Module 1 – Preparing to Install Exchange

–Exchange 2016 – CU23–

Exchange 2019 – CU13

–Exchange 2016 prerequisites – Windows Server 2016 (For PowerShell command)–

Exchange 2019 prerequisites – Windows Server 2022 (For PowerShell command)

–Unified Communications Managed API 4.0 Runtime–

–Microsoft .NET Framework 4.8–

Visual C++ Redistributable Package for Visual Studio 2012

 Visual C++ Redistributable Packages for Visual Studio 2013

IIS URL Rewrite Module

Module 3 – Configure SSL Certificates for Exchange 2013

PowerShell Commands

Get-OutlookAnywhere | Select Server,ExternalHostname,Internalhostname

Get-OutlookAnywhere | Set-OutlookAnywhere -ExternalHostname AdatumQAxxxx.QAExHybrid.com -InternalHostname AdatumQAxxxx.QAExHybrid.com -ExternalClientsRequireSsl $true -InternalClientsRequireSsl $true -DefaultAuthenticationMethod NTLM

Get-MAPIVirtualDirectory | Set-MAPIVirtualDirectory -ExternalUrl https://AdatumQAxxxx.QAExHybrid.com/mapi -InternalUrl https://AdatumQAxxxx.QAExHybrid.com/mapi

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -ExternalUrl https://AdatumQAxxxx.QAExHybrid.com/owa -InternalUrl https://AdatumQAxxxx.QAExHybrid.com/owa

Get-EcpVirtualDirectory | Set-EcpVirtualDirectory -ExternalUrl https://AdatumQAxxxx.QAExHybrid.com/ecp -InternalUrl https://AdatumQAxxxx.QAExHybrid.com/ecp

Get-ActiveSyncVirtualDirectory | Set-ActiveSyncVirtualDirectory -ExternalUrl https://AdatumQAxxxx.QAExHybrid.com/Microsoft-Server-ActiveSync -InternalUrl https://AdatumQAxxxx.QAExHybrid.com/Microsoft-Server-ActiveSync

Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -ExternalUrl https://AdatumQAxxxx.QAExHybrid.com/EWS/Exchange.asmx -InternalUrl https://AdatumQAxxxx.QAExHybrid.com/EWS/Exchange.asmx -Force

Get-OabVirtualDirectory | Set-OabVirtualDirectory -ExternalUrl https://AdatumQAxxxx.QAExHybrid.com/OAB -InternalUrl https://AdatumQAxxxx.QAExHybrid.com/OAB

Get-ClientAccessService | Set-ClientAccessService -AutoDiscoverServiceInternalUri https://AdatumQAxxxx.QAExHybrid.com/Autodiscover/Autodiscover.xml

Set-OutlookProvider EXPR -CertPrincipalName:*.QAExHybrid.com

Get-ClientAccessService | Select Name,AutoDiscoverServiceInternalURI

Import SSL certificate

Import-ExchangeCertificate -FileData ([System.IO.File]::ReadAllBytes('\\QAExHybridEx\Cert\QADEXHE.pfx')) -Password (ConvertTo-SecureString -String 'Pa$w0rd' -AsPlainText -Force) -PrivateKeyExportable $true

Module 5 – Creating Mailboxes etc

Import-Module ActiveDirectory

$Sid = Read-Host -Prompt 'Enter your student ID (AdatumQAxxxx)'
 
if ($Sid -notlike 'AdatumQA????') {Throw 'Invalid student ID'}

Get-ADForest | Set-ADForest -UPNSuffixes @{Add="$Sid.QAExHybrid.com"}


$OUs = 'Executive','Finance','Marketing','Operations','IT','Sales','Research'

$OUs | foreach {New-ADOrganizationalUnit $_}

$UsersCSV = `
 'FirstName,LastName,OrganizationalUnit' ,
 'Kim,Abercrombie,Executive',
 'Josh,Barnhill,Executive',
 'David,Campbell,Executive',
 'Brenda,Diaz,Finance',
 'Micheal,Emanuel,Finance',
 'Charles,Fitzgerald,Finance',
 'Jon,Ganio,Marketing',
 'Don,Hall,Marketing',
 'Lisa,Jacobson,Marketing',
 'John,Kelly,Marketing',
 'Jolie,Lenehan,Finance',
 'Sandra,Martinez,IT',
 'Lorraine,Nay,IT',
 'Harrold,Ortiz,IT',
 'Jeff,Price,IT',
 'Randy,Reeves,Sales',
 'Megan,Sherman,Sales',
 'Danielle,Tiedt,Sales',
 'Garrett,Vargas,Research',
 'Bryan,Walton,Research',
 'Tom,Young,Research'

 $Users = $UsersCSV | ConvertFrom-Csv
 $sp= 'Pa55w.rd'| ConvertTo-SecureString -AsPlainText -Force


new-aduser -GivenName Adam -Surname Able -UserPrincipalName "Adam@adam@$sid.qaexhybrid.com" -Name 'Adam Able' -AccountPassword $sp

new-aduser -GivenName Fred -Surname Flintstone -UserPrincipalName "FredF@$sid.qaexhybrid.local" -Name 'Fred Flintstone' -AccountPassword $sp

 $testcmd = Get-Command New-Mailbox -ErrorAction SilentlyContinue
if (! $testcmd)
 {
 Write-Verbose 'No Session Exists, connecting to Server'
 $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://QAEXHybridEX/powershell -Authentication Kerberos
 Import-PSSession $session
 }

New-AcceptedDomain -Name "$Sid.QAExHybrid.com" -DomainName "$Sid.QAExHybrid.com" -DomainType 'Authoritative'

Get-EmailAddressPolicy | Set-EmailAddressPolicy -EnabledEmailAddressTemplates @("SMTP:%m@$sid.QAExHybrid.com") 

Get-EmailAddressPolicy | Update-EmailAddressPolicy

 foreach ($i in $users)
{
 $upn=$i.FirstName + '@' + $Sid + '.QAExHybrid.com'
 $name = $i.FirstName + ' ' + $i.LastName
 New-Mailbox -Password $sp -DisplayName $name -UserPri $upn -Alias $i.FirstName -Name $name -OrganizationalUnit $i.OrganizationalUnit -LastName $i.LastName -FirstName $i.FirstName
}

New-SendConnector -Name 'Internet Send Connector' -Usage 'Internet' -DNSRoutingEnabled:$true -AddressSpaces @('SMTP:*;1') -IsScopedConnector:$false -SourceTransportServers @('QAEXHYBRIDEX')

New-Mailbox -Name PFMailbox1 -PublicFolder -OrganizationalUnit IT

'Executive','Finance','IT','Marketing','Operations','Research','Sales' | % {New-PublicFolder -Name $_} 

Get-PublicFolder -Recurse | where name -NotLike IPM_SUBTREE | Enable-MailPublicFolder

New-RetentionPolicy -Name 'QA Retention Policy' -RetentionPolicyTagLinks @('1 Month Delete','1 Year Delete','5 Year Delete','Default 2 year move to archive','Never Delete','Recoverable Items 14 days move to archive')

Microsoft Connectivity Analyzer Tool

Module 8 – Configuring Directory Synchronization

AD Connect

IdFix DirSync Error Remediation Tool

Module 10 – Configuring the Hybrid Configuration Wizard for a Hybrid Exchange Environment

$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
Set-MailContact ITStaff -RequireSenderAuthenticationEnabled $true

Module 14 – Configuring On-Premises Public Folder Access in Exchange Online

Mail-enabled Public Folders – directory sync script

PowerShell Commands

## These command are run in the Exchange Management Shell
Set-Location C:\Scripts

$Creds = Get-Credential

.\Sync-MailPublicFolders.ps1 -Credential $Creds –CsvSummaryFile C:\Scripts\sync_summary.csv

## These commands need to be run in a new PowerShell window.
$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session

Get-MailPublicFolder

Set-OrganizationConfig -PublicFoldersEnabled Remote -RemotePublicFolderMailboxes PFMailbox1

Appendix A – Testing and Troubleshooting OAuth

Enable TLS 1.2

Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
New-AuthServer -Name "WindowsAzureACS" -AuthMetadataUrl https://accounts.accesscontrol.windows.net/AdatumQAxxxx.QAExHybrid.com/metadata/json/1
Get-PartnerApplication | where-object {$_.ApplicationIdentifier -eq "00000002-0000-0ff1-ce00-000000000000" -and $_.Realm -eq ""} | Set-
PartnerApplication -Enabled $true

ExportAuthCert.ps1

$thumbprint = (Get-AuthConfig).CurrentCertificateThumbprint

if((test-path $env:SYSTEMDRIVE\OAuthConfig) -eq $false)
{
md $env:SYSTEMDRIVE\OAuthConfig
}
cd $env:SYSTEMDRIVE\OAuthConfig

$oAuthCert = (dir Cert:\LocalMachine\My) | where {$_.Thumbprint -match $thumbprint}
$certType = [System.Security.Cryptography.X509Certificates.X509ContentType]::Cert
$certBytes = $oAuthCert.Export($certType)
$CertFile = "$env:SYSTEMDRIVE\OAuthConfig\OAuthCert.cer"
[System.IO.File]::WriteAllBytes($CertFile, $certBytes)

UploadAuthCert.ps1

$CertFile = "$env:SYSTEMDRIVE\OAuthConfig\OAuthCert.cer"

$objFSO = New-Object -ComObject Scripting.FileSystemObject;
$CertFile = $objFSO.GetAbsolutePathName($CertFile);

$cer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate
$cer.Import($CertFile);
$binCert = $cer.GetRawCertData();
$credValue = [System.Convert]::ToBase64String($binCert);

$ServiceName = "00000002-0000-0ff1-ce00-000000000000";

$p = Get-MsolServicePrincipal -ServicePrincipalName $ServiceName
New-MsolServicePrincipalCredential -AppPrincipalId $p.AppPrincipalId -Type asymmetric -Usage Verify -Value $credValue
$sp.ServicePrincipalnames.Add("https://mail.adatumqaxxxx.qaexhybrid.com/")

$sp.ServicePrincipalnames.Add("https://autodiscover.adatumqaxxxx.qaexhybrid.com/")

$sp.ServicePrincipalnames.Add("https://adatumqaxxxx.qaexhybrid.com/")

Set-MSOLServicePrincipal -AppPrincipalId 00000002-0000-0ff1-ce00-000000000000 -ServicePrincipalNames $sp.ServicePrincipalNames
Test-OAuthConnectivity -Service EWS -TargetUri https://outlook.office365.com/ews/exchange.asmx -Mailbox Sandra -Verbose
Test-OAuthConnectivity -Service EWS -TargetUri https://AdatumQAxxxx.QaExHybrid.com/metadata/json/1 -Mailbox Anne -Verbose
Copyright © 2024 Bret-Tech — Escapade WordPress theme by GoDaddy