Microsoft Exchange 2013
Microsoft Exchange 2013
Microsoft Exchange 2013
Microsoft
Exchange Server 2013
DEVARAJ.V.R
Table of Contents
Introduction ................................................................................................................................................................... 1
Exchange Server 2013 System Requirements ......................................................................................................... 5
Installing Exchange Server 2013 (For Server 2012 R2 only) ............................................................................... 6
Migrating to Exchange Server 2013 ........................................................................................................................ 15
Enrolling Exchange Certificates ............................................................................................................................... 21
Mailbox Databases ...................................................................................................................................................... 24
User Mailbox ................................................................................................................................................................ 26
Distribution Group...................................................................................................................................................... 34
Dynamic Distribution Group..................................................................................................................................... 35
Resource Mailbox ........................................................................................................................................................ 36
Mail Contact .................................................................................................................................................................. 37
Shared Mailbox ............................................................................................................................................................ 38
Address List .................................................................................................................................................................. 39
Mail User ....................................................................................................................................................................... 41
Exchange Management Permissions ....................................................................................................................... 42
Outlook Web App Policy ............................................................................................................................................ 45
Messaging Records Management ............................................................................................................................. 47
Journaling ..................................................................................................................................................................... 51
Email Address Policy .................................................................................................................................................. 53
Transport Rule............................................................................................................................................................. 55
Delivery Report ........................................................................................................................................................... 57
Accepted Domains....................................................................................................................................................... 58
Public Folders .............................................................................................................................................................. 59
Connectors .................................................................................................................................................................... 61
Offline Address Book .................................................................................................................................................. 64
Address Book Policies ................................................................................................................................................ 68
Linked Mailbox ............................................................................................................................................................ 71
Database Availability Group ..................................................................................................................................... 73
Backup and Restore Exchange Server 2013 .......................................................................................................... 86
Edge Transport Server ............................................................................................................................................. 102
EXCHANGE SERVER 2013
Introduction
icrosoft Exchange Server is a calendaring software, a mail server and contact manager developed by
Microsoft. It is a server program that runs on Windows Server and part of the Microsoft Servers line of
products. Microsoft Exchange Server 2013 has a significantly different architecture than its predecessors.
Whereas Exchange Server 2007 and Exchange Server 2010 components were split into different server roles for
scaling out Exchange organizations, Exchange Server 2013 streamlines the server roles and architecture while still
allowing you to fully scale Exchange organizations to meet the needs of enterprises of all sizes. Exchange 2013 server
roles are loosely rather than tightly coupled, which eliminates any previous session affinity requirements. The
Mailbox server that stores the active database copy for a mailbox performs all the data processing, rendering, and
transformation required. The Client Access server is used only to connect the client to the Mailbox server. The Client
Access server provides authentication, redirection, and proxy services as needed. Session affinity between the
Mailbox server and the Client Access server is not required. Mailbox servers maintain the session affinity, and clients
always connect to the Mailbox server hosting the related users mailbox. For connections, the supported protocols
include HTTP, POP, IMAP, RPC over HTTP, and SMTP, but no longer include RPC. Exchange Server 2013 is designed to
work with Microsoft Outlook 2007 and later and also continues to support the Outlook Web App. Rather than
connecting to servers by using Fully Qualified Domain Names (FQDN) as was done in the past, Outlook 2007 and
later use Autodiscover to create connection points based on the domain portion of the users primary SMTP address
and the GUID of a users mailbox
Understanding Exchange Server 2013 organizations
The root of an Exchange environment is an organization. Its the starting point for the Exchange hierarchy, and its
boundaries define the boundaries of any Exchange environment. Exchange Server 2013 organisations are nearly
identical to those of Exchange Server 2010.
Organizational architecture
When you install Exchange Server 2013, you install your Exchange servers within the organizational context of the
domain in which the server is a member. The physical site boundaries and subnets defined for Active Directory
Domain Services are the same as those used by Exchange Server 2013, and the site details are determined by the IP
address assigned to the server. If you are installing the first Exchange server in a domain, you set the name of the
Exchange organization for that domain. The next Exchange server you install in the domain joins the existing
Exchange organization automatically. Exchange 2013 organizations natively have only two server types: Client Access
servers and Mailbox servers. In this new architecture, Client Access servers act as the front end for Exchange
services, and Mailbox servers act as the back end, as shown in Figure 1-1. Exchange 2013 does not have separate
server roles for Hub Transport servers or Unified Messaging servers; instead, the related components are now part
of the Mailbox server role.
Memory: 8GB minimum for Mailbox role, 4GB minimum for client access role. 8GB for mailbox and client
access combined, 4GB for edge transport.
Software
Operating System: Windows Server 2008 R2 SP1 or Windows Server 2012, 2012 R2
PowerShell
install-WindowsFeature -Name Web-Server,Web-Dyn-Compression,Web-Basic-Auth,Web-DigestAuth,Web-ISAPI-Filter,Web-Client-Auth,Web-Http-Redirect,Web-Http-Tracing,Web-Request-Monitor,ASNET-Framework,NET-WCF-HTTP-Activation45,Web-Mgmt-Service,Web-Windows-Auth,RPC-over-HTTPproxy,Web-Lgcy-Mgmt-Console,Web-Lgcy-Scripting,Web-WMI,Web-Mgmt-Console
Install Windows Identity Foundation 3.5
Graphical
1. Open Server Manager
2. Select Add roles and features
3. Skip Roles
4. Select Windows Identity Foundation 3.5 feature
5. Select Install
PowerShell
install-WindowsFeature -Name Windows-Identity-Foundation
Install Failover Clustering Remote server administrative Tools
Graphical
1. Open Server Manager
2. Select Add roles and features
3. Skip Roles
4. Select Failover Clustering Tools from Remote Server Administrative Tools feature
5. Select Install
PowerShell
install-WindowsFeature -Name RSAT-Clustering,RSAT-Clustering-Mgmt,RSAT-ClusteringPowerShell,RSAT-Clustering-AutomationServer,RSAT-Clustering-CmdInterface
3. Prepare domain
setup.exe /preparedomain /IacceptExchangeserverlicenseterms
10
11
12
13
12. Open Internet Explorer and type the URL https://<exchangeserveripaddress>/ecp. Log on as
Administrator
14
13. Select Servers from the list there you can see the product information
PowerShell
Open Exchange Management Shell from programs, run the following command
Get-ExchangeServer | fl Name,Edition,AdminDisplayVersion
15
There will be no co-existence support for Exchange Server 2003. If you are running Exchange 2003 and are looking to
upgrade to exchange 2013 you will need to do an interim upgrade to Exchange 2010 or 2007.
Prepare schema
setup.exe /prepareschema /IacceptExchangeserverlicenseterms
Prepare forest
setup.exe /preparead /IacceptExchangeserverlicenseterms
Prepare domain
setup.exe /preparedomain /IacceptExchangeserverlicenseterms
5. Open Setup.exe from installation directory and proceed through installation procedure
16
Domain Admins
Schema Admins
Enterprise Admins
Organization Management
17
PowerShell
New-MoveRequest -Identity <mailbox>-TargetDatabase <TargetDB> -ArchiveTargetDatabase <TargetArchiveDB>
-BatchName <Batchname>
New-MoveRequest -Identity User100 -TargetDatabase 'Mailbox Database 1083771917' ArchiveTargetDatabase 'Mailbox Database 1083771917'-BatchName Move1
Get-MoveRequest
Moving all mailbox to Exchange 2013 database
Get-Mailbox -Database <Exchange 2010 Database>' | New-MoveRequest -TargetDatabase <Exchange 2013
Database>
Get-Mailbox -Database 'Mailbox Database 0826366855' | New-MoveRequest -TargetDatabase
'MailboxDatabase 1083771917'
Exporting Exchange Certificate
Exchange certificate for IIS, SMTP, POP, IMAP and UM can be exported from old exchange server to Exchange
2013
1. Open EMC in Exchange 2010/2007
2. Open Server Configuration
3. Right click in certificate Export Certificate
4. Type File name and Password
5. Select Export
6. Open ECP, Servers, Certificates
7. Select Import Certificate
8. Type certificate path, name and password, Select Next
9. Select Add Button(+) to add server to apply certificate (eg: Exchange 2013 Server)
10. Select Finish
11. Double click on certificate, Select services
12. Select required services (e.g.: SMTP, IIS, POP, IMAP etc.)
13. Select Save
18
6. Select save
7. Select Receive connectors
8. Double click on receive connector
EXCHANGE SERVER 2013
19
9. Select scoping
10. Select remove button (-) from Network adapter binding
11. Select Add Button(+)
12. Specify Exchange Server 2013 IP address
13. Select Save
14. Type Exchange Server 2013 FQDN
20
21
Install Active Directory Certificate Service in the domain controller for issuing certificates.
Open Exchange Control Panel (ECP) from Internet Explorer, Log on as Administrator.
1. Select Servers , Certificates from the list
2. Select New(Add button)
3. Select Create a request for a certificate from a certification authority, Next
4. Type Friendly Name.
5. Skip wild card certificate.
22
10. Open the certificate request file and copy every information(ctrl+A)
11. Open Internet Explorer and type http://<CAFQDN>/certsrv to open CA web interface
12. Log in as administrator
13. Select Request a Certificate, Advanced Certificate Request
14. Paste the copied information to the Saved Request text box
15. Select Certificate Template as Web Server
16. Select submit
17. Select download Certificate and download to proper location
18. Return to the ECP and complete the pending request from the certificates.
19. Type the certificate location and select OK
20. After completing the operation you can see the issued certificate with Valid status
PowerShell
Import-ExchangeCertificate -Server <exchangeFQDN> -FriendlyName <name> -FileName <certificate>
Import-ExchangeCertificate -Server exch-2013-1.lab.com -FriendlyName Cert-Lab.com -FileName
\\200.100.100.3\root\certnew.cer
23
PowerShell
Enable-ExchangeCertificate -Services <services> -Server <exchangeFQDN> -Thumbprint <digitalthumbprint>
Enable-ExchangeCertificate -Services POP,IMAP,IIS,SMTP -Server exch-2013-1.lab.com -Thumbprint
C5918F10D5A6E18172816198917BBAFF11378A98
24
Mailbox Databases
A mailbox database is a unit of granularity where mailboxes are created and stored. A mailbox database is stored as
an Exchange database (.edb) file. In Microsoft Exchange Server 2013, each mailbox database has its own properties
that you can configure.
Creating Mailbox Database
Graphical
1. Open ECP(Exchange Control Panel)
2. Select Servers , databases
3. Select Add Button(+)
4. Type Mailbox Database Name(e.g.: DB1)
5. Browse Mailbox Server, OK
6. Select Save
PowerShell
New-MailboxDatabase -Name <Name> -Server <ServerFQDN> -EdbFilePath <databasePath> -LogFolderPath
<logfilePath>
New-MailboxDatabase -Name DB1 -Server Exch-Test
Mount-database -Identity <databaseName>
Mount-Database -Identity DB1
25
PowerShell
Set-MailboxDatabase -Identity <databaseName> -IssueWarningQuota <sizeinGB> -ProhibitSendQuota
<sizeinGB> -ProhibitSendReceiveQuota <sizeinGB> -DeletedItemRetention <days> -MailboxRetention <days>
Dismount Database
Graphical
1. Open ECP, servers , databases
2. Select Database, Dismount
PowerShell
Dismount-Database -Identity <databaseName>
Dismount-Database -Identity DB1
26
User Mailbox
A mailbox thats assigned to an individual user in your Exchange organization. It is typically contains messages,
calendar items, contacts, tasks, documents, and other important business data.
Creating User Mailbox
Graphical
1. Open ECP, recipients, Mailboxes
2. Select New(Add Button)
3. Type User information (First name, Last Name, Alias, Logon Name and Password)
4. Select More Options
5. Select Mailbox Database
6. Select Save
PowerShell
New-Mailbox -Name <username> -Database <database> -Alias <alias> -UserPrincipalName <UPN> -FirstName
<firstname> -Password (Read-Host -AsSecureString "Enter Password") -Initials <initial> -LastName <lastname>
New-Mailbox -Name user2 -Database DB1 -Alias user2 -UserPrincipalName user2@test.com -Password
(Read-Host -AsSecureString "Enter Password")
Enter Password: Server123
27
PowerShell
Enable-Mailbox -Identity <mailbox> -ArchiveName <archivename> -ArchiveDatabase <database>
Enable-Mailbox -Identity user2 -ArchiveName user2 -ArchiveDatabase db1
Log in as user to view archive status
28
Set-Mailbox -Identity user2 -UseDatabaseQuotaDefaults $false -IssueWarningQuota 500MB ProhibitSendQuota 600MB -ProhibitSendReceiveQuota 700MB -UseDatabaseRetentionDefaults $false RetainDeletedItemsFor 100
Mailbox Delegation
Mailbox delegation has 3 concepts
1. Send As Permission
2. Send On Behalf Of Permission
3. Full Access Permission
Send As Permission
Graphical
1. Open ECP, recipients, mailbox
2. Double click Mailbox then select Mailbox Delegation
3. Select Add Button(+) from send As , Add user mailbox, Select OK
4. Select Save
29
PowerShell
Add-ADPermission -Identity <owner> -User <username> -ExtendedRights "Send as"
Add-ADPermission -Identity user2 -User user1 -ExtendedRights "Send as"
Removing permission
Remove-ADPermission -Identity <owner> -User <username> -ExtendedRights "Send as"
Remove-ADPermission -Identity user2 -User user1 -ExtendedRights "Send as"
Removing permission
Set-Mailbox <owner> -GrantSendOnBehalfTo @{remove="<username>"}
Set-Mailbox user2 -GrantSendOnBehalfTo @{remove="user1@test.com"}
30
Removing permission
Remove-MailboxPermission -Identity <owner> -User<user> -AccessRights FULL
Remove-MailboxPermission -Identity user2 -User user1 -AccessRights FULL
Message size restrictions control the maximum size of messages that the recipient can send and receive.
Graphical
1. Open ECP, recipients, Mailboxes
2. Double click on Mailbox, Mailbox features
3. Select Mail flow, Message size restrictions
4. Select View Details
5. Select Send Messages Maximum message size
31
Message delivery restrictions define which senders can and can't send messages to this recipient.
Graphical
1. Open ECP, recipients, Mailboxes
2. Double click on Mailbox, Mailbox features
3. Mail flow, Message delivery restrictions
4. Select View Details
5. Select mailboxes , OK
6. Select Save
PowerShell
Set-Mailbox -Identity <mailbox> -AcceptMessagesOnlyFrom <smtpaddress> RejectMessagesFromSendersOrMembers <smtpaddress>
Setting MailTip
Graphical
1. Open ECP, recipients, mailbox
2. Double click on Mailbox then select MailTip
3. Type MailTip, Select Save
32
PowerShell
Set-Mailbox -Identity <mailbox> -MailTip "<mail tip sentence>"
Set-Mailbox -Identity user2 -MailTip "User2 is in IT dept"
Moving Mailbox
Move Mailbox from one database to another
Graphical
1. Open ECP, Recipients, mailboxes
2. Select Mailbox and select To another Database
3. Migration Batch Name(e.g.: New), Target Database (e.g.:DB1)
4. Recipient Email address (eg: Administrator)
5. Select New
6. Open Migration to view status
PowerShell
New-MoveRequest -Identity <mailbox>-TargetDatabase <TargetDB> -ArchiveTargetDatabase
<TargetArchiveDB> -BatchName <Batchname>
EXCHANGE SERVER 2013
33
34
Distribution Group
A distribution group is a mail-enabled Active Directory distribution group object that can be used only to distribute
messages to a group of recipients.
Creating a distribution group
Graphical
1. Open ECP, Recipients, Groups
2. Select Add Button(New)
3. Type Display Name(Name: grp1), Alias(E.g.: grp1)
4. Add Members
5. Select Save
PowerShell
New-DistributionGroup -Name <groupname> -Alias <alias> -Members <mailboxlist> -ModeratedBy
<moderatorname> -ModerationEnabled $true -MemberJoinRestriction approvalrequired
New-DistributionGroup -Name grp3 -Alias grp3 -Members user1,user2 -ModeratedBy
ModerationEnabled $true -MemberJoinRestriction approvalrequired
administrator -
35
36
Resource Mailbox
There are two types of resource mailbox
Room Mailbox: A resource mailbox thats assigned to a meeting location, such as a conference room,
auditorium, or training room, Room mailboxes can be included as resources in meeting requests, providing a
simple and efficient way of organizing meetings for your users.
Equipment Mailbox: A resource mailbox thats assigned to a resource thats not a location-specific, such as a
portable computer, projector, microphone, or a company car. Equipment mailboxes can be included as
resources in meeting requests, providing a simple and efficient way if using resources for your assets.
37
Mail Contact
A mail-enabled Active Directory contact that contains information about people or organizations that exist outside
the Exchange organization. Each mail contact has an external email address. All messages sent to the mail contact
are routed to this external email address.
Creating Mail Contact
Graphical
1. Open ECP, Recipients, Contacts
2. Select Add Button(New), Mail Contact
3. Type First Name, Last Name, Alias, Name, External email Address etc
4. Select Save
PowerShell
New-MailContact -Name <conatctname> -FirstName <fn> -LastName <ln> -Alias
ExternalEmailAddress <email>
<alias> -
New-MailContact -Name mike.john -FirstName mike -LastName john -Alias mike.john -ExternalEmailAddress
mike.john@lab.com
38
Shared Mailbox
A mailbox thats not primarily associated with a single user and is generally configured to allow access for multiple
users.
Creating Shared Mailbox
Graphical
1. Open ECP, Recipients, Shared
2. Select Add Button(New)
3. Type Display Name (e.g.: Share1), Email Address (e.g.: Share1@test.com)
4. Select Full Access delegation mailbox, Send As Delegation mailbox
5. Select Save
PowerShell
New-Mailbox -Shared -Name <mailboxname> -DisplayName<displayname> -Alias <alias> -Database
<mailboxdatabse>
Add-ADPermission -Identity <sharemailbox> -User <delegate> -ExtendedRights "send as"
Add-MailboxPermission -Identity <sharemailbox> -User <delegate> -AccessRights FULL
New-Mailbox -Shared -Name share2 -DisplayName Share2 -Alias share2 -Database db1
Add-ADPermission -Identity share2 -User admin -ExtendedRights "send as"
Add-MailboxPermission -Identity share2 -User administrator -AccessRights FULL
39
Address List
An address list is a subset of a GAL. Each address list is a collection of one or more types of mail-enabled recipients
like users, contacts, groups etc. You can use address lists to organize recipients and resources, making it easier to
users to find the recipients and resources they need.
Creating Address List
Graphical
1. Open ECP, Organization , address lists
2. Select Add Button(New)
3. Address List Name(e.g.: IT-Staff)
4. Recipients to include(e.g.: All Recipients Types)
5. Select Add a rule
6. Select Department as IT
7. Select Save
8. Select address list and Update
40
PowerShell
New-AddressList -Name <name> -ConditionalDepartment <name> -IncludedRecipients All
Update-AddressList -Identity <name>
New-AddressList -Name IT-Staff -ConditionalDepartment IT -IncludedRecipients All
Update-AddressList -Identity IT-Staff
41
Mail User
Mail users are similar to mail contacts. Both have external email addresses and both contain information
about people outside your Exchange or Exchange Online organization that can be displayed in the shared address
book and other address lists. However, unlike a mail contact, a mail user has logon credentials in your Exchange or
Office 365 organization and can access resources.
Creating Mail User
Graphical
1. Open ECP, recipients, contacts
2. Select Add Button(New), Mail User
3. Type Alias(e.g.: jsmith), External email address(e.g.: jsmith@hotmail.com)
4. Select New User
5. Type First Name(e.g.: john), Last Name(e.g.: smith), Display name(e.g.: john smith)
6. Type Logon Name(e.g.: jsmith)
7. Type Password
8. Select Save
PowerShell
New-MailUser -Name <Name> -Alias <Alias> -FirstName <fname> -ExternalEmailAddress <email address> UserPrincipalName <upn> -Password (ConvertTo-SecureString -String '<password>' -AsPlainText -Force)
New-MailUser -Name "John smith" -Alias jsmith -FirstName john -ExternalEmailAddress jsmith@lab.com UserPrincipalName jsmith@intel.com -Password (ConvertTo-SecureString -String 'Server123' -AsPlainText Force)
42
Administrative roles These roles contain permissions that can be assigned to administrators or specialist users
using role groups that manage a part of the Exchange organization, such as recipients, servers, or databases.
43
End-user roles These roles, assigned using role assignment policies, enable users to manage aspects of their
own mailbox and distribution groups that they own. End-user roles begin with the prefix My.
44
How to check
1. Login to OWA as user
2. Select Options from Settings
45
46
47
Default policy tags DPTs apply to untagged mailbox items in the entire mailbox. Untagged items are mailbox
items that don't already have a retention tag applied, either by inheritance from the folder in which they're
located or by the user.
Retention policy tags RPTs apply retention settings to default folders such as the Inbox, Deleted Items, and
Sent Items. Mailbox items in a default folder that have an RPT applied inherit the folder's tag. Users can't apply
or change an RPT applied to a default folder, but they can apply a different tag to the items in a default folder
(e.g. Inbox, Sent Items, Outbox, Drafts etc.).
Personal tags Personal tags are available to Outlook 2010 and Outlook Web App users as part of their retention
policy. Users can apply personal tags to folders they create or to individual items, even if those items already
have a different tag applied
Retention actions
Move to Archive This action moves a message to the user's archive mailbox. Tags that have this action applied
are known as archive tags. Messages are moved to a folder in the archive mailbox that has the same name as the
source folder in the user's primary mailbox. This allows users to easily locate messages in their archive mailbox.
The Move to Archive action is available only for DPTs and personal tags. You can't create an RPT with the Move
to Archive action. If the mailbox user doesn't have an archive mailbox, no action is taken.
Delete and Allow Recovery This action emulates the behavior when the Deleted Items folder is emptied. Tags
that have this action applied are known as deletion tags. When this action occurs, and deleted item retention is
configured for the mailbox database or the user, messages move to the Recoverable Items folder. The
Recoverable Items folder (previously known as the dumpster) provides the user another chance to recover
deleted messages. To do so, the user would access the Recover Deleted Items dialog box in Outlook 2010 or
Outlook Web App.
48
Permanently Delete This action permanently deletes a message. Like tags with the Delete and Allow Recovery
action, tags that have this action applied are known as deletion tags. When this action is applied to a message,
it's purged from the mailbox. This action is like a deleted message being removed from the Recoverable Items
folder. After this happens, the user can no longer recover the message.
Mark as Past Retention Limit This action isn't available in the Exchange Administration Center (EAC); you must
use the Shell. This action marks a message as expired after it reaches its retention age. In Outlook 2010 or later,
and Outlook Web App, expired items are displayed with the notification stating 'This item has expired' and 'This
item will expire in 0 days'. In Outlook 2007, items marked as expired are displayed by using strikethrough text.
Retention policies
To apply one or more retention tags to a mailbox, you must add them to a retention policy and then apply
the policy to mailboxes. A mailbox can't have more than one retention policy. Retention tags can be linked to or
unlinked from a retention policy at any time, and the changes automatically take effect for all mailboxes that have
the policy applied.
49
50
51
Journaling
Journaling can help your organization respond to legal, regulatory, and organizational compliance
requirements by recording inbound and outbound email communications.
Journaling is the ability to record all communications, including email communications, in an organization for use in
the organization's email retention or archival strategy. To meet an increasing number of regulatory and compliance
requirements, many organizations must maintain records of communications that occur when employees perform
daily business tasks.
Journal rules
The following are key aspects of journal rules:
Journal rule scope Defines which messages are journaled by the Journaling agent.
Journal recipient Specifies the SMTP address of the recipient you want to journal.
Journaling mailbox Specifies one or more mailboxes used for collecting journal reports.
Internal messages only Journal rules with the scope set to journal internal messages sent between the
recipients inside your Exchange organization.
External messages only Journal rules with the scope set to journal external messages sent to recipients or
received from senders outside your Exchange organization.
All messages Journal rules with the scope set to journal all messages that pass through your organization
regardless of origin or destination. These include messages that may have already been processed by journal
rules in the Internal and External scopes.
52
PowerShell
New-Journalrule Name
<journalname>
JournalEmailAddress
<journalreportaddress>
Recipient
53
%i
Middle initial
%s
%d
Display name
%m
Exchange alias
%xs
Uses the first x letters of the surname. For example, if x = 2, the first two letters of the surname are
used.
%xg
Uses the first x letters of the given name. For example, if x = 2, the first two letters of the given
name are used.
54
55
Transport Rule
Using transport rules, you can look for specific conditions in messages that pass through your
organization and take action on them. Transport rules let you apply messaging policies to email messages, secure
messages, protect messaging systems, and prevent information leakage.
Many organizations today are required by law, regulatory requirements, or company policies to apply messaging
policies that limit the interaction between recipients and senders, both inside and outside the organization. In
addition to limiting interactions among individuals, departmental groups inside the organization, and entities outside
the organization, some organizations are also subject to the following messaging policy requirements:
Conditions Use transport rule conditions to specify the characteristics of messages to which you want to apply
a Transport rule action. Conditions specify the parts of a message that should be examined. Some conditions
examine message fields or headers, such as the To, From, or Cc fields. Other conditions examine message
characteristics such as message subject, body, attachments, message size, and message classification. Most
conditions require that you specify a comparison operator, such as equals, doesn't equal, or contains, and a
value to match.
Exceptions Exceptions are based on the same characteristics used to build transport rule conditions. However,
unlike conditions, exceptions identify messages to which Transport rule actions shouldn't be applied. Exceptions
override conditions and prevent actions from being applied to an email message, even if the message matches
all configured conditions.
Actions Actions are applied to messages that match the conditions and don't match any exceptions defined in
the transport rule. Transport rules have many actions available, such as rejecting, deleting, or redirecting
messages, adding additional recipients, adding prefixes in the message subject, or inserting disclaimers in the
message body.
56
Example 1: Reject the message sent between two mailbox (user1 and user2) with proper reason
New-TransportRule -Name Rule1 -FromAddressMatchesPatterns User1@lab.com
-RecipientAddressMatchesPatterns user2@lab.com -RejectMessageReasonText "Messaging Restricted"
Example 2: Delete the message sent between two mailbox (user1 and user2)
New-TransportRule -Name Rule1 -FromAddressMatchesPatterns User1@lab.com
-RecipientAddressMatchesPatterns user2@lab.com -DeleteMessage $true
Example 3: Redirect the message(to administrator) sent between two mailbox (user1 and user2)
New-TransportRule -Name Rule1 -FromAddressMatchesPatterns User1@lab.com RecipientAddressMatchesPatterns user2@lab.com -RedirectMessageTo administrator@lab.com
57
Delivery Report
Delivery Reports is a message tracking tool in the Exchange Administration Center (EAC) that you can use to
search for delivery status on email messages sent to or from users in your organization's address book, with a certain
subject. You can track delivery information about messages sent by or received from any specific mailbox in your
organization. The content of the message body isn't returned in a delivery report, but the subject line is displayed in
the results. You can track messages for up to 14 days after they were sent or received.
Graphical
1. Open ECP, mail flow, delivery reports
2. Select Browse in Mailbox to search (e.g.: User1)
3. Select either Search for messages sent to: or Search for messages received from: (e.g.: Search for messages
sent to: User2)
4. Type Subject line for advanced search
5. Select Search
58
Accepted Domains
An accepted domain is any SMTP namespace for which a Microsoft Exchange Server 2013 organization sends
or receives email. Accepted domains include those domains for which the Exchange organization is authoritative. An
Exchange organization is authoritative when it handles mail delivery for recipients in the accepted domain. Accepted
domains also include domains for which the Exchange organization receives mail and then relays it to an email server
that's outside the organization for delivery to the recipient.
Creating accepted domain
Graphical
1. Open ECP, mail flow, accepted domains
2. Select Add Button(new)
3. Type a name (e.g.:dom1)
4. Type an accepted domain name(e.g.: lab.com)
5. Select accepeted domain type (e.g.: External Relay Domain)
6. Select Save
PowerShell
New-AcceptedDomain -DomainName <smtpdomainname> -Name <name> -DomainType Authoritative |
ExternalRelay | InternalRelay
New-AcceptedDomain -DomainName lab.com -Name domain1 -DomainType externalrelay
59
Public Folders
Public folders are designed for shared access and provide an easy and effective way to collect, organize, and
share information with other people in your workgroup or organization. Public folders help organize content in a
deep hierarchy thats easy to browse. Users will see the full hierarchy in Outlook, which makes it easy for them to
browse for the content theyre interested in.
Public folders can also be used as an archiving method for distribution groups. When you mail-enable a public folder
and add it as a member of the distribution group, email sent to the group is automatically added to the public folder
for later reference.
Public folder architecture
In Exchange 2013, public folders were re-engineered using mailbox infrastructure to take advantage of the existing
high availability and storage technologies of the mailbox database. Public folder architecture uses specially designed
mailboxes to store both the public folder hierarchy and the content. This also means that theres no longer a public
folder database. High availability for the public folder mailboxes is provided by a database availability group (DAG).
The main architectural components of public folders are the public folder mailboxes, which can reside in one or
more mailbox databases.
Public folder mailboxes
There are two types of public folder mailboxes: the primary hierarchy mailbox and secondary hierarchy mailboxes.
Both types of mailboxes can contain content:
Primary hierarchy mailbox The primary hierarchy mailbox is the one writable copy of the public folder
hierarchy. The public folder hierarchy is copied to all other public folder mailboxes, but these will be read-only
copies.
Secondary hierarchy mailboxes Secondary hierarchy mailboxes contain public folder content as well and a
read-only copy of the public folder hierarchy.
60
PowerShell
New-Mailbox -PublicFolder -Name <mailboxname> -Database <mailboxdatabase>
New-Mailbox -PublicFolder -Name pubmail1 -Database db1
Displaying Public folder
Get-PublicFolderStatistics
Creating public folder
Graphical
1. Open ECP, public folders, public folder
2. Select Add Button(New)
3. Type a Public folder name (e.g: public1)
4. Select Save
PowerShell
New-PublicFolder -Name <publicfoldername>
New-PublicFolder -Name public1
Removing public folder
Remove-PublicFolder -Identity <publicfoldername>
Remove-PublicFolder -Identity \public1
Removing public folder mailbox
Remove-Mailbox -Identity <publicfoldermailbox> PublicFolder
Remove-Mailbox -Identity pubmail1 PublicFolder
61
Connectors
Connectors are used to control inbound and outbound mail flow in Microsoft Exchange Server 2013. With
connectors, you can route mail to and receive mail from recipients outside of your organization, a partner through a
secure channel, or a message-processing appliance.
The most commonly used connector types are Send connectors, which control outbound messages, and Receive
connectors, which control inbound messages.
Send Connector
In Microsoft Exchange Server 2013, a Send connector controls the flow of outbound messages to the
receiving server. They are configured on Mailbox servers running the Transport service. Most commonly, you
configure a Send connector to send outbound email messages to a smart host or directly to their recipient, using
DNS.
Exchange 2013 Mailbox servers running the Transport service require Send connectors to deliver messages to
the next hop on the way to their destination. Send connectors that are created on Mailbox servers are stored in
Active Directory and are available to all Mailbox servers running the Transport service in the organization.
Receive Connector
Receive connectors control the flow of inbound messages to your Exchange organization. They are
configured on computers running Microsoft Exchange Server 2013 with the Transport service, or in the Front End
service on a Client Access server. They can be created in the Exchange Administration Center (EAC), or in the
Exchange Management Shell.
By default, the Receive connectors that are required for internal mail flow are automatically created when a
Client Access server or Mailbox server is installed.
Exchange 2013 servers running the Transport service require Receive connectors to receive messages from the
Internet, from email clients, and from other email servers. A Receive connector controls inbound connections to
the Exchange organization.
62
7. Type remote smart host IP Address or FQDN (e.g: 192.168.1.90), Select Save
8. Select Next
9. Select smart host authentication(e.g.: None), Select Next
10. Specify the address space or spaces to which this connector will route mail.(e.g.: lab.com), Select Next
11. Select Source Server
12. Select Finish
PowerShell
New-SendConnector -AddressSpaces <remoteaddressspace> -name <connectorname> -Internet SmartHostAuthMechanism < None | BasicAuth | BasicAuthRequireTLS | ExchangeServer |
ExternalAuthoritative> -SmartHosts <ipaddress/fqdn> -SourceIPAddress <sourceaddress>
New-SendConnector -AddressSpaces Lab.com -name connector1 -Internet -SmartHostAuthMechanism None SmartHosts 192.168.1.90 -SourceIPAddress 192.168.1.81
Creating receive connector
Graphical
1. Open ECP, mail flow, receive connectors
2. Select Add Button(New)
3. Type a Connector Name (e.g.: connector1)
4. Select Role (e.g.: Hub Transport or Frontend Transport)
5. Select a Connector Type (e.g.: Internet (For example, to receive internet mail))
6. Select Next
7. Specify the IP addresses and port of the network adapter to bind to the receive connector , Select Add
Button
8. Select Specify an Ipv4 or Ipv6 address (e.g.: 192.168.1.81), Select Save
9. Select Finish
Note: If you are not using any authentication method do the following
1. Double click on Receive connector
2. Select Security
3. Uncheck all authentication method
63
4. Select Save
PowerShell
New-ReceiveConnector -Usage < Custom | Internet | Internal | Client | Partner> -Name <connectorname>
-Bindings <ipaddress:port> -AuthMechanism < None | Tls | Integrated | BasicAuth | BasicAuthRequireTLS
| ExchangeServer | ExternalAuthoritative>
64
65
66
3. Select Control button in key board right click on the icon, select Test E-mail Auto configuration
4. Type Password , uncheck Use Guessmart and Secure Guessmart Authentication , Select Test
67
68
One GAL
One OAB
One room list (for booking purposes)
One or more address lists
In the following figure, Address Book Policy A consists of a subset of the various address objects that exist in the
organization (shown in the bottom half of the figure). The resulting scope of an ABP is equal to that of the GAL
contained in the policy, in this case GAL1. When the ABP is created and assigned to a user, the address objects in the
ABP become the scope of the objects the user is able to view.
Like Offline address book Exchange 2013 address book policies does not has graphical tool for managing polices. So
you need exchange management shell.
69
New-AddressBookPolicy -Name <name> -AddressLists <addresslist> -GlobalAddressList <GAL> OfflineAddressBook <OAB> -RoomList <roomlist>
Example
EXCHANGE
ORGANIZATION
Department IT
User1
User2
Department SALES
User3
User4
70
71
Linked Mailbox
Linked mailboxes are mailboxes that are accessed by users in a separate, trusted forest. Linked mailboxes
may be necessary for organizations that deploy Exchange in a resource forest. The resource forest scenario allows an
organization to centralize Exchange in a single forest, while allowing access to the Exchange organization with user
accounts that are located in one or more trusted forests (called account forests). The user account that accesses the
linked mailbox doesn't exist in the forest where Exchange is deployed. Therefore, a disabled user account that exists
in the same forest as Exchange is created and associated with the corresponding linked mailbox.
The following figure illustrates the relationship between the linked user account used to access the linked mailbox
(located in the account forest) and the disabled user account in the Exchange resource forest thats associated with
the linked mailbox.
72
PowerShell
New-Mailbox -LinkedDomainController <linkedDC> -LinkedMasterAccount <linkedaccount> -Name <name> Alias <alias>
New-Mailbox -LinkedDomainController DC.ForestA -LinkedMasterAccount User01@ForestA -Name Usr1
-Alias User01
Removing Linked Mailbox
PowerShell
Remove-Mailbox -Identity <mailbox>
Remove-Mailbox -Identity User01
73
The server EXMB1 hosts the active copy of database DB1, and the other DAG members EXMB2 and EXMB3 host
passive copies of the database. The DAG members work together to maintain the availability of the mailbox
database. If the server that hosts the active database copy experiences a problem, for example a hardware failure,
one of the remaining DAG members is able(under the right conditions) to make its copy of the database active so
clients are still able to connect to their mailbox data.
In the following figure shows the automatic recovery of database DB1 when EXMB1 failed.
74
DAG using a non-exchange server called File Share Witness Server for failover clusters Node and File Share
Majority quorum mode acts as a tie-breaker.
In the above example a four member DAG is using and additional server as the File Share Witness. The DAG is able to
maintain quorum with up to two server failures, but quorum is lost when three servers are down.
75
76
77
8. Select Save
PowerShell
New-DatabaseAvailabilityGroup -Name <DAG name> -WitnessServer <FQDN of witness server> DatabaseAvailabilityGroupIpAddresses <IPaddreess> -WitnessDirectory <path>
78
4. Select Save
PowerShell
Add-DatabaseAvailabilityGroupServer -Identity <DAG name> -MailboxServer <mailboxserverFQDN>
Add-DatabaseAvailabilityGroupServer -Identity DAG-testlab -MailboxServer Exchange1
Add-DatabaseAvailabilityGroupServer -Identity DAG-testlab -MailboxServer Exchange2
79
Wait until the cluster form between mailbox servers, if any error occurred during operation as below,
perform the pre-stage operation of cluster named object (CNO) in active directory as follows.
80
PowerShell
Add-MailboxDatabaseCopy -Identity <database> -MailboxServer <target> -ActivationPreference <no>
Add-MailboxDatabaseCopy -Identity 'Mailbox Database 0177365238' -MailboxServer exchange2 ActivationPreference 2
4. Select Save
5. Select DAG name (e.g.: DAG-testlab)
6. Select View details from the DAG network
7. Use Enable Replication checkbox to enable or disable replication traffic through the network.
PowerShell
Set-DatabaseAvailabilityGroup -Identity <dag name> -ManualDagNetworkConfiguration $true
EXCHANGE SERVER 2013
81
It is recommended that one network should be dedicated for replication purpose only, especially the
internal replication network.
82
3. Select Yes to move mailbox database, wait until the operation completes
4. Select Close button
PowerShell
Move-ActiveMailboxDatabase -Identity <databasename> -ActivateOnServer <targetmailboxserver> SkipClientExperienceChecks
Move-ActiveMailboxDatabase -Identity 'Mailbox Database 0177365238' -ActivateOnServer exchange1
SkipClientExperienceChecks
83
84
Graphical
1. Open ECP, servers, databases
2. Select Mailbox database and select Remove from the right side of the browser for removing mailbox
database copies
Repeat the same step to remove all mailbox database copies inside the DAG
3. Select DAG, then Manage DAG membership
4. Select Remove Button(-) to remove DAG members
85
PowerShell
Remove-MailboxDatabaseCopy -Identity <databaseid>
Remove-MailboxDatabaseCopy -Identity 'Mailbox Database 0177365238\exchange2'
86
Installing DPM
Install System Center Data Protection Manager on a separate member server dedicated as a backup server
Tape-All data and workloads protected by DPM can be backed up to tape for long term storage.
Disk- All data and workloads protected by DPM can be backed up to disk for short term storage. Disks can be
unallocated internal storage network disk like iSCSI storage.
Windows Azure cloud using Windows Azure Backup-Files, SQL Server and Hyper-V workloads can be backed up
to Windows Azure.
Graphical
1. Open DPM console
2. Select Disks from the left side of the console
87
88
89
PowerShell
$var=Get-DPMDisk -DPMServerName <FQDN DPM server>
Add-DPMDisk -DPMDisk $disk
$disk=Get-DPMDisk -DPMServerName DPM-Serv
Add-DPMDisk -DPMDisk $disk
Installing DPM agent
DPM agent software is needs to be installed on the source server (like Exchange Server) to protect the data
Graphical
1. Open DPM console
2. Select Agents from the left side of the console
90
91
92
8. Select Install
93
94
6. Expand the Exchange server and select Mailbox database, Select Next
95
96
97
12. Select Close and wait until the replica creation completes
98
4. Expand Recoverable Data, find the deleted mailbox from the exchange database
99
7. Select Recovery Type (e.g.: Recover Mailbox to an Exchange server database) , Next
100
101
10. Wait until the recovery completes, monitor the task from the DPM console, Monitoring
11. After the recovery open PowerShell in the exchange server. Run the following command to verify recovery
database.
Get-MailboxStatistics -Database <recoverydatabasename>
Get-MailboxStatistics -Database RDB
12. Create a new user mailbox to recover the deleted items.
13. Run the following command to restore deleted mailbox from recovery database to new mailbox
New-MailboxRestoreRequest -SourceDatabase <recoverydatabse> -SourceStoreMailbox <deletedmailbox>
-TargetMailbox <newmailbox> AllowLegacyDNMismatch
New-MailboxRestoreRequest -SourceDatabase RDB -SourceStoreMailbox User100 -TargetMailbox
User100 AllowLegacyDNMismatch
To display restore process status
Get-MailboxRestoreRequest
14. After the recovery process open the mailbox to verify the recovered data.
102
103
104
105
106
107
108
109
110
111
112
113