首页 > 代码库 > How to Deploy Exchange 2016 CU2

How to Deploy Exchange 2016 CU2

How to Deploy Exchange 2016 CU2 Hybrid with Office 365

1. install exchange 2016 CU2

1) Prepare Windows Feature:

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience,NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering,RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell,Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth,Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression,Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing,Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase,Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor,Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth,Web-WMI, Windows-Identity-Foundation,RSAT-ADDS

技术分享

2)

Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

技术分享

3)

Setup.exe /PrepareAD /OrganizationName:"NOS" /IAcceptExchangeServerLicenseTerms

技术分享

4)

.\Setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms

技术分享

5)

.\Setup.exe /mode:Install /role:Mailbox /InstallWindowsComponents /TargetDir:"D:\ExchangeServer\V15" /MdbName:"MBDB001" /DbFilePath:"D:\ExchangeServer\V15\Mailbox\MBDBFile\MBDB001.edb" /LogFolderPath:"D:\ExchangeServer\V15\Mailbox\MBDBLog" /CustomerFeedbackEnabled:false /IAcceptExchangeServerLicenseTerms

技术分享

Download(http://www.microsoft.com/en-us/download/details.aspx?id=34992) and Install Unified Communications Managed API 4.0 Runtime (UcmaRuntimeSetup.exe):

技术分享

技术分享

技术分享

Re run

.\Setup.exe /mode:Install /role:Mailbox /InstallWindowsComponents /TargetDir:"D:\ExchangeServer\V15" /MdbName:"MBDB001" /DbFilePath:"D:\ExchangeServer\V15\Mailbox\MBDBFile\MBDB001.edb" /LogFolderPath:"D:\ExchangeServer\V15\Mailbox\MBDBLog" /CustomerFeedbackEnabled:false /IAcceptExchangeServerLicenseTerms

技术分享

Post-Installation Tasks:

Exchange PowerShell:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noexit -command ". ‘D:\ExchangeServer\V15\bin\RemoteExchange.ps1‘; Connect-ExchangeServer -auto -ClientApplication:ManagementShell "

技术分享

1)

Standard:

Set-ExchangeServer -Identity Exch01 -ProductKey QXYKC-7H87P-YKC2Q-XRVQ7-GTJP2

技术分享

Enterprise:

Set-ExchangeServer -Identity Exch01 -ProductKey 7WJV6-H9RMH-F4267-3R2KG-F6PBY

2) Creating accepted domains:

New-AcceptedDomain -Name Aplusnb -DomainName aplusnb.cn -DomainType Authoritative

技术分享

3) Enable Mailbox:

get-user -OrganizationalUnit "nos.hk.cn/NOS" | where-object {$_.RecipientType –eq “User”} | Enable-Mailbox | get-mailbox | select name,windowsemailaddress,database

技术分享

4) Creating an email address policy:

New-EmailAddressPolicy -Name Aplusnb -IncludedRecipients AllRecipients -ConditionalCompany "Aplusnb" -EnabledEmailAddressTemplates "SMTP:@aplusnb.cn"

Update-EmailAddressPolicy -Identity Aplusnb

get-mailbox | select name,windowsemailaddress,EmailAddresses,database

技术分享

5) New Send Connector:

New-SendConnector -Name "Send To Internet" -Internet -AddressSpaces "*" -DNSRoutingEnabled:$TRUE -SourceTransportServers "Exch01"

技术分享

Configure ReceiveConnector:

Get-ReceiveConnector -Server Exch01

Get-ReceiveConnector “Default EXCH01” | select Identity,PermissionGroups

Get-ReceiveConnector

技术分享

Get-ReceiveConnector “Default Exch01” | Set-ReceiveConnector -PermissionGroups AnonymousUsers, ExchangeUsers, ExchangeServers, ExchangeLegacyServers

技术分享

6) Configuring SSL certificates

$Data = http://www.mamicode.com/New-ExchangeCertificate -FriendlyName "Exch01_Certificate" -GenerateRequest -SubjectName "c=CN, o=NOS, cn=mail.nos.hk.cn" -DomainName mail.nos.hk.cn,autodiscover.nos.hk.cn,mail.aplusnb.cn,autodiscover.aplusnb.cn,mail.seniorit.cn,autodiscover.seniorit.cn,exch01.nos.hk.cn,exch01,localhost -PrivateKeyExportable $true

Set-Content -path "\\Exch01\C$\Exch01CertRequest.req.txt" -Value $Data

技术分享

技术分享

You can use the contents of the Exch01CertRequest.req.tx file to request an SSL certificate from a certificate authority (CA),open web:

http://DC01/Certsrv To Request an SSL Certificate and save to \\Exch01\C$\Exch01certnew.cer

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

Import CA:

Import-ExchangeCertificate –Server Exch01 -FileData ([Byte[]]$(Get-Content -Path "\\Exch01\C$\Exch01certnew.cer" -Encoding byte -ReadCount 0)) | Enable-ExchangeCertificate -Server Exch01 -Services "IIS,POP,IMAP,SMTP"

技术分享

7) Configuring Outlook Anywhere:

Get-OutlookAnywhere -Server Exch01 | Set-OutlookAnywhere -ExternalHostname mail.nos.hk.cn -ExternalClientsRequireSsl:$true -ExternalClientAuthenticationMethod:Basic -InternalHostName Exch01.nos.hk.cn -InternalClientsRequireSsl:$true -InternalClientAuthenticationMethod:Basic

技术分享

8)Enabling MapiHttp:

Set-OrganizationConfig -MapiHttpEnabled $true

技术分享

9) Set owa ecp and ews VirtualDirectory ExternalUrl:

Set-OwaVirtualDirectory -identity "owa (default web site)" -LogonFormat UserName -DefaultDomain "nos.hk.cn"

技术分享

$DomainName = "nos.hk.cn"

$hostname = "mail." + $DomainName

$owa = "https://" + $hostname + "/owa"

$ecp = "https://" + $hostname + "/ecp"

$mapi = "https://" + $hostname + "/mapi"

$powershell = "https://" + $hostname + "/powershell"

$activesync = "https://" + $hostname + "/Microsoft-Server-ActiveSync"

$oab = "https://" + $hostname + "/OAB"

$ews = "https://" + $hostname + "/EWS/Exchange.asmx"

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory –ExternalUrl $owa –InternalUrl $owa

Get-EcpVirtualDirectory | Set-EcpVirtualDirectory –ExternalUrl $ecp –InternalUrl $ecp

Get-MapiVirtualDirectory | Set-MapiVirtualDirectory –ExternalUrl $mapi –InternalUrl $mapi

Get-ActiveSyncVirtualDirectory | Set-ActiveSyncVirtualDirectory -ExternalUrl $activesync –InternalUrl $activesync

Get-OABVirtualDirectory | Set-OABVirtualDirectory -ExternalUrl $oab -InternalUrl $oab -RequireSSL:$true

Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -ExternalUrl $ews -InternalUrl $ews -BasicAuthentication:$True -Force

Get-PowershellVirtualDirectory | Set-PowershellVirtualDirectory –ExternalUrl $powershell –InternalUrl $powershell -BasicAuthentication:$True

技术分享

10) Enable Mailbox Replication Service (MRS)MRSProxy:

the Mailbox Replication Service (MRS) Proxy service helps facilitate cross-forest remote mailbox moves. It’s often used when performing a cross-forest migration from a legacy Exchange organization.

Get-WebServicesVirtualDirectory | fl server,mrs*

技术分享

Get-WebServicesVirtualDirectory -ADPropertiesOnly | Where {$_.MRSProxyEnabled -ne $true} | Set-WebServicesVirtualDirectory -MRSProxyEnabled $true

技术分享

11) Publishing Exchange:

with a solid firewall solution where only the following ports are opened:

Port 25 for SMTP

Port 80 for HTTP

Port 443 for HTTPS

Port 587 for SMTP submission

Ports 110 and 143 for POP3 and IMAP4

Ports 993 and 995 for Secure POP3 and Secure IMAP4.

Hybrid Deployment and Migrating to Office 365

1)Register Office 365 for test:

https://products.office.com/zh-cn/buy/overview?param=TryOffice365EnterpriseE3

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

https://login.partner.microsoftonline.cn

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

https://dc.aliyun.com/login/loginx

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

Login DC01:

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

Get-ADUser -Filter * -SearchBase ‘ou=nos,dc=nos,dc=hk,dc=cn’ -Properties userPrincipalName | foreach { Set-ADUser $_ -UserPrincipalName (“{0}@{1}” -f $_.name,”seniorit.cn”)}

技术分享

技术分享

Open the Exchange Management Shell and New-AcceptedDomain

New-AcceptedDomain -Name Seniorit -DomainName Seniorit.cn -DomainType Authoritative

New an email address policy:

New-EmailAddressPolicy -Name "Seniorit" -IncludedRecipients AllRecipients -ConditionalCompany "Seniorit" -Priority 1 -EnabledEmailAddressTemplates "SMTP:@Seniorit.cn"

技术分享

Update-EmailAddressPolicy -Identity Seniorit

get-mailbox | select name,windowsemailaddress,EmailAddresses,database

技术分享

New DNS Zone seniorit.cn on dnsmgmt.msc

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

Office 365 Hybrid Configuration Wizard:

http://aka.ms/HybridWizard

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

How to Deploy Exchange 2016 CU2 Hybrid with Office 365
1. install exchange 2016 CU2
1) Prepare Windows Feature:
Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience,NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering,RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell,Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth,Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression,Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing,Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase,Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor,Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth,Web-WMI, Windows-Identity-Foundation,RSAT-ADDS


Download(http://www.microsoft.com/en-us/download/details.aspx?id=34992) and Install Unified Communications Managed API 4.0 Runtime (UcmaRuntimeSetup.exe):


2)
Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

3)
Setup.exe /PrepareAD /OrganizationName:"NOS" /IAcceptExchangeServerLicenseTerms

4)
.\Setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms

5)
.\Setup.exe /mode:Install /role:Mailbox /InstallWindowsComponents /TargetDir:"D:\ExchangeServer\V15" /MdbName:"MBDB001" /DbFilePath:"D:\ExchangeServer\V15\Mailbox\MBDBFile\MBDB001.edb" /LogFolderPath:"D:\ExchangeServer\V15\Mailbox\MBDBLog" /CustomerFeedbackEnabled:false /IAcceptExchangeServerLicenseTerms


Post-Installation Tasks:

Exchange PowerShell:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noexit -command ". ‘D:\ExchangeServer\V15\bin\RemoteExchange.ps1‘; Connect-ExchangeServer -auto -ClientApplication:ManagementShell "


1)
Standard:
Set-ExchangeServer -Identity Exch01 -ProductKey QXYKC-7H87P-YKC2Q-XRVQ7-GTJP2

Enterprise:
Set-ExchangeServer -Identity Exch01 -ProductKey 7WJV6-H9RMH-F4267-3R2KG-F6PBY

2) Creating accepted domains:
New-AcceptedDomain -Name Aplusnb -DomainName aplusnb.cn -DomainType Authoritative


3) Enable Mailbox:

get-user -OrganizationalUnit "nos.hk.cn/NOS"  | where-object {$_.RecipientType –eq “User”} | Enable-Mailbox | get-mailbox | select name,windowsemailaddress,database

 

4) Creating an email address policy:

New-EmailAddressPolicy -Name Aplusnb -IncludedRecipients AllRecipients -ConditionalCompany "Aplusnb" -EnabledEmailAddressTemplates "SMTP:@aplusnb.cn"

Update-EmailAddressPolicy -Identity Aplusnb

get-mailbox | select name,windowsemailaddress,EmailAddresses,database

 

5) New Send Connector:

New-SendConnector -Name "Send To Internet" -Internet -AddressSpaces "*" -DNSRoutingEnabled:$TRUE -SourceTransportServers "Exch01"

 

Configure ReceiveConnector:

Get-ReceiveConnector -Server Exch01
Get-ReceiveConnector “Default EXCH01” | select Identity,PermissionGroups

Get-ReceiveConnector


Get-ReceiveConnector “Default Exch01” | Set-ReceiveConnector -PermissionGroups AnonymousUsers, ExchangeUsers, ExchangeServers, ExchangeLegacyServers

 


6) Configuring SSL certificates

$Data = http://www.mamicode.com/New-ExchangeCertificate -FriendlyName "Exch01_Certificate" -GenerateRequest -SubjectName "c=CN, o=NOS, cn=mail.nos.hk.cn" -DomainName mail.nos.hk.cn,autodiscover.nos.hk.cn,mail.aplusnb.cn,autodiscover.aplusnb.cn,mail.seniorit.cn,autodiscover.seniorit.cn,exch01.nos.hk.cn,exch01,localhost -PrivateKeyExportable $true

Set-Content -path "\\Exch01\C$\Exch01CertRequest.req.txt" -Value $Data


You can use the contents of the Exch01CertRequest.req.tx file to request an SSL certificate from a certificate authority (CA),open web:
http://DC01/Certsrv To Request an SSL Certificate and save to \\Exch01\C$\Exch01certnew.cer


Import CA:

Import-ExchangeCertificate –Server Exch01 -FileData ([Byte[]]$(Get-Content -Path "\\Exch01\C$\Exch01certnew.cer" -Encoding byte -ReadCount 0)) | Enable-ExchangeCertificate -Server Exch01  -Services "IIS,POP,IMAP,SMTP"


7) Configuring Outlook Anywhere:

Get-OutlookAnywhere -Server Exch01 | Set-OutlookAnywhere -ExternalHostname mail.nos.hk.cn -ExternalClientsRequireSsl:$true -ExternalClientAuthenticationMethod:Basic -InternalHostName Exch01.nos.hk.cn -InternalClientsRequireSsl:$true -InternalClientAuthenticationMethod:Basic


8)Enabling MapiHttp:

Set-OrganizationConfig -MapiHttpEnabled $true

9) Set owa ecp and ews VirtualDirectory ExternalUrl:

Set-OwaVirtualDirectory -identity "owa (default web site)" -LogonFormat UserName -DefaultDomain "nos.hk.cn"

$DomainName = "nos.hk.cn"
$hostname = "mail." + $DomainName
$owa = "https://" + $hostname + "/owa"
$ecp = "https://" + $hostname + "/ecp"
$mapi = "https://" + $hostname + "/mapi"
$powershell = "https://" + $hostname + "/powershell"
$activesync = "https://" + $hostname + "/Microsoft-Server-ActiveSync"
$oab = "https://" + $hostname + "/OAB"
$ews = "https://" + $hostname + "/EWS/Exchange.asmx"
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory –ExternalUrl $owa –InternalUrl $owa
Get-EcpVirtualDirectory | Set-EcpVirtualDirectory –ExternalUrl $ecp –InternalUrl $ecp
Get-MapiVirtualDirectory | Set-MapiVirtualDirectory –ExternalUrl $mapi –InternalUrl $mapi
Get-ActiveSyncVirtualDirectory | Set-ActiveSyncVirtualDirectory -ExternalUrl $activesync –InternalUrl $activesync
Get-OABVirtualDirectory | Set-OABVirtualDirectory -ExternalUrl $oab -InternalUrl $oab -RequireSSL:$true
Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -ExternalUrl $ews -InternalUrl $ews -BasicAuthentication:$True -Force
Get-PowershellVirtualDirectory | Set-PowershellVirtualDirectory –ExternalUrl $powershell –InternalUrl $powershell -BasicAuthentication:$True


10) Enable Mailbox Replication Service (MRS)MRSProxy:
the Mailbox Replication Service (MRS) Proxy service helps facilitate cross-forest remote mailbox moves. It’s often used when performing a cross-forest migration from a legacy Exchange organization.

Get-WebServicesVirtualDirectory | fl server,mrs*

Get-WebServicesVirtualDirectory -ADPropertiesOnly | Where {$_.MRSProxyEnabled -ne $true} | Set-WebServicesVirtualDirectory -MRSProxyEnabled $true


11) Publishing Exchange:
with a solid firewall solution where only the following ports are opened:
Port 25 for SMTP
Port 80 for HTTP
Port 443 for HTTPS
Port 587 for SMTP submission
Ports 110 and 143 for POP3 and IMAP4
Ports 993 and 995 for Secure POP3 and Secure IMAP4.
Hybrid Deployment and Migrating to Office 365

1)Register Office 365 for test:
https://products.office.com/zh-cn/buy/overview?param=TryOffice365EnterpriseE3

https://login.partner.microsoftonline.cn

https://dc.aliyun.com/login/loginx


Login DC01:


Get-ADUser -Filter * -SearchBase ‘ou=nos,dc=nos,dc=hk,dc=cn’ -Properties userPrincipalName | foreach { Set-ADUser $_ -UserPrincipalName (“{0}@{1}” -f $_.name,”seniorit.cn”)}

Open the Exchange Management Shell and New-AcceptedDomain
New-AcceptedDomain -Name Seniorit -DomainName Seniorit.cn -DomainType Authoritative
New an email address policy:
New-EmailAddressPolicy -Name "Seniorit" -IncludedRecipients AllRecipients -ConditionalCompany "Seniorit" -Priority 1 -EnabledEmailAddressTemplates "SMTP:@Seniorit.cn"

Update-EmailAddressPolicy -Identity Seniorit
get-mailbox | select name,windowsemailaddress,EmailAddresses,database

New DNS Zone seniorit.cn on dnsmgmt.msc


Office 365 Hybrid Configuration Wizard:
http://aka.ms/HybridWizard

How to Deploy Exchange 2016 CU2