Mail Exchange

As I mentioned in my previous post I am to learn about the Exchange environment at some point in this “semester”. Finally that day has come.

Our first assignment was to build a simple Active Directory as Exchange is unable to function without an AD, the topology is shown below


Due to limitations in hardware on my school we had to build the topology on two VM hosts. This result in a slight change of the physical topology:


VM host 1 is connected to the schools LAN and VM host 2 is not directly connected to anything but VM host 1 through a crossover twisted pair ethernet cable.

Each  of the VMs are assigned to the virtual switches as shown above and each virtual switch is connected to the physical NIC.

The “Router” is a Windows server 2016 installed VM configured with the Remote Access role and Router service. The Remote Access role is configured as a LAN router, this allows the subnets on either sides of the “Router” to communicate which each other.

After entering the IP addresses to the VMs the next assignment was to configure the “Domain Controller” to actually be that: a Domain Controller. For that we need a domain name:

My teacher is a quirky fellow. He is quite fond of the Star Wars universe so all the students have received a planet in the Star Wars universe as a domain name, and get this: the top level domain is SW… I know! He’s killing me too. I got Coruscant.sw

After promoting the “Domain Controller” it was just a matter of joining the “client” and “Mail 1” to the domain. “Router” and “Mail 2” are left out for the time being.


Unlike many other software or role installation on a windows computer, the installation of exchange isn’t a matter of clicking next, next, finish or install. There are a few things that needs to be considered first.

  • On Windows Server 2016 only Exchange 2016 CU3 or later can be installed
  • What mail server role needs to be installed.
    • Mail box server role.
    • Edge transport server role.
  • Only one single Exchange environment pr domain forrest.
  • The Schema of the AD must be prepared, there a new objects, like mailboxes that needs to be defined.
  • The Domain must be prepared.

On each of the server that will have either of the Exchange server roles installed, will need to run a few scripts to ensure that the prerequisites (well at least some) are met.

I’m not about to embark in a click guide here, but this is too hilarious to be left out:

On the DVD (Or ISO depending on your media) setup.exe is located but before activating activating this we need to open a command prompt in that location and add a few switches to setup.exe:

Setup.exe /PrepareSchema

And where comes the fun part? well even though the above switch is the correct one it will not work, it needs yet another switch:

setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

It seems like that Microsoft is not completely deprived of humor after all.

There are considerations about the hardware on the servers too

  • A 64 bit processor, but only one Intel or AMD processors are supported.
  • At least 8GB of RAM (more doesn’t hurt).
  • At least 1,2GB of free harddisk space for Exchange server files.
  • 200MB free system drive space.
  • Additional space for mailbox storage. (This can rapidly become quite substantial depending on how many emails the system needs to store)
  • NTFS file system on all harddisk drives.

When all this as been verified an cleared, then it is time, time to….. run windows update.

This  – as we know – can take a while, but this is also the final step before actually installing Microsoft Exchange 2016.

The mailboxes

Plural? really? Why yes. There are 6 mailbox types, but that is not all there are four other mailbox objects. Together they  are called recipients:

User Mailbox.

This is the mailbox as we know it, it is bound to a user in the exchange environment. It contains calendar items, contacts, tasks and documents.

Resource Mailbox.

Is assigned to a resource it can be anything: a car, a bike, a computer, etc. Resource mailboxes are a very efficient way to manage resources that can be accessed or used by a group or any employee in the organization.

Shared Mailbox

Opposed the User Mailbox the shared mailbox is not assigned to an individual user, but is assigned to a group, this could be a helpdesk team for instance.

Linked Mailbox

Is linked to a user in a separate – trusted – forrest.

Remote Mailbox

A mail enabled user residing on premise, but the mailbox itself resides in a cloudbased solution.

Site Mailbox

A site mailbox a mix of an Exchange mailbox where emails are stored and a sharepoint site where documents are stored. The user are able to access both documents and messages from a common client interface.

Mail Contacts

Is a mail-enabled AD contact which contains information about objects, such as people or organizations, that re not a part of the local Exchange Organization. Every Mail contact has an external mail address, the messages to the Mail Contact will be routed to the aforementioned external email address.

Mail Users

A mail-enabled AD user that represents a user outside the Exchange organization. Each mail user has an external email address. All messages sent to the mail user are routed to this external email address. Sounds familiar? Mail Users a very similar to Mail Contacts, but with the difference that Mail Users have AD credentials and can login to AD resources.

Distribution Groups

Is a distribution group is a mail-enabled Active Directory distribution group object that can be used only to distribute messages to a group of recipients.

Continuing the endeavor.

After having installed Exchange one would think it would work, well certainly it doesn’t. We still need to configure both DNS and the send connector, without the send connector (as the name implies) we will not be able to send any mail, exchange will simply not know where to send it.

And naturally the spamming of each others mailboxes began.

When accessing the OWA you will  at this point be greeted with this:


In the lab environment this isn’t a problem you just click continue and you’re in. But it is just annoying and should you implement Exchange to your company, the users would call to your help desk immediately. So of course we have to install a ADCS on one of our servers in the domain.

After creating the root certificate (the mother of all subsequent certificates. In the real world this certificate would be handled with utmost care, stored in a safe, guarded by dogs, surrounded with barbed wire… you get the idea), creating a certificate for the mail server, assigning IIS service to your new certificate, and installing the certificate you will be welcomed by this:


Now we are getting somewhere.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s