In the previous blog we had a look how we could install a multi-role Exchange 2013 server via the command prompt. In this blog we will have a look at how to configure this Exchange 2013 environment.

We will start with configuring the accepted domains, the domains for which Exchange will accept e-mail. By default the Active Directory domain is added. If you have corp.local as Active Directory domain this will be added as authoritative accepted domain to Exchange:

Authoritative means that Exchange is the only mail server which is responsible for this domain. When a message is sent to a non-existing user Exchange will reply with an error message immediately.

Because in most cases the Active Directory domain is not the same as the mail domain we will first need to add it. This can be done by using the New-AcceptedDomain cmdlet, for example:

New-AcceptedDomain -DomainName johanveldhuis.nl -DomainType authoritative -Name johanveldhuis.nl

The parameter DomainName specifies the domain, DomainType will tell Exchange to configure it as an authoritative domain and with the last parameter name we specify the name of the domain this makes it easier to identity it in the GUI and Shell.

Next step is to add the domain to the default e-mail address policy or even create a new e-mail address policy. By default Exchange 2013 contains one e-mail address policy, the default address policy, which will be applied to all users to which no other e-mail address policy applies. This policy contains only the Active Directory domain. There are two options:

  • Add the new domain to the default address policy
  • Create a new e-mail address policy for the new domain

In this example we will use the 2nd option. Because this will ensure that only an e-mail address is added containing the mail domain and not one with the Active Directory as domain part.

To create a new e-mail address policy we will use the New-EmailAddressPolicy cmdlet:

New-EmailAddressPolicy -Name “johanveldhuis.nl” -IncludedRecipients MailboxUsers -ConditionalCompany “Johan Veldhuis” -EnabledEmailAddressTemplates “SMTP:%g.%s@johanveldhuis.nl”

In this example we will create an e-mail address policy with the name johanveldhuis.nl. This policy will be applied to all Mailbox users so not to contacts or mail-enabled users. We will add a filter using the ConditionalCompany. As last parameter we will specify the format of the e-mail address. In this case givenname.surename_@johanveldhuis.nl._ A complete overview of variables which can be used can be found here.

Now we have added the accepted domain and e-mail address policy it’s time to configure the internal and external URL’s.  In this example we will use the following URL’s:

  • webmail.johanveldhuis.nl: for Outlook Web App and the Exchange Control Panel
  • mail.johanveldhuis.nl: for EWS, the Offline Address Book and ActiveSync

We don’t configure Outlook Anywhere we will discuss this in a future blog.

To configure the URL’s we will use several cmdlets:

Set-OwaVirtualDirectory:

Set-OwaVirtualDirectory -identity “EXCHANGE\owa (Default Web Site)” -InternalUrl https://webmail.johanveldhuis.nl/owa -ExternalUrl https://webmail.johanveldhuis.nl/owa

 

When running the cmdlet above you will receive a warning that you also must change the url of the ECP virtual directory.

Set-EcpVirtualDirectory:

Set-EcpVirtualDirectory -identity “EXCHANGE\ecp (Default Web Site)” -InternalUrl https://webmail.johanveldhuis.nl/ecp  -ExternalUrl https://webmail.johanveldhuis.nl/ecp

Set-WebServicesVirtualDirectory:

Set-WebServicesVirtualDirectory -identity “EXCHANGE\EWS (Default Web Site)” -InternalUrl

https://mail.johanveldhuis.nl/EWS/Exchange.asmx -ExternalUrl

https://mail.johanveldhuis.nl/EWS/Exchange.asmx

Set-OabVirtualDirectory:

Set-OabVirtualDirectory -identity “EXCHANGE\OAB (Default Web Site)” -InternalUrl

https://mail.johanveldhuis.nl/OAB  -ExternalUrl

https://mail.johanveldhuis.nl/OAB

Set-ActiveSyncVirtualDirectory:

Set-ActiveSyncVirtualDirectory -identity “EXCHANGE\Microsoft-Server-ActiveSync (Default Web

Site)” -Internalurl https://mail.johanveldhuis.nl/Microsoft-Server-ActiveSync  -Externalurl https://mail.johanveldhuis.nl/Microsoft-Server-ActiveSync

As last step we will need to reconfigure the autodiscover URL. For those of you who are familiar with Exchange 2007 and higher this will be no surprise. For those who don’t Exchange will offer autodiscover functionality for auto configure Outlook/Entourage clients. By default a service connection point (SCP) is created. This SCP has the value in the following format http://serverfqdn/autodiscover/autodiscover.xml. Because this will create a single point of failure in a HA environment this has to be reconfigured. Although in our scenario we don’t have a HA environment yet we will reconfigure the autodiscover URL using the Set-ClientAccessServer cmdlet:

Set-ClientAccessServer –AutodiscoverInternalUri https://autodiscover.johanveldhuis.nl/autodiscover/autodiscover.xml__

Now all URL’s have been configured correctly it’s time to request a new certificate. This because Exchange 2013 has a self-signed certificate by default.

First we generate the CSR:

$newcert = New-ExchangeCertificate -GenerateRequest -SubjectName

“c=NL,o=Johan Veldhuis,cn=webmail.johanveldhuis.nl” -DomainName “autodiscover.johanveldhuis.nl”,”mail.johanveldhuis.nl”  -PrivateKeyExportable $true

In the example above we will store the request in a variable called $newcert. Because we want to have the option to install this certificate on another server we also specify that we want to be able to export the certificate including the private key.

Once we stored the request in a variable we will store the content to a text file:

_newcert out-file c:\install\csr.txt_

Now we have the file we can request the certificate. As soon as we have received the certificate from the CA we can install it on the Exchange 2013 server:

Import-ExchangeCertificate –FileData ([byte []]$(Get-Content –Path “c:\install\certificaat.cer” –Encoding Byte –ReadCount 0))

As final step we will need to assign the certificate to the Exchange services:

Get-ExchangeCertificate –ThumbPrint thumbprint Enable-ExchangeCertificate –Services POP,IMAP,IIS,SMTP

In this example you will need to replace thumbprint by the thumbprint of the certificate we have installed. You can find the value of the thumbprint by running the following cmdlet:

_Get-ExchangeCertificate select Subject,Thumbprint_

The certificate will be assigned to POP3, IMAP, all web services and SMTP.

When you assign the certificate to the services you will receive a warning that the current certificate is being replaced. Accept this warning so the certificate will be assigned correctly to the services.

Before we can create users we only need to perform one step, configure the send connector:

New-SendConnector -Internet -Name To_Internet -AddressSpaces *

Using the cmdlet adobe we will create a send connector which has as name To_Internet. All messages to other mail domains will be send via this connector.

Here ends the blog about how to configure Exchange via the Exchange Management Shell. In the next blog we will have a look at how to create the mailbox types and provide extra functionalities to users such as UM.


Comments


Johan Veldhuis