首页 > 代码库 > How to Deploy Exchange 2016 CU2
How to Deploy Exchange 2016 CU2
How to Deploy Exchange 2016 CU2 Hybrid with Office 365
1. install exchange 2016 CU2
1) Prepare Windows Feature:
Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience,NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering,RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell,Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth,Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression,Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing,Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase,Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor,Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth,Web-WMI, Windows-Identity-Foundation,RSAT-ADDS
2)
Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
3)
Setup.exe /PrepareAD /OrganizationName:"NOS" /IAcceptExchangeServerLicenseTerms
4)
.\Setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms
5)
.\Setup.exe /mode:Install /role:Mailbox /InstallWindowsComponents /TargetDir:"D:\ExchangeServer\V15" /MdbName:"MBDB001" /DbFilePath:"D:\ExchangeServer\V15\Mailbox\MBDBFile\MBDB001.edb" /LogFolderPath:"D:\ExchangeServer\V15\Mailbox\MBDBLog" /CustomerFeedbackEnabled:false /IAcceptExchangeServerLicenseTerms
Download(http://www.microsoft.com/en-us/download/details.aspx?id=34992) and Install Unified Communications Managed API 4.0 Runtime (UcmaRuntimeSetup.exe):
Re run
.\Setup.exe /mode:Install /role:Mailbox /InstallWindowsComponents /TargetDir:"D:\ExchangeServer\V15" /MdbName:"MBDB001" /DbFilePath:"D:\ExchangeServer\V15\Mailbox\MBDBFile\MBDB001.edb" /LogFolderPath:"D:\ExchangeServer\V15\Mailbox\MBDBLog" /CustomerFeedbackEnabled:false /IAcceptExchangeServerLicenseTerms
Post-Installation Tasks:
Exchange PowerShell:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noexit -command ". ‘D:\ExchangeServer\V15\bin\RemoteExchange.ps1‘; Connect-ExchangeServer -auto -ClientApplication:ManagementShell "
1)
Standard:
Set-ExchangeServer -Identity Exch01 -ProductKey QXYKC-7H87P-YKC2Q-XRVQ7-GTJP2
Enterprise:
Set-ExchangeServer -Identity Exch01 -ProductKey 7WJV6-H9RMH-F4267-3R2KG-F6PBY
2) Creating accepted domains:
New-AcceptedDomain -Name Aplusnb -DomainName aplusnb.cn -DomainType Authoritative
3) Enable Mailbox:
get-user -OrganizationalUnit "nos.hk.cn/NOS" | where-object {$_.RecipientType –eq “User”} | Enable-Mailbox | get-mailbox | select name,windowsemailaddress,database
4) Creating an email address policy:
New-EmailAddressPolicy -Name Aplusnb -IncludedRecipients AllRecipients -ConditionalCompany "Aplusnb" -EnabledEmailAddressTemplates "SMTP:@aplusnb.cn"
Update-EmailAddressPolicy -Identity Aplusnb
get-mailbox | select name,windowsemailaddress,EmailAddresses,database
5) New Send Connector:
New-SendConnector -Name "Send To Internet" -Internet -AddressSpaces "*" -DNSRoutingEnabled:$TRUE -SourceTransportServers "Exch01"
Configure ReceiveConnector:
Get-ReceiveConnector -Server Exch01
Get-ReceiveConnector “Default EXCH01” | select Identity,PermissionGroups
Get-ReceiveConnector
Get-ReceiveConnector “Default Exch01” | Set-ReceiveConnector -PermissionGroups AnonymousUsers, ExchangeUsers, ExchangeServers, ExchangeLegacyServers
6) Configuring SSL certificates
$Data = http://www.mamicode.com/New-ExchangeCertificate -FriendlyName "Exch01_Certificate" -GenerateRequest -SubjectName "c=CN, o=NOS, cn=mail.nos.hk.cn" -DomainName mail.nos.hk.cn,autodiscover.nos.hk.cn,mail.aplusnb.cn,autodiscover.aplusnb.cn,mail.seniorit.cn,autodiscover.seniorit.cn,exch01.nos.hk.cn,exch01,localhost -PrivateKeyExportable $true
Set-Content -path "\\Exch01\C$\Exch01CertRequest.req.txt" -Value $Data
You can use the contents of the Exch01CertRequest.req.tx file to request an SSL certificate from a certificate authority (CA),open web:
http://DC01/Certsrv To Request an SSL Certificate and save to \\Exch01\C$\Exch01certnew.cer
Import CA:
Import-ExchangeCertificate –Server Exch01 -FileData ([Byte[]]$(Get-Content -Path "\\Exch01\C$\Exch01certnew.cer" -Encoding byte -ReadCount 0)) | Enable-ExchangeCertificate -Server Exch01 -Services "IIS,POP,IMAP,SMTP"
7) Configuring Outlook Anywhere:
Get-OutlookAnywhere -Server Exch01 | Set-OutlookAnywhere -ExternalHostname mail.nos.hk.cn -ExternalClientsRequireSsl:$true -ExternalClientAuthenticationMethod:Basic -InternalHostName Exch01.nos.hk.cn -InternalClientsRequireSsl:$true -InternalClientAuthenticationMethod:Basic
8)Enabling MapiHttp:
Set-OrganizationConfig -MapiHttpEnabled $true
9) Set owa ecp and ews VirtualDirectory ExternalUrl:
Set-OwaVirtualDirectory -identity "owa (default web site)" -LogonFormat UserName -DefaultDomain "nos.hk.cn"
$DomainName = "nos.hk.cn"
$hostname = "mail." + $DomainName
$owa = "https://" + $hostname + "/owa"
$ecp = "https://" + $hostname + "/ecp"
$mapi = "https://" + $hostname + "/mapi"
$powershell = "https://" + $hostname + "/powershell"
$activesync = "https://" + $hostname + "/Microsoft-Server-ActiveSync"
$oab = "https://" + $hostname + "/OAB"
$ews = "https://" + $hostname + "/EWS/Exchange.asmx"
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory –ExternalUrl $owa –InternalUrl $owa
Get-EcpVirtualDirectory | Set-EcpVirtualDirectory –ExternalUrl $ecp –InternalUrl $ecp
Get-MapiVirtualDirectory | Set-MapiVirtualDirectory –ExternalUrl $mapi –InternalUrl $mapi
Get-ActiveSyncVirtualDirectory | Set-ActiveSyncVirtualDirectory -ExternalUrl $activesync –InternalUrl $activesync
Get-OABVirtualDirectory | Set-OABVirtualDirectory -ExternalUrl $oab -InternalUrl $oab -RequireSSL:$true
Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -ExternalUrl $ews -InternalUrl $ews -BasicAuthentication:$True -Force
Get-PowershellVirtualDirectory | Set-PowershellVirtualDirectory –ExternalUrl $powershell –InternalUrl $powershell -BasicAuthentication:$True
10) Enable Mailbox Replication Service (MRS)MRSProxy:
the Mailbox Replication Service (MRS) Proxy service helps facilitate cross-forest remote mailbox moves. It’s often used when performing a cross-forest migration from a legacy Exchange organization.
Get-WebServicesVirtualDirectory | fl server,mrs*
Get-WebServicesVirtualDirectory -ADPropertiesOnly | Where {$_.MRSProxyEnabled -ne $true} | Set-WebServicesVirtualDirectory -MRSProxyEnabled $true
11) Publishing Exchange:
with a solid firewall solution where only the following ports are opened:
Port 25 for SMTP
Port 80 for HTTP
Port 443 for HTTPS
Port 587 for SMTP submission
Ports 110 and 143 for POP3 and IMAP4
Ports 993 and 995 for Secure POP3 and Secure IMAP4.
Hybrid Deployment and Migrating to Office 365
1)Register Office 365 for test:
https://products.office.com/zh-cn/buy/overview?param=TryOffice365EnterpriseE3
https://login.partner.microsoftonline.cn
https://dc.aliyun.com/login/loginx
Login DC01:
Get-ADUser -Filter * -SearchBase ‘ou=nos,dc=nos,dc=hk,dc=cn’ -Properties userPrincipalName | foreach { Set-ADUser $_ -UserPrincipalName (“{0}@{1}” -f $_.name,”seniorit.cn”)}
Open the Exchange Management Shell and New-AcceptedDomain
New-AcceptedDomain -Name Seniorit -DomainName Seniorit.cn -DomainType Authoritative
New an email address policy:
New-EmailAddressPolicy -Name "Seniorit" -IncludedRecipients AllRecipients -ConditionalCompany "Seniorit" -Priority 1 -EnabledEmailAddressTemplates "SMTP:@Seniorit.cn"
Update-EmailAddressPolicy -Identity Seniorit
get-mailbox | select name,windowsemailaddress,EmailAddresses,database
New DNS Zone seniorit.cn on dnsmgmt.msc
Office 365 Hybrid Configuration Wizard:
http://aka.ms/HybridWizard
How to Deploy Exchange 2016 CU2 Hybrid with Office 365
1. install exchange 2016 CU2
1) Prepare Windows Feature:
Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience,NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering,RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell,Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth,Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression,Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing,Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase,Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor,Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth,Web-WMI, Windows-Identity-Foundation,RSAT-ADDS
Download(http://www.microsoft.com/en-us/download/details.aspx?id=34992) and Install Unified Communications Managed API 4.0 Runtime (UcmaRuntimeSetup.exe):
2)
Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
3)
Setup.exe /PrepareAD /OrganizationName:"NOS" /IAcceptExchangeServerLicenseTerms
4)
.\Setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms
5)
.\Setup.exe /mode:Install /role:Mailbox /InstallWindowsComponents /TargetDir:"D:\ExchangeServer\V15" /MdbName:"MBDB001" /DbFilePath:"D:\ExchangeServer\V15\Mailbox\MBDBFile\MBDB001.edb" /LogFolderPath:"D:\ExchangeServer\V15\Mailbox\MBDBLog" /CustomerFeedbackEnabled:false /IAcceptExchangeServerLicenseTerms
Post-Installation Tasks:
Exchange PowerShell:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noexit -command ". ‘D:\ExchangeServer\V15\bin\RemoteExchange.ps1‘; Connect-ExchangeServer -auto -ClientApplication:ManagementShell "
1)
Standard:
Set-ExchangeServer -Identity Exch01 -ProductKey QXYKC-7H87P-YKC2Q-XRVQ7-GTJP2
Enterprise:
Set-ExchangeServer -Identity Exch01 -ProductKey 7WJV6-H9RMH-F4267-3R2KG-F6PBY
2) Creating accepted domains:
New-AcceptedDomain -Name Aplusnb -DomainName aplusnb.cn -DomainType Authoritative
3) Enable Mailbox:
get-user -OrganizationalUnit "nos.hk.cn/NOS" | where-object {$_.RecipientType –eq “User”} | Enable-Mailbox | get-mailbox | select name,windowsemailaddress,database
4) Creating an email address policy:
New-EmailAddressPolicy -Name Aplusnb -IncludedRecipients AllRecipients -ConditionalCompany "Aplusnb" -EnabledEmailAddressTemplates "SMTP:@aplusnb.cn"
Update-EmailAddressPolicy -Identity Aplusnb
get-mailbox | select name,windowsemailaddress,EmailAddresses,database
5) New Send Connector:
New-SendConnector -Name "Send To Internet" -Internet -AddressSpaces "*" -DNSRoutingEnabled:$TRUE -SourceTransportServers "Exch01"
Configure ReceiveConnector:
Get-ReceiveConnector -Server Exch01
Get-ReceiveConnector “Default EXCH01” | select Identity,PermissionGroups
Get-ReceiveConnector
Get-ReceiveConnector “Default Exch01” | Set-ReceiveConnector -PermissionGroups AnonymousUsers, ExchangeUsers, ExchangeServers, ExchangeLegacyServers
6) Configuring SSL certificates
$Data = http://www.mamicode.com/New-ExchangeCertificate -FriendlyName "Exch01_Certificate" -GenerateRequest -SubjectName "c=CN, o=NOS, cn=mail.nos.hk.cn" -DomainName mail.nos.hk.cn,autodiscover.nos.hk.cn,mail.aplusnb.cn,autodiscover.aplusnb.cn,mail.seniorit.cn,autodiscover.seniorit.cn,exch01.nos.hk.cn,exch01,localhost -PrivateKeyExportable $true
Set-Content -path "\\Exch01\C$\Exch01CertRequest.req.txt" -Value $Data
You can use the contents of the Exch01CertRequest.req.tx file to request an SSL certificate from a certificate authority (CA),open web:
http://DC01/Certsrv To Request an SSL Certificate and save to \\Exch01\C$\Exch01certnew.cer
Import CA:
Import-ExchangeCertificate –Server Exch01 -FileData ([Byte[]]$(Get-Content -Path "\\Exch01\C$\Exch01certnew.cer" -Encoding byte -ReadCount 0)) | Enable-ExchangeCertificate -Server Exch01 -Services "IIS,POP,IMAP,SMTP"
7) Configuring Outlook Anywhere:
Get-OutlookAnywhere -Server Exch01 | Set-OutlookAnywhere -ExternalHostname mail.nos.hk.cn -ExternalClientsRequireSsl:$true -ExternalClientAuthenticationMethod:Basic -InternalHostName Exch01.nos.hk.cn -InternalClientsRequireSsl:$true -InternalClientAuthenticationMethod:Basic
8)Enabling MapiHttp:
Set-OrganizationConfig -MapiHttpEnabled $true
9) Set owa ecp and ews VirtualDirectory ExternalUrl:
Set-OwaVirtualDirectory -identity "owa (default web site)" -LogonFormat UserName -DefaultDomain "nos.hk.cn"
$DomainName = "nos.hk.cn"
$hostname = "mail." + $DomainName
$owa = "https://" + $hostname + "/owa"
$ecp = "https://" + $hostname + "/ecp"
$mapi = "https://" + $hostname + "/mapi"
$powershell = "https://" + $hostname + "/powershell"
$activesync = "https://" + $hostname + "/Microsoft-Server-ActiveSync"
$oab = "https://" + $hostname + "/OAB"
$ews = "https://" + $hostname + "/EWS/Exchange.asmx"
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory –ExternalUrl $owa –InternalUrl $owa
Get-EcpVirtualDirectory | Set-EcpVirtualDirectory –ExternalUrl $ecp –InternalUrl $ecp
Get-MapiVirtualDirectory | Set-MapiVirtualDirectory –ExternalUrl $mapi –InternalUrl $mapi
Get-ActiveSyncVirtualDirectory | Set-ActiveSyncVirtualDirectory -ExternalUrl $activesync –InternalUrl $activesync
Get-OABVirtualDirectory | Set-OABVirtualDirectory -ExternalUrl $oab -InternalUrl $oab -RequireSSL:$true
Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -ExternalUrl $ews -InternalUrl $ews -BasicAuthentication:$True -Force
Get-PowershellVirtualDirectory | Set-PowershellVirtualDirectory –ExternalUrl $powershell –InternalUrl $powershell -BasicAuthentication:$True
10) Enable Mailbox Replication Service (MRS)MRSProxy:
the Mailbox Replication Service (MRS) Proxy service helps facilitate cross-forest remote mailbox moves. It’s often used when performing a cross-forest migration from a legacy Exchange organization.
Get-WebServicesVirtualDirectory | fl server,mrs*
Get-WebServicesVirtualDirectory -ADPropertiesOnly | Where {$_.MRSProxyEnabled -ne $true} | Set-WebServicesVirtualDirectory -MRSProxyEnabled $true
11) Publishing Exchange:
with a solid firewall solution where only the following ports are opened:
Port 25 for SMTP
Port 80 for HTTP
Port 443 for HTTPS
Port 587 for SMTP submission
Ports 110 and 143 for POP3 and IMAP4
Ports 993 and 995 for Secure POP3 and Secure IMAP4.
Hybrid Deployment and Migrating to Office 365
1)Register Office 365 for test:
https://products.office.com/zh-cn/buy/overview?param=TryOffice365EnterpriseE3
https://login.partner.microsoftonline.cn
https://dc.aliyun.com/login/loginx
Login DC01:
Get-ADUser -Filter * -SearchBase ‘ou=nos,dc=nos,dc=hk,dc=cn’ -Properties userPrincipalName | foreach { Set-ADUser $_ -UserPrincipalName (“{0}@{1}” -f $_.name,”seniorit.cn”)}
Open the Exchange Management Shell and New-AcceptedDomain
New-AcceptedDomain -Name Seniorit -DomainName Seniorit.cn -DomainType Authoritative
New an email address policy:
New-EmailAddressPolicy -Name "Seniorit" -IncludedRecipients AllRecipients -ConditionalCompany "Seniorit" -Priority 1 -EnabledEmailAddressTemplates "SMTP:@Seniorit.cn"
Update-EmailAddressPolicy -Identity Seniorit
get-mailbox | select name,windowsemailaddress,EmailAddresses,database
New DNS Zone seniorit.cn on dnsmgmt.msc
Office 365 Hybrid Configuration Wizard:
http://aka.ms/HybridWizard
How to Deploy Exchange 2016 CU2