Vous êtes sur la page 1sur 115

Administrating

Microsoft
Exchange Server 2013

DEVARAJ.V.R

Table of Contents
Introduction ................................................................................................................................................................... 1
Exchange Server 2013 System Requirements ......................................................................................................... 5
Installing Exchange Server 2013 (For Server 2012 R2 only) ............................................................................... 6
Migrating to Exchange Server 2013 ........................................................................................................................ 15
Enrolling Exchange Certificates ............................................................................................................................... 21
Mailbox Databases ...................................................................................................................................................... 24
User Mailbox ................................................................................................................................................................ 26
Distribution Group...................................................................................................................................................... 34
Dynamic Distribution Group..................................................................................................................................... 35
Resource Mailbox ........................................................................................................................................................ 36
Mail Contact .................................................................................................................................................................. 37
Shared Mailbox ............................................................................................................................................................ 38
Address List .................................................................................................................................................................. 39
Mail User ....................................................................................................................................................................... 41
Exchange Management Permissions ....................................................................................................................... 42
Outlook Web App Policy ............................................................................................................................................ 45
Messaging Records Management ............................................................................................................................. 47
Journaling ..................................................................................................................................................................... 51
Email Address Policy .................................................................................................................................................. 53
Transport Rule............................................................................................................................................................. 55
Delivery Report ........................................................................................................................................................... 57
Accepted Domains....................................................................................................................................................... 58
Public Folders .............................................................................................................................................................. 59
Connectors .................................................................................................................................................................... 61
Offline Address Book .................................................................................................................................................. 64
Address Book Policies ................................................................................................................................................ 68
Linked Mailbox ............................................................................................................................................................ 71
Database Availability Group ..................................................................................................................................... 73
Backup and Restore Exchange Server 2013 .......................................................................................................... 86
Edge Transport Server ............................................................................................................................................. 102
EXCHANGE SERVER 2013

Introduction

icrosoft Exchange Server is a calendaring software, a mail server and contact manager developed by
Microsoft. It is a server program that runs on Windows Server and part of the Microsoft Servers line of
products. Microsoft Exchange Server 2013 has a significantly different architecture than its predecessors.
Whereas Exchange Server 2007 and Exchange Server 2010 components were split into different server roles for
scaling out Exchange organizations, Exchange Server 2013 streamlines the server roles and architecture while still
allowing you to fully scale Exchange organizations to meet the needs of enterprises of all sizes. Exchange 2013 server
roles are loosely rather than tightly coupled, which eliminates any previous session affinity requirements. The
Mailbox server that stores the active database copy for a mailbox performs all the data processing, rendering, and
transformation required. The Client Access server is used only to connect the client to the Mailbox server. The Client
Access server provides authentication, redirection, and proxy services as needed. Session affinity between the
Mailbox server and the Client Access server is not required. Mailbox servers maintain the session affinity, and clients
always connect to the Mailbox server hosting the related users mailbox. For connections, the supported protocols
include HTTP, POP, IMAP, RPC over HTTP, and SMTP, but no longer include RPC. Exchange Server 2013 is designed to
work with Microsoft Outlook 2007 and later and also continues to support the Outlook Web App. Rather than
connecting to servers by using Fully Qualified Domain Names (FQDN) as was done in the past, Outlook 2007 and
later use Autodiscover to create connection points based on the domain portion of the users primary SMTP address
and the GUID of a users mailbox
Understanding Exchange Server 2013 organizations
The root of an Exchange environment is an organization. Its the starting point for the Exchange hierarchy, and its
boundaries define the boundaries of any Exchange environment. Exchange Server 2013 organisations are nearly
identical to those of Exchange Server 2010.
Organizational architecture

When you install Exchange Server 2013, you install your Exchange servers within the organizational context of the
domain in which the server is a member. The physical site boundaries and subnets defined for Active Directory
Domain Services are the same as those used by Exchange Server 2013, and the site details are determined by the IP
address assigned to the server. If you are installing the first Exchange server in a domain, you set the name of the
Exchange organization for that domain. The next Exchange server you install in the domain joins the existing
Exchange organization automatically. Exchange 2013 organizations natively have only two server types: Client Access
servers and Mailbox servers. In this new architecture, Client Access servers act as the front end for Exchange
services, and Mailbox servers act as the back end, as shown in Figure 1-1. Exchange 2013 does not have separate
server roles for Hub Transport servers or Unified Messaging servers; instead, the related components are now part
of the Mailbox server role.

EXCHANGE SERVER 2013

The figure1-1 shows the client-server architecture of the Exchange 2013


As part of the major architecture changes for Exchange 2013, Client Access servers now act only as lightweight,
stateless proxy servers. They provide a unified namespace, authentication, and network security for the Exchange
organization. Although they also provide the proxy and redirection logic for client protocols, Client Access servers no
longer handle all of the client-related messaging tasks in an Exchange implementation, nor do they perform content
conversion. In addition, all other components that were previously associated with Client Access servers are now
moved to Mailbox servers. Client Access servers are designed to work with TCP affinity; therefore, load balancing is
easier because application session affinity is not required. RPC over TCP has been removed in Exchange 2013 as well,
and all Outlook connections now take place using Outlook Anywhere (RPC over HTTP). These changes have simplified
the protocol stack, eliminated the need for RPC Client Access arrays and the related namespace, and moved the
maintenance of the RPC sessions to the Mailbox servers.
Front-end transport
Mail transport is provided by the Front End Transport service, which provides mailbox locator services and proxy
services for incoming and outgoing SMTP messages, as shown in figure below. The Front End Transport service loads
routing tables based on information from Active Directory and uses this information to route messages to the
Transport service on Mailbox servers. The Mailbox server is selected based on the location of mailbox databases
associated with the recipients.

EXCHANGE SERVER 2013

Figure 1-2 shows the Front-End Transport Service


Back-end transport
The Transport service runs on all Mailbox servers and is responsible for all mail flow within an Exchange organization,
as shown figure below The Transport service relies on the Mailbox Transport service, which consists of two separate
helper services: the Mailbox Transport Delivery service used with incoming messages and the Mailbox Transport
Submission service used with outgoing messages. The Transport service receives SMTP messages from the Transport
service and establishes an RPC MAPI connection with the local mailbox database to deliver a message. The delivery
service connects to the local mailbox database by using RPC MAPI to retrieve messages and submits messages over
SMTP to the Transport service.

EXCHANGE SERVER 2013

Figure 1-3 shows the Back-End Transport Service


Exchange Server 2013 Editions
Microsoft Exchange Server 2013 is available in two server editions: Standard Edition and Enterprise Edition.
Enterprise Edition can scale to 50 mounted databases per server in the RTM version and Cumulative Update 1
versions, and 100 mounted databases per server in Cumulative Update 2 and later versions; Standard Edition is
limited to 5 mounted databases per server. A mounted database can be an active mailbox database that is mounted
for use by clients, or a passive mailbox database that is mounted in recovery for log replication and replay.

EXCHANGE SERVER 2013

Exchange Server 2013 System Requirements


Hardware

Processor: x64 architecture based either Intel x64 or AMD64

Memory: 8GB minimum for Mailbox role, 4GB minimum for client access role. 8GB for mailbox and client
access combined, 4GB for edge transport.

Disk Space: At least 30 GB on installation drive. Additional 200 MB on system drive

Software

Operating System: Windows Server 2008 R2 SP1 or Windows Server 2012, 2012 R2

Microsoft .NET Framework 4.5 and 3.0

Windows Media Foundation

Microsoft Unified Communications Managed API 4.0 (UCMA 4.0)

Microsoft Office Filter Pack 64 Bit

Microsoft Office Filter Pack SP1 64 Bit

Windows Identity Foundation (Microsoft Knowledge Base article KB974405)

Microsoft Knowledge Base article KB2619234

Microsoft Knowledge Base article KB2533623

Internet Information Service (IIS)

EXCHANGE SERVER 2013

Installing Exchange Server 2013 (For Server 2012 R2 only)

Install all prerequisites as follows


Install Windows Media Foundation
Graphical
1. Open Server Manager
2. Select Add roles and features, Next
3. Skip Roles
4. Select feature Windows Media Foundation
5. Select install
PowerShell
install-WindowsFeature -Name Server-Media-Foundation
Download and install UCMA 4.0
Install Active Directory Administrative Tools if the server is not a domain controller
Graphical
1. Open Server Manager
2. Select Add roles and features, Next
3. Skip Roles
4. Select ADDS Tools from Remote Server Administrative Tools feature
5. Select Install
PowerShell
install-WindowsFeature -Name RSAT-ADDS
Install Internet Information Service (IIS)
Graphical
1. Open Server Manager
2. Select Add roles and features, Next
3. Select IIS(Web Server)
4. Select install

EXCHANGE SERVER 2013

PowerShell
install-WindowsFeature -Name Web-Server,Web-Dyn-Compression,Web-Basic-Auth,Web-DigestAuth,Web-ISAPI-Filter,Web-Client-Auth,Web-Http-Redirect,Web-Http-Tracing,Web-Request-Monitor,ASNET-Framework,NET-WCF-HTTP-Activation45,Web-Mgmt-Service,Web-Windows-Auth,RPC-over-HTTPproxy,Web-Lgcy-Mgmt-Console,Web-Lgcy-Scripting,Web-WMI,Web-Mgmt-Console
Install Windows Identity Foundation 3.5
Graphical
1. Open Server Manager
2. Select Add roles and features
3. Skip Roles
4. Select Windows Identity Foundation 3.5 feature
5. Select Install
PowerShell
install-WindowsFeature -Name Windows-Identity-Foundation
Install Failover Clustering Remote server administrative Tools
Graphical
1. Open Server Manager
2. Select Add roles and features
3. Skip Roles
4. Select Failover Clustering Tools from Remote Server Administrative Tools feature
5. Select Install
PowerShell
install-WindowsFeature -Name RSAT-Clustering,RSAT-Clustering-Mgmt,RSAT-ClusteringPowerShell,RSAT-Clustering-AutomationServer,RSAT-Clustering-CmdInterface

Extract exchange server 2013 setup files into a proper folder

Prepare active directory


1. Prepare schema
setup.exe /prepareschema /IacceptExchangeserverlicenseterms
2. Prepare forest
setup.exe /preparead /Organizationname:test /IacceptExchangeserverlicenseterms

EXCHANGE SERVER 2013

3. Prepare domain
setup.exe /preparedomain /IacceptExchangeserverlicenseterms

Installing Exchange Server 2013


Command Prompt
setup.exe /mode:install /roles:ca,mb,mt /IacceptExchangeserverlicenseterms
Graphical
1. Double click on setup.exe and start installation
2. Select Dont check for updates right now, Next

EXCHANGE SERVER 2013

3. Wait until file copying completes

4. Select Next from the introduction window.

EXCHANGE SERVER 2013

10

5. Accept the license agreement, Next

6. Select Dont use recommended settings, Next

EXCHANGE SERVER 2013

11

7. Select Server Roles( Mailbox Role, Client Access Roles), Next

8. Select Installation Location, Next

EXCHANGE SERVER 2013

12

9. Select Malware Protection Settings

10. Wait until Readiness Check completes

EXCHANGE SERVER 2013

13

11. Select Install

12. Open Internet Explorer and type the URL https://<exchangeserveripaddress>/ecp. Log on as
Administrator

EXCHANGE SERVER 2013

14

13. Select Servers from the list there you can see the product information

PowerShell
Open Exchange Management Shell from programs, run the following command
Get-ExchangeServer | fl Name,Edition,AdminDisplayVersion

EXCHANGE SERVER 2013

15

Migrating to Exchange Server 2013


Exchange Server 2013 supports co-existence with following previous versions of exchange server.

Exchange Server 2010 SP3

Exchange Server 2007 SP3+ Update rollup 10

There will be no co-existence support for Exchange Server 2003. If you are running Exchange 2003 and are looking to
upgrade to exchange 2013 you will need to do an interim upgrade to Exchange 2010 or 2007.

Preparing for Exchange Server 2013 Installation process


1. Upgrade all Exchange 2010/2007 servers to Service Pack 3 with required update rollup
2. Install all pre-requisites of Exchange Server 2013
3. Extract exchange server 2013 setup files into a proper folder
4. Open Command Prompt and run the following commands to prepare active directory from the installation
directory

Prepare schema
setup.exe /prepareschema /IacceptExchangeserverlicenseterms

Prepare forest
setup.exe /preparead /IacceptExchangeserverlicenseterms

Prepare domain
setup.exe /preparedomain /IacceptExchangeserverlicenseterms

5. Open Setup.exe from installation directory and proceed through installation procedure

Preparing for migration process


1. In this co-existence scenario your administrator mailbox is still housed at the Exchange server 2010 mailbox
database. So the default ECP is load from the Exchange 2010 client access server. So create a new mailbox in
Exchange 2013 mailbox database to access Exchange 2013 ECP.
2. Open Exchange PowerShell.
Check the current exchange server status
Get-ExchangeServer

EXCHANGE SERVER 2013

16

Check the user mailbox status


Get-Mailbox
3. Create a new user mailbox
New-Mailbox -Name <Name> -Database '<Exchange 2013 Database' -UserPrincipalName <UPN>
New-Mailbox -Name Admin -Database 'Mailbox Database 1083771917' -UserPrincipalName
admin@technet.com
4. Add the new user account to the following group to gain administrative privilege

Domain Admins

Schema Admins

Enterprise Admins

Organization Management

Add-ADGroupMember -Identity <Groupname> -Members <Username>


Add-ADGroupMember -Identity 'Enterprise Admins' -Members Admin
Add-ADGroupMember -Identity 'Schema Admins' -Members Admin
Add-ADGroupMember -Identity 'Domain Admins' -Members Admin
Add-ADGroupMember -Identity 'Organization Management' -Members Admin
5. Open ECP using the Exchange Server 2013 FQDN
https://<exchange2013FQDN>/ecp
6. Login as new mailbox user (e.g.: admin)
Migrating user mailbox
Migrate all or required mailbox from Exchange 2010 database to Exchange 2013 database through ECP, or
PowerShell
Graphical
1. Open ECP, recipients, mailboxes
2. Select Mailbox(e.g.: Administrator)
3. Select To another database from Move mailbox menu from the right side of the browser
4. Type New Migration Batch Name (e.g.: Move1)
5. Select Archive type
6. Select Target database from Exchange Server 2013 , Select Next
7. Select New
8. Open ECP, recipients, migration for migration status

EXCHANGE SERVER 2013

17

PowerShell
New-MoveRequest -Identity <mailbox>-TargetDatabase <TargetDB> -ArchiveTargetDatabase <TargetArchiveDB>
-BatchName <Batchname>

New-MoveRequest -Identity User100 -TargetDatabase 'Mailbox Database 1083771917' ArchiveTargetDatabase 'Mailbox Database 1083771917'-BatchName Move1
Get-MoveRequest
Moving all mailbox to Exchange 2013 database
Get-Mailbox -Database <Exchange 2010 Database>' | New-MoveRequest -TargetDatabase <Exchange 2013
Database>
Get-Mailbox -Database 'Mailbox Database 0826366855' | New-MoveRequest -TargetDatabase
'MailboxDatabase 1083771917'
Exporting Exchange Certificate
Exchange certificate for IIS, SMTP, POP, IMAP and UM can be exported from old exchange server to Exchange
2013
1. Open EMC in Exchange 2010/2007
2. Open Server Configuration
3. Right click in certificate Export Certificate
4. Type File name and Password
5. Select Export
6. Open ECP, Servers, Certificates
7. Select Import Certificate
8. Type certificate path, name and password, Select Next
9. Select Add Button(+) to add server to apply certificate (eg: Exchange 2013 Server)
10. Select Finish
11. Double click on certificate, Select services
12. Select required services (e.g.: SMTP, IIS, POP, IMAP etc.)
13. Select Save

EXCHANGE SERVER 2013

18

Moving Arbitration and Discovery mailboxes


Get-Mailbox -Arbitration | New-MoveRequest -TargetDatabase '<Exchange2013Database>
Get-Mailbox '*Discovery*' | New-MoveRequest -TargetDatabase <Exchange2013Database>
Get-Mailbox -Arbitration | New-MoveRequest -TargetDatabase 'Mailbox Database 1083771917'
Get-Mailbox '*Discovery*' | New-MoveRequest -TargetDatabase 'Mailbox Database 1083771917'
Setting Send/Receive connector
Send/Receive connector are required for proper mail flow in the exchange organization. Old send/receive
connector should be replaced with the new Exchange Server 2013 Hub transport server.
1. Open ECP, mail flow, send connectors
2. Double click on send connector
3. Select scoping
4. Select Remove button (-) to delete the old exchange source server.
5. Select Add button(+), select Exchange 2013 Server

6. Select save
7. Select Receive connectors
8. Double click on receive connector
EXCHANGE SERVER 2013

19

9. Select scoping
10. Select remove button (-) from Network adapter binding
11. Select Add Button(+)
12. Specify Exchange Server 2013 IP address
13. Select Save
14. Type Exchange Server 2013 FQDN

15. Select Save

Demoting Legacy Exchange Server


You can demote old exchange server 2007/2010 if the newly promoted Exchange Server 2013 works just
fine.
1. Deleting legacy mailbox database of 2007/2010 Exchange Server
Remove-MailboxDatabase Identity <oldDatbaseName>
Remove-MailboxDatabase Identity 'Mailbox Database 0826366855'
2. Removing Offline address book
Remove-OfflineAddressBook -Identity 'Default Offline Address Book'
3. Open Programs and Features from control panel
EXCHANGE SERVER 2013

20

4. Select Microsoft Exchange Server


5. Select Uninstall
6. Go through uninstallation process

EXCHANGE SERVER 2013

21

Enrolling Exchange Certificates


You can enrol certificates for the exchange server for encrypted communication with the clients. Certificates can be
requested from either public certificate authorities (DIGICERT, GODADDY, THAWTHE, MICROSOFT, VERISIGN etc.)
Or private certificate authority like Microsoft CA (ADCS)

Install Active Directory Certificate Service in the domain controller for issuing certificates.

Export the root CA certificate from CA to exchange server from MMC


1. Open Microsoft Management Console (MMC) from Run.
2. Select File, Add /Remove Snap-ins
3. Select Certificates from the list then Add
4. Select Computer Account, Finish then Ok
5. Open Personal store from the Certificates
6. Right click on CA certificate All Tasks then Export.
7. Select Yes Export the private key
8. Type a secured password to restrict unauthorized certificate use.
9. Type a file name and location.
10. Select OK.

Install the certificate in the exchange server


1. Double click on the exported certificate.
2. Select Local Machine.
3. Type the Password
4. Select Trusted Root Certification authority from the list
5. Select Finish

Open Exchange Control Panel (ECP) from Internet Explorer, Log on as Administrator.
1. Select Servers , Certificates from the list
2. Select New(Add button)
3. Select Create a request for a certificate from a certification authority, Next
4. Type Friendly Name.
5. Skip wild card certificate.

EXCHANGE SERVER 2013

22

6. Select the server name


7. Specify the domain name( mail.test.com)
8. Fill the organization information box (Organization, Department, Country etc.)
9. Type the network path to store the certificate request, Finish
PowerShell
New-ExchangeCertificate -GenerateRequest -Server <exchangeFQDN> -PrivateKeyExportable $true FriendlyName <name> -SubjectName <subjectparam> -DomainName <domainname> -RequestFile
<sharefoldername>
New-ExchangeCertificate -GenerateRequest -Server exch-2013-1.lab.com -PrivateKeyExportable $true FriendlyName Cert-Lab.com -SubjectName "c=In, s=Kerala, l=thrissur, ou=mail.lab.com" -DomainName
mail.lab.com -RequestFile \\200.100.100.3\root\request.txt

10. Open the certificate request file and copy every information(ctrl+A)
11. Open Internet Explorer and type http://<CAFQDN>/certsrv to open CA web interface
12. Log in as administrator
13. Select Request a Certificate, Advanced Certificate Request
14. Paste the copied information to the Saved Request text box
15. Select Certificate Template as Web Server
16. Select submit
17. Select download Certificate and download to proper location
18. Return to the ECP and complete the pending request from the certificates.
19. Type the certificate location and select OK
20. After completing the operation you can see the issued certificate with Valid status
PowerShell
Import-ExchangeCertificate -Server <exchangeFQDN> -FriendlyName <name> -FileName <certificate>
Import-ExchangeCertificate -Server exch-2013-1.lab.com -FriendlyName Cert-Lab.com -FileName
\\200.100.100.3\root\certnew.cer

EXCHANGE SERVER 2013

23

21. Double click on the certificate select Services


22. Select proper services(IIS,SMTP,POP,IMAP), Save
23. Now create a host record to resolve the client request to match certificate name (MAIL.TEST.COM)
24. Afterwards you can see the protected icon when accessing the exchange web interface.

PowerShell
Enable-ExchangeCertificate -Services <services> -Server <exchangeFQDN> -Thumbprint <digitalthumbprint>
Enable-ExchangeCertificate -Services POP,IMAP,IIS,SMTP -Server exch-2013-1.lab.com -Thumbprint
C5918F10D5A6E18172816198917BBAFF11378A98

EXCHANGE SERVER 2013

24

Mailbox Databases
A mailbox database is a unit of granularity where mailboxes are created and stored. A mailbox database is stored as
an Exchange database (.edb) file. In Microsoft Exchange Server 2013, each mailbox database has its own properties
that you can configure.
Creating Mailbox Database
Graphical
1. Open ECP(Exchange Control Panel)
2. Select Servers , databases
3. Select Add Button(+)
4. Type Mailbox Database Name(e.g.: DB1)
5. Browse Mailbox Server, OK
6. Select Save
PowerShell
New-MailboxDatabase -Name <Name> -Server <ServerFQDN> -EdbFilePath <databasePath> -LogFolderPath
<logfilePath>
New-MailboxDatabase -Name DB1 -Server Exch-Test
Mount-database -Identity <databaseName>
Mount-Database -Identity DB1

To display Exchange Mailbox Databases


Get-MailboxDatabase
Setting Mailbox Database Quota
Graphical
1. Open ECP, servers , databases
2. Double click on database
3. Select Limits
4. Type Issue a warning at (GB), Prohibit send at (GB) and Prohibit send and receive at (GB):
5. Select Save
EXCHANGE SERVER 2013

25

PowerShell
Set-MailboxDatabase -Identity <databaseName> -IssueWarningQuota <sizeinGB> -ProhibitSendQuota
<sizeinGB> -ProhibitSendReceiveQuota <sizeinGB> -DeletedItemRetention <days> -MailboxRetention <days>

Set-MailboxDatabase -Identity DB1 -IssueWarningQuota 3GB -ProhibitSendQuota 4GB


-ProhibitSendReceiveQuota 4GB -DeletedItemRetention 50 -MailboxRetention 100

Dismount Database
Graphical
1. Open ECP, servers , databases
2. Select Database, Dismount
PowerShell
Dismount-Database -Identity <databaseName>
Dismount-Database -Identity DB1

Deleting Mailbox Database


Graphical
1. Open ECP, servers , databases
2. Select Database Delete
PowerShell
Remove-MailboxDatabase -Identity <Databasename>
Remove-MailboxDatabase -Identity DB1

EXCHANGE SERVER 2013

26

User Mailbox
A mailbox thats assigned to an individual user in your Exchange organization. It is typically contains messages,
calendar items, contacts, tasks, documents, and other important business data.
Creating User Mailbox
Graphical
1. Open ECP, recipients, Mailboxes
2. Select New(Add Button)
3. Type User information (First name, Last Name, Alias, Logon Name and Password)
4. Select More Options
5. Select Mailbox Database
6. Select Save
PowerShell
New-Mailbox -Name <username> -Database <database> -Alias <alias> -UserPrincipalName <UPN> -FirstName
<firstname> -Password (Read-Host -AsSecureString "Enter Password") -Initials <initial> -LastName <lastname>
New-Mailbox -Name user2 -Database DB1 -Alias user2 -UserPrincipalName user2@test.com -Password
(Read-Host -AsSecureString "Enter Password")
Enter Password: Server123

To display Exchange mailboxes


Get-Mailbox

Enabling Mailbox Archive


Graphical
1. Open ECP, recipients, mailbox
2. Select Mailbox then select in-place archive Enable
3. Browse Mailbox database
4. Select OK

EXCHANGE SERVER 2013

27

PowerShell
Enable-Mailbox -Identity <mailbox> -ArchiveName <archivename> -ArchiveDatabase <database>
Enable-Mailbox -Identity user2 -ArchiveName user2 -ArchiveDatabase db1
Log in as user to view archive status

Disabling Mailbox Archive


Graphical
1. Open ECP, recipients, mailbox
2. Select Mailbox then select in-place archive Disable
PowerShell
Disable-Mailbox -Identity <mailbox> -Archive
Disable-Mailbox -Identity user2 -Archive

EXCHANGE SERVER 2013

28

Setting Mailbox Quota


Graphical
1. Open ECP, recipients, mailbox
2. Double click on mailbox, select Mailbox Usage, More Options
3. Select Customize the quota settings for this mailbox
4. Type Issue a warning at (GB):, Prohibit send at (GB): and Prohibit send and receive at (GB):
5. Select Save
PowerShell
Get-MailboxStatitics -Identity <mailbox>
Get-MailboxStatitics -Identity User1
Set-Mailbox -Identity <username> -UseDatabaseQuotaDefaults $false -IssueWarningQuota <warninglevel> ProhibitSendQuota <prohibitlevel>-ProhibitSendReceiveQuota <maxlevel>-UseDatabaseRetentionDefaults $false
-RetainDeletedItemsFor <retentionday>

Set-Mailbox -Identity user2 -UseDatabaseQuotaDefaults $false -IssueWarningQuota 500MB ProhibitSendQuota 600MB -ProhibitSendReceiveQuota 700MB -UseDatabaseRetentionDefaults $false RetainDeletedItemsFor 100

Mailbox Delegation
Mailbox delegation has 3 concepts
1. Send As Permission
2. Send On Behalf Of Permission
3. Full Access Permission

Send As Permission
Graphical
1. Open ECP, recipients, mailbox
2. Double click Mailbox then select Mailbox Delegation
3. Select Add Button(+) from send As , Add user mailbox, Select OK
4. Select Save

EXCHANGE SERVER 2013

29

PowerShell
Add-ADPermission -Identity <owner> -User <username> -ExtendedRights "Send as"
Add-ADPermission -Identity user2 -User user1 -ExtendedRights "Send as"

Removing permission
Remove-ADPermission -Identity <owner> -User <username> -ExtendedRights "Send as"
Remove-ADPermission -Identity user2 -User user1 -ExtendedRights "Send as"

Send On Behalf Of Permission


Graphical
1. Open ECP, recipients, mailbox
2. Double click Mailbox then select Mailbox Delegation
3. Select Add Button(+) from Send On Behalf , Add user mailbox, Select OK
4. Select Save
PowerShell
Set-Mailbox -Identity <owner> -GrantSendOnBehalfTo <user>
Set-Mailbox -Identity user2 -GrantSendOnBehalfTo user1

Removing permission
Set-Mailbox <owner> -GrantSendOnBehalfTo @{remove="<username>"}
Set-Mailbox user2 -GrantSendOnBehalfTo @{remove="user1@test.com"}

Full Access Permission


Graphical
1. Open ECP, recipients, mailbox
2. Double click Mailbox then select Mailbox Delegation
3. Select Add Button(+) from Full access , Add user mailbox, Select OK
4. Select Save
PowerShell
Add-MailboxPermission -Identity <owner> -User<user> -AccessRights FULL
Add-MailboxPermission -Identity user2 -User user1 -AccessRights FULL

EXCHANGE SERVER 2013

30

Removing permission
Remove-MailboxPermission -Identity <owner> -User<user> -AccessRights FULL
Remove-MailboxPermission -Identity user2 -User user1 -AccessRights FULL

Mail flow Settings


Mail flow settings contain delivery options, message size restrictions and message delivery restrictions.

Delivery Options contain forwarding address and recipient limit


Graphical
1. Open ECP, recipients, Mailboxes
2. Double click on Mailbox, Mailbox features
3. Select Mail flow, Delivery options
4. Select View Details
5. Select Enable forwarding, browse User mailbox
6. Select Maximum recipients
7. Select OK, Save
PowerShell
Set-Mailbox -Identity <mailboxname> -ForwardingAddress <forwardingsmtpaddress>
-DeliverToMailboxAndForward $true -RecipientLimits <maxrecipients>

Set-Mailbox -Identity user1 -ForwardingAddress user2@test.com -DeliverToMailboxAndForward $true


-RecipientLimits 100

Message size restrictions control the maximum size of messages that the recipient can send and receive.
Graphical
1. Open ECP, recipients, Mailboxes
2. Double click on Mailbox, Mailbox features
3. Select Mail flow, Message size restrictions
4. Select View Details
5. Select Send Messages Maximum message size

EXCHANGE SERVER 2013

31

6. Type message size


7. Select Receive Messages Maximum message size
8. Type message size
9. Select OK, Save
PowerShell
Set-Mailbox -Identity <mailbox> -MaxReceiveSize <size> -MaxSendSize <size>
Set-Mailbox -Identity user1 -MaxReceiveSize 100KB -MaxSendSize 100KB

Message delivery restrictions define which senders can and can't send messages to this recipient.
Graphical
1. Open ECP, recipients, Mailboxes
2. Double click on Mailbox, Mailbox features
3. Mail flow, Message delivery restrictions
4. Select View Details
5. Select mailboxes , OK
6. Select Save
PowerShell
Set-Mailbox -Identity <mailbox> -AcceptMessagesOnlyFrom <smtpaddress> RejectMessagesFromSendersOrMembers <smtpaddress>

Set-Mailbox -Identity user1 -AcceptMessagesOnlyFrom user2@test.com


-RejectMessagesFromSendersOrMembers administrator@test.com

Setting MailTip
Graphical
1. Open ECP, recipients, mailbox
2. Double click on Mailbox then select MailTip
3. Type MailTip, Select Save

EXCHANGE SERVER 2013

32

PowerShell
Set-Mailbox -Identity <mailbox> -MailTip "<mail tip sentence>"
Set-Mailbox -Identity user2 -MailTip "User2 is in IT dept"

Moving Mailbox
Move Mailbox from one database to another
Graphical
1. Open ECP, Recipients, mailboxes
2. Select Mailbox and select To another Database
3. Migration Batch Name(e.g.: New), Target Database (e.g.:DB1)
4. Recipient Email address (eg: Administrator)
5. Select New
6. Open Migration to view status
PowerShell
New-MoveRequest -Identity <mailbox>-TargetDatabase <TargetDB> -ArchiveTargetDatabase
<TargetArchiveDB> -BatchName <Batchname>
EXCHANGE SERVER 2013

33

Get-MoveRequestStatistics -Identity <mailbox>


Remove-MoveRequest -Identity <mailbox>

New-MoveRequest -Identity user1 -TargetDatabase db1 -ArchiveTargetDatabase db1 -BatchName New


Get-MoveRequestStatistics -Identity user1
Remove-MoveRequest -Identity user1

EXCHANGE SERVER 2013

34

Distribution Group
A distribution group is a mail-enabled Active Directory distribution group object that can be used only to distribute
messages to a group of recipients.
Creating a distribution group
Graphical
1. Open ECP, Recipients, Groups
2. Select Add Button(New)
3. Type Display Name(Name: grp1), Alias(E.g.: grp1)
4. Add Members
5. Select Save
PowerShell
New-DistributionGroup -Name <groupname> -Alias <alias> -Members <mailboxlist> -ModeratedBy
<moderatorname> -ModerationEnabled $true -MemberJoinRestriction approvalrequired
New-DistributionGroup -Name grp3 -Alias grp3 -Members user1,user2 -ModeratedBy
ModerationEnabled $true -MemberJoinRestriction approvalrequired

Display Distribution Group


Get-DistributionGroup

Removing Distribution Group


Remove-DistributionGroup -Identity <groupname>
Remove-DistributionGroup -Identity grp3

EXCHANGE SERVER 2013

administrator -

35

Dynamic Distribution Group


A distribution group that uses recipient filters and conditions to derive its membership at the time messages are
sent.
Creating a Dynamic Distribution Group
Graphical
1. Open ECP, Recipients, Groups
2. Select Add Button(New), Dynamic Distribution Group
3. Type Display Name(Name: grp2), Alias(Eg: grp2)
4. Select All Recipient Types
5. Select add a rule
6. Select Department (IT)
7. Select Save
PowerShell
New-DynamicDistributionGroup -Name <groupname> -Alias <alias> -IncludedRecipients allrecipients
-ModeratedBy

administrator -ModerationEnabled $true

New-DynamicDistributionGroup -Name grp4 -Alias grp4 -ConditionalDepartment IT -IncludedRecipients


allrecipients -ModeratedBy administrator -ModerationEnabled $true

Display Dynamic Distribution Group


Get-DynamicDistributionGroup

Removing Dynamic distribution Group


Remove-DynamicdistributionGroup -Identity <groupname>
Remove-DynamicdistributionGroup -Identity grp3

EXCHANGE SERVER 2013

36

Resource Mailbox
There are two types of resource mailbox

Room Mailbox: A resource mailbox thats assigned to a meeting location, such as a conference room,
auditorium, or training room, Room mailboxes can be included as resources in meeting requests, providing a
simple and efficient way of organizing meetings for your users.

Equipment Mailbox: A resource mailbox thats assigned to a resource thats not a location-specific, such as a
portable computer, projector, microphone, or a company car. Equipment mailboxes can be included as
resources in meeting requests, providing a simple and efficient way if using resources for your assets.

Creating resource mailbox (Room Mailbox)


Graphical
1. From ECP, Recipients, Resources
2. Select Add Button(New), Room Mailbox(Equipment mailbox)
3. Type Room Name (e.g.: Room1), Email Address (e.g.: Room1) , Location, Phone Number, Capacity etc.
4. Select Booking Requests : Select delegates who can accept or decline booking requests
5. Add Delegate (e.g.: Administrator)
6. Select Save
PowerShell
New-Mailbox -Room -Name <roomname> -Alias <alias> -Database <mailboxdatabase> -ResourceCapacity
<capacity> -Phone <phonenumber>
New-Mailbox -Room -Name Room1 -Alias Room1 -Database db1 -ResourceCapacity 100 -Phone 911
Set-CalendarProcessing -Identity <roomname> -ResourceDelegates <delegatemailbox> TentativePendingApproval $true
Set-CalendarProcessing -Identity Room1 -ResourceDelegates administrator -TentativePendingApproval $true

EXCHANGE SERVER 2013

37

Mail Contact
A mail-enabled Active Directory contact that contains information about people or organizations that exist outside
the Exchange organization. Each mail contact has an external email address. All messages sent to the mail contact
are routed to this external email address.
Creating Mail Contact
Graphical
1. Open ECP, Recipients, Contacts
2. Select Add Button(New), Mail Contact
3. Type First Name, Last Name, Alias, Name, External email Address etc
4. Select Save
PowerShell
New-MailContact -Name <conatctname> -FirstName <fn> -LastName <ln> -Alias
ExternalEmailAddress <email>

<alias> -

New-MailContact -Name mike.john -FirstName mike -LastName john -Alias mike.john -ExternalEmailAddress
mike.john@lab.com

Display Mail Contact


Get-MailContact

Removing Mail Contact


Remove-MailContact -Identity <contactname>
Remove-MailContact -Identity mike.john

EXCHANGE SERVER 2013

38

Shared Mailbox
A mailbox thats not primarily associated with a single user and is generally configured to allow access for multiple
users.
Creating Shared Mailbox
Graphical
1. Open ECP, Recipients, Shared
2. Select Add Button(New)
3. Type Display Name (e.g.: Share1), Email Address (e.g.: Share1@test.com)
4. Select Full Access delegation mailbox, Send As Delegation mailbox
5. Select Save
PowerShell
New-Mailbox -Shared -Name <mailboxname> -DisplayName<displayname> -Alias <alias> -Database
<mailboxdatabse>
Add-ADPermission -Identity <sharemailbox> -User <delegate> -ExtendedRights "send as"
Add-MailboxPermission -Identity <sharemailbox> -User <delegate> -AccessRights FULL
New-Mailbox -Shared -Name share2 -DisplayName Share2 -Alias share2 -Database db1
Add-ADPermission -Identity share2 -User admin -ExtendedRights "send as"
Add-MailboxPermission -Identity share2 -User administrator -AccessRights FULL

EXCHANGE SERVER 2013

39

Address List
An address list is a subset of a GAL. Each address list is a collection of one or more types of mail-enabled recipients
like users, contacts, groups etc. You can use address lists to organize recipients and resources, making it easier to
users to find the recipients and resources they need.
Creating Address List
Graphical
1. Open ECP, Organization , address lists
2. Select Add Button(New)
3. Address List Name(e.g.: IT-Staff)
4. Recipients to include(e.g.: All Recipients Types)
5. Select Add a rule
6. Select Department as IT
7. Select Save
8. Select address list and Update

EXCHANGE SERVER 2013

40

PowerShell
New-AddressList -Name <name> -ConditionalDepartment <name> -IncludedRecipients All
Update-AddressList -Identity <name>
New-AddressList -Name IT-Staff -ConditionalDepartment IT -IncludedRecipients All
Update-AddressList -Identity IT-Staff

Display all address lists


Get-AddressList

Removing Address List


Remove-AddressList -Identity <name>
Remove-AddressList -Identity IT-Staff

EXCHANGE SERVER 2013

41

Mail User
Mail users are similar to mail contacts. Both have external email addresses and both contain information
about people outside your Exchange or Exchange Online organization that can be displayed in the shared address
book and other address lists. However, unlike a mail contact, a mail user has logon credentials in your Exchange or
Office 365 organization and can access resources.
Creating Mail User
Graphical
1. Open ECP, recipients, contacts
2. Select Add Button(New), Mail User
3. Type Alias(e.g.: jsmith), External email address(e.g.: jsmith@hotmail.com)
4. Select New User
5. Type First Name(e.g.: john), Last Name(e.g.: smith), Display name(e.g.: john smith)
6. Type Logon Name(e.g.: jsmith)
7. Type Password
8. Select Save
PowerShell
New-MailUser -Name <Name> -Alias <Alias> -FirstName <fname> -ExternalEmailAddress <email address> UserPrincipalName <upn> -Password (ConvertTo-SecureString -String '<password>' -AsPlainText -Force)
New-MailUser -Name "John smith" -Alias jsmith -FirstName john -ExternalEmailAddress jsmith@lab.com UserPrincipalName jsmith@intel.com -Password (ConvertTo-SecureString -String 'Server123' -AsPlainText Force)

Display Mail Users


Get-MailUser

Removing Mail User


Remove-MailUser -Identity <name>
Remove-MailUser -Identity 'john smith'

EXCHANGE SERVER 2013

42

Exchange Management Permissions


Microsoft Exchange Server 2013 includes a large set of predefined permissions, based on the Role Based
Access Control (RBAC) permissions model, which you can use right away to easily grant permissions to your
administrators and users. You can use the permissions features in Exchange 2013 so that you can get your new
organization up and running quickly.
Role-based permissions
In Exchange 2013, the permissions that you grant to administrators and users are based on management
roles. A role defines the set of tasks that an administrator or user can perform. For example, a management role
called Mail Recipients defines the tasks that someone can perform on a set of mailboxes, contacts, and distribution
groups. When a role is assigned to an administrator or user, that person is granted the permissions provided by the
role.
There are two types of roles, administrative roles and end-user roles:

Administrative roles These roles contain permissions that can be assigned to administrators or specialist users
using role groups that manage a part of the Exchange organization, such as recipients, servers, or databases.

Creating Administrative role


Graphical
1. Open ECP, permissions, admin roles
2. Select Add Button(New)
3. Type role Name (e.g.: Role1)
4. Select Roles (e.g.: Mail Recipient Creation)
5. Select Members (e.g.: jsmith)
6. Select Save
PowerShell
New-ManagementRole -Name <rolename> -Parent <parentrole>
New-ManagementRole -Name Role1 -Parent 'Mail Recipient Creation'
New-ManagementRoleAssignment -Name <name> -Role <rolename> -User <user>
New-ManagementRoleAssignment -Name Role1 -Role Role1 -User jsmith
OR
New-RoleGroup -Name <rolename> -Members <user> -Roles <parentrole>
New-RoleGroup -Name Role1 -Members jsmith -Roles 'Mail Recipient Creation'
To list management roles
Get-ManagementRole

EXCHANGE SERVER 2013

43

Removing Management roles


Remove-ManagementRoleAssignment -Identity <rolename>
Remove-ManagementRoleAssignment -Identity role1
Remove-ManagementRole -Identity <rolename>
Remove-ManagementRole -Identity Role1
OR
Remove-RoleGroup -Identity <rolename>
Remove-RoleGroup -Identity Role1

End-user roles These roles, assigned using role assignment policies, enable users to manage aspects of their
own mailbox and distribution groups that they own. End-user roles begin with the prefix My.

Creating End-User role


Graphical
1. Open ECP, permissions, user roles
2. Select Add Button(New)
3. Type role Name (e.g.: User-Role)
4. Select Roles (e.g.: MyContactInformation, MyProfileInformation, MyBaseOptions)
5. Select Save
6. Select Recipients, Mailboxes
7. Double click on mailbox
8. Select Mailbox Features from the list
9. Select Role Assignment Policy (e.g.: User-Role)
10. Select Save
PowerShell
New-RoleAssignmentPolicy -Name <rolename> -Roles <roles>
New-RoleAssignmentPolicy -Name User-role Roles MyContactInformation,MyBaseOptions,
MyProfileInformation

Setting user role


Set-Mailbox -Identity <username> -RoleAssignmentPolicy <rolename>
Set-Mailbox -Identity User1 -RoleAssignmentPolicy User-role

EXCHANGE SERVER 2013

44

How to check
1. Login to OWA as user
2. Select Options from Settings

3. Select Edit Information, there you can edit the information

Removing user role


Remove-RoleAssignmentPolicy -Identity <rolename>
Remove-RoleAssignmentPolicy -Identity user-role

EXCHANGE SERVER 2013

45

Outlook Web App Policy


Use Microsoft Outlook Web App mailbox policies to create organization-level policies to manage access to
features in Outlook Web App.
In Exchange 2013, you can create multiple Outlook Web App mailbox policies and apply them to individual
mailboxes. When an Outlook Web App mailbox policy is applied to a mailbox, it will override the settings of the
virtual directory.
Outlook Web App features can also be managed by configuring the Outlook Web App virtual directories. Virtual
directory settings will be used for any mailbox that a mailbox policy hasnt been applied to.
Creating Outlook web app policy
Graphical
1. Open ECP, permissions, Outlook Web App Policies
2. Select Add Button(New)
3. Type Policy Name (e.g.: Owa-Pol1)
4. Select appropriate features
5. Select Save
6. Select Recipients, Mailboxes
7. Double click on mailbox
8. Select Mailbox features
9. Select View Details from Email Connectivity
10. Select Browse for web app policies
11. Select policy OK
12. Select Save twice
PowerShell
New-OwaMailboxPolicy -Name <policyname>
New-OwaMailboxPolicy -Name owa-pol1
Set-OwaMailboxPolicy -Identity <policyname> <switchparam>
Set-OwaMailboxPolicy -Identity owa-pol1 -CalendarEnabled $false -ThemeSelectionEnabled $false

EXCHANGE SERVER 2013

46

Setting web app policy


Set-CASMailbox -Identity <username> -OwaMailboxPolicy <policyname>
Set-CASMailbox -Identity User1 -OwaMailboxPolicy owa-pol1
List policy features
Get-OwaMailboxPolicy -Identity <policyname>
Get-OwaMailboxPolicy -Identity owa-pol1
Removing web app policy
Remove-OwaMailboxPolicy -Identity <policyname>
Remove-OwaMailboxPolicy -Identity owa-pol1

EXCHANGE SERVER 2013

47

Messaging Records Management


Users send and receive email every day. If left unmanaged, the volume of email generated and received each
day can inundate users, impact user productivity, and expose your organization to risks. As a result, email lifecycle
management is a critical component for most organizations.
Messaging records management (MRM) is the records management technology in Microsoft Exchange Server 2013
that helps organizations manage email lifecycle and reduce the legal risks associated with email.
In Exchange 2013 (and also in Exchange 2010), MRM is accomplished through the use of retention tags and retention
policies. Retention tags are used to apply retention settings to an entire mailbox and default mailbox folders such as
Inbox and Deleted Items. You can also create and deploy retention tags that Outlook 2010 and later and Outlook
Web App users can use to apply to folders or individual messages. After theyre created, you add retention tags to a
retention policy and then apply the policy to users. The Managed Folder Assistant, a mailbox assistant that runs on
Exchange 2013 Mailbox servers, processes mailboxes and applies retention settings in the users retention policy.
Retention tags
As illustrated in the preceding figure, retention tags are used to apply retention settings to folders and
individual items such as e-mail messages and voice mail. These settings specify how long a message remains in a
mailbox and the action to be taken when the message reaches the specified retention age. When a message reaches
its retention age, it's moved to the users In-Place Archive or deleted.
Types of retention tags
There are three types of retention tags:

Default policy tags DPTs apply to untagged mailbox items in the entire mailbox. Untagged items are mailbox
items that don't already have a retention tag applied, either by inheritance from the folder in which they're
located or by the user.
Retention policy tags RPTs apply retention settings to default folders such as the Inbox, Deleted Items, and
Sent Items. Mailbox items in a default folder that have an RPT applied inherit the folder's tag. Users can't apply
or change an RPT applied to a default folder, but they can apply a different tag to the items in a default folder
(e.g. Inbox, Sent Items, Outbox, Drafts etc.).
Personal tags Personal tags are available to Outlook 2010 and Outlook Web App users as part of their retention
policy. Users can apply personal tags to folders they create or to individual items, even if those items already
have a different tag applied

Retention actions

Move to Archive This action moves a message to the user's archive mailbox. Tags that have this action applied
are known as archive tags. Messages are moved to a folder in the archive mailbox that has the same name as the
source folder in the user's primary mailbox. This allows users to easily locate messages in their archive mailbox.
The Move to Archive action is available only for DPTs and personal tags. You can't create an RPT with the Move
to Archive action. If the mailbox user doesn't have an archive mailbox, no action is taken.

Delete and Allow Recovery This action emulates the behavior when the Deleted Items folder is emptied. Tags
that have this action applied are known as deletion tags. When this action occurs, and deleted item retention is
configured for the mailbox database or the user, messages move to the Recoverable Items folder. The
Recoverable Items folder (previously known as the dumpster) provides the user another chance to recover
deleted messages. To do so, the user would access the Recover Deleted Items dialog box in Outlook 2010 or
Outlook Web App.

EXCHANGE SERVER 2013

48

Permanently Delete This action permanently deletes a message. Like tags with the Delete and Allow Recovery
action, tags that have this action applied are known as deletion tags. When this action is applied to a message,
it's purged from the mailbox. This action is like a deleted message being removed from the Recoverable Items
folder. After this happens, the user can no longer recover the message.

Mark as Past Retention Limit This action isn't available in the Exchange Administration Center (EAC); you must
use the Shell. This action marks a message as expired after it reaches its retention age. In Outlook 2010 or later,
and Outlook Web App, expired items are displayed with the notification stating 'This item has expired' and 'This
item will expire in 0 days'. In Outlook 2007, items marked as expired are displayed by using strikethrough text.

Retention policies
To apply one or more retention tags to a mailbox, you must add them to a retention policy and then apply
the policy to mailboxes. A mailbox can't have more than one retention policy. Retention tags can be linked to or
unlinked from a retention policy at any time, and the changes automatically take effect for all mailboxes that have
the policy applied.

EXCHANGE SERVER 2013

49

Creating Retention tag and policy


Graphical
1. Open ECP, Compliance management, retention tags
2. Select Add Button(New), applied automatically to entire mailbox (default)
3. Type a tag Name (e.g.: Tag1)
4. Select Retention action(e.g.: Delete and allow recovery)
5. Type a Retention period in days (e.g.: 10)
6. Select Save
7. Select retention policies
8. Type a Policy name(e.g.: policy1)
9. Select Retention tags(e.g.: tag1)
10. Select Save
11. Select Recipients , Mailboxes
12. Double click on mailbox
13. Select Mailbox features
14. Select a retention policy(e.g.: policy1)
15. Select Save
PowerShell
Get-RetentionPolicyTag | format-table name,type
Get-RetentionPolicy | Format-Table Name,RetentionPolicyTagLinks

New-RetentionPolicyTag Name <tagname> AgeLimitForRetention <days> Type < Calendar | Contacts |


DeletedItems | Drafts | Inbox | JunkEmail | Journal | Notes | Outbox | SentItems | Tasks | All |
ManagedCustomFolder | RssSubscriptions | SyncIssues | ConversationHistory | Personal | RecoverableItems |
NonIpmRoot | LegacyArchiveJournals> RetentionAction < MoveToDeletedItems | MoveToFolder |
DeleteAndAllowRecovery | PermanentlyDelete | MarkAsPastRetentionLimit | MoveToArchive>
New-RetentionPolicyTag Name Tag1 AgeLimitForRetention 10 Type All RetentionAction
deleteandallowrecovery

EXCHANGE SERVER 2013

50

Creating Retention policy


New-RetentionPolicy Name <policyname> RetentionPolicyTagLinks <tagname>
New-RetentionPolicy Name policy1 RetentionPolicyTagLinks Tag1
Setting on user mailbox
Set-Mailbox Identity <username> RetentionPolicy <retentionpolicy>
Set-Mailbox Identity user1 RetentionPolicy Policy1
Removing Retention Policy
Remove-RetentionPolicy -Identity <policyname>
Remove-RetentionPolicy -Identity policy1
Removing Retention policy tag
Remove-RetentionPolicyTag -Identity <tagname>
Remove-RetentionPolicyTag -Identity Tag1

EXCHANGE SERVER 2013

51

Journaling
Journaling can help your organization respond to legal, regulatory, and organizational compliance
requirements by recording inbound and outbound email communications.
Journaling is the ability to record all communications, including email communications, in an organization for use in
the organization's email retention or archival strategy. To meet an increasing number of regulatory and compliance
requirements, many organizations must maintain records of communications that occur when employees perform
daily business tasks.
Journal rules
The following are key aspects of journal rules:

Journal rule scope Defines which messages are journaled by the Journaling agent.
Journal recipient Specifies the SMTP address of the recipient you want to journal.
Journaling mailbox Specifies one or more mailboxes used for collecting journal reports.

Journal rule scope


You can use a journal rule to journal only internal messages, only external messages, or both. The following list
describes these scopes:

Internal messages only Journal rules with the scope set to journal internal messages sent between the
recipients inside your Exchange organization.
External messages only Journal rules with the scope set to journal external messages sent to recipients or
received from senders outside your Exchange organization.
All messages Journal rules with the scope set to journal all messages that pass through your organization
regardless of origin or destination. These include messages that may have already been processed by journal
rules in the Internal and External scopes.

Creating Journal rule


Graphical
1. Open ECP, Compliance management, journal rules
2. Select Add Button(New)
3. Type recipient email address (Send journal reports to) e.g.: administrator@lab.com
4. Type rule name( e.g.: journal1)
5. Type If the message is sent to or received from... (e.g.: User1@lab.com)
6. Select Journal the following messages... (e.g.: All Messages)
7. Select save

EXCHANGE SERVER 2013

52

PowerShell
New-Journalrule Name

<journalname>

JournalEmailAddress

<journalreportaddress>

Recipient

<recipientaddress> Scope < Internal | External | Global> -Enabled $true


New-Journalrule Name Journal1 JournalEmailAddress administrator@lab.com Recipient user1@lab.com
Scope Global -Enabled $true
Displaying Journal rules
Get-JournalRule
Removing Journal rule
Remove- JournalRule Identity <journalname>
Remove- JournalRule Identity Journal1

EXCHANGE SERVER 2013

53

Email Address Policy


Recipients (which include users, resources, contacts, and groups) are any mail-enabled object in Active
Directory to which Microsoft Exchange can deliver or route messages. For a recipient to send or receive email
messages, the recipient must have an email address. Email address policies generate the primary and secondary
email addresses for your recipients so they can receive and send email.
By default, Exchange contains an email address policy for every mail-enabled user. This default policy specifies the
recipient's alias as the local part of the email address and uses the default accepted domain. The local part of an
email address is the name that appears before the at sign (@). However, you can change how your recipients' email
addresses will display. For example, you can specify that the addresses display as firstname.lastname@contoso.com.
Creating Email address policy
Graphical
1. Open ECP, mailflow, email address policies
2. Select Add Button(New)
3. Type a Policy Name (e.g.: Policy1)
4. Select an Email address format (e.g.:john.smith = firstname.lastname)
5. Select Save
6. Select recipient type(e.g.: All recipient type)
7. Select add a rule for advanced filtering
8. Select Save
9. Select policy and Apply
PowerShell
New-EmailAddressPolicy -Name <policyname> -IncludedRecipients < None | MailboxUsers | Resources |
MailContacts | MailGroups | MailUsers | AllRecipients> -EnabledEmailAddressTemplates "<template>"
New-EmailAddressPolicy -Name Policy1 -IncludedRecipients Allrecipients -EnabledEmailAddressTemplates
"SMTP:%g.%s@lab.com"
Templates
Variable Value
%g

Given name (first name)

%i

Middle initial

%s

Surname (last name)

%d

Display name

%m

Exchange alias

%xs

Uses the first x letters of the surname. For example, if x = 2, the first two letters of the surname are
used.

%xg

Uses the first x letters of the given name. For example, if x = 2, the first two letters of the given
name are used.

EXCHANGE SERVER 2013

54

Updating Email address policy


Update-EmailAddressPolicy -Identity <policyname>
Update-EmailAddressPolicy -Identity Policy1
Displaying Email address policy
Get-EmailAddressPolicy
Removing email address policy
Remove-EmailAddressPolicy Identity <policyname>
Remove-EmailAddressPolicy -Identity Policy1

EXCHANGE SERVER 2013

55

Transport Rule
Using transport rules, you can look for specific conditions in messages that pass through your
organization and take action on them. Transport rules let you apply messaging policies to email messages, secure
messages, protect messaging systems, and prevent information leakage.
Many organizations today are required by law, regulatory requirements, or company policies to apply messaging
policies that limit the interaction between recipients and senders, both inside and outside the organization. In
addition to limiting interactions among individuals, departmental groups inside the organization, and entities outside
the organization, some organizations are also subject to the following messaging policy requirements:

Preventing inappropriate content from entering or leaving the organization


Filtering confidential organization information
Tracking or archiving copying messages that are sent to or received from specific individuals
Redirecting inbound and outbound messages for inspection before delivery
Applying disclaimers to messages as they pass through the organization

Transport rule components


Transport rules consist of the following components:

Conditions Use transport rule conditions to specify the characteristics of messages to which you want to apply
a Transport rule action. Conditions specify the parts of a message that should be examined. Some conditions
examine message fields or headers, such as the To, From, or Cc fields. Other conditions examine message
characteristics such as message subject, body, attachments, message size, and message classification. Most
conditions require that you specify a comparison operator, such as equals, doesn't equal, or contains, and a
value to match.
Exceptions Exceptions are based on the same characteristics used to build transport rule conditions. However,
unlike conditions, exceptions identify messages to which Transport rule actions shouldn't be applied. Exceptions
override conditions and prevent actions from being applied to an email message, even if the message matches
all configured conditions.
Actions Actions are applied to messages that match the conditions and don't match any exceptions defined in
the transport rule. Transport rules have many actions available, such as rejecting, deleting, or redirecting
messages, adding additional recipients, adding prefixes in the message subject, or inserting disclaimers in the
message body.

Creating Transport rule


Graphical
1.
2.
3.
4.
5.
6.
7.

Open ECP, mail flow, rules


Select Add Button(New) , Create a new rule
Type a Rule Name(e.g.: rule1)
Select Apply this rule if. (e.g.: The sender is)
Select Sender address( e.g.: user1@lab.com), OK
Select Do the following (e.g.: Reject the message with the explanation)
Type Rejection reason

EXCHANGE SERVER 2013

56

8. Select More Options for advanced filtering


9. Select Save
PowerShell

Example 1: Reject the message sent between two mailbox (user1 and user2) with proper reason
New-TransportRule -Name Rule1 -FromAddressMatchesPatterns User1@lab.com
-RecipientAddressMatchesPatterns user2@lab.com -RejectMessageReasonText "Messaging Restricted"

Example 2: Delete the message sent between two mailbox (user1 and user2)
New-TransportRule -Name Rule1 -FromAddressMatchesPatterns User1@lab.com
-RecipientAddressMatchesPatterns user2@lab.com -DeleteMessage $true

Example 3: Redirect the message(to administrator) sent between two mailbox (user1 and user2)
New-TransportRule -Name Rule1 -FromAddressMatchesPatterns User1@lab.com RecipientAddressMatchesPatterns user2@lab.com -RedirectMessageTo administrator@lab.com

Example 4: Reject the message that has size over 2MB


New-TransportRule -Name Rule1 -AttachmentSizeOver 2MB -RejectMessageReasonText "size limit 2mb"

Example 5: Redirect message for approval send from user1 to user 2


New-TransportRule -Name Rule1 -FromAddressMatchesPatterns User1@lab.com -RecipientAddressMatche
sPatterns user2@lab.com -ModerateMessageByUser administrator@lab.com

Displaying Transport rules


Get-TransportRule
Removing transport rule
Remove-TransportRule -Identity <rulename>
Remove-TransportRule -Identity rule1

EXCHANGE SERVER 2013

57

Delivery Report
Delivery Reports is a message tracking tool in the Exchange Administration Center (EAC) that you can use to
search for delivery status on email messages sent to or from users in your organization's address book, with a certain
subject. You can track delivery information about messages sent by or received from any specific mailbox in your
organization. The content of the message body isn't returned in a delivery report, but the subject line is displayed in
the results. You can track messages for up to 14 days after they were sent or received.
Graphical
1. Open ECP, mail flow, delivery reports
2. Select Browse in Mailbox to search (e.g.: User1)
3. Select either Search for messages sent to: or Search for messages received from: (e.g.: Search for messages
sent to: User2)
4. Type Subject line for advanced search
5. Select Search

EXCHANGE SERVER 2013

58

Accepted Domains
An accepted domain is any SMTP namespace for which a Microsoft Exchange Server 2013 organization sends
or receives email. Accepted domains include those domains for which the Exchange organization is authoritative. An
Exchange organization is authoritative when it handles mail delivery for recipients in the accepted domain. Accepted
domains also include domains for which the Exchange organization receives mail and then relays it to an email server
that's outside the organization for delivery to the recipient.
Creating accepted domain
Graphical
1. Open ECP, mail flow, accepted domains
2. Select Add Button(new)
3. Type a name (e.g.:dom1)
4. Type an accepted domain name(e.g.: lab.com)
5. Select accepeted domain type (e.g.: External Relay Domain)
6. Select Save
PowerShell
New-AcceptedDomain -DomainName <smtpdomainname> -Name <name> -DomainType Authoritative |
ExternalRelay | InternalRelay
New-AcceptedDomain -DomainName lab.com -Name domain1 -DomainType externalrelay

Displaying Accepted domain


Get-AcceptedDomain

Removing Accepted domain


Remove-AcceptedDomain -Identity <name>
Remove-AcceptedDomain -Identity domain1

EXCHANGE SERVER 2013

59

Public Folders
Public folders are designed for shared access and provide an easy and effective way to collect, organize, and
share information with other people in your workgroup or organization. Public folders help organize content in a
deep hierarchy thats easy to browse. Users will see the full hierarchy in Outlook, which makes it easy for them to
browse for the content theyre interested in.
Public folders can also be used as an archiving method for distribution groups. When you mail-enable a public folder
and add it as a member of the distribution group, email sent to the group is automatically added to the public folder
for later reference.
Public folder architecture
In Exchange 2013, public folders were re-engineered using mailbox infrastructure to take advantage of the existing
high availability and storage technologies of the mailbox database. Public folder architecture uses specially designed
mailboxes to store both the public folder hierarchy and the content. This also means that theres no longer a public
folder database. High availability for the public folder mailboxes is provided by a database availability group (DAG).
The main architectural components of public folders are the public folder mailboxes, which can reside in one or
more mailbox databases.
Public folder mailboxes
There are two types of public folder mailboxes: the primary hierarchy mailbox and secondary hierarchy mailboxes.
Both types of mailboxes can contain content:

Primary hierarchy mailbox The primary hierarchy mailbox is the one writable copy of the public folder
hierarchy. The public folder hierarchy is copied to all other public folder mailboxes, but these will be read-only
copies.
Secondary hierarchy mailboxes Secondary hierarchy mailboxes contain public folder content as well and a
read-only copy of the public folder hierarchy.

Creating public folder mailboxes


Graphical
1. Open ECP, public folders, public folder mailboxes
2. Select Add Button(New)
3. Type a mailbox name( eg: pubmail1)
4. Select Organizational unit and Mailbox database optionally
5. Select Save

EXCHANGE SERVER 2013

60

PowerShell
New-Mailbox -PublicFolder -Name <mailboxname> -Database <mailboxdatabase>
New-Mailbox -PublicFolder -Name pubmail1 -Database db1
Displaying Public folder
Get-PublicFolderStatistics
Creating public folder
Graphical
1. Open ECP, public folders, public folder
2. Select Add Button(New)
3. Type a Public folder name (e.g: public1)
4. Select Save
PowerShell
New-PublicFolder -Name <publicfoldername>
New-PublicFolder -Name public1
Removing public folder
Remove-PublicFolder -Identity <publicfoldername>
Remove-PublicFolder -Identity \public1
Removing public folder mailbox
Remove-Mailbox -Identity <publicfoldermailbox> PublicFolder
Remove-Mailbox -Identity pubmail1 PublicFolder

EXCHANGE SERVER 2013

61

Connectors
Connectors are used to control inbound and outbound mail flow in Microsoft Exchange Server 2013. With
connectors, you can route mail to and receive mail from recipients outside of your organization, a partner through a
secure channel, or a message-processing appliance.
The most commonly used connector types are Send connectors, which control outbound messages, and Receive
connectors, which control inbound messages.

Send Connector
In Microsoft Exchange Server 2013, a Send connector controls the flow of outbound messages to the
receiving server. They are configured on Mailbox servers running the Transport service. Most commonly, you
configure a Send connector to send outbound email messages to a smart host or directly to their recipient, using
DNS.
Exchange 2013 Mailbox servers running the Transport service require Send connectors to deliver messages to
the next hop on the way to their destination. Send connectors that are created on Mailbox servers are stored in
Active Directory and are available to all Mailbox servers running the Transport service in the organization.

Receive Connector
Receive connectors control the flow of inbound messages to your Exchange organization. They are
configured on computers running Microsoft Exchange Server 2013 with the Transport service, or in the Front End
service on a Client Access server. They can be created in the Exchange Administration Center (EAC), or in the
Exchange Management Shell.
By default, the Receive connectors that are required for internal mail flow are automatically created when a
Client Access server or Mailbox server is installed.
Exchange 2013 servers running the Transport service require Receive connectors to receive messages from the
Internet, from email clients, and from other email servers. A Receive connector controls inbound connections to
the Exchange organization.

Creating Send connector


Graphical
1. Open ECP, mail flow, send connectors
2. Select Add Button(New)
3. Type a Connector Name (e.g.: connector1)
4. Select a Connector type (e.g.: Internet (For example, to send internet mail)), Next
5. Select a Network Settings (e.g.: Route mail through smart hosts)
6. Select Add Button

EXCHANGE SERVER 2013

62

7. Type remote smart host IP Address or FQDN (e.g: 192.168.1.90), Select Save
8. Select Next
9. Select smart host authentication(e.g.: None), Select Next
10. Specify the address space or spaces to which this connector will route mail.(e.g.: lab.com), Select Next
11. Select Source Server
12. Select Finish
PowerShell
New-SendConnector -AddressSpaces <remoteaddressspace> -name <connectorname> -Internet SmartHostAuthMechanism < None | BasicAuth | BasicAuthRequireTLS | ExchangeServer |
ExternalAuthoritative> -SmartHosts <ipaddress/fqdn> -SourceIPAddress <sourceaddress>
New-SendConnector -AddressSpaces Lab.com -name connector1 -Internet -SmartHostAuthMechanism None SmartHosts 192.168.1.90 -SourceIPAddress 192.168.1.81
Creating receive connector
Graphical
1. Open ECP, mail flow, receive connectors
2. Select Add Button(New)
3. Type a Connector Name (e.g.: connector1)
4. Select Role (e.g.: Hub Transport or Frontend Transport)
5. Select a Connector Type (e.g.: Internet (For example, to receive internet mail))
6. Select Next
7. Specify the IP addresses and port of the network adapter to bind to the receive connector , Select Add
Button
8. Select Specify an Ipv4 or Ipv6 address (e.g.: 192.168.1.81), Select Save
9. Select Finish
Note: If you are not using any authentication method do the following
1. Double click on Receive connector
2. Select Security
3. Uncheck all authentication method

EXCHANGE SERVER 2013

63

4. Select Save
PowerShell
New-ReceiveConnector -Usage < Custom | Internet | Internal | Client | Partner> -Name <connectorname>
-Bindings <ipaddress:port> -AuthMechanism < None | Tls | Integrated | BasicAuth | BasicAuthRequireTLS
| ExchangeServer | ExternalAuthoritative>

New-ReceiveConnector -Usage Internet -Name Receive1 -Bindings 192.168.1.81:25 AuthMechanism None


Removing Send connector
Remove-SendConnector -Identity <connectorname>
Remove-SendConnector -Identity connector1
Removing Receive connector
Remove-ReceiveConnector -Identity <connectorname>
Remove-ReceiveConnector -Identity Receive1

EXCHANGE SERVER 2013

64

Offline Address Book


An offline address book (OAB) is a copy of an address list collection thats been downloaded so a Microsoft
Outlook user can access the address book while disconnected from the server. Microsoft Exchange generates the
new OAB files and then compresses the files and places them on a local share. You can decide which address lists are
made available to users who work offline, and you can also configure the method by which the address books are
distributed (web-based distribution or public folder distribution).
Exchange 2013 does not has graphical tool for managing OAB. So you need exchange management shell to
manage OAB in your exchange organization.

Creating an Offline address book


PowerShell
New-OfflineAddressBook -Name <name> -AddressLists <addresslist> -VirtualDirectories <directoryname>
-IsDefault $true
New-OfflineAddressBook -Name OAB1 -AddressLists '\Default Global Address List' -VirtualDirectories
'DC100\OAB (Default Web Site)' -IsDefault $true

Force updating offline address book


Update-OfflineAddressBook -Identity <name>
Update-OfflineAddressBook -Identity OAB1
Setting polling interval
Set-OabVirtualDirectory -PollInterval <minutes> -Identity <directory>
Set-OabVirtualDirectory -PollInterval 1 -Identity 'OAB (Default Web Site)'
Restarting Mailbox Assistance service
Restart-Service -Name MSExchangeMailboxAssistants
Displaying Offline address book
Get-OfflineAddressBook
Removing offline address book
Remove-OfflineAddressBook -Identity <name>
Remove-OfflineAddressBook -Identity oab1

EXCHANGE SERVER 2013

65

Downloading Address Book (in Client)


You will need outlook 2007 or later versions of Microsoft office to download offline address book copy.
1. Open profile in Microsoft office outlook
2. Select the outlook icon from the system tray

EXCHANGE SERVER 2013

66

3. Select Control button in key board right click on the icon, select Test E-mail Auto configuration

4. Type Password , uncheck Use Guessmart and Secure Guessmart Authentication , Select Test

EXCHANGE SERVER 2013

67

5. Close the window, Select File from the menu


6. Select Account Settings, Download address book
7. Uncheck the checkbox, select address book and OK

8. Wait until the download completes

EXCHANGE SERVER 2013

68

Address Book Policies


Address book policies (ABPs) allow you to segment users into specific groups to provide customized views of
your organizations global address list (GAL). When creating an ABP, you assign a GAL, an offline address book (OAB),
a room list, and one or more address lists to the policy. You can then assign the ABP to mailbox users, providing
them with access to a customized GAL in Outlook and Outlook Web App. The goal is to provide a simpler mechanism
to accomplish GAL segmentation for on-premises organizations that require multiple GALs.
ABPs contain the following lists:

One GAL
One OAB
One room list (for booking purposes)
One or more address lists

In the following figure, Address Book Policy A consists of a subset of the various address objects that exist in the
organization (shown in the bottom half of the figure). The resulting scope of an ABP is equal to that of the GAL
contained in the policy, in this case GAL1. When the ABP is created and assigned to a user, the address objects in the
ABP become the scope of the objects the user is able to view.

Like Offline address book Exchange 2013 address book policies does not has graphical tool for managing polices. So
you need exchange management shell.

Creating address book policy


PowerShell
Get-AddressBookPolicy

EXCHANGE SERVER 2013

69

New-AddressBookPolicy -Name <name> -AddressLists <addresslist> -GlobalAddressList <GAL> OfflineAddressBook <OAB> -RoomList <roomlist>

Example

EXCHANGE
ORGANIZATION

Department IT

User1

User2

Department SALES

User3

User4

1. Creating global address list for IT department


New-GlobalAddressList "IT Users" -ConditionalDepartment "IT" -IncludedRecipients "AllRecipients"
2. Creating global address list for SALES department
New-GlobalAddressList "SALES Users" -ConditionalDepartment "SALES" -IncludedRecipients
"AllRecipients"
3. Creating address list for IT Users
New-AddressList -Name "IT-users-list" -IncludedRecipients "AllRecipients" -ConditionalDepartment "IT"
Update-AddressList -Identity "IT-users-list"
4. Creating address list for Sales Users
New-AddressList -Name "Sales-users-list" -IncludedRecipients "AllRecipients" -ConditionalDepartment
"Sales"
Update-AddressList -Identity "Sales-users-list"
5. Creating offline address book for IT department
New-OfflineAddressBook -Name "IT-OAB" -AddressLists "\IT-users-list"
Update-OfflineAddressBook -Identity "IT-OAB"
6. Creating offline address book for sales department
New-OfflineAddressBook -Name "SALES-OAB" -AddressLists "\sales-users-list"
Update-OfflineAddressBook -Identity "SALES-OAB"

EXCHANGE SERVER 2013

70

7. Creating address book policy for IT department


New-AddressBookPolicy -Name "IT-ABP" -GlobalAddressList "\IT Users" -AddressLists "\IT-Users-list"
-OfflineAddressBook "\IT-OAB" -RoomList "\All Rooms"
8. Creating address book policy for SALES department
New-AddressBookPolicy -Name "SALES-ABP" -GlobalAddressList "\SALES Users" -AddressLists "\SALES
-Users-list" -OfflineAddressBook "\SALES-OAB" -RoomList "\All Rooms"
9. Setting Mailbox department attribute
Set-ADUser -Identity User1 -Department IT
Set-ADUser -Identity User2 -Department IT
Set-ADUser -Identity User3 -Department SALES
Set-ADUser -Identity User4 -Department SALES
10. Setting address book policy on mailbox
Set-Mailbox -Identity User1 -AddressBookPolicy "IT-ABP"
Set-Mailbox -Identity User2 -AddressBookPolicy "IT-ABP"
Set-Mailbox -Identity User3 -AddressBookPolicy "SALES-ABP"
Set-Mailbox -Identity User4 -AddressBookPolicy "SALES-ABP"
Removing Address book policy
Remove-AddressBookPolicy -Identity <policyname>
Remove-AddressBookPolicy -Identity "IT-ABP"

EXCHANGE SERVER 2013

71

Linked Mailbox
Linked mailboxes are mailboxes that are accessed by users in a separate, trusted forest. Linked mailboxes
may be necessary for organizations that deploy Exchange in a resource forest. The resource forest scenario allows an
organization to centralize Exchange in a single forest, while allowing access to the Exchange organization with user
accounts that are located in one or more trusted forests (called account forests). The user account that accesses the
linked mailbox doesn't exist in the forest where Exchange is deployed. Therefore, a disabled user account that exists
in the same forest as Exchange is created and associated with the corresponding linked mailbox.
The following figure illustrates the relationship between the linked user account used to access the linked mailbox
(located in the account forest) and the disabled user account in the Exchange resource forest thats associated with
the linked mailbox.

Creating Linked Mailbox


Graphical
1. Create a trust relationship between account forest (Forest A) and exchange forest (Forest B).
2. Open ECP, recipients, mailboxes
3. Select Add Button(New), Linked Mailbox
4. Select the trusted forest or domain(Forest A)
5. Select Linked domain controller
6. Select Linked master account(User01)
7. Type User name, Logon name(User01)
8. Select Finish

EXCHANGE SERVER 2013

72

PowerShell
New-Mailbox -LinkedDomainController <linkedDC> -LinkedMasterAccount <linkedaccount> -Name <name> Alias <alias>
New-Mailbox -LinkedDomainController DC.ForestA -LinkedMasterAccount User01@ForestA -Name Usr1
-Alias User01
Removing Linked Mailbox
PowerShell
Remove-Mailbox -Identity <mailbox>
Remove-Mailbox -Identity User01

EXCHANGE SERVER 2013

73

Database Availability Group


A Database Availability Group (DAG) is a set of up to 16 Microsoft Exchange Server 2013 Mailbox servers that
provides automatic, database-level recovery from a database, server, or network failure. DAGs use continuous
replication and subset of Windows failover clustering technologies to provide high availability and site resilience.
Mailbox servers in a DAG monitor each other for failures. When a mailbox server is added to a DAG, it works with the
other servers in the DAG to provide automatic, database-level recovery from database failures.
When you create a DAG, its initially empty. When you add the first server to a DAG, a failover cluster is
automatically created for the DAG. In addition, the infrastructure that monitors the servers for network or server
failures is initiated. The failover cluster heartbeat mechanism and cluster database are then used to track and
manage information about the DAG that can change quickly, such as database mount status, replication status, and
last mounted location.
The following figure shows an example of Database Availability Group consisting of three mailbox servers.

The server EXMB1 hosts the active copy of database DB1, and the other DAG members EXMB2 and EXMB3 host
passive copies of the database. The DAG members work together to maintain the availability of the mailbox
database. If the server that hosts the active database copy experiences a problem, for example a hardware failure,
one of the remaining DAG members is able(under the right conditions) to make its copy of the database active so
clients are still able to connect to their mailbox data.
In the following figure shows the automatic recovery of database DB1 when EXMB1 failed.

EXCHANGE SERVER 2013

74

DAG using a non-exchange server called File Share Witness Server for failover clusters Node and File Share
Majority quorum mode acts as a tie-breaker.

In the above example a four member DAG is using and additional server as the File Share Witness. The DAG is able to
maintain quorum with up to two server failures, but quorum is lost when three servers are down.

EXCHANGE SERVER 2013

75

Creating a two node Database Availability Group

Preparing Network for Database Availability Group


Graphical
For deploying DAG in the exchange organization DAG members should have two network adapters, One
network adapter is for external connectivity and client accessibility and the second one is only for replication
purpose, which is not connected for external communication.
1. Open Network and Sharing Center (ncpa.cpl from start->Run).
2. Right click on Replication network adapter, select Properties.
3. Uncheck the first two checkboxes named Clients for Microsoft Networks and File and Printer Sharing
for Microsoft Networks.

EXCHANGE SERVER 2013

76

4. Select IPV4 , Properties


5. Give IP Address and Subnet Mask (e.g.: 10.0.0.1 and 255.0.0.0) .Do not give default gateway or DNS
server address
6. Select Advanced, DNS
7. Uncheck Register this connections addresses in DNS checkbox

8. Select OK Save the changes


Repeat the same steps on Exchange2 mailbox server
Preparing witness server for Database Availability Group
1. Log on to witness server with administrative credential
2. Open Computer Management from Server Manager (or compmgmt.msc)
3. Select Local Users and Groups
4. Select Groups
5. Double click on Administrators
6. Select Add, Advanced and Find Now
7. Browse for Exchange Trusted Subsystem, OK
8. Select OK to save the changes

EXCHANGE SERVER 2013

77

Creating Database Availability Group


Graphical
1. Open ECP, servers, database availability groups
2. Select Add button (New)
3. Enter Database availability group name (e.g.: DAG-testlab)
4. Type the FQDN or IP Address of witness server (e.g.: witness.testlab.com)
5. Enter the witness directory in witness server (e.g.: C:\witness-dir)
6. Enter Cluster IP Address (e.g.: 200.100.100.65)
7. Select Add Button

8. Select Save
PowerShell
New-DatabaseAvailabilityGroup -Name <DAG name> -WitnessServer <FQDN of witness server> DatabaseAvailabilityGroupIpAddresses <IPaddreess> -WitnessDirectory <path>

EXCHANGE SERVER 2013

78

New-DatabaseAvailabilityGroup -Name DAG-testlab -WitnessServer Witness.testlab.com -DatabaseAva


ilabilityGroupIpAddresses 200.100.100.65 -WitnessDirectory C:\Witness-dir

Managing Database availability membership


Graphical
1. Open ECP, Servers
2. Select Database Availability Group, Manage DAG membership
3. Select Add Button (+) to add DAG members

4. Select Save
PowerShell
Add-DatabaseAvailabilityGroupServer -Identity <DAG name> -MailboxServer <mailboxserverFQDN>
Add-DatabaseAvailabilityGroupServer -Identity DAG-testlab -MailboxServer Exchange1
Add-DatabaseAvailabilityGroupServer -Identity DAG-testlab -MailboxServer Exchange2

EXCHANGE SERVER 2013

79

Wait until the cluster form between mailbox servers, if any error occurred during operation as below,
perform the pre-stage operation of cluster named object (CNO) in active directory as follows.

Pre-stage CNO in active directory


1. Log on to the domain controller
2. Open Active Directory Users and Computers
3. Select View from menu, Advanced Features
4. Select Computers Container
5. Locate DAG cluster named object (eg: DAG-TESTLAB)
6. Double click on object, Select Security
7. Select Exchange Trusted Subsystem from the group or user names
8. Select Full Control permission for the same group
9. Select Apply, OK to save changes
10. Right click on object, Select Disable Account

Adding Database copy between Database availability group members


Graphical
1. Open ECP, Servers, databases
2. Select Mailbox database
3. Select More button, Add database copy
4. Specify target Mailbox Server, Select Browse
5. Select Mailbox Server , OK
6. Select Save

EXCHANGE SERVER 2013

80

PowerShell
Add-MailboxDatabaseCopy -Identity <database> -MailboxServer <target> -ActivationPreference <no>
Add-MailboxDatabaseCopy -Identity 'Mailbox Database 0177365238' -MailboxServer exchange2 ActivationPreference 2

Configuring Database Availability Group Networks


1. Open ECP, servers, database availability group
2. Double click on DAG name( e.g.: DAG-testlab)
3. Select Configure database availability group networks manually checkbox

4. Select Save
5. Select DAG name (e.g.: DAG-testlab)
6. Select View details from the DAG network
7. Use Enable Replication checkbox to enable or disable replication traffic through the network.

PowerShell
Set-DatabaseAvailabilityGroup -Identity <dag name> -ManualDagNetworkConfiguration $true
EXCHANGE SERVER 2013

81

Set-DatabaseAvailabilityGroup -Identity DAG-testlab -ManualDagNetworkConfiguration $true

It is recommended that one network should be dedicated for replication purpose only, especially the
internal replication network.

Configuring Automatic database mount dial


Automatic database mount dial specifies the behavior after a database failover. There are three methods in
database mount dial process called BestAvailability, GoodAvailability, and Lossless
PowerShell
Set-MailboxServer Identity <FQDN> -AutoDatabaseMountDial <Bestavailability | Goodavailability | lossless>
Set-MailboxServer -Identity Exchange1 -AutoDatabaseMountDial Bestavailability
Set-MailboxServer -Identity Exchange2 -AutoDatabaseMountDial Bestavailability

Configuring Database copy automatic activation policy


Database copy automatic activation policy specifies the database activation in the mounted mailbox server
after failover
PowerShell
Set-MailboxServer -Identity <FQDN> -DatabaseCopyAutoActivationPolicy <blocked | intrasiteOnly|
unrestricted>
Set-MailboxServer -Identity Exchange1 -DatabaseCopyAutoActivationPolicy unrestricted
Set-MailboxServer -Identity Exchange2 -DatabaseCopyAutoActivationPolicy unrestricted

Switching active mailbox database


Switching mailbox database is an administrative driven procedure before performing hardware/software
maintenance on currently active mailbox server.
Graphical
1. Open ECP, servers, databases
2. Select the mailbox database, select Activate from the right side of the browser

EXCHANGE SERVER 2013

82

3. Select Yes to move mailbox database, wait until the operation completes
4. Select Close button
PowerShell
Move-ActiveMailboxDatabase -Identity <databasename> -ActivateOnServer <targetmailboxserver> SkipClientExperienceChecks
Move-ActiveMailboxDatabase -Identity 'Mailbox Database 0177365238' -ActivateOnServer exchange1
SkipClientExperienceChecks

To display mailbox databases


Get-MailboxDatabase

To display mailbox database copy status


Get-MailboxDatabaseCopyStatus
Configuring Server switchover
Server switchover moves complete active mailbox databases from one node to another before maintenance
Graphical
1. Open ECP, servers, servers
2. Select the source mailbox server
EXCHANGE SERVER 2013

83

3. Select Server Switchover from the right side of the browser

4. Specify a target server to switchover ,browse (e.g.: exchange2)


5. Select Save wit until all mailbox databases move to the target server
6. Select Close
PowerShell
Move-ActiveMailboxDatabase -Server <source> -ActivateOnServer <destination> SkipClientExperienceChecks -SkipMaximumActiveDatabasesChecks
Move-ActiveMailboxDatabase -Server Exchange2 -ActivateOnServer Exchange1 SkipClientExperienceChecks SkipMaximumActiveDatabasesChecks

Removing Database Availability Group


Before demoting Database Availability Group there are number of operations to do

Remove all the Mailbox database copies

Remove all DAG members

EXCHANGE SERVER 2013

84

Graphical
1. Open ECP, servers, databases
2. Select Mailbox database and select Remove from the right side of the browser for removing mailbox
database copies

Repeat the same step to remove all mailbox database copies inside the DAG
3. Select DAG, then Manage DAG membership
4. Select Remove Button(-) to remove DAG members

EXCHANGE SERVER 2013

85

5. Select Save, wait until the operation completes


6. Select Close
7. Finally select the DAG and click Delete Button

PowerShell
Remove-MailboxDatabaseCopy -Identity <databaseid>
Remove-MailboxDatabaseCopy -Identity 'Mailbox Database 0177365238\exchange2'

Remove-DatabaseAvailabilityGroupServer -Identity <DAG name> -MailboxServer <FQDN>


Remove-DatabaseAvailabilityGroupServer -Identity DAG-testlab -MailboxServer exchange1
Remove-DatabaseAvailabilityGroupServer -Identity DAG-testlab -MailboxServer exchange2

Remove-DatabaseAvailabilityGroup -Identity <DAG name>


Remove-DatabaseAvailabilityGroup -Identity DAG-testlab
EXCHANGE SERVER 2013

86

Backup and Restore Exchange Server 2013


Exchange Server mailbox databases and user mailboxes can be protected by using different backup utilities. In this
scenario we are using Microsoft System Center Data Protection Manager 2012 R2. It is also known simply Data
Protection Manager or DPM.
DPM Pre-requisites

Microsoft .NET Framework 3.5 with Service Pack 1(SP1)


Already installed in Windows Server 2008 R2, can be installed from Server Manager, Add roles and features in
Windows Server 2012 R2.

Windows PowerShell 2.0


Already installed in Windows Server 2008 R2, 2012 R2 otherwise installed from Server Manager, Add roles and
features

Microsoft Virtual C++ 2008 Redistributable


Automatically install before with DPM installation

Windows Single Instance Store (SIS)


Automatically install before with DPM installation. In Windows Server 2012 R2 it can be installed using the
following command
Dism /online /enable-feature:SIS-Limited

Installing DPM

Install System Center Data Protection Manager on a separate member server dedicated as a backup server

Open DPM console after the installation

Configuring DPM Storage


Storage options for the data protection manager (DPM) include the following:

Tape-All data and workloads protected by DPM can be backed up to tape for long term storage.

Disk- All data and workloads protected by DPM can be backed up to disk for short term storage. Disks can be
unallocated internal storage network disk like iSCSI storage.

Windows Azure cloud using Windows Azure Backup-Files, SQL Server and Hyper-V workloads can be backed up
to Windows Azure.

Graphical
1. Open DPM console
2. Select Disks from the left side of the console

EXCHANGE SERVER 2013

87

3. Select Add from ribbon menu or from Action

EXCHANGE SERVER 2013

88

4. Select disk and Add , Select OK

5. Pooled disks can be view from the DPM console.

EXCHANGE SERVER 2013

89

PowerShell
$var=Get-DPMDisk -DPMServerName <FQDN DPM server>
Add-DPMDisk -DPMDisk $disk
$disk=Get-DPMDisk -DPMServerName DPM-Serv
Add-DPMDisk -DPMDisk $disk
Installing DPM agent
DPM agent software is needs to be installed on the source server (like Exchange Server) to protect the data
Graphical
1. Open DPM console
2. Select Agents from the left side of the console

EXCHANGE SERVER 2013

90

3. Select Install from the ribbon menu or from Action

4. Select Install agents, Next

EXCHANGE SERVER 2013

91

5. Select exchange server from the list, Add then Next

6. Enter credentials , Next

EXCHANGE SERVER 2013

92

7. Choose Restart Method, Next

8. Select Install

EXCHANGE SERVER 2013

93

Creating Protection Group


1. Open DPM console
2. Select Protection from the left side of the console

3. Select New from the ribbon menu

4. Skip the welcome window


EXCHANGE SERVER 2013

94

5. Select Servers, Next

6. Expand the Exchange server and select Mailbox database, Select Next

EXCHANGE SERVER 2013

95

7. Type Protection Group Name(e.g.: Exchange-Protection),Select Next twice

8. Type Retention Range and Synchronization frequency, Select Next

EXCHANGE SERVER 2013

96

9. Review the disk allocation select Next

10. Choose a replication method(e.g.: Now)

EXCHANGE SERVER 2013

97

11. Select Next twice and select Create Group

12. Select Close and wait until the replica creation completes

Recovering Exchange Files


DPM regularly capture the changes from the exchange server (every 15 minutes). Mailbox databases or user
mailboxes can be restored from the backup if any data loss occurred at the exchange server. In this scenario we
are using a user mailbox.
Graphical
1. Create a recovery database in mailbox server for recovery purpose as follows. Normal database cannot be
used for this operation.
New-MailboxDatabase -Name <databasename> -Server <FQDN> Recovery
Mount-Database -Identity <databasename>
Set-MailboxDatabase -Identity <databasename> -AllowFileRestore $true
New-MailboxDatabase -Name RDB -Server exch-2013-1 -Recovery
Mount-Database -Identity RDB
Set-MailboxDatabase -Identity RDB -AllowFileRestore $true
2. Open DPM console
3. Select Recovery from the left side of the console

EXCHANGE SERVER 2013

98

4. Expand Recoverable Data, find the deleted mailbox from the exchange database

5. Right click on the deleted mailbox and select Recover


EXCHANGE SERVER 2013

99

6. Read review and select Next

7. Select Recovery Type (e.g.: Recover Mailbox to an Exchange server database) , Next

EXCHANGE SERVER 2013

100

8. Specify Destination Server and Recovery Database, Next

9. Select Recover, close

EXCHANGE SERVER 2013

101

10. Wait until the recovery completes, monitor the task from the DPM console, Monitoring

11. After the recovery open PowerShell in the exchange server. Run the following command to verify recovery
database.
Get-MailboxStatistics -Database <recoverydatabasename>
Get-MailboxStatistics -Database RDB
12. Create a new user mailbox to recover the deleted items.
13. Run the following command to restore deleted mailbox from recovery database to new mailbox
New-MailboxRestoreRequest -SourceDatabase <recoverydatabse> -SourceStoreMailbox <deletedmailbox>
-TargetMailbox <newmailbox> AllowLegacyDNMismatch
New-MailboxRestoreRequest -SourceDatabase RDB -SourceStoreMailbox User100 -TargetMailbox
User100 AllowLegacyDNMismatch
To display restore process status
Get-MailboxRestoreRequest
14. After the recovery process open the mailbox to verify the recovered data.

EXCHANGE SERVER 2013

102

Edge Transport Server


Edge Transport servers minimize the attack surface by handling all Internet-facing mail flow, which provides SMTP
(Simple Mail Transfer Protocol) relay and smart host services for your Exchange organization. Agents running on the
Edge Transport server provide additional layers of message protection and security. These agents provide protection
against viruses and spam and apply transport rules to control mail flow. Because the Edge Transport server is
installed in the perimeter network, it's never a member of your organization's internal Active Directory forest and
doesn't have access to Active Directory information. However, the Edge Transport server requires data that resides
in Active Directoryfor example, connector information for mail flow and recipient information for anti-spam
recipient lookup tasks. This data is synchronized to the Edge Transport server by the Microsoft Exchange EdgeSync
service (EdgeSync). EdgeSync is a collection of processes run on an Exchange 2013 Mailbox server to establish oneway replication of recipient and configuration information from Active Directory to the Active Directory Lightweight
Directory Services (AD LDS) instance on the Edge Transport server.
EdgeSync copies only the information that's required for the Edge Transport server to perform anti-spam
configuration tasks and to enable end-to-end mail flow. EdgeSync performs scheduled updates so the information in
AD LDS remains current.

Installing edge transport server 2013

Install Active directory lightweight directory service


Graphical
1. Log on to the edge transport server with administrative privilege
2. Open Server Manager
3. Select Add roles and features
4. Select Active Directory Lightweight Directory Service from roles, Next
5. Select Install
PowerShell
Install-WindowsFeature -Name ADLDS,RSAT-ADLDS

Install edge transport role.


Command Prompt
Setup.exe /mode:install /roles:et /iacceptexchangeserverlicenseterms
Graphical
1. Double click on setup.exe from installation media
2. Select Dont check for updates right now, Next

EXCHANGE SERVER 2013

103

3. Wait until file copying completes

EXCHANGE SERVER 2013

104

4. Select Next from the introduction.

5. Accept the license agreement, Next

EXCHANGE SERVER 2013

105

6. Select Dont use recommended settings, Next

7. Select Server Roles( Edge Transport Role), Next

EXCHANGE SERVER 2013

106

8. Select Installation Location, Next

9. Wait until Readiness Check completes

EXCHANGE SERVER 2013

107

10. Select Install

Configuring Edge subscription


Edge subscriptions are used to populate the Active Directory Lightweight Directory Services (ADLDS) instance of
the Edge Transport server with Active Directory date. Edge subscription is created in Edge Transport Server and
export to the Mailbox Server. No Graphical interface is available for edge subscription process.
1. Logon to Edge Transport Server
2. Open Exchange PowerShell and type the following Command
New-EdgeSubscription FileName path\filename.xml
New-EdgeSubscription FileName C:\Edge.xml
3. Logon to mailbox server
4. Open Exchange PowerShell and type the following command
New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path " path\filename.xml" -encoding Byte ReadCount 0)) -Site 'ADSiteName
Start-EdgeSynchronization -Server 'MailboxFQDN' -TargetServer 'EdgeTransportFQDN' ForceFullSync

EXCHANGE SERVER 2013

108

New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path "C:\edge.xml" -encoding Byte -ReadCount


0)) -Site 'Default-First-Site-Name'
Start-EdgeSynchronization -Server 'Exchange1' -TargetServer 'Edge' ForceFullSync
5. After exporting subscription you can view the Edge transport server in Exchange ECP
6. Open ECP, Servers, Servers

7. Check the synchronization status


Test-EdgeSynchronization

Configure Send/Receive Connector

Creating Send Connector


1. Open ECP, mail flow, send connectors
2. Select Add Button(New)
3. Type a Connector Name (e.g.: connector1)
4. Select a Connector type (e.g.: Internet (For example, to send internet mail)), Next
5. Select a Network Settings (e.g.: Route mail through smart hosts)

EXCHANGE SERVER 2013

109

6. Select Add Button


7. Type remote smart host IP Address or FQDN (e.g: 192.168.1.90), Select Save
8. Select Next
9. Select smart host authentication(e.g.: None), Select Next
10. Specify the address space or spaces to which this connector will route mail.(e.g.: lab.com), Select Next
11. Select Source Server (Edge Transport Server)

12. Select Finish

Creating Receive Connector


1. Open ECP, mail flow, receive connectors
2. Select Add Button(New)
3. Type a Connector Name (e.g.: connector1)

EXCHANGE SERVER 2013

110

4. Select Role (e.g.: Hub Transport or Frontend Transport)


5. Select a Connector Type (e.g.: Internet (For example, to receive internet mail))
6. Select Next
7. Specify the IP addresses and port of the network adapter to bind to the receive connector(Edge Transport
Server) , Select Add Button
8. Select Specify an Ipv4 or Ipv6 address (e.g.: 192.168.1.81), Select Save
9. Select Finish

EXCHANGE SERVER 2013

111

Configuring Edge Transport rules


Edge Transport Server works based on the following filter agents
1. Connection Filtering agent
2. Sender Filter agent
3. Recipient Filter agent
4. Sender ID agent
5. Content Filter agent
6. Protocol Analysis agent for sender reputation
7. Attachment Filter agent

Creating IP Allow List

Add-IPAllowListEntry -IPAddress <Ipaddress> | -IPRange <IPrange>


Add-IPBlockListEntry -IPAddress <Ipaddress> | -IPRange <IPrange>

EXCHANGE SERVER 2013

112

To display allow IP Entry


Get-IPAllowListEntry
To display block IP Entry
Get-IPBlockListEntry
Creating Sender Filtering
Set-SenderFilterConfig -BlockedSenders <emailaddress> -BlockedDomains <FQDN> -Action <StampStatus
| Reject> -Enabled $true
To display Sender filter Entry
Get-SenderFilterConfig
Creating Recipient Filtering
Set-RecipientFilterConfig -BlockedRecipients <emailaddress> -Enabled $true
To display Recipient filter Entry
Get-RecipientFilterConfig
Creating Content Filtering
Add-ContentFilterPhrase -Phrase <phrase> -Influence <GoodWord | Badword>
Set-ContentFilterConfig -RejectionResponse <response> -Enabled $true
To display Content filter Entry
Get-ContentFilterConfig
Creating Attachment Filtering
Enable attachment filtering
Enable-TransportAgent -Identity "Attachment Filtering Agent
Restart Transport service
Restart-Service -Name MSExchangeTransport

Add an attachment filter rule


Add-AttachmentFilterEntry -Name <name> -Type <contentType | FileName>

Add Attachment filter action


Set-AttachmentfilterListConfig -Action <Reject | Strip | SilentDelete> -AdminMessage <message>

EXCHANGE SERVER 2013

113

Display all attachment filter entries


Get-AttachmentFilterEntry
Display Attachment filter entry
Get-AttachmentFilterListConfig

EXCHANGE SERVER 2013