Automating Multi-Tenancy in Exchange Server 2010 SP2 (Part 2)

by [Published on 24 Sept. 2013 / Last Updated on 21 Nov. 2013]

In the second article of this series the author goes over the manual process to configure a new customer in the Exchange organization created in part 1.

If you would like to read the other parts in this article series please go to:

Introduction

In the first article we went over some basic components to build the environment to host multiple tenants. We decided to use Exchange Server 2010 Service Pack 2 built-in features. We also went over high availability, a few hints to improve user experience and other things.

Orchestrator is such a nice tool; however you can’t automate tasks if you don’t have a process in place and that’s why this article becomes key for our automation process. In this article we will practice how to add a new customer to our solution. Based on our exercise we will document the process, create a checklist and then automate using Orchestrator.

Let’s use a scenario for this article series where we are opening a new hosting company to support small businesses and we are going to call our company Andy365.ca :) We just got our first customer and we have several tasks to complete before allowing the user to access our services. In order to make our job a little bit easier we are going to follow the diagram shown in Figure 01 where we have the key settings that need to be added/configured in our Active Directory/Exchange Organization environment during the process.

Image
Figure 01

Active Directory changes…

Based on the previous article we are going to create a new organization unit in our Active Directory for each new customer using their domain name.

In order to complete such task, let’s open Active Directory Users and Computers, right-click on the domain and then New and Organization Unit. In the new window, let’s uncheck the option Protect container from accidental deletion just for the sake of simplicity. Let’s type in the Domain name for the name field and then click OK (Figure 02)

Image
Figure 02

After creating the new Organization Unit our next step is to create a new UPN (User Principal Name). Let’s open Active Directory Domains and Trusts, then right-click on the first item on the left which is Active Directory Domains and Trusts and click Properties. In the new window we will add our new UPN for our customer, as shown in Figure 03.

Image
Figure 03

Managing the new Domain

We have two tasks to complete at Organization Level in the Hub Transport area which is a new domain and a new recipient policy for our new customer.

In order to create a new domain, let’s open Exchange Management Console, then expand Organization Configuration, click on Hub Transport and then Accepted Domains tab. Click on New Accepted Domain link on the Toolbox Actions. On the new page, type in the domain name on both fields and then click New (Figure 04) and Finish.

Image
Figure 04

Now that we have the domain accepting new messages in our organization we need to create an E-mail address policy to stamp the customer SMTP address on its future mail-enabled objects, such as: mailboxes, groups, contacts, resource mailboxes and etc. We will restrict this new policy based on the Organization Unit that we created in the previous section.

In order to create this e-mail address policy the following steps can be used:

  1. Logged on Exchange Management Console
  2. Expand Organization Configuration
  3. Click on Hub Transport
  4. Click on E-mail Address Policy tab
  5. Click on New E-mail Address Policy in the Toolbox Actions
  6. On the Introduction page, in the Name field use the domain name, and click on Browse and select the Organization Unit with the same domain name (Figure 05). Click Next.

Image
Figure 05

  1. On the Conditions page, leave default settings and click Next.
  2. On the E-mail Addresses page, click on Add and on the new window select the option Select the accepted domain for the e-mail address and click on Browse and select the domain that we have just created (Figure 06) and click OK.

Image
Figure 06

  1. Back to the E-mail addresses page. We will see just the e-mail of our new customer which is perfect since it has only its own domain name. Click Next. (Figure 07)

Image
Figure 07

  1. On the Schedule page, leave default settings and click Next.
  2. On the New E-mail Address Policy page, a summary of what we have defined so far will be listed, hit New.
  3. On the Completion page, we should see two completed tasks and no errors, click on Finish.

Managing Address Lists for the new domain…

Time to create the Address Lists to support our new customer: Basically from the Address List perspective we need to create a couple of lists to support the Address Book Policy. In our environment we will be creating the following lists for each new customer:

  • All Users
  • All Groups
  • All Contacts
  • All Rooms

Besides of the Address Lists listed above we also need to create a Global Address List and an Offline Address List as well however, we are going to tackle those two in our next section.

Before creating our first Address List object you may have noticed that we are pretty consistent in our naming convention where the domain name is the object name. This kind of consistency makes administration of the environment down the road a piece of cake, however, we don’t want to add the entire domain for each Address List and for this kind of object let’s use the short name for each customer. Usually it’s going to be their name or in some cases can be an acronym of the company. For MSExchange.org we will be naming all address lists as MSExchange - <Something>.

Let’s create the first one to make sure that we are on the same page and the for remaining ones it's just a matter of changing a few attributes that we will be summarizing in a table at the end of this first run.

  1. Logged on Exchange Management Console
  2. Expand Organization Configuration
  3. Click on Mailbox
  4. Click on Address Lists tab
  5. Click on New Address List.. item located in the Toolbox Actions
  6. On the Introduction page, type in the customer name added of <space><dash><space> and All Users, as shown below in figure 08.

Image
Figure 08

  1. On the Filter Settings page, select the Organization Unit related to the customer (MSExchange.org in this case) and since the Address List was named All Users then we are going to select only users with Exchange mailboxes. Click Next. (Figure 09)

Image
Figure 09

  1. On the Conditions page, leave default settings and click Next.
  2. On the Schedule page, leave default settings and click Next.
  3. On the New Address List page, click New.
  4. On the Completion page, click Finish.

As you notice the process is not rocket science and now we need to repeat the same process above for all other objects. In the following table we show the names, and the recipient type required to be selected on each one of the Address Lists that we are going to create.

Address List Name

Recipient Types

<Company> -   All Users

Users with Exchange   Mailboxes

<Company> -   All Groups

Mail-enabled groups

<Company> -   All Contacts

Contacts with   external e-mail addresses

<Company> -   All Rooms

Resource mailboxes

Table 1

After creating all those Address Lists, the result should be similar to the Figure 10.

Image
Figure 10

Conclusion

In this second article we went through the manual process to configure Active Directory (Organization Unit and UPN) and Exchange (Address Lists, Accepted Domains and Recipient Policies) for a new customer. In our next article we will be finishing up the requirements, getting the cmdlet information required and testing on the client side how all that works.

If you would like to read the other parts in this article series please go to:

Featured Links