send and receive.

Graphical



3. Select Mail flow, Message size restrictions


5. Select Send Messages Maximum message size


31

6. Type message size

7. Select Receive Messages Maximum message size

8. Type message size

9. Select OK, Save

PowerShell

Set-Mailbox -Identity <mailbox> -MaxReceiveSize <size> -MaxSendSize <size>

Set-Mailbox -Identity user1 -MaxReceiveSize 100KB -MaxSendSize 100KB

Message delivery restrictions define which senders can and can't send messages to this recipient.

Graphical



3. Mail flow, Message delivery restrictions


5. Select mailboxes , OK

6. Select Save

PowerShell

Set-Mailbox -Identity <mailbox> -AcceptMessagesOnlyFrom <smtpaddress> -

RejectMessagesFromSendersOrMembers <smtpaddress>

Set-Mailbox -Identity user1 -AcceptMessagesOnlyFrom [email protected]

-RejectMessagesFromSendersOrMembers [email protected]

Setting MailTip

Graphical


2. Double click on Mailbox then select MailTip

3. Type MailTip, Select Save


32

PowerShell

Set-Mailbox -Identity <mailbox> -MailTip "<mail tip sentence>"

Set-Mailbox -Identity user2 -MailTip "User2 is in IT dept"

Moving Mailbox

Move Mailbox from one database to another

Graphical

1. Open ECP, Recipients, mailboxes

2. Select Mailbox and select To another Database

3. Migration Batch Name(e.g.: New), Target Database (e.g.:DB1)

4. Recipient Email address (eg: Administrator)

5. Select New

6. Open Migration to view status

PowerShell

New-MoveRequest -Identity <mailbox>-TargetDatabase <TargetDB> -ArchiveTargetDatabase

<TargetArchiveDB> -BatchName <Batchname>


33

Get-MoveRequestStatistics -Identity <mailbox>

Remove-MoveRequest -Identity <mailbox>

New-MoveRequest -Identity user1 -TargetDatabase db1 -ArchiveTargetDatabase db1 -BatchName New

Get-MoveRequestStatistics -Identity user1

Remove-MoveRequest -Identity user1


34

Distribution Group

A distribution group is a mail-enabled Active Directory distribution group object that can be used only to distribute

messages to a group of recipients.

Creating a distribution group

Graphical

1. Open ECP, Recipients, Groups

2. Select Add Button(New)

3. Type Display Name(Name: grp1), Alias(E.g.: grp1)

4. Add Members

5. Select Save

PowerShell

New-DistributionGroup -Name <groupname> -Alias <alias> -Members <mailboxlist> -ModeratedBy

<moderatorname> -ModerationEnabled $true -MemberJoinRestriction approvalrequired

New-DistributionGroup -Name grp3 -Alias grp3 -Members user1,user2 -ModeratedBy administrator -

ModerationEnabled $true -MemberJoinRestriction approvalrequired

Display Distribution Group

Get-DistributionGroup

Removing Distribution Group

Remove-DistributionGroup -Identity <groupname>

Remove-DistributionGroup -Identity grp3


35

Dynamic Distribution Group

A distribution group that uses recipient filters and conditions to derive its membership at the time messages are

sent.

Creating a Dynamic Distribution Group

Graphical

1. Open ECP, Recipients, Groups

2. Select Add Button(New), Dynamic Distribution Group

3. Type Display Name(Name: grp2), Alias(Eg: grp2)

4. Select All Recipient Types

5. Select add a rule

6. Select Department (IT)

7. Select Save

PowerShell

New-DynamicDistributionGroup -Name <groupname> -Alias <alias> -IncludedRecipients allrecipients

-ModeratedBy administrator -ModerationEnabled $true

New-DynamicDistributionGroup -Name grp4 -Alias grp4 -ConditionalDepartment IT -IncludedRecipients

allrecipients -ModeratedBy administrator -ModerationEnabled $true

Display Dynamic Distribution Group

Get-DynamicDistributionGroup

Removing Dynamic distribution Group

Remove-DynamicdistributionGroup -Identity <groupname>

Remove-DynamicdistributionGroup -Identity grp3


36

Resource Mailbox

There are two types of resource mailbox

Room Mailbox: A resource mailbox that’s assigned to a meeting location, such as a conference room,

auditorium, or training room, Room mailboxes can be included as resources in meeting requests, providing a

simple and efficient way of organizing meetings for your users.

Equipment Mailbox: A resource mailbox that’s assigned to a resource that’s not a location-specific, such as a

portable computer, projector, microphone, or a company car. Equipment mailboxes can be included as

resources in meeting requests, providing a simple and efficient way if using resources for your assets.

Creating resource mailbox (Room Mailbox)

Graphical

1. From ECP, Recipients, Resources

2. Select Add Button(New), Room Mailbox(Equipment mailbox)

3. Type Room Name (e.g.: Room1), Email Address (e.g.: Room1) , Location, Phone Number, Capacity etc.

4. Select Booking Requests : Select delegates who can accept or decline booking requests

5. Add Delegate (e.g.: Administrator)

6. Select Save

PowerShell

New-Mailbox -Room -Name <roomname> -Alias <alias> -Database <mailboxdatabase> -ResourceCapacity

<capacity> -Phone <phonenumber>

New-Mailbox -Room -Name Room1 -Alias Room1 -Database db1 -ResourceCapacity 100 -Phone 911

Set-CalendarProcessing -Identity <roomname> -ResourceDelegates <delegatemailbox> -

TentativePendingApproval $true

Set-CalendarProcessing -Identity Room1 -ResourceDelegates administrator -TentativePendingApproval $true


37

Mail Contact

A mail-enabled Active Directory contact that contains information about people or organizations that exist outside

the Exchange organization. Each mail contact has an external email address. All messages sent to the mail contact

are routed to this external email address.

Creating Mail Contact

Graphical

1. Open ECP, Recipients, Contacts

2. Select Add Button(New), Mail Contact

3. Type First Name, Last Name, Alias, Name, External email Address etc

4. Select Save

PowerShell

New-MailContact -Name <conatctname> -FirstName <fn> -LastName <ln> -Alias <alias> -

ExternalEmailAddress <email>

New-MailContact -Name mike.john -FirstName mike -LastName john -Alias mike.john -ExternalEmailAddress

[email protected]

Display Mail Contact

Get-MailContact

Removing Mail Contact

Remove-MailContact -Identity <contactname>

Remove-MailContact -Identity mike.john


38

Shared Mailbox

A mailbox that’s not primarily associated with a single user and is generally configured to allow access for multiple

users.

Creating Shared Mailbox

Graphical

1. Open ECP, Recipients, Shared


3. Type Display Name (e.g.: Share1), Email Address (e.g.: [email protected])

4. Select Full Access delegation mailbox, Send As Delegation mailbox

5. Select Save

PowerShell

New-Mailbox -Shared -Name <mailboxname> -DisplayName<displayname> -Alias <alias> -Database

<mailboxdatabse>

Add-ADPermission -Identity <sharemailbox> -User <delegate> -ExtendedRights "send as"

Add-MailboxPermission -Identity <sharemailbox> -User <delegate> -AccessRights FULL

New-Mailbox -Shared -Name share2 -DisplayName Share2 -Alias share2 -Database db1

Add-ADPermission -Identity share2 -User admin -ExtendedRights "send as"

Add-MailboxPermission -Identity share2 -User administrator -AccessRights FULL


39

Address List

An address list is a subset of a GAL. Each address list is a collection of one or more types of mail-enabled recipients

like users, contacts, groups etc. You can use address lists to organize recipients and resources, making it easier to

users to find the recipients and resources they need.

Creating Address List

Graphical

1. Open ECP, Organization , address lists


3. Address List Name(e.g.: IT-Staff)

4. Recipients to include(e.g.: All Recipients Types)

5. Select Add a rule

6. Select Department as IT

7. Select Save

8. Select address list and Update


40

PowerShell

New-AddressList -Name <name> -ConditionalDepartment <name> -IncludedRecipients All

Update-AddressList -Identity <name>

New-AddressList -Name IT-Staff -ConditionalDepartment IT -IncludedRecipients All

Update-AddressList -Identity IT-Staff

Display all address lists

Get-AddressList

Removing Address List

Remove-AddressList -Identity <name>

Remove-AddressList -Identity IT-Staff


41

Mail User

Mail users are similar to mail contacts. Both have external email addresses and both contain information

about people outside your Exchange or Exchange Online organization that can be displayed in the shared address

book and other address lists. However, unlike a mail contact, a mail user has logon credentials in your Exchange or

Office 365 organization and can access resources.

Creating Mail User

Graphical

1. Open ECP, recipients, contacts

2. Select Add Button(New), Mail User

3. Type Alias(e.g.: jsmith), External email address(e.g.: [email protected])

4. Select New User

5. Type First Name(e.g.: john), Last Name(e.g.: smith), Display name(e.g.: john smith)

6. Type Logon Name(e.g.: jsmith)

7. Type Password

8. Select Save

PowerShell

New-MailUser -Name <Name> -Alias <Alias> -FirstName <fname> -ExternalEmailAddress <email address> -

UserPrincipalName <upn> -Password (ConvertTo-SecureString -String '<password>' -AsPlainText -Force)

New-MailUser -Name "John smith" -Alias jsmith -FirstName john -ExternalEmailAddress [email protected] -

UserPrincipalName [email protected] -Password (ConvertTo-SecureString -String 'Server123' -AsPlainText -

Force)

Display Mail Users

Get-MailUser

Removing Mail User

Remove-MailUser -Identity <name>

Remove-MailUser -Identity 'john smith'


42

Exchange Management Permissions

Microsoft Exchange Server 2013 includes a large set of predefined permissions, based on the Role Based

Access Control (RBAC) permissions model, which you can use right away to easily grant permissions to your

administrators and users. You can use the permissions features in Exchange 2013 so that you can get your new

organization up and running quickly.

Role-based permissions

In Exchange 2013, the permissions that you grant to administrators and users are based on management roles. A role defines the set of tasks that an administrator or user can perform. For example, a management role called Mail Recipients defines the tasks that someone can perform on a set of mailboxes, contacts, and distribution groups. When a role is assigned to an administrator or user, that person is granted the permissions provided by the role.

There are two types of roles, administrative roles and end-user roles:

Administrative roles These roles contain permissions that can be assigned to administrators or specialist users using role groups that manage a part of the Exchange organization, such as recipients, servers, or databases.

Creating Administrative role

Graphical

1. Open ECP, permissions, admin roles


3. Type role Name (e.g.: Role1)

4. Select Roles (e.g.: Mail Recipient Creation)

5. Select Members (e.g.: jsmith)

6. Select Save

PowerShell

New-ManagementRole -Name <rolename> -Parent <parentrole>

New-ManagementRole -Name Role1 -Parent 'Mail Recipient Creation'

New-ManagementRoleAssignment -Name <name> -Role <rolename> -User <user>

New-ManagementRoleAssignment -Name Role1 -Role Role1 -User jsmith

OR New-RoleGroup -Name <rolename> -Members <user> -Roles <parentrole> New-RoleGroup -Name Role1 -Members jsmith -Roles 'Mail Recipient Creation'

To list management roles

Get-ManagementRole


43

Removing Management roles

Remove-ManagementRoleAssignment -Identity <rolename> Remove-ManagementRoleAssignment -Identity role1 Remove-ManagementRole -Identity <rolename> Remove-ManagementRole -Identity Role1

OR Remove-RoleGroup -Identity <rolename>

Remove-RoleGroup -Identity Role1

End-user roles These roles, assigned using role assignment policies, enable users to manage aspects of their own mailbox and distribution groups that they own. End-user roles begin with the prefix My.

Creating End-User role

Graphical

1. Open ECP, permissions, user roles


3. Type role Name (e.g.: User-Role)

4. Select Roles (e.g.: MyContactInformation, MyProfileInformation, MyBaseOptions)

5. Select Save

6. Select Recipients, Mailboxes

7. Double click on mailbox

8. Select Mailbox Features from the list

9. Select Role Assignment Policy (e.g.: User-Role)

10. Select Save

PowerShell

New-RoleAssignmentPolicy -Name <rolename> -Roles <roles>

New-RoleAssignmentPolicy -Name User-role –Roles MyContactInformation,MyBaseOptions,

MyProfileInformation

Setting user role

Set-Mailbox -Identity <username> -RoleAssignmentPolicy <rolename>

Set-Mailbox -Identity User1 -RoleAssignmentPolicy User-role


44

How to check

1. Login to OWA as user

2. Select Options from Settings

3. Select Edit Information, there you can edit the information

Removing user role

Remove-RoleAssignmentPolicy -Identity <rolename>

Remove-RoleAssignmentPolicy -Identity user-role


45

Outlook Web App Policy

Use Microsoft Outlook Web App mailbox policies to create organization-level policies to manage access to

features in Outlook Web App.

In Exchange 2013, you can create multiple Outlook Web App mailbox policies and apply them to individual mailboxes. When an Outlook Web App mailbox policy is applied to a mailbox, it will override the settings of the virtual directory.

Outlook Web App features can also be managed by configuring the Outlook Web App virtual directories. Virtual directory settings will be used for any mailbox that a mailbox policy hasn’t been applied to.

Creating Outlook web app policy

Graphical

1. Open ECP, permissions, Outlook Web App Policies


3. Type Policy Name (e.g.: Owa-Pol1)

4. Select appropriate features

5. Select Save

6. Select Recipients, Mailboxes


8. Select Mailbox features

9. Select View Details from Email Connectivity

10. Select Browse for web app policies

11. Select policy OK

12. Select Save twice

PowerShell

New-OwaMailboxPolicy -Name <policyname>

New-OwaMailboxPolicy -Name owa-pol1

Set-OwaMailboxPolicy -Identity <policyname> <switchparam>

Set-OwaMailboxPolicy -Identity owa-pol1 -CalendarEnabled $false -ThemeSelectionEnabled $false


46

Setting web app policy

Set-CASMailbox -Identity <username> -OwaMailboxPolicy <policyname>

Set-CASMailbox -Identity User1 -OwaMailboxPolicy owa-pol1

List policy features

Get-OwaMailboxPolicy -Identity <policyname>

Get-OwaMailboxPolicy -Identity owa-pol1

Removing web app policy

Remove-OwaMailboxPolicy -Identity <policyname>

Remove-OwaMailboxPolicy -Identity owa-pol1


47

Messaging Records Management

Users send and receive email every day. If left unmanaged, the volume of email generated and received each day can inundate users, impact user productivity, and expose your organization to risks. As a result, email lifecycle management is a critical component for most organizations.

Messaging records management (MRM) is the records management technology in Microsoft Exchange Server 2013 that helps organizations manage email lifecycle and reduce the legal risks associated with email.

In Exchange 2013 (and also in Exchange 2010), MRM is accomplished through the use of retention tags and retention policies. Retention tags are used to apply retention settings to an entire mailbox and default mailbox folders such as Inbox and Deleted Items. You can also create and deploy retention tags that Outlook 2010 and later and Outlook Web App users can use to apply to folders or individual messages. After they’re created, you add retention tags to a retention policy and then apply the policy to users. The Managed Folder Assistant, a mailbox assistant that runs on Exchange 2013 Mailbox servers, processes mailboxes and applies retention settings in the user’s retention policy.

Retention tags

As illustrated in the preceding figure, retention tags are used to apply retention settings to folders and individual items such as e-mail messages and voice mail. These settings specify how long a message remains in a mailbox and the action to be taken when the message reaches the specified retention age. When a message reaches its retention age, it's moved to the user’s In-Place Archive or deleted.

Types of retention tags

There are three types of retention tags:

Default policy tags DPTs apply to untagged mailbox items in the entire mailbox. Untagged items are mailbox items that don't already have a retention tag applied, either by inheritance from the folder in which they're located or by the user.

Retention policy tags RPTs apply retention settings to default folders such as the Inbox, Deleted Items, and Sent Items. Mailbox items in a default folder that have an RPT applied inherit the folder's tag. Users can't apply or change an RPT applied to a default folder, but they can apply a different tag to the items in a default folder (e.g. Inbox, Sent Items, Outbox, Drafts etc.).

Personal tags Personal tags are available to Outlook 2010 and Outlook Web App users as part of their retention policy. Users can apply personal tags to folders they create or to individual items, even if those items already have a different tag applied

Retention actions

Move to Archive This action moves a message to the user's archive mailbox. Tags that have this action applied are known as archive tags. Messages are moved to a folder in the archive mailbox that has the same name as the source folder in the user's primary mailbox. This allows users to easily locate messages in their archive mailbox. The Move to Archive action is available only for DPTs and personal tags. You can't create an RPT with the Move to Archive action. If the mailbox user doesn't have an archive mailbox, no action is taken.

Delete and Allow Recovery This action emulates the behavior when the Deleted Items folder is emptied. Tags that have this action applied are known as deletion tags. When this action occurs, and deleted item retention is configured for the mailbox database or the user, messages move to the Recoverable Items folder. The Recoverable Items folder (previously known as the dumpster) provides the user another chance to recover deleted messages. To do so, the user would access the Recover Deleted Items dialog box in Outlook 2010 or Outlook Web App.


48

Permanently Delete This action permanently deletes a message. Like tags with the Delete and Allow Recovery action, tags that have this action applied are known as deletion tags. When this action is applied to a message, it's purged from the mailbox. This action is like a deleted message being removed from the Recoverable Items folder. After this happens, the user can no longer recover the message.

Mark as Past Retention Limit This action isn't available in the Exchange Administration Center (EAC); you must

use the Shell. This action marks a message as expired after it reaches its retention age. In Outlook 2010 or later, and Outlook Web App, expired items are displayed with the notification stating 'This item has expired' and 'This item will expire in 0 days'. In Outlook 2007, items marked as expired are displayed by using strikethrough text.

Retention policies

To apply one or more retention tags to a mailbox, you must add them to a retention policy and then apply the policy to mailboxes. A mailbox can't have more than one retention policy. Retention tags can be linked to or unlinked from a retention policy at any time, and the changes automatically take effect for all mailboxes that have the policy applied.


49

Creating Retention tag and policy

Graphical

1. Open ECP, Compliance management, retention tags

2. Select Add Button(New), applied automatically to entire mailbox (default)

3. Type a tag Name (e.g.: Tag1)

4. Select Retention action(e.g.: Delete and allow recovery)

5. Type a Retention period in days (e.g.: 10)

6. Select Save

7. Select retention policies

8. Type a Policy name(e.g.: policy1)

9. Select Retention tags(e.g.: tag1)

10. Select Save

11. Select Recipients , Mailboxes


13. Select Mailbox features

14. Select a retention policy(e.g.: policy1)

15. Select Save

PowerShell

Get-RetentionPolicyTag | format-table name,type

Get-RetentionPolicy | Format-Table Name,RetentionPolicyTagLinks

New-RetentionPolicyTag –Name <tagname> –AgeLimitForRetention <days> –Type < Calendar | Contacts |

DeletedItems | Drafts | Inbox | JunkEmail | Journal | Notes | Outbox | SentItems | Tasks | All |

ManagedCustomFolder | RssSubscriptions | SyncIssues | ConversationHistory | Personal | RecoverableItems |

NonIpmRoot | LegacyArchiveJournals> –RetentionAction < MoveToDeletedItems | MoveToFolder |

DeleteAndAllowRecovery | PermanentlyDelete | MarkAsPastRetentionLimit | MoveToArchive>

New-RetentionPolicyTag –Name Tag1 –AgeLimitForRetention 10 –Type All –RetentionAction

deleteandallowrecovery


50

Creating Retention policy

New-RetentionPolicy –Name <policyname> –RetentionPolicyTagLinks <tagname>

New-RetentionPolicy –Name policy1 –RetentionPolicyTagLinks Tag1

Setting on user mailbox

Set-Mailbox –Identity <username> –RetentionPolicy <retentionpolicy>

Set-Mailbox –Identity user1 –RetentionPolicy Policy1 Removing Retention Policy

Remove-RetentionPolicy -Identity <policyname>

Remove-RetentionPolicy -Identity policy1 Removing Retention policy tag

Remove-RetentionPolicyTag -Identity <tagname>

Remove-RetentionPolicyTag -Identity Tag1


51

Journaling

Journaling can help your organization respond to legal, regulatory, and organizational compliance

requirements by recording inbound and outbound email communications.

Journaling is the ability to record all communications, including email communications, in an organization for use in

the organization's email retention or archival strategy. To meet an increasing number of regulatory and compliance

requirements, many organizations must maintain records of communications that occur when employees perform

daily business tasks.

Journal rules

The following are key aspects of journal rules:

Journal rule scope Defines which messages are journaled by the Journaling agent. Journal recipient Specifies the SMTP address of the recipient you want to journal. Journaling mailbox Specifies one or more mailboxes used for collecting journal reports.

Journal rule scope

You can use a journal rule to journal only internal messages, only external messages, or both. The following list

describes these scopes:

Internal messages only Journal rules with the scope set to journal internal messages sent between the recipients inside your Exchange organization.

External messages only Journal rules with the scope set to journal external messages sent to recipients or received from senders outside your Exchange organization.

All messages Journal rules with the scope set to journal all messages that pass through your organization regardless of origin or destination. These include messages that may have already been processed by journal rules in the Internal and External scopes.

Creating Journal rule

Graphical

1. Open ECP, Compliance management, journal rules


3. Type recipient email address (Send journal reports to) e.g.: [email protected]

4. Type rule name( e.g.: journal1)

5. Type If the message is sent to or received from... (e.g.: [email protected])

6. Select Journal the following messages... (e.g.: All Messages)

7. Select save


52

PowerShell

New-Journalrule –Name <journalname> –JournalEmailAddress <journalreportaddress> –Recipient

<recipientaddress> –Scope < Internal | External | Global> -Enabled $true

New-Journalrule –Name Journal1 –JournalEmailAddress [email protected] –Recipient [email protected] –Scope Global -Enabled $true

Displaying Journal rules

Get-JournalRule

Removing Journal rule

Remove- JournalRule –Identity <journalname>

Remove- JournalRule –Identity Journal1


53

Email Address Policy

Recipients (which include users, resources, contacts, and groups) are any mail-enabled object in Active Directory to which Microsoft Exchange can deliver or route messages. For a recipient to send or receive email messages, the recipient must have an email address. Email address policies generate the primary and secondary email addresses for your recipients so they can receive and send email.

By default, Exchange contains an email address policy for every mail-enabled user. This default policy specifies the recipient's alias as the local part of the email address and uses the default accepted domain. The local part of an email address is the name that appears before the at sign (@). However, you can change how your recipients' email addresses will display. For example, you can specify that the addresses display as [email protected].

Creating Email address policy

Graphical

1. Open ECP, mailflow, email address policies


3. Type a Policy Name (e.g.: Policy1)

4. Select an Email address format (e.g.:john.smith = firstname.lastname)

5. Select Save

6. Select recipient type(e.g.: All recipient type)

7. Select add a rule for advanced filtering

8. Select Save

9. Select policy and Apply

PowerShell

New-EmailAddressPolicy -Name <policyname> -IncludedRecipients < None | MailboxUsers | Resources |

MailContacts | MailGroups | MailUsers | AllRecipients> -EnabledEmailAddressTemplates "<template>"

New-EmailAddressPolicy -Name Policy1 -IncludedRecipients Allrecipients -EnabledEmailAddressTemplates

"SMTP:%g.%[email protected]"

Templates

Variable Value

%g Given name (first name)

%i Middle initial

%s Surname (last name)

%d Display name

%m Exchange alias

%xs Uses the first x letters of the surname. For example, if x = 2, the first two letters of the surname are used.

%xg Uses the first x letters of the given name. For example, if x = 2, the first two letters of the given name are used.


54

Updating Email address policy

Update-EmailAddressPolicy -Identity <policyname>

Update-EmailAddressPolicy -Identity Policy1

Displaying Email address policy

Get-EmailAddressPolicy Removing email address policy

Remove-EmailAddressPolicy –Identity <policyname>

Remove-EmailAddressPolicy -Identity Policy1


55

Transport Rule

Using transport rules, you can look for specific conditions in messages that pass through your organization and take action on them. Transport rules let you apply messaging policies to email messages, secure messages, protect messaging systems, and prevent information leakage.

Many organizations today are required by law, regulatory requirements, or company policies to apply messaging policies that limit the interaction between recipients and senders, both inside and outside the organization. In addition to limiting interactions among individuals, departmental groups inside the organization, and entities outside the organization, some organizations are also subject to the following messaging policy requirements:

Preventing inappropriate content from entering or leaving the organization Filtering confidential organization information Tracking or archiving copying messages that are sent to or received from specific individuals Redirecting inbound and outbound messages for inspection before delivery Applying disclaimers to messages as they pass through the organization

Transport rule components

Transport rules consist of the following components:

Conditions Use transport rule conditions to specify the characteristics of messages to which you want to apply a Transport rule action. Conditions specify the parts of a message that should be examined. Some conditions examine message fields or headers, such as the To, From, or Cc fields. Other conditions examine message characteristics such as message subject, body, attachments, message size, and message classification. Most conditions require that you specify a comparison operator, such as equals, doesn't equal, or contains, and a value to match.

Exceptions Exceptions are based on the same characteristics used to build transport rule conditions. However, unlike conditions, exceptions identify messages to which Transport rule actions shouldn't be applied. Exceptions override conditions and prevent actions from being applied to an email message, even if the message matches all configured conditions.

Actions Actions are applied to messages that match the conditions and don't match any exceptions defined in the transport rule. Transport rules have many actions available, such as rejecting, deleting, or redirecting messages, adding additional recipients, adding prefixes in the message subject, or inserting disclaimers in the message body.

Creating Transport rule

Graphical

1. Open ECP, mail flow, rules

2. Select Add Button(New) , Create a new rule

3. Type a Rule Name(e.g.: rule1)

4. Select Apply this rule if…. (e.g.: The sender is)

5. Select Sender address( e.g.: [email protected]), OK

6. Select Do the following… (e.g.: Reject the message with the explanation)

7. Type Rejection reason


56

8. Select More Options for advanced filtering

9. Select Save

PowerShell

Example 1: Reject the message sent between two mailbox (user1 and user2) with proper reason

New-TransportRule -Name Rule1 -FromAddressMatchesPatterns [email protected]

-RecipientAddressMatchesPatterns [email protected] -RejectMessageReasonText "Messaging Restricted"

Example 2: Delete the message sent between two mailbox (user1 and user2)

New-TransportRule -Name Rule1 -FromAddressMatchesPatterns [email protected]

-RecipientAddressMatchesPatterns [email protected] -DeleteMessage $true

Example 3: Redirect the message(to administrator) sent between two mailbox (user1 and user2)

New-TransportRule -Name Rule1 -FromAddressMatchesPatterns [email protected] -RecipientAddressMatchesPatterns [email protected] -RedirectMessageTo [email protected]

Example 4: Reject the message that has size over 2MB

New-TransportRule -Name Rule1 -AttachmentSizeOver 2MB -RejectMessageReasonText "size limit 2mb"

Example 5: Redirect message for approval send from user1 to user 2

New-TransportRule -Name Rule1 -FromAddressMatchesPatterns [email protected] -RecipientAddressMatche

sPatterns [email protected] -ModerateMessageByUser [email protected]

Displaying Transport rules

Get-TransportRule

Removing transport rule

Remove-TransportRule -Identity <rulename>

Remove-TransportRule -Identity rule1


57

Delivery Report

Delivery Reports is a message tracking tool in the Exchange Administration Center (EAC) that you can use to

search for delivery status on email messages sent to or from users in your organization's address book, with a certain

subject. You can track delivery information about messages sent by or received from any specific mailbox in your

organization. The content of the message body isn't returned in a delivery report, but the subject line is displayed in

the results. You can track messages for up to 14 days after they were sent or received.

Graphical

1. Open ECP, mail flow, delivery reports

2. Select Browse in Mailbox to search (e.g.: User1)

3. Select either Search for messages sent to: or Search for messages received from: (e.g.: Search for messages

sent to: User2)

4. Type Subject line for advanced search

5. Select Search


58

Accepted Domains

An accepted domain is any SMTP namespace for which a Microsoft Exchange Server 2013 organization sends

or receives email. Accepted domains include those domains for which the Exchange organization is authoritative. An

Exchange organization is authoritative when it handles mail delivery for recipients in the accepted domain. Accepted

domains also include domains for which the Exchange organization receives mail and then relays it to an email server

that's outside the organization for delivery to the recipient.

Creating accepted domain

Graphical

1. Open ECP, mail flow, accepted domains

2. Select Add Button(new)

3. Type a name (e.g.:dom1)

4. Type an accepted domain name(e.g.: lab.com)

5. Select accepeted domain type (e.g.: External Relay Domain)

6. Select Save

PowerShell

New-AcceptedDomain -DomainName <smtpdomainname> -Name <name> -DomainType Authoritative |

ExternalRelay | InternalRelay

New-AcceptedDomain -DomainName lab.com -Name domain1 -DomainType externalrelay

Displaying Accepted domain

Get-AcceptedDomain

Removing Accepted domain

Remove-AcceptedDomain -Identity <name>

Remove-AcceptedDomain -Identity domain1


59

Public Folders

Public folders are designed for shared access and provide an easy and effective way to collect, organize, and

share information with other people in your workgroup or organization. Public folders help organize content in a

deep hierarchy that’s easy to browse. Users will see the full hierarchy in Outlook, which makes it easy for them to

browse for the content they’re interested in.

Public folders can also be used as an archiving method for distribution groups. When you mail-enable a public folder

and add it as a member of the distribution group, email sent to the group is automatically added to the public folder

for later reference.

Public folder architecture

In Exchange 2013, public folders were re-engineered using mailbox infrastructure to take advantage of the existing high availability and storage technologies of the mailbox database. Public folder architecture uses specially designed mailboxes to store both the public folder hierarchy and the content. This also means that there’s no longer a public folder database. High availability for the public folder mailboxes is provided by a database availability group (DAG).

The main architectural components of public folders are the public folder mailboxes, which can reside in one or more mailbox databases.

Public folder mailboxes

There are two types of public folder mailboxes: the primary hierarchy mailbox and secondary hierarchy mailboxes. Both types of mailboxes can contain content:

Primary hierarchy mailbox The primary hierarchy mailbox is the one writable copy of the public folder hierarchy. The public folder hierarchy is copied to all other public folder mailboxes, but these will be read-only copies.

Secondary hierarchy mailboxes Secondary hierarchy mailboxes contain public folder content as well and a read-only copy of the public folder hierarchy.

Creating public folder mailboxes

Graphical

1. Open ECP, public folders, public folder mailboxes


3. Type a mailbox name( eg: pubmail1)

4. Select Organizational unit and Mailbox database optionally

5. Select Save

https://192.168.1.81/ecp/

https://192.168.1.81/ecp/


60

PowerShell

New-Mailbox -PublicFolder -Name <mailboxname> -Database <mailboxdatabase>

New-Mailbox -PublicFolder -Name pubmail1 -Database db1

Displaying Public folder

Get-PublicFolderStatistics

Creating public folder

Graphical

1. Open ECP, public folders, public folder


3. Type a Public folder name (e.g: public1)

4. Select Save

PowerShell

New-PublicFolder -Name <publicfoldername>

New-PublicFolder -Name public1

Removing public folder

Remove-PublicFolder -Identity <publicfoldername>

Remove-PublicFolder -Identity \public1

Removing public folder mailbox

Remove-Mailbox -Identity <publicfoldermailbox> –PublicFolder

Remove-Mailbox -Identity pubmail1 –PublicFolder

https://192.168.1.81/ecp/


61

Connectors

Connectors are used to control inbound and outbound mail flow in Microsoft Exchange Server 2013. With connectors, you can route mail to and receive mail from recipients outside of your organization, a partner through a secure channel, or a message-processing appliance.

The most commonly used connector types are Send connectors, which control outbound messages, and Receive connectors, which control inbound messages.

Send Connector

In Microsoft Exchange Server 2013, a Send connector controls the flow of outbound messages to the receiving server. They are configured on Mailbox servers running the Transport service. Most commonly, you configure a Send connector to send outbound email messages to a smart host or directly to their recipient, using DNS.

Exchange 2013 Mailbox servers running the Transport service require Send connectors to deliver messages to the next hop on the way to their destination. Send connectors that are created on Mailbox servers are stored in Active Directory and are available to all Mailbox servers running the Transport service in the organization.

Receive Connector

Receive connectors control the flow of inbound messages to your Exchange organization. They are configured on computers running Microsoft Exchange Server 2013 with the Transport service, or in the Front End service on a Client Access server. They can be created in the Exchange Administration Center (EAC), or in the Exchange Management Shell.

By default, the Receive connectors that are required for internal mail flow are automatically created when a Client Access server or Mailbox server is installed.

Exchange 2013 servers running the Transport service require Receive connectors to receive messages from the Internet, from email clients, and from other email servers. A Receive connector controls inbound connections to the Exchange organization.

Creating Send connector

Graphical



3. Type a Connector Name (e.g.: connector1)

4. Select a Connector type (e.g.: Internet (For example, to send internet mail)), Next

5. Select a Network Settings (e.g.: Route mail through smart hosts)

6. Select Add Button


62

7. Type remote smart host IP Address or FQDN (e.g: 192.168.1.90), Select Save

8. Select Next

9. Select smart host authentication(e.g.: None), Select Next

10. Specify the address space or spaces to which this connector will route mail.(e.g.: lab.com), Select Next

11. Select Source Server

12. Select Finish

PowerShell

New-SendConnector -AddressSpaces <remoteaddressspace> -name <connectorname> -Internet -

SmartHostAuthMechanism < None | BasicAuth | BasicAuthRequireTLS | ExchangeServer |

ExternalAuthoritative> -SmartHosts <ipaddress/fqdn> -SourceIPAddress <sourceaddress>

New-SendConnector -AddressSpaces Lab.com -name connector1 -Internet -SmartHostAuthMechanism None -

SmartHosts 192.168.1.90 -SourceIPAddress 192.168.1.81

Creating receive connector

Graphical

1. Open ECP, mail flow, receive connectors



4. Select Role (e.g.: Hub Transport or Frontend Transport)

5. Select a Connector Type (e.g.: Internet (For example, to receive internet mail))

6. Select Next

7. Specify the IP addresses and port of the network adapter to bind to the receive connector , Select Add

Button

8. Select Specify an Ipv4 or Ipv6 address (e.g.: 192.168.1.81), Select Save

9. Select Finish

Note: If you are not using any authentication method do the following

1. Double click on Receive connector

2. Select Security

3. Uncheck all authentication method


63

4. Select Save

PowerShell

New-ReceiveConnector -Usage < Custom | Internet | Internal | Client | Partner> -Name <connectorname>

-Bindings <ipaddress:port> -AuthMechanism < None | Tls | Integrated | BasicAuth | BasicAuthRequireTLS

| ExchangeServer | ExternalAuthoritative>

New-ReceiveConnector -Usage Internet -Name Receive1 -Bindings 192.168.1.81:25 –AuthMechanism None

Removing Send connector

Remove-SendConnector -Identity <connectorname>

Remove-SendConnector -Identity connector1

Removing Receive connector

Remove-ReceiveConnector -Identity <connectorname>

Remove-ReceiveConnector -Identity Receive1


64

Offline Address Book

An offline address book (OAB) is a copy of an address list collection that’s been downloaded so a Microsoft

Outlook user can access the address book while disconnected from the server. Microsoft Exchange generates the

new OAB files and then compresses the files and places them on a local share. You can decide which address lists are

made available to users who work offline, and you can also configure the method by which the address books are

distributed (web-based distribution or public folder distribution).

Exchange 2013 does not has graphical tool for managing OAB. So you need exchange management shell to

manage OAB in your exchange organization.

Creating an Offline address book

PowerShell

New-OfflineAddressBook -Name <name> -AddressLists <addresslist> -VirtualDirectories <directoryname>

-IsDefault $true

New-OfflineAddressBook -Name OAB1 -AddressLists '\Default Global Address List' -VirtualDirectories

'DC100\OAB (Default Web Site)' -IsDefault $true

Force updating offline address book

Update-OfflineAddressBook -Identity <name>

Update-OfflineAddressBook -Identity OAB1

Setting polling interval

Set-OabVirtualDirectory -PollInterval <minutes> -Identity <directory>

Set-OabVirtualDirectory -PollInterval 1 -Identity 'OAB (Default Web Site)'

Restarting Mailbox Assistance service

Restart-Service -Name MSExchangeMailboxAssistants

Displaying Offline address book

Get-OfflineAddressBook

Removing offline address book

Remove-OfflineAddressBook -Identity <name>

Remove-OfflineAddressBook -Identity oab1


65

Downloading Address Book (in Client)

You will need outlook 2007 or later versions of Microsoft office to download offline address book copy.

1. Open profile in Microsoft office outlook

2. Select the outlook icon from the system tray


66

3. Select Control button in key board right click on the icon, select Test E-mail Auto configuration

4. Type Password , uncheck Use Guessmart and Secure Guessmart Authentication , Select Test


67

5. Close the window, Select File from the menu

6. Select Account Settings, Download address book

7. Uncheck the checkbox, select address book and OK

8. Wait until the download completes


68

Address Book Policies

Address book policies (ABPs) allow you to segment users into specific groups to provide customized views of

your organization’s global address list (GAL). When creating an ABP, you assign a GAL, an offline address book (OAB),

a room list, and one or more address lists to the policy. You can then assign the ABP to mailbox users, providing

them with access to a customized GAL in Outlook and Outlook Web App. The goal is to provide a simpler mechanism

to accomplish GAL segmentation for on-premises organizations that require multiple GALs.

ABPs contain the following lists:

One GAL

One OAB

One room list (for booking purposes)

One or more address lists

In the following figure, Address Book Policy A consists of a subset of the various address objects that exist in the organization (shown in the bottom half of the figure). The resulting scope of an ABP is equal to that of the GAL contained in the policy, in this case GAL1. When the ABP is created and assigned to a user, the address objects in the ABP become the scope of the objects the user is able to view.

Like Offline address book Exchange 2013 address book policies does not has graphical tool for managing polices. So

you need exchange management shell.

Creating address book policy

PowerShell

Get-AddressBookPolicy


69

New-AddressBookPolicy -Name <name> -AddressLists <addresslist> -GlobalAddressList <GAL> -

OfflineAddressBook <OAB> -RoomList <roomlist>

Example

`

User1 User2 User3 User4

1. Creating global address list for IT department

New-GlobalAddressList "IT Users" -ConditionalDepartment "IT" -IncludedRecipients "AllRecipients"

2. Creating global address list for SALES department

New-GlobalAddressList "SALES Users" -ConditionalDepartment "SALES" -IncludedRecipients

"AllRecipients"

3. Creating address list for IT Users

New-AddressList -Name "IT-users-list" -IncludedRecipients "AllRecipients" -ConditionalDepartment "IT"

Update-AddressList -Identity "IT-users-list"

4. Creating address list for Sales Users

New-AddressList -Name "Sales-users-list" -IncludedRecipients "AllRecipients" -ConditionalDepartment

"Sales"

Update-AddressList -Identity "Sales-users-list"

5. Creating offline address book for IT department

New-OfflineAddressBook -Name "IT-OAB" -AddressLists "\IT-users-list"

Update-OfflineAddressBook -Identity "IT-OAB"

6. Creating offline address book for sales department

New-OfflineAddressBook -Name "SALES-OAB" -AddressLists "\sales-users-list"

Update-OfflineAddressBook -Identity "SALES-OAB"

EXCHANGE

ORGANIZATION

Department “IT” Department “SALES”


70

7. Creating address book policy for IT department

New-AddressBookPolicy -Name "IT-ABP" -GlobalAddressList "\IT Users" -AddressLists "\IT-Users-list"

-OfflineAddressBook "\IT-OAB" -RoomList "\All Rooms"

8. Creating address book policy for SALES department

New-AddressBookPolicy -Name "SALES-ABP" -GlobalAddressList "\SALES Users" -AddressLists "\SALES

-Users-list" -OfflineAddressBook "\SALES-OAB" -RoomList "\All Rooms"

9. Setting Mailbox department attribute

Set-ADUser -Identity User1 -Department IT

Set-ADUser -Identity User2 -Department IT

Set-ADUser -Identity User3 -Department SALES

Set-ADUser -Identity User4 -Department SALES

10. Setting address book policy on mailbox

Set-Mailbox -Identity User1 -AddressBookPolicy "IT-ABP"

Set-Mailbox -Identity User2 -AddressBookPolicy "IT-ABP"

Set-Mailbox -Identity User3 -AddressBookPolicy "SALES-ABP"

Set-Mailbox -Identity User4 -AddressBookPolicy "SALES-ABP"

Removing Address book policy

Remove-AddressBookPolicy -Identity <policyname>

Remove-AddressBookPolicy -Identity "IT-ABP"


71

Linked Mailbox

Linked mailboxes are mailboxes that are accessed by users in a separate, trusted forest. Linked mailboxes may be necessary for organizations that deploy Exchange in a resource forest. The resource forest scenario allows an organization to centralize Exchange in a single forest, while allowing access to the Exchange organization with user accounts that are located in one or more trusted forests (called account forests). The user account that accesses the linked mailbox doesn't exist in the forest where Exchange is deployed. Therefore, a disabled user account that exists in the same forest as Exchange is created and associated with the corresponding linked mailbox.

The following figure illustrates the relationship between the linked user account used to access the linked mailbox (located in the account forest) and the disabled user account in the Exchange resource forest that’s associated with the linked mailbox.

Creating Linked Mailbox

Graphical

1. Create a trust relationship between account forest (Forest A) and exchange forest (Forest B).

2. Open ECP, recipients, mailboxes

3. Select Add Button(New), Linked Mailbox

4. Select the trusted forest or domain(Forest A)

5. Select Linked domain controller

6. Select Linked master account(User01)

7. Type User name, Logon name(User01)

8. Select Finish


72

PowerShell

New-Mailbox -LinkedDomainController <linkedDC> -LinkedMasterAccount <linkedaccount> -Name <name> -

Alias <alias>

New-Mailbox -LinkedDomainController DC.ForestA -LinkedMasterAccount User01@ForestA -Name Usr1

-Alias User01

Removing Linked Mailbox

PowerShell

Remove-Mailbox -Identity <mailbox>

Remove-Mailbox -Identity User01


73

Database Availability Group

A Database Availability Group (DAG) is a set of up to 16 Microsoft Exchange Server 2013 Mailbox servers that

provides automatic, database-level recovery from a database, server, or network failure. DAGs use continuous

replication and subset of Windows failover clustering technologies to provide high availability and site resilience.

Mailbox servers in a DAG monitor each other for failures. When a mailbox server is added to a DAG, it works with the

other servers in the DAG to provide automatic, database-level recovery from database failures.

When you create a DAG, it’s initially empty. When you add the first server to a DAG, a failover cluster is

automatically created for the DAG. In addition, the infrastructure that monitors the servers for network or server

failures is initiated. The failover cluster heartbeat mechanism and cluster database are then used to track and

manage information about the DAG that can change quickly, such as database mount status, replication status, and

last mounted location.

The following figure shows an example of Database Availability Group consisting of three mailbox servers.

The server EXMB1 hosts the active copy of database DB1, and the other DAG members EXMB2 and EXMB3 host

passive copies of the database. The DAG members work together to maintain the availability of the mailbox

database. If the server that hosts the active database copy experiences a problem, for example a hardware failure,

one of the remaining DAG members is able(under the right conditions) to make its copy of the database active so

clients are still able to connect to their mailbox data.

In the following figure shows the automatic recovery of database DB1 when EXMB1 failed.


74

DAG using a non-exchange server called ‘File Share Witness Server’ for failover cluster’s Node and File Share

Majority quorum mode acts as a tie-breaker.

In the above example a four member DAG is using and additional server as the File Share Witness. The DAG is able to

maintain quorum with up to two server failures, but quorum is lost when three servers are down.


75

Creating a two node Database Availability Group

Preparing Network for Database Availability Group

Graphical

For deploying DAG in the exchange organization DAG members should have two network adapters, One

network adapter is for external connectivity and client accessibility and the second one is only for replication

purpose, which is not connected for external communication.

1. Open Network and Sharing Center (ncpa.cpl from start->Run).

2. Right click on Replication network adapter, select Properties.

3. Uncheck the first two checkboxes named Clients for Microsoft Networks and File and Printer Sharing

for Microsoft Networks.


76

4. Select IPV4 , Properties

5. Give IP Address and Subnet Mask (e.g.: 10.0.0.1 and 255.0.0.0) .Do not give default gateway or DNS

server address

6. Select Advanced, DNS

7. Uncheck Register this connection’s addresses in DNS checkbox

8. Select OK Save the changes

Repeat the same steps on Exchange2 mailbox server

Preparing witness server for Database Availability Group

1. Log on to witness server with administrative credential

2. Open Computer Management from Server Manager (or compmgmt.msc)

3. Select Local Users and Groups

4. Select Groups

5. Double click on Administrators

6. Select Add, Advanced and Find Now

7. Browse for Exchange Trusted Subsystem, OK

8. Select OK to save the changes


77

Creating Database Availability Group

Graphical

1. Open ECP, servers, database availability groups

2. Select Add button (New)

3. Enter Database availability group name (e.g.: DAG-testlab)

4. Type the FQDN or IP Address of witness server (e.g.: witness.testlab.com)

5. Enter the witness directory in witness server (e.g.: C:\witness-dir)

6. Enter Cluster IP Address (e.g.: 200.100.100.65)


8. Select Save

PowerShell

New-DatabaseAvailabilityGroup -Name <DAG name> -WitnessServer <FQDN of witness server> -

DatabaseAvailabilityGroupIpAddresses <IPaddreess> -WitnessDirectory <path>


78

New-DatabaseAvailabilityGroup -Name DAG-testlab -WitnessServer Witness.testlab.com -DatabaseAva

ilabilityGroupIpAddresses 200.100.100.65 -WitnessDirectory C:\Witness-dir

Managing Database availability membership

Graphical

1. Open ECP, Servers

2. Select Database Availability Group, Manage DAG membership

3. Select Add Button (+) to add DAG members

4. Select Save

PowerShell

Add-DatabaseAvailabilityGroupServer -Identity <DAG name> -MailboxServer <mailboxserverFQDN>

Add-DatabaseAvailabilityGroupServer -Identity DAG-testlab -MailboxServer Exchange1

Add-DatabaseAvailabilityGroupServer -Identity DAG-testlab -MailboxServer Exchange2


79

Wait until the cluster form between mailbox servers, if any error occurred during operation as below,

perform the pre-stage operation of cluster named object (CNO) in active directory as follows.

Pre-stage CNO in active directory

1. Log on to the domain controller

2. Open Active Directory Users and Computers

3. Select View from menu, Advanced Features

4. Select Computers Container

5. Locate DAG cluster named object (eg: DAG-TESTLAB)

6. Double click on object, Select Security

7. Select Exchange Trusted Subsystem from the group or user names

8. Select Full Control permission for the same group

9. Select Apply, OK to save changes

10. Right click on object, Select Disable Account

Adding Database copy between Database availability group members

Graphical

1. Open ECP, Servers, databases

2. Select Mailbox database

3. Select More button, Add database copy

4. Specify target Mailbox Server, Select Browse

5. Select Mailbox Server , OK

6. Select Save


80

PowerShell

Add-MailboxDatabaseCopy -Identity <database> -MailboxServer <target> -ActivationPreference <no>

Add-MailboxDatabaseCopy -Identity 'Mailbox Database 0177365238' -MailboxServer exchange2 -

ActivationPreference 2

Configuring Database Availability Group Networks

1. Open ECP, servers, database availability group

2. Double click on DAG name( e.g.: DAG-testlab)

3. Select Configure database availability group networks manually checkbox

4. Select Save

5. Select DAG name (e.g.: DAG-testlab)

6. Select View details from the DAG network

7. Use Enable Replication checkbox to enable or disable replication traffic through the network.

PowerShell

Set-DatabaseAvailabilityGroup -Identity <dag name> -ManualDagNetworkConfiguration $true


81

Set-DatabaseAvailabilityGroup -Identity DAG-testlab -ManualDagNetworkConfiguration $true

It is recommended that one network should be dedicated for replication purpose only, especially the

internal replication network.

Configuring Automatic database mount dial

Automatic database mount dial specifies the behavior after a database failover. There are three methods in

database mount dial process called BestAvailability, GoodAvailability, and Lossless

PowerShell

Set-MailboxServer –Identity <FQDN> -AutoDatabaseMountDial <Bestavailability | Goodavailability | lossless>

Set-MailboxServer -Identity Exchange1 -AutoDatabaseMountDial Bestavailability

Set-MailboxServer -Identity Exchange2 -AutoDatabaseMountDial Bestavailability

Configuring Database copy automatic activation policy

Database copy automatic activation policy specifies the database activation in the mounted mailbox server

after failover

PowerShell

Set-MailboxServer -Identity <FQDN> -DatabaseCopyAutoActivationPolicy <blocked | intrasiteOnly|

unrestricted>

Set-MailboxServer -Identity Exchange1 -DatabaseCopyAutoActivationPolicy unrestricted

Set-MailboxServer -Identity Exchange2 -DatabaseCopyAutoActivationPolicy unrestricted

Switching active mailbox database

Switching mailbox database is an administrative driven procedure before performing hardware/software

maintenance on currently active mailbox server.

Graphical

1. Open ECP, servers, databases

2. Select the mailbox database, select Activate from the right side of the browser


82

3. Select Yes to move mailbox database, wait until the operation completes

4. Select Close button

PowerShell

Move-ActiveMailboxDatabase -Identity <databasename> -ActivateOnServer <targetmailboxserver> -

SkipClientExperienceChecks

Move-ActiveMailboxDatabase -Identity 'Mailbox Database 0177365238' -ActivateOnServer exchange1 –

SkipClientExperienceChecks

To display mailbox databases

Get-MailboxDatabase

To display mailbox database copy status

Get-MailboxDatabaseCopyStatus

Configuring Server switchover

Server switchover moves complete active mailbox databases from one node to another before maintenance

Graphical

1. Open ECP, servers, servers

2. Select the source mailbox server


83

3. Select Server Switchover from the right side of the browser

4. Specify a target server to switchover ,browse (e.g.: exchange2)

5. Select Save wit until all mailbox databases move to the target server

6. Select Close

PowerShell

Move-ActiveMailboxDatabase -Server <source> -ActivateOnServer <destination> -

SkipClientExperienceChecks -SkipMaximumActiveDatabasesChecks

Move-ActiveMailboxDatabase -Server Exchange2 -ActivateOnServer Exchange1 -

SkipClientExperienceChecks –SkipMaximumActiveDatabasesChecks

Removing Database Availability Group

Before demoting Database Availability Group there are number of operations to do

Remove all the Mailbox database copies

Remove all DAG members


84

Graphical

1. Open ECP, servers, databases

2. Select Mailbox database and select Remove from the right side of the browser for removing mailbox

database copies

Repeat the same step to remove all mailbox database copies inside the DAG

3. Select DAG, then Manage DAG membership

4. Select Remove Button(-) to remove DAG members


85

5. Select Save, wait until the operation completes

6. Select Close

7. Finally select the DAG and click Delete Button

PowerShell

Remove-MailboxDatabaseCopy -Identity <databaseid>

Remove-MailboxDatabaseCopy -Identity 'Mailbox Database 0177365238\exchange2'

Remove-DatabaseAvailabilityGroupServer -Identity <DAG name> -MailboxServer <FQDN>

Remove-DatabaseAvailabilityGroupServer -Identity DAG-testlab -MailboxServer exchange1

Remove-DatabaseAvailabilityGroupServer -Identity DAG-testlab -MailboxServer exchange2

Remove-DatabaseAvailabilityGroup -Identity <DAG name>

Remove-DatabaseAvailabilityGroup -Identity DAG-testlab


86

Backup and Restore Exchange Server 2013

Exchange Server mailbox databases and user mailboxes can be protected by using different backup utilities. In this

scenario we are using Microsoft System Center Data Protection Manager 2012 R2. It is also known simply Data

Protection Manager or DPM.

DPM Pre-requisites Microsoft .NET Framework 3.5 with Service Pack 1(SP1)

Already installed in Windows Server 2008 R2, can be installed from Server Manager, Add roles and features in

Windows Server 2012 R2.

Windows PowerShell 2.0

Already installed in Windows Server 2008 R2, 2012 R2 otherwise installed from Server Manager, Add roles and

features

Microsoft Virtual C++ 2008 Redistributable

Automatically install before with DPM installation

Windows Single Instance Store (SIS)

Automatically install before with DPM installation. In Windows Server 2012 R2 it can be installed using the

following command

Dism /online /enable-feature:SIS-Limited

Installing DPM

Install System Center Data Protection Manager on a separate member server dedicated as a backup server

Open DPM console after the installation

Configuring DPM Storage Storage options for the data protection manager (DPM) include the following:

Tape-All data and workloads protected by DPM can be backed up to tape for long term storage.

Disk- All data and workloads protected by DPM can be backed up to disk for short term storage. Disks can be

unallocated internal storage network disk like iSCSI storage.

Windows Azure cloud using Windows Azure Backup-Files, SQL Server and Hyper-V workloads can be backed up

to Windows Azure.

Graphical

1. Open DPM console

2. Select Disks from the left side of the console


87

3. Select Add from ribbon menu or from Action


88

4. Select disk and Add , Select OK

5. Pooled disks can be view from the DPM console.


89

PowerShell

$var=Get-DPMDisk -DPMServerName <FQDN DPM server>

Add-DPMDisk -DPMDisk $disk

$disk=Get-DPMDisk -DPMServerName DPM-Serv

Add-DPMDisk -DPMDisk $disk

Installing DPM agent

DPM agent software is needs to be installed on the source server (like Exchange Server) to protect the data

Graphical

1. Open DPM console

2. Select Agents from the left side of the console


90

3. Select Install from the ribbon menu or from Action

4. Select Install agents, Next


91

5. Select exchange server from the list, Add then Next

6. Enter credentials , Next


92

7. Choose Restart Method, Next

8. Select Install


93

Creating Protection Group

1. Open DPM console

2. Select Protection from the left side of the console

3. Select New from the ribbon menu

4. Skip the welcome window


94

5. Select Servers, Next

6. Expand the Exchange server and select Mailbox database, Select Next


95

7. Type Protection Group Name(e.g.: Exchange-Protection),Select Next twice

8. Type Retention Range and Synchronization frequency, Select Next


96

9. Review the disk allocation select Next

10. Choose a replication method(e.g.: Now)


97

11. Select Next twice and select Create Group

12. Select Close and wait until the replica creation completes

Recovering Exchange Files

DPM regularly capture the changes from the exchange server (every 15 minutes). Mailbox databases or user

mailboxes can be restored from the backup if any data loss occurred at the exchange server. In this scenario we

are using a user mailbox.

Graphical

1. Create a recovery database in mailbox server for recovery purpose as follows. Normal database cannot be

used for this operation.

New-MailboxDatabase -Name <databasename> -Server <FQDN> –Recovery

Mount-Database -Identity <databasename>

Set-MailboxDatabase -Identity <databasename> -AllowFileRestore $true

New-MailboxDatabase -Name ‘RDB’ -Server exch-2013-1 -Recovery

Mount-Database -Identity ‘RDB’

Set-MailboxDatabase -Identity ‘RDB’ -AllowFileRestore $true

2. Open DPM console

3. Select Recovery from the left side of the console


98

4. Expand Recoverable Data, find the deleted mailbox from the exchange database

5. Right click on the deleted mailbox and select Recover


99

6. Read review and select Next

7. Select Recovery Type (e.g.: Recover Mailbox to an Exchange server database) , Next


100

8. Specify Destination Server and Recovery Database, Next

9. Select Recover, close


101

10. Wait until the recovery completes, monitor the task from the DPM console, Monitoring

11. After the recovery open PowerShell in the exchange server. Run the following command to verify recovery

database.

Get-MailboxStatistics -Database <recoverydatabasename>

Get-MailboxStatistics -Database RDB

12. Create a new user mailbox to recover the deleted items.

13. Run the following command to restore deleted mailbox from recovery database to new mailbox

New-MailboxRestoreRequest -SourceDatabase <recoverydatabse> -SourceStoreMailbox <deletedmailbox>

-TargetMailbox <newmailbox> –AllowLegacyDNMismatch

New-MailboxRestoreRequest -SourceDatabase RDB -SourceStoreMailbox User100 -TargetMailbox

User100 –AllowLegacyDNMismatch

To display restore process status

Get-MailboxRestoreRequest

14. After the recovery process open the mailbox to verify the recovered data.


102

Edge Transport Server

Edge Transport servers minimize the attack surface by handling all Internet-facing mail flow, which provides SMTP

(Simple Mail Transfer Protocol) relay and smart host services for your Exchange organization. Agents running on the

Edge Transport server provide additional layers of message protection and security. These agents provide protection

against viruses and spam and apply transport rules to control mail flow. Because the Edge Transport server is

installed in the perimeter network, it's never a member of your organization's internal Active Directory forest and

doesn't have access to Active Directory information. However, the Edge Transport server requires data that resides

in Active Directory—for example, connector information for mail flow and recipient information for anti-spam

recipient lookup tasks. This data is synchronized to the Edge Transport server by the Microsoft Exchange EdgeSync

service (EdgeSync). EdgeSync is a collection of processes run on an Exchange 2013 Mailbox server to establish one-

way replication of recipient and configuration information from Active Directory to the Active Directory Lightweight

Directory Services (AD LDS) instance on the Edge Transport server.

EdgeSync copies only the information that's required for the Edge Transport server to perform anti-spam

configuration tasks and to enable end-to-end mail flow. EdgeSync performs scheduled updates so the information in

AD LDS remains current.

Installing edge transport server 2013

Install Active directory lightweight directory service

Graphical

1. Log on to the edge transport server with administrative privilege



4. Select Active Directory Lightweight Directory Service from roles, Next

5. Select Install

PowerShell

Install-WindowsFeature -Name ADLDS,RSAT-ADLDS

Install edge transport role.

Command Prompt

Setup.exe /mode:install /roles:et /iacceptexchangeserverlicenseterms

Graphical

1. Double click on setup.exe from installation media

2. Select Don’t check for updates right now, Next


103

3. Wait until file copying completes


104

4. Select Next from the introduction.

5. Accept the license agreement, Next


105

6. Select Don’t use recommended settings, Next

7. Select Server Roles( Edge Transport Role), Next


106

8. Select Installation Location, Next

9. Wait until Readiness Check completes


107

10. Select Install

Configuring Edge subscription

Edge subscriptions are used to populate the Active Directory Lightweight Directory Services (ADLDS) instance of

the Edge Transport server with Active Directory date. Edge subscription is created in Edge Transport Server and

export to the Mailbox Server. No Graphical interface is available for edge subscription process.

1. Logon to Edge Transport Server

2. Open Exchange PowerShell and type the following Command

New-EdgeSubscription –FileName “path\filename.xml”

New-EdgeSubscription –FileName ‘C:\Edge.xml’

3. Logon to mailbox server

4. Open Exchange PowerShell and type the following command

New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path " path\filename.xml’" -encoding Byte -

ReadCount 0)) -Site 'ADSiteName’

Start-EdgeSynchronization -Server 'MailboxFQDN' -TargetServer 'EdgeTransportFQDN' –ForceFullSync


108

New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path "C:\edge.xml" -encoding Byte -ReadCount

0)) -Site 'Default-First-Site-Name'

Start-EdgeSynchronization -Server 'Exchange1' -TargetServer 'Edge' –ForceFullSync

5. After exporting subscription you can view the Edge transport server in Exchange ECP

6. Open ECP, Servers, Servers

7. Check the synchronization status

Test-EdgeSynchronization

Configure Send/Receive Connector

Creating Send Connector




4. Select a Connector type (e.g.: Internet (For example, to send internet mail)), Next

5. Select a Network Settings (e.g.: Route mail through smart hosts)


109


7. Type remote smart host IP Address or FQDN (e.g: 192.168.1.90), Select Save

8. Select Next

9. Select smart host authentication(e.g.: None), Select Next

10. Specify the address space or spaces to which this connector will route mail.(e.g.: lab.com), Select Next

11. Select Source Server (Edge Transport Server)

12. Select Finish

Creating Receive Connector

1. Open ECP, mail flow, receive connectors




110

4. Select Role (e.g.: Hub Transport or Frontend Transport)

5. Select a Connector Type (e.g.: Internet (For example, to receive internet mail))

6. Select Next

7. Specify the IP addresses and port of the network adapter to bind to the receive connector(Edge Transport

Server) , Select Add Button

8. Select Specify an Ipv4 or Ipv6 address (e.g.: 192.168.1.81), Select Save

9. Select Finish


111

Configuring Edge Transport rules

Edge Transport Server works based on the following filter agents

1. Connection Filtering agent

2. Sender Filter agent

3. Recipient Filter agent

4. Sender ID agent

5. Content Filter agent

6. Protocol Analysis agent for sender reputation

7. Attachment Filter agent

Creating IP Allow List

Add-IPAllowListEntry -IPAddress <Ipaddress> | -IPRange <IPrange>

Add-IPBlockListEntry -IPAddress <Ipaddress> | -IPRange <IPrange>


112

To display allow IP Entry

Get-IPAllowListEntry

To display block IP Entry

Get-IPBlockListEntry

Creating Sender Filtering

Set-SenderFilterConfig -BlockedSenders <emailaddress> -BlockedDomains <FQDN> -Action <StampStatus

| Reject> -Enabled $true

To display Sender filter Entry Get-SenderFilterConfig

Creating Recipient Filtering

Set-RecipientFilterConfig -BlockedRecipients <emailaddress> -Enabled $true

To display Recipient filter Entry

Get-RecipientFilterConfig

Creating Content Filtering

Add-ContentFilterPhrase -Phrase <phrase> -Influence <GoodWord | Badword> Set-ContentFilterConfig -RejectionResponse <response> -Enabled $true

To display Content filter Entry Get-ContentFilterConfig

Creating Attachment Filtering

Enable attachment filtering Enable-TransportAgent -Identity "Attachment Filtering Agent”

Restart Transport service Restart-Service -Name MSExchangeTransport

Add an attachment filter rule Add-AttachmentFilterEntry -Name <name> -Type <contentType | FileName>

Add Attachment filter action

Set-AttachmentfilterListConfig -Action <Reject | Strip | SilentDelete> -AdminMessage <message>


113

Display all attachment filter entries Get-AttachmentFilterEntry

Display Attachment filter entry Get-AttachmentFilterListConfig

Date post:	10-Apr-2016
Category:	Documents
Upload:	devarajvr
View:	33 times
Download:	4 times

Microsoft Exchange 2013

Documents