SlideShare a Scribd company logo

Exchange overview and popularization

J
Julien Rosset

overview / popularization about Exchange Server. This document is a short understanding regarding mail réputation, Exchange setup and my main useful powershell Script.

Software
1 of 16
Download to read offline
EXCHANGE SERVER Overview and Popularization to begin Exchange Management Rosset, Julien Windows Expert
1 I. INDEX I. INDEX............................................................................................................................................... 0 II. THIS DOCUMENT............................................................................................................................. 2 III. UNDERSTANDING MAIL REPUTATION......................................................................................... 3 1. Name of your mail infrastructure over internet, Starttls, and SMTP Banner ............................. 3 2. Records in your Domain Provider................................................................................................ 3 3. Securing potential Spam.............................................................................................................. 4 4. Blacklisting and Health check...................................................................................................... 4 5. Banned over internet .................................................................................................................. 4 IV. INSTALL EXCHANGE SERVER (2010) ............................................................................................ 5 1. Edge Role..................................................................................................................................... 5 V. INSTALL EXCHANGE SERVER (2016) ................................................................................................ 7 1. Edge Role..................................................................................................................................... 7 VI. MANAGE SERVER....................................................................................................................... 10 1. Licensing.................................................................................................................................... 10 2. Configure Virtual Directory ....................................................................................................... 10 3. Enable Outlook Anywhere......................................................................................................... 11 4. Renew Autosigned Certificate................................................................................................... 11 5. Check the message Queue ........................................................................................................ 11 6. Test Health of your Server......................................................................................................... 11 7. Test Mail “In”............................................................................................................................. 12 8. Change SMTP Banner................................................................................................................ 12 9. Disable/enable antispam........................................................................................................... 12 10. Send / Receive Connector ..................................................................................................... 12 VII. MANAGE MAILBOX.................................................................................................................... 13 1. List mailbox / distribution group............................................................................................... 13 2. Give access right........................................................................................................................ 13 3. Mailbox details .......................................................................................................................... 13 VIII. EXPORT/IMPORT MAILBOX ....................................................................................................... 14 1. Give import/export access right................................................................................................ 14 2. Export one MailBox: .................................................................................................................. 14 3. Export All Mailbox: .................................................................................................................... 14 4. Check the task running:............................................................................................................. 14 5. Flush Mailbox Import/Export Request ...................................................................................... 15 6. Import all mailbox in Exchange ................................................................................................. 15
2 II. THIS DOCUMENT This document explain the main useful PowerShell command to manage exchange Server, It is not a tutorial for “how to manage daily” your exchange Infrastructure Because of the reputation of your mail infrastructure over internet is really important, this document explain shortly the “Good Mail Reputation” and how to set up correctly an Exchange Infrastructure (2010, 2016(2013)) Each command must be run from Exchange PowerShell (Administrator Mode). Except for Telnet must be run in DOS These Command are Available for Exchange Server 2010 SP2 to Exchange Server 2016 Most of these command can be done by Exchange interface MMC (2010) or HTTP (2013-2016) All Green Command should not be modified All Red Command Should be adapted to your infrastructure (server, domain, ect) All Purple Command Should be adapted to your context (user, name, date, ect …)
3 III. UNDERSTANDING MAIL REPUTATION Mail Reputation; You can find a lot of literature about this subject, with much more details than this documents but you have to respect at least all these topics : 1. Name of your mail infrastructure over internet, Starttls, and SMTP Banner Your mail server must be reachable over internet, so this one must have a name which does not refer to your local domain name (reply to ehlo). SMTP Banner is the announcement when you run a telnet request to an Exchange Server. I will not explain what are SMTP Banner, ehlo and telnet protocol is, please check Google and chapter VI.7 and VI.8 When you set up your exchange Server (using wizard), the receive connector will be set automatically with the local FQDN (exch2k.contoso.local for example). But your mail infrastructure should not have this name over internet, so you have to change it For example if the local domain name of your server is Exch2k.contoso.local, this one must reply to ehlo (over internet) by mailhost.contoso.com The configuration of “reply to Ehlo” must be set on Send/Receive Connector. Warning! : If you change the reply to ehlo on the exchange on Receive Connector server, this one will lose “250 Startlts” Announcement; Starttls is not mandatory, but if you can keep it, do it. So to keep Starttls announcement you have two options: 1) After your full set up mail infrastructure, buy a SSL Certificate to an official organism (Verisign) and add it to your exchange infrastructure 2) Let all you Send/Receive connector and set up an Edge Server (workgroup) in DMZ, this one must be named Mailhost and add in DNS Suffix mailhost.contoso.com before install edge rôle and Edge Subscription (see chapter IV.1 and V.1) If your proceed like your Send/Receive connector on the Edge Server (front mail) will be correctly named from scratch 2. Records in your Domain Provider Records in your Domain Provider interface must be correctly set. You have to set MX, HOSTA, DMARC and SPF Record. MX and HostA records must be redirect to your public IP and must match with your reply to EHLO: mx.contoso.com <> 197.x.x.x mailhost.contoso.mx <> 197.x.x.x
4 MX toolbox can help you to generate DMARC and SPF https://mxtoolbox.com/SPFRecordGenerator.aspx https://mxtoolbox.com/DMARCRecordGenerator.aspx 3. Securing potential Spam To protect your infrastructure, you have three solutions: - Install anti-spam provide with exchange (free) but you do not have many options to configure it - Install a specific software attached to your Exchange (Ex: Symantec Bright Mail) - Use a SAAS Solution (Ex: AltoSpam), in that case you have to configure a specific send connector for this SAAS Soltution (relay to SAAS host with authentication or not) 4. Blacklisting and Health check If you respect all of this you will not be blacklisted by Spam entity, but it can’t prevent your infrastructure from a hacked computer or user who send spam mail from your infrastructure. In any case you can easily check the Health of your infrastructure by using MXTOOLBOX and their blacklist check solution MxToolBox offers many other useful tool as SMTP Test, ect... 5. Banned over internet There is really one main things to respect: Your mail server should not be an OPEN RELAY it’s banned. To resume an open relay is a mail server which can accept and resend mail without authentication (anyone can use your server to send spam). So if you need some connector to send mail without authentication for specific applications inside your organization (Ex: VmWare Vsphere) please be sure that these connector are not able to send mail outside directly.
5 IV. INSTALL EXCHANGE SERVER (2010) Install NetFramework 3.5 import-module servermanager Add-WindowsFeature NET-Framework,NET-HTTP-Activation,Web-Server,Web-ISAPI-Ext,Web-Basic- Auth,Web-Digest-Auth,Web-Windows-Auth,Web-Dyn-Compression,Web-Metabase,Web-Net- Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-ADDS,RSAT-Clustering,RSAT-Web- Server,RPC-Over-HTTP-proxy Set-Service NetTcpPortSharing -StartupType Automatic reboot the server Servermanager -i RSAT -ADDS Close the window In PowerShell go to the Exchange 2010 folder Install then: .Setup /PrepareSchema .Setup /PrepareAD /OrganizationName:mydomain .Setup /PrepareDomain 1. Edge Role Edge Server Role must be install on separate server in workgroup and in DMZ, DMZ and LAN should allow all Activ directory Communications (check Technet) and mail flow : - HTTPS (443) - SMTP (25) - POP (110) - IMAP (587) - EDGE SYNC (50636) On the DNS Server: Add a host A for the server Edge On the Edge Server: - In IPv4 Setting go to advance, then DNS Tab, add the server DNS and the Suffix of your domain (test.local) - In the Name server add the suffix DNS - Launch the Edge Installation Wizard - Install role AD LDS - Run the wizard AD LDS (administration tool) - Test the Health of your EDGE Server (see Chapter 3.6)
6 Generate the EDGE XML Subscription From Exchange PowerShell: C:>New-EdgeSubscription -FileName C:edgesubscription.xml Answer yes to all Copy the XML file to the Exchange Server On the Exchange Server: Open the Exchange management, go to hub transport, in the “action” right pane clic on “new edge subscription” and follow the wizard. Set “credential manager” service automatic and wait 5 minutes (replication) Start-EdgeSynchronization -Server "fqdn.exchangeserver" You Should have two success.
7 V. INSTALL EXCHANGE SERVER (2016) Install netframework 4.5 Install-WindowsFeature RSAT-ADDS Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC- over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT- Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web- Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows- Auth, Web-WMI, Windows-Identity-Foundation Install updates .NET4.6.2 Install Win8.1 KB3146717-x64 Install Ucma Runtime 1. Edge Role Repeat the DMZ and Firewall configuration (refers to 1.1 chapter) Repeat the DNS configuration (refers to 1.1 chapter) Once it’s done: Install-WindowsFeature ADLDS Install updates .NET4.6.2 Install-WindowsFeature NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT- Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web- Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web- Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat- Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS Install Cumulative Update for server 2016 Install Media Foundation Feature Install Ucma Runtime
8 Run Set Up Exchange for Edge Role Test the Health of your EDGE Server (see Chapter VI.6) Generate the EDGE XML Subscription From Exchange PowerShell: New-EdgeSubscription -FileName C:edgesubscription.xml Answer yes to all Copy the XML file to the Exchange Server On the Exchange Server: In Exchange PowerShell New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path C:edgesubscription.xml –Encoding Byte -ReadCount 0)) -Site “Default-first-site-name” Red command should be adapted, if you have further subdomain Check port 50636 open between Lan and EDGE Check in your Exchange > Server, Edge server should appears > Mail Flow, check Send Receive Connectors Receive Connector There is no new receive connector required. Don’t change Send connector Configuration “–” is part of the configuration on the “EdgeSync – Inbound to AD Site” Connector so don’t change it. We will see this in the smart host and accepted domain The — value in the address space represents all authoritative and internal relay accepted domains for the Exchange organization. The — value in the list of smart hosts represents all Mailbox servers in the subscribed Active Directory site. Configure Internal SMTP Use the InternalSMTPServers parameter on the Set-TransportConfig cmdlet to specify a list of internal SMTP server IP addresses or IP address ranges to be ignored by the Sender ID and Connection Filtering agents on the Edge Transport server. Configure Internal SMTP server on Transport Configuration Use the InternalSMTPServers parameter on the Set-TransportConfig cmdlet to specify a list of internal SMTP server IP addresses or IP address ranges to be ignored by the Sender ID and Connection Filtering agents on the Edge Transport server. Run the below command on the mailbox server Set-TransportConfig –InternalSMTPServers IP, IP (range)
9 Start Edge Sync Once all above completed, run the below command Start-EdgeSynchronization -Server MailboxserverFQDN -TargetServer EDGEServerFQDN - ForceFullSync Restart Service Reboot Edge Server
10 VI. MANAGE SERVER 1. Licensing Get-ExchangeServerAccessLicenseUser -LicenseName "exchange server 2016 standard cal" | Measure-object | Select Count Get-ExchangeServerAccessLicenseUser -LicenseName "exchange server 2016 enterprise cal" | Measure-object | Select Count 2. Configure Virtual Directory Modify virtual directory will change the name announcement of your exchange (example: mailhost.domain.com) server from: - HTTP and HTTPS request - Telnet Request - Autodiscover Request All PS command listed under can be done with Exchange MMC under “Server Configuration” Take in consideration that your Exchange certificate must be compliant with these name announcement. So after your fresh install of exchange and your fresh configuration of Virtual Directory you have to renew your Auto signed Certificate and disable the older, the new one will automatically published. ($Server = "ServerName" $HTTPS_FQDN = "mail.domain.com") Get-OWAVirtualDirectory -Server $Server | Set-OWAVirtualDirectory -InternalURL "https://$($HTTPS_FQDN)/owa" -ExternalURL "https://$($HTTPS_FQDN)/owa" Get-ECPVirtualDirectory -Server $Server | Set-ECPVirtualDirectory -InternalURL "https://$($HTTPS_FQDN)/ecp" -ExternalURL "https://$($HTTPS_FQDN)/ecp" Get-OABVirtualDirectory -Server $Server | Set-OABVirtualDirectory -InternalURL "https://$($HTTPS_FQDN)/oab" -ExternalURL "https://$($HTTPS_FQDN)/oab" Get-ActiveSyncVirtualDirectory -Server $Server | Set-ActiveSyncVirtualDirectory -InternalURL "https://$($HTTPS_FQDN)/Microsoft-Server-ActiveSync" -ExternalURL "https://$($HTTPS_FQDN)/Microsoft-Server-ActiveSync" Get-WebServicesVirtualDirectory -Server $Server | Set-WebServicesVirtualDirectory -InternalURL "https://$($HTTPS_FQDN)/EWS/Exchange.asmx" -ExternalURL "https://$($HTTPS_FQDN)/EWS/Exchange.asmx" Get-MapiVirtualDirectory -Server $Server | Set-MapiVirtualDirectory -InternalURL "https://$($HTTPS_FQDN)/mapi" -ExternalURL https://$($HTTPS_FQDN)/mapi
11 3. Enable Outlook Anywhere Enable-OutlookAnywhere -Server $Server -ClientAuthenticationMethod Basic -SSLOffloading $False - ExternalHostName $HTTPS_FQDN -IISAuthenticationMethods NTLM, Basic 4. Renew Autosigned Certificate Get the list of all certificate and copy the thumbprint of the concerning certificate Get-ExchangeCertificate | FL ThumbPrint, isSelfSigned, NotBefore, NotAfter, Services Create new certificate: Get-ExchangeCertificate “ThumbprintNumber” | New-ExchangeCertificate Activate IIS et SMTP on the new certificate: Enable-ExchangeCertificate -ThumbPrint “ThumbprintNumber” -Services IIS SMTP Remove old certificate: Remove-ExchangeCertificate –ThumbPrint “ThumbprintNumber” 5. Check the message Queue Get-Queue –Identity Submission | Select Identity,Status,MessageCount 6. Test Health of your Server Get-servercomponentstate Get-transportagent Get-receiveconnector Get-recieveconnector | FL Test –Servicehealth Test –Servicehealth | FTrole,RequiredServicesRuninning -Autosize Run test-smtpconnectivity –identity
12 7. Test Mail “In” Install telnet client on a computer / server and run these commands from DOS as admin With Telnet you can easily identify which receive connector reply. It is very useful when you set further receive connector dedicated to specific IP telnet serverIP 25 helo name.domain.com MAIL FROM:user@domain.com RCPT TO:user@domain.com DATA SUBJECT:MAIL TEST!. (In telnet an empty Space necessary between subject and mail) THIS IS A MAIL TEST FROM TELNET . Quit 8. Change SMTP Banner By default SMTP Banner is $Null, but you may have to change it to do this: Set-ReceiveConnector "From the Internet" -Banner "220 Contoso Corporation" 9. Disable/enable antispam & $env:ExchangeInstallPathScriptsDisable-Antimalwarescanning.ps1 & $env:ExchangeInstallPathScriptsEnable-Antimalwarescanning.ps1 10.Send / Receive Connector You do not have to change anything on the existing receive connector unless if you need to change reply to ehlo Keep attention that if you change the reply to EHLO you have to uncheck “Exchange server authentication” in security tab. By doing this you will disable “250 Starttls authentication” (see chapter III.1) Send connector must be set regarding your mail flow (relay or mx) check google
13 VII. MANAGE MAILBOX 1. List mailbox / distribution group Get-Mailbox Get-Distributiongroup 2. Give access right add-adpermission -identity "user" -user "mailbox or group" -extendedrights “send as” Enable Mailbox for “Existing User” in a specific O.U (who do not have Mailbox) Get-User -OrganizationalUnit DOMAIN.COM/O.U | Enable-Mailbox 3. Mailbox details All Yellow Field can be replace or removed it depends of what you want to check get-mailbox -OrganizationalUnit "OU=Name of OU,DC=domain,DC=extension" -resultsize unlimited | get-mailboxstatistics | ft DisplayName,TotalItemSize,Itemcount,TotalDeletedItemSize,DeletedItemCount, Database This will expose Total Item, Deleted Item and database Example for O.U = contoso with domain = Contoso.domain.local get-mailbox -OrganizationalUnit "OU=contoso,DC=contoso,DC=domain,DC=local " -resultsize unlimited | get-mailboxstatistics | ft DisplayName,TotalItemSize,Itemcount,TotalDeletedItemSize,DeletedItemCount, Database Example with an Export CSV get-mailbox -OrganizationalUnit "OU=contoso,DC=contoso,DC=domain,DC=local " -resultsize unlimited | get-mailboxstatistics | ft DisplayName,TotalItemSize,Itemcount,TotalDeletedItemSize,DeletedItemCount, Database | export- csv -path c:mailbox.csv
14 VIII. EXPORT/IMPORT MAILBOX 1. Give import/export access right Before running Import/Export task you have to provide access right to your Exchange Management user New-ManagementRoleAssignment –Role “Mailbox Import Export” –User DOMAINUser When it’s done Close PowerShell and Restart it before run new commands 2. Export one MailBox: It is mandatory to export PST into a share folder, (this one can be set on the same server) in the file path you have to set the FULL file path (not only the short UNC Link provide by sharing wizard) New-MailboxExportRequest -Mailbox “Administrator” -FilePath IP or SERVER NAMEFOLDERFOLDERAdministrator.pst 3. Export All Mailbox: This command will export all mailbox respecting name/alias/…. of mailbox, this exports all items (contact, calendar, inbox, junkmail, ect) foreach ($i in (Get-Mailbox)) { New-MailboxExportRequest -Mailbox $i -FilePath IP or SERVER NAMEFOLDERFOLDER $($i.Alias).pst" } You can add a range of date: Date format is US month/day/year Lt : Less Than Gt: Greater Than foreach ($i in (Get-Mailbox)) { New-MailboxExportRequest -Mailbox $i -contentfilter {(received –lt ‘01/22/2017) –and (received –gt ‘01/01/2017’)} -FilePath IP or SERVER NAMEFOLDERFOLDER $($i.Alias).pst" } 4. Check the task running: Get-MailboxExportRequest | Get-MailboxExportRequestStatistics Get-MailboxImportRequest | Get-MailboxImportRequestStatistics
15 5. Flush Mailbox Import/Export Request Once your Import / export request is done do not forget to remove these request, these ones are named and if you want to rerun an export with the same name you should flush all export history. Get-MailboxExportRequest | Remove-MailboxExportRequest Get-MailboxImportRequest | Remove-MailboxImportRequest 6. Import all mailbox in Exchange Dir IP or SERVER NAMEFOLDERFOLDER*.pst | %{ New-MailboxImportRequest -Name BACKUP - BatchName Recovered -Mailbox $_.BaseName -FilePath $_.FullName -TargetRootFolder BACKUP} You can import only one item as it shown under: You can add/replace calendar by contacts ect… (see technet) Dir IP or SERVER NAMEFOLDERFOLDER*.pst | %{ New-MailboxImportRequest -Name BACKUP - BatchName Recovered -Mailbox $_.BaseName -includefoldres “#calendars#” $_.BaseName -FilePath $_.FullName -TargetRootFolder BACKUP} IX. MAILFLOW TROUBLESHOOTING 1. Mails won’t go outside Use MailQueu Viewer in Exchange MMC or EXCHANGE TOOLBOX This tool will explain why your mails stay into your infrastructure by showing error code, you will found a lot of literature on google about these code. Check your exchange Service are started or not (transport) Restart this service Restart Microsoft Exchange Active Directory Topology (will restart all exchange services) 2. Mails go outside but are not receive Check potential Blacklisting of your domain (MxToolBox and Queu Viewer) Check Mail Error Reply it will always explain why the mail is refused If necessary check with the company recipient/local ITs 3. Deblacklist your domain Most of entity of spam offers you a way (request) for deblacklist your domain. Most of time you just have to tell them that you’re a company with an exchange server, and antivirus, antispam solution ect. Other possibility check your records in domain provider and using MxToolBox (DMARC, SPF, ect…) if necessary fix it !

Recommended

WSUS30SP2StepbyStep
WSUS30SP2StepbyStepWSUS30SP2StepbyStep
WSUS30SP2StepbyStep
Fahad Noaman
 
Oracle HCM Email notification
Oracle HCM Email notificationOracle HCM Email notification
Oracle HCM Email notification
Feras Ahmad
 
Moving Drupal to the Cloud
Moving Drupal to the CloudMoving Drupal to the Cloud
Moving Drupal to the Cloud
Ari Davidow
 
Top 15 Exchange Questions that Senior Admin ask - Jaap Wesselius
Top 15 Exchange Questions that Senior Admin ask - Jaap WesseliusTop 15 Exchange Questions that Senior Admin ask - Jaap Wesselius
Top 15 Exchange Questions that Senior Admin ask - Jaap Wesselius
Kemp
 
Microsoft exchange-server-2013-installation
Microsoft exchange-server-2013-installationMicrosoft exchange-server-2013-installation
Microsoft exchange-server-2013-installation
takdirlovely09
 
Microsoft Exchange Server 2013 Installation
Microsoft Exchange Server 2013 InstallationMicrosoft Exchange Server 2013 Installation
Microsoft Exchange Server 2013 Installation
Shahab Al Yamin Chawdhury
 
Whitepaper: Exchange 2003 to 2010 Migration – Part -2 - Happiest Minds
Whitepaper: Exchange 2003 to 2010 Migration – Part -2 - Happiest MindsWhitepaper: Exchange 2003 to 2010 Migration – Part -2 - Happiest Minds
Whitepaper: Exchange 2003 to 2010 Migration – Part -2 - Happiest Minds
Happiest Minds Technologies
 
Migrating to Exchange 2010 and ad 2080 r2
Migrating to Exchange 2010 and ad 2080 r2Migrating to Exchange 2010 and ad 2080 r2
Migrating to Exchange 2010 and ad 2080 r2
Nathan Winters
 

Recommended

WSUS30SP2StepbyStep
WSUS30SP2StepbyStepWSUS30SP2StepbyStep
WSUS30SP2StepbyStep
Fahad Noaman
 
Oracle HCM Email notification
Oracle HCM Email notificationOracle HCM Email notification
Oracle HCM Email notification
Feras Ahmad
 
Moving Drupal to the Cloud
Moving Drupal to the CloudMoving Drupal to the Cloud
Moving Drupal to the Cloud
Ari Davidow
 
Top 15 Exchange Questions that Senior Admin ask - Jaap Wesselius
Top 15 Exchange Questions that Senior Admin ask - Jaap WesseliusTop 15 Exchange Questions that Senior Admin ask - Jaap Wesselius
Top 15 Exchange Questions that Senior Admin ask - Jaap Wesselius
Kemp
 
Microsoft exchange-server-2013-installation
Microsoft exchange-server-2013-installationMicrosoft exchange-server-2013-installation
Microsoft exchange-server-2013-installation
takdirlovely09
 
Microsoft Exchange Server 2013 Installation
Microsoft Exchange Server 2013 InstallationMicrosoft Exchange Server 2013 Installation
Microsoft Exchange Server 2013 Installation
Shahab Al Yamin Chawdhury
 
Whitepaper: Exchange 2003 to 2010 Migration – Part -2 - Happiest Minds
Whitepaper: Exchange 2003 to 2010 Migration – Part -2 - Happiest MindsWhitepaper: Exchange 2003 to 2010 Migration – Part -2 - Happiest Minds
Whitepaper: Exchange 2003 to 2010 Migration – Part -2 - Happiest Minds
Happiest Minds Technologies
 
Migrating to Exchange 2010 and ad 2080 r2
Migrating to Exchange 2010 and ad 2080 r2Migrating to Exchange 2010 and ad 2080 r2
Migrating to Exchange 2010 and ad 2080 r2
Nathan Winters
 
Lab08Email
Lab08EmailLab08Email
Lab08Email
Robert Klebes
 
SalesDesktop FAQ
SalesDesktop FAQSalesDesktop FAQ
SalesDesktop FAQ
InvisibleCRM
 
Exchange 2003 / 2010 Notes from the Field
Exchange 2003 / 2010 Notes from the FieldExchange 2003 / 2010 Notes from the Field
Exchange 2003 / 2010 Notes from the Field
Dave Kawula
 
Integration Approach for MES
Integration Approach for MESIntegration Approach for MES
Integration Approach for MES
Vinod Kumar
 
Webservices in SalesForce (part 1)
Webservices in SalesForce (part 1)Webservices in SalesForce (part 1)
Webservices in SalesForce (part 1)
Mindfire Solutions
 
IME London - Send Transaction - WebServices - Specification.pdf
IME London - Send Transaction - WebServices - Specification.pdfIME London - Send Transaction - WebServices - Specification.pdf
IME London - Send Transaction - WebServices - Specification.pdf
BaasanjargalBaynmunk
 
Setup VoIP System and Interconnection with LTE network
Setup VoIP System and Interconnection with LTE networkSetup VoIP System and Interconnection with LTE network
Setup VoIP System and Interconnection with LTE network
Nazmul Hossain Rakib
 
Joget v5 Getting Started Guide
Joget v5 Getting Started GuideJoget v5 Getting Started Guide
Joget v5 Getting Started Guide
Joget Workflow
 
Denial of-service-Attack
Denial of-service-AttackDenial of-service-Attack
Denial of-service-Attack
Yatindra shashi
 
Firewall notes
Firewall notesFirewall notes
Firewall notes
netlabacademy
 
Joget Workflow v4 Getting Started
Joget Workflow v4 Getting StartedJoget Workflow v4 Getting Started
Joget Workflow v4 Getting Started
Joget Workflow
 
50357 a enu-labmanual01
50357 a enu-labmanual0150357 a enu-labmanual01
50357 a enu-labmanual01
Frank olazo
 
Exchange server 2007 to 2010 migration guide v1.0 planning chapter
Exchange server 2007 to 2010 migration guide v1.0 planning chapterExchange server 2007 to 2010 migration guide v1.0 planning chapter
Exchange server 2007 to 2010 migration guide v1.0 planning chapter
paulv14
 
Installing oracle timesten database On Linux
Installing oracle timesten database On Linux Installing oracle timesten database On Linux
Installing oracle timesten database On Linux
Osama Mustafa
 
Build HA Asterisk on Microsoft Azure using DRBD/Heartbeat
Build HA Asterisk on Microsoft Azure using DRBD/HeartbeatBuild HA Asterisk on Microsoft Azure using DRBD/Heartbeat
Build HA Asterisk on Microsoft Azure using DRBD/Heartbeat
Sanjay Willie
 
Server Core Remote Management by Sander Berkouwer & Joachim Nässlander
Server Core Remote Management by Sander Berkouwer & Joachim NässlanderServer Core Remote Management by Sander Berkouwer & Joachim Nässlander
Server Core Remote Management by Sander Berkouwer & Joachim Nässlander
diTii
 
2009 10-08 soa-og_itil_does service in it service rhyme with service as in so...
2009 10-08 soa-og_itil_does service in it service rhyme with service as in so...2009 10-08 soa-og_itil_does service in it service rhyme with service as in so...
2009 10-08 soa-og_itil_does service in it service rhyme with service as in so...
Peter Rosenberg
 
Flowsinmule 160517130818
Flowsinmule 160517130818Flowsinmule 160517130818
Flowsinmule 160517130818
ppts123456
 
Exchange 2010 on_v_mware_-_best_practices_guide[1]
Exchange 2010 on_v_mware_-_best_practices_guide[1]Exchange 2010 on_v_mware_-_best_practices_guide[1]
Exchange 2010 on_v_mware_-_best_practices_guide[1]
jabramo
 
Rapid transition-guide-from-exchange-2003-to-exchange-2010
Rapid transition-guide-from-exchange-2003-to-exchange-2010Rapid transition-guide-from-exchange-2003-to-exchange-2010
Rapid transition-guide-from-exchange-2003-to-exchange-2010
Peter Diaz
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
masabamasaba
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
masabamasaba
 

More Related Content

Similar to Exchange overview and popularization

IME London - Send Transaction - WebServices - Specification.pdf
IME London - Send Transaction - WebServices - Specification.pdfIME London - Send Transaction - WebServices - Specification.pdf
IME London - Send Transaction - WebServices - Specification.pdf
BaasanjargalBaynmunk
 
50357 a enu-labmanual01
50357 a enu-labmanual0150357 a enu-labmanual01
50357 a enu-labmanual01
Frank olazo
 
Exchange server 2007 to 2010 migration guide v1.0 planning chapter
Exchange server 2007 to 2010 migration guide v1.0 planning chapterExchange server 2007 to 2010 migration guide v1.0 planning chapter
Exchange server 2007 to 2010 migration guide v1.0 planning chapter
paulv14
 
Exchange 2010 on_v_mware_-_best_practices_guide[1]
Exchange 2010 on_v_mware_-_best_practices_guide[1]Exchange 2010 on_v_mware_-_best_practices_guide[1]
Exchange 2010 on_v_mware_-_best_practices_guide[1]
jabramo
 
Rapid transition-guide-from-exchange-2003-to-exchange-2010
Rapid transition-guide-from-exchange-2003-to-exchange-2010Rapid transition-guide-from-exchange-2003-to-exchange-2010
Rapid transition-guide-from-exchange-2003-to-exchange-2010
Peter Diaz
 

Similar to Exchange overview and popularization (20)

Lab08Email
Lab08EmailLab08Email
Lab08Email
 
SalesDesktop FAQ
SalesDesktop FAQSalesDesktop FAQ
SalesDesktop FAQ
 
Exchange 2003 / 2010 Notes from the Field
Exchange 2003 / 2010 Notes from the FieldExchange 2003 / 2010 Notes from the Field
Exchange 2003 / 2010 Notes from the Field
 
Integration Approach for MES
Integration Approach for MESIntegration Approach for MES
Integration Approach for MES
 
Webservices in SalesForce (part 1)
Webservices in SalesForce (part 1)Webservices in SalesForce (part 1)
Webservices in SalesForce (part 1)
 
IME London - Send Transaction - WebServices - Specification.pdf
IME London - Send Transaction - WebServices - Specification.pdfIME London - Send Transaction - WebServices - Specification.pdf
IME London - Send Transaction - WebServices - Specification.pdf
 
Setup VoIP System and Interconnection with LTE network
Setup VoIP System and Interconnection with LTE networkSetup VoIP System and Interconnection with LTE network
Setup VoIP System and Interconnection with LTE network
 
Joget v5 Getting Started Guide
Joget v5 Getting Started GuideJoget v5 Getting Started Guide
Joget v5 Getting Started Guide
 
Denial of-service-Attack
Denial of-service-AttackDenial of-service-Attack
Denial of-service-Attack
 
Firewall notes
Firewall notesFirewall notes
Firewall notes
 
Joget Workflow v4 Getting Started
Joget Workflow v4 Getting StartedJoget Workflow v4 Getting Started
Joget Workflow v4 Getting Started
 
50357 a enu-labmanual01
50357 a enu-labmanual0150357 a enu-labmanual01
50357 a enu-labmanual01
 
Exchange server 2007 to 2010 migration guide v1.0 planning chapter
Exchange server 2007 to 2010 migration guide v1.0 planning chapterExchange server 2007 to 2010 migration guide v1.0 planning chapter
Exchange server 2007 to 2010 migration guide v1.0 planning chapter
 
Installing oracle timesten database On Linux
Installing oracle timesten database On Linux Installing oracle timesten database On Linux
Installing oracle timesten database On Linux
 
Build HA Asterisk on Microsoft Azure using DRBD/Heartbeat
Build HA Asterisk on Microsoft Azure using DRBD/HeartbeatBuild HA Asterisk on Microsoft Azure using DRBD/Heartbeat
Build HA Asterisk on Microsoft Azure using DRBD/Heartbeat
 
Server Core Remote Management by Sander Berkouwer & Joachim Nässlander
Server Core Remote Management by Sander Berkouwer & Joachim NässlanderServer Core Remote Management by Sander Berkouwer & Joachim Nässlander
Server Core Remote Management by Sander Berkouwer & Joachim Nässlander
 
2009 10-08 soa-og_itil_does service in it service rhyme with service as in so...
2009 10-08 soa-og_itil_does service in it service rhyme with service as in so...2009 10-08 soa-og_itil_does service in it service rhyme with service as in so...
2009 10-08 soa-og_itil_does service in it service rhyme with service as in so...
 
Flowsinmule 160517130818
Flowsinmule 160517130818Flowsinmule 160517130818
Flowsinmule 160517130818
 
Exchange 2010 on_v_mware_-_best_practices_guide[1]
Exchange 2010 on_v_mware_-_best_practices_guide[1]Exchange 2010 on_v_mware_-_best_practices_guide[1]
Exchange 2010 on_v_mware_-_best_practices_guide[1]
 
Rapid transition-guide-from-exchange-2003-to-exchange-2010
Rapid transition-guide-from-exchange-2003-to-exchange-2010Rapid transition-guide-from-exchange-2003-to-exchange-2010
Rapid transition-guide-from-exchange-2003-to-exchange-2010
 

Recently uploaded

Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
masabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
masabamasaba
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 

Recently uploaded (20)

%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 

Exchange overview and popularization

  • 1. EXCHANGE SERVER Overview and Popularization to begin Exchange Management Rosset, Julien Windows Expert
  • 2. 1 I. INDEX I. INDEX............................................................................................................................................... 0 II. THIS DOCUMENT............................................................................................................................. 2 III. UNDERSTANDING MAIL REPUTATION......................................................................................... 3 1. Name of your mail infrastructure over internet, Starttls, and SMTP Banner ............................. 3 2. Records in your Domain Provider................................................................................................ 3 3. Securing potential Spam.............................................................................................................. 4 4. Blacklisting and Health check...................................................................................................... 4 5. Banned over internet .................................................................................................................. 4 IV. INSTALL EXCHANGE SERVER (2010) ............................................................................................ 5 1. Edge Role..................................................................................................................................... 5 V. INSTALL EXCHANGE SERVER (2016) ................................................................................................ 7 1. Edge Role..................................................................................................................................... 7 VI. MANAGE SERVER....................................................................................................................... 10 1. Licensing.................................................................................................................................... 10 2. Configure Virtual Directory ....................................................................................................... 10 3. Enable Outlook Anywhere......................................................................................................... 11 4. Renew Autosigned Certificate................................................................................................... 11 5. Check the message Queue ........................................................................................................ 11 6. Test Health of your Server......................................................................................................... 11 7. Test Mail “In”............................................................................................................................. 12 8. Change SMTP Banner................................................................................................................ 12 9. Disable/enable antispam........................................................................................................... 12 10. Send / Receive Connector ..................................................................................................... 12 VII. MANAGE MAILBOX.................................................................................................................... 13 1. List mailbox / distribution group............................................................................................... 13 2. Give access right........................................................................................................................ 13 3. Mailbox details .......................................................................................................................... 13 VIII. EXPORT/IMPORT MAILBOX ....................................................................................................... 14 1. Give import/export access right................................................................................................ 14 2. Export one MailBox: .................................................................................................................. 14 3. Export All Mailbox: .................................................................................................................... 14 4. Check the task running:............................................................................................................. 14 5. Flush Mailbox Import/Export Request ...................................................................................... 15 6. Import all mailbox in Exchange ................................................................................................. 15
  • 3. 2 II. THIS DOCUMENT This document explain the main useful PowerShell command to manage exchange Server, It is not a tutorial for “how to manage daily” your exchange Infrastructure Because of the reputation of your mail infrastructure over internet is really important, this document explain shortly the “Good Mail Reputation” and how to set up correctly an Exchange Infrastructure (2010, 2016(2013)) Each command must be run from Exchange PowerShell (Administrator Mode). Except for Telnet must be run in DOS These Command are Available for Exchange Server 2010 SP2 to Exchange Server 2016 Most of these command can be done by Exchange interface MMC (2010) or HTTP (2013-2016) All Green Command should not be modified All Red Command Should be adapted to your infrastructure (server, domain, ect) All Purple Command Should be adapted to your context (user, name, date, ect …)
  • 4. 3 III. UNDERSTANDING MAIL REPUTATION Mail Reputation; You can find a lot of literature about this subject, with much more details than this documents but you have to respect at least all these topics : 1. Name of your mail infrastructure over internet, Starttls, and SMTP Banner Your mail server must be reachable over internet, so this one must have a name which does not refer to your local domain name (reply to ehlo). SMTP Banner is the announcement when you run a telnet request to an Exchange Server. I will not explain what are SMTP Banner, ehlo and telnet protocol is, please check Google and chapter VI.7 and VI.8 When you set up your exchange Server (using wizard), the receive connector will be set automatically with the local FQDN (exch2k.contoso.local for example). But your mail infrastructure should not have this name over internet, so you have to change it For example if the local domain name of your server is Exch2k.contoso.local, this one must reply to ehlo (over internet) by mailhost.contoso.com The configuration of “reply to Ehlo” must be set on Send/Receive Connector. Warning! : If you change the reply to ehlo on the exchange on Receive Connector server, this one will lose “250 Startlts” Announcement; Starttls is not mandatory, but if you can keep it, do it. So to keep Starttls announcement you have two options: 1) After your full set up mail infrastructure, buy a SSL Certificate to an official organism (Verisign) and add it to your exchange infrastructure 2) Let all you Send/Receive connector and set up an Edge Server (workgroup) in DMZ, this one must be named Mailhost and add in DNS Suffix mailhost.contoso.com before install edge rôle and Edge Subscription (see chapter IV.1 and V.1) If your proceed like your Send/Receive connector on the Edge Server (front mail) will be correctly named from scratch 2. Records in your Domain Provider Records in your Domain Provider interface must be correctly set. You have to set MX, HOSTA, DMARC and SPF Record. MX and HostA records must be redirect to your public IP and must match with your reply to EHLO: mx.contoso.com <> 197.x.x.x mailhost.contoso.mx <> 197.x.x.x
  • 5. 4 MX toolbox can help you to generate DMARC and SPF https://mxtoolbox.com/SPFRecordGenerator.aspx https://mxtoolbox.com/DMARCRecordGenerator.aspx 3. Securing potential Spam To protect your infrastructure, you have three solutions: - Install anti-spam provide with exchange (free) but you do not have many options to configure it - Install a specific software attached to your Exchange (Ex: Symantec Bright Mail) - Use a SAAS Solution (Ex: AltoSpam), in that case you have to configure a specific send connector for this SAAS Soltution (relay to SAAS host with authentication or not) 4. Blacklisting and Health check If you respect all of this you will not be blacklisted by Spam entity, but it can’t prevent your infrastructure from a hacked computer or user who send spam mail from your infrastructure. In any case you can easily check the Health of your infrastructure by using MXTOOLBOX and their blacklist check solution MxToolBox offers many other useful tool as SMTP Test, ect... 5. Banned over internet There is really one main things to respect: Your mail server should not be an OPEN RELAY it’s banned. To resume an open relay is a mail server which can accept and resend mail without authentication (anyone can use your server to send spam). So if you need some connector to send mail without authentication for specific applications inside your organization (Ex: VmWare Vsphere) please be sure that these connector are not able to send mail outside directly.
  • 6. 5 IV. INSTALL EXCHANGE SERVER (2010) Install NetFramework 3.5 import-module servermanager Add-WindowsFeature NET-Framework,NET-HTTP-Activation,Web-Server,Web-ISAPI-Ext,Web-Basic- Auth,Web-Digest-Auth,Web-Windows-Auth,Web-Dyn-Compression,Web-Metabase,Web-Net- Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-ADDS,RSAT-Clustering,RSAT-Web- Server,RPC-Over-HTTP-proxy Set-Service NetTcpPortSharing -StartupType Automatic reboot the server Servermanager -i RSAT -ADDS Close the window In PowerShell go to the Exchange 2010 folder Install then: .Setup /PrepareSchema .Setup /PrepareAD /OrganizationName:mydomain .Setup /PrepareDomain 1. Edge Role Edge Server Role must be install on separate server in workgroup and in DMZ, DMZ and LAN should allow all Activ directory Communications (check Technet) and mail flow : - HTTPS (443) - SMTP (25) - POP (110) - IMAP (587) - EDGE SYNC (50636) On the DNS Server: Add a host A for the server Edge On the Edge Server: - In IPv4 Setting go to advance, then DNS Tab, add the server DNS and the Suffix of your domain (test.local) - In the Name server add the suffix DNS - Launch the Edge Installation Wizard - Install role AD LDS - Run the wizard AD LDS (administration tool) - Test the Health of your EDGE Server (see Chapter 3.6)
  • 7. 6 Generate the EDGE XML Subscription From Exchange PowerShell: C:>New-EdgeSubscription -FileName C:edgesubscription.xml Answer yes to all Copy the XML file to the Exchange Server On the Exchange Server: Open the Exchange management, go to hub transport, in the “action” right pane clic on “new edge subscription” and follow the wizard. Set “credential manager” service automatic and wait 5 minutes (replication) Start-EdgeSynchronization -Server "fqdn.exchangeserver" You Should have two success.
  • 8. 7 V. INSTALL EXCHANGE SERVER (2016) Install netframework 4.5 Install-WindowsFeature RSAT-ADDS Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC- over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT- Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web- Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows- Auth, Web-WMI, Windows-Identity-Foundation Install updates .NET4.6.2 Install Win8.1 KB3146717-x64 Install Ucma Runtime 1. Edge Role Repeat the DMZ and Firewall configuration (refers to 1.1 chapter) Repeat the DNS configuration (refers to 1.1 chapter) Once it’s done: Install-WindowsFeature ADLDS Install updates .NET4.6.2 Install-WindowsFeature NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT- Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web- Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web- Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat- Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS Install Cumulative Update for server 2016 Install Media Foundation Feature Install Ucma Runtime
  • 9. 8 Run Set Up Exchange for Edge Role Test the Health of your EDGE Server (see Chapter VI.6) Generate the EDGE XML Subscription From Exchange PowerShell: New-EdgeSubscription -FileName C:edgesubscription.xml Answer yes to all Copy the XML file to the Exchange Server On the Exchange Server: In Exchange PowerShell New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path C:edgesubscription.xml –Encoding Byte -ReadCount 0)) -Site “Default-first-site-name” Red command should be adapted, if you have further subdomain Check port 50636 open between Lan and EDGE Check in your Exchange > Server, Edge server should appears > Mail Flow, check Send Receive Connectors Receive Connector There is no new receive connector required. Don’t change Send connector Configuration “–” is part of the configuration on the “EdgeSync – Inbound to AD Site” Connector so don’t change it. We will see this in the smart host and accepted domain The — value in the address space represents all authoritative and internal relay accepted domains for the Exchange organization. The — value in the list of smart hosts represents all Mailbox servers in the subscribed Active Directory site. Configure Internal SMTP Use the InternalSMTPServers parameter on the Set-TransportConfig cmdlet to specify a list of internal SMTP server IP addresses or IP address ranges to be ignored by the Sender ID and Connection Filtering agents on the Edge Transport server. Configure Internal SMTP server on Transport Configuration Use the InternalSMTPServers parameter on the Set-TransportConfig cmdlet to specify a list of internal SMTP server IP addresses or IP address ranges to be ignored by the Sender ID and Connection Filtering agents on the Edge Transport server. Run the below command on the mailbox server Set-TransportConfig –InternalSMTPServers IP, IP (range)
  • 10. 9 Start Edge Sync Once all above completed, run the below command Start-EdgeSynchronization -Server MailboxserverFQDN -TargetServer EDGEServerFQDN - ForceFullSync Restart Service Reboot Edge Server
  • 11. 10 VI. MANAGE SERVER 1. Licensing Get-ExchangeServerAccessLicenseUser -LicenseName "exchange server 2016 standard cal" | Measure-object | Select Count Get-ExchangeServerAccessLicenseUser -LicenseName "exchange server 2016 enterprise cal" | Measure-object | Select Count 2. Configure Virtual Directory Modify virtual directory will change the name announcement of your exchange (example: mailhost.domain.com) server from: - HTTP and HTTPS request - Telnet Request - Autodiscover Request All PS command listed under can be done with Exchange MMC under “Server Configuration” Take in consideration that your Exchange certificate must be compliant with these name announcement. So after your fresh install of exchange and your fresh configuration of Virtual Directory you have to renew your Auto signed Certificate and disable the older, the new one will automatically published. ($Server = "ServerName" $HTTPS_FQDN = "mail.domain.com") Get-OWAVirtualDirectory -Server $Server | Set-OWAVirtualDirectory -InternalURL "https://$($HTTPS_FQDN)/owa" -ExternalURL "https://$($HTTPS_FQDN)/owa" Get-ECPVirtualDirectory -Server $Server | Set-ECPVirtualDirectory -InternalURL "https://$($HTTPS_FQDN)/ecp" -ExternalURL "https://$($HTTPS_FQDN)/ecp" Get-OABVirtualDirectory -Server $Server | Set-OABVirtualDirectory -InternalURL "https://$($HTTPS_FQDN)/oab" -ExternalURL "https://$($HTTPS_FQDN)/oab" Get-ActiveSyncVirtualDirectory -Server $Server | Set-ActiveSyncVirtualDirectory -InternalURL "https://$($HTTPS_FQDN)/Microsoft-Server-ActiveSync" -ExternalURL "https://$($HTTPS_FQDN)/Microsoft-Server-ActiveSync" Get-WebServicesVirtualDirectory -Server $Server | Set-WebServicesVirtualDirectory -InternalURL "https://$($HTTPS_FQDN)/EWS/Exchange.asmx" -ExternalURL "https://$($HTTPS_FQDN)/EWS/Exchange.asmx" Get-MapiVirtualDirectory -Server $Server | Set-MapiVirtualDirectory -InternalURL "https://$($HTTPS_FQDN)/mapi" -ExternalURL https://$($HTTPS_FQDN)/mapi
  • 12. 11 3. Enable Outlook Anywhere Enable-OutlookAnywhere -Server $Server -ClientAuthenticationMethod Basic -SSLOffloading $False - ExternalHostName $HTTPS_FQDN -IISAuthenticationMethods NTLM, Basic 4. Renew Autosigned Certificate Get the list of all certificate and copy the thumbprint of the concerning certificate Get-ExchangeCertificate | FL ThumbPrint, isSelfSigned, NotBefore, NotAfter, Services Create new certificate: Get-ExchangeCertificate “ThumbprintNumber” | New-ExchangeCertificate Activate IIS et SMTP on the new certificate: Enable-ExchangeCertificate -ThumbPrint “ThumbprintNumber” -Services IIS SMTP Remove old certificate: Remove-ExchangeCertificate –ThumbPrint “ThumbprintNumber” 5. Check the message Queue Get-Queue –Identity Submission | Select Identity,Status,MessageCount 6. Test Health of your Server Get-servercomponentstate Get-transportagent Get-receiveconnector Get-recieveconnector | FL Test –Servicehealth Test –Servicehealth | FTrole,RequiredServicesRuninning -Autosize Run test-smtpconnectivity –identity
  • 13. 12 7. Test Mail “In” Install telnet client on a computer / server and run these commands from DOS as admin With Telnet you can easily identify which receive connector reply. It is very useful when you set further receive connector dedicated to specific IP telnet serverIP 25 helo name.domain.com MAIL FROM:user@domain.com RCPT TO:user@domain.com DATA SUBJECT:MAIL TEST!. (In telnet an empty Space necessary between subject and mail) THIS IS A MAIL TEST FROM TELNET . Quit 8. Change SMTP Banner By default SMTP Banner is $Null, but you may have to change it to do this: Set-ReceiveConnector "From the Internet" -Banner "220 Contoso Corporation" 9. Disable/enable antispam & $env:ExchangeInstallPathScriptsDisable-Antimalwarescanning.ps1 & $env:ExchangeInstallPathScriptsEnable-Antimalwarescanning.ps1 10.Send / Receive Connector You do not have to change anything on the existing receive connector unless if you need to change reply to ehlo Keep attention that if you change the reply to EHLO you have to uncheck “Exchange server authentication” in security tab. By doing this you will disable “250 Starttls authentication” (see chapter III.1) Send connector must be set regarding your mail flow (relay or mx) check google
  • 14. 13 VII. MANAGE MAILBOX 1. List mailbox / distribution group Get-Mailbox Get-Distributiongroup 2. Give access right add-adpermission -identity "user" -user "mailbox or group" -extendedrights “send as” Enable Mailbox for “Existing User” in a specific O.U (who do not have Mailbox) Get-User -OrganizationalUnit DOMAIN.COM/O.U | Enable-Mailbox 3. Mailbox details All Yellow Field can be replace or removed it depends of what you want to check get-mailbox -OrganizationalUnit "OU=Name of OU,DC=domain,DC=extension" -resultsize unlimited | get-mailboxstatistics | ft DisplayName,TotalItemSize,Itemcount,TotalDeletedItemSize,DeletedItemCount, Database This will expose Total Item, Deleted Item and database Example for O.U = contoso with domain = Contoso.domain.local get-mailbox -OrganizationalUnit "OU=contoso,DC=contoso,DC=domain,DC=local " -resultsize unlimited | get-mailboxstatistics | ft DisplayName,TotalItemSize,Itemcount,TotalDeletedItemSize,DeletedItemCount, Database Example with an Export CSV get-mailbox -OrganizationalUnit "OU=contoso,DC=contoso,DC=domain,DC=local " -resultsize unlimited | get-mailboxstatistics | ft DisplayName,TotalItemSize,Itemcount,TotalDeletedItemSize,DeletedItemCount, Database | export- csv -path c:mailbox.csv
  • 15. 14 VIII. EXPORT/IMPORT MAILBOX 1. Give import/export access right Before running Import/Export task you have to provide access right to your Exchange Management user New-ManagementRoleAssignment –Role “Mailbox Import Export” –User DOMAINUser When it’s done Close PowerShell and Restart it before run new commands 2. Export one MailBox: It is mandatory to export PST into a share folder, (this one can be set on the same server) in the file path you have to set the FULL file path (not only the short UNC Link provide by sharing wizard) New-MailboxExportRequest -Mailbox “Administrator” -FilePath IP or SERVER NAMEFOLDERFOLDERAdministrator.pst 3. Export All Mailbox: This command will export all mailbox respecting name/alias/…. of mailbox, this exports all items (contact, calendar, inbox, junkmail, ect) foreach ($i in (Get-Mailbox)) { New-MailboxExportRequest -Mailbox $i -FilePath IP or SERVER NAMEFOLDERFOLDER $($i.Alias).pst" } You can add a range of date: Date format is US month/day/year Lt : Less Than Gt: Greater Than foreach ($i in (Get-Mailbox)) { New-MailboxExportRequest -Mailbox $i -contentfilter {(received –lt ‘01/22/2017) –and (received –gt ‘01/01/2017’)} -FilePath IP or SERVER NAMEFOLDERFOLDER $($i.Alias).pst" } 4. Check the task running: Get-MailboxExportRequest | Get-MailboxExportRequestStatistics Get-MailboxImportRequest | Get-MailboxImportRequestStatistics
  • 16. 15 5. Flush Mailbox Import/Export Request Once your Import / export request is done do not forget to remove these request, these ones are named and if you want to rerun an export with the same name you should flush all export history. Get-MailboxExportRequest | Remove-MailboxExportRequest Get-MailboxImportRequest | Remove-MailboxImportRequest 6. Import all mailbox in Exchange Dir IP or SERVER NAMEFOLDERFOLDER*.pst | %{ New-MailboxImportRequest -Name BACKUP - BatchName Recovered -Mailbox $_.BaseName -FilePath $_.FullName -TargetRootFolder BACKUP} You can import only one item as it shown under: You can add/replace calendar by contacts ect… (see technet) Dir IP or SERVER NAMEFOLDERFOLDER*.pst | %{ New-MailboxImportRequest -Name BACKUP - BatchName Recovered -Mailbox $_.BaseName -includefoldres “#calendars#” $_.BaseName -FilePath $_.FullName -TargetRootFolder BACKUP} IX. MAILFLOW TROUBLESHOOTING 1. Mails won’t go outside Use MailQueu Viewer in Exchange MMC or EXCHANGE TOOLBOX This tool will explain why your mails stay into your infrastructure by showing error code, you will found a lot of literature on google about these code. Check your exchange Service are started or not (transport) Restart this service Restart Microsoft Exchange Active Directory Topology (will restart all exchange services) 2. Mails go outside but are not receive Check potential Blacklisting of your domain (MxToolBox and Queu Viewer) Check Mail Error Reply it will always explain why the mail is refused If necessary check with the company recipient/local ITs 3. Deblacklist your domain Most of entity of spam offers you a way (request) for deblacklist your domain. Most of time you just have to tell them that you’re a company with an exchange server, and antivirus, antispam solution ect. Other possibility check your records in domain provider and using MxToolBox (DMARC, SPF, ect…) if necessary fix it !