Wednesday, July 27, 2016

Exchange 2016 Installing Exchange In A Resource Forest: Part 1

My latest project involves setting up Exchange 2016 CU2 in a Resource Forest (also called an Exchange Forest). Since the only guides I could find were way back from the Exchange 2007 days, I thought I'd create a guide that would walk Exchange admins through an install that's applicable to Exchange 2013 and 2016.

I've also created this guide as an eBook, which you can buy here

Resource Forest Creation


Two Active Directory Forests:

One AD forest contains the user accounts – called the Accounts Forest.
One AD forest will contain Exchange – called the Resource (or Exchange) Forest.

**Note** The forests do not have to be the same Functional Level, but if you're trying to create a trust with 2003 and 2012 R2, you will have issues. My recommendation is bump the 2003 to at least 2008 R2.

To create a trust between 2003 and 2012, you must have DNS Conditional Forwarders set in each Forest.

Configure your DNS for name resolution across forests – when you’re finished, ping each forest from the other forest to ensure connectivity.

Configure DNS

In the Accounts Forest:

Log on to the Accounts Forest Domain Controller

Open the DNS Management Console

Right-click on and click Properties

Click on the Forwarders tab

Click on New button and in the new box, insert the name of the Exchange Forest, and then click OK

In the Exchange Forest:

Log on to the Resource Forest Domain Controller

Open the DNS Management Console

Right-click on and click Properties

Click on the Forwarders tab

For each Accounts Forest follow these steps:

Click on the “New…” button, and add the Accounts Forest domain name

Click on the recently created new zone in DNS Domain box, and add the IP address of the respective DNS Server in the field bellow and click “Add”

Create the One-Way trust

From a DC in the new Exchange Forest, create a one-way outgoing forest trust to your Accounts Forest.

1.      Open Active Directory Domains and Trusts.
       2.      In the console tree, right-click the Accounts domain that you want to establish a trust   with, and then click Properties.
       3.      On the Trusts tab, click New Trust, and then click Next.
       4.      On the Trust Name page, type the DNS name of the domain, and then click Next.
       5.      On the Trust Type page, click Forest trust, and then click Next.
       6.      On the Direction of Trust page, click One-way: outgoing, and then click Next.
       7.      On the Sides of Trust page, click Both this domain and the specified domain, and then click Next.
       8.      On the User Name and Password page, type the user name and password for the domain admin in the specified domain.
       9.      On the Outgoing Trust Authentication Level--Local Forest page, Click Forest-wide authentication, and then click Next:
      10.  On the Trust Selections Complete page, review the results, and then click Next.
      11.  On the Trust Creation Complete page, review the results, and then click Next.
      12.  On the Confirm Outgoing Trust page, click Yes, to confirm the outgoing trust, and then supply the appropriate admin credentials from the specified domain.
      13.  On the Completing the New Trust page, click Finish.

**Note** You can create an external trust (if your forests are on different functional levels) but when creating Linked Mailboxes later, you will need to supply admin creds for the Accounts Forest.

In the Exchange Forest, install your first Exchange 2016 server (by following along further down) which will create your new Exchange organization.

Installing Exchange 2016

Install Exchange 2016 Pre-Reqs

On each server that is to be an Exchange server, run the following in an elevated Windows PowerShell:

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

Install the supported version of .net Framework according the Exchange Supportability Matrix here:

Install MS Unified Communications API 4.0 Core Runtime from the following link:

Install Visual C++ 2012 and 2013 (technically only 2013 is needed, but I've some server balk at not having 2012):


A few hours in advance of your Exchange Server setup, prepare AD and extend the Schema, from the Exchange 2016 CU install file:

Download the latest Exchange 2016 CU, and extract to C:\Temp\CU on each server

**Note** You can install Exchange directly from the CU setup.

**Note** I always run ADPrep a few hours before the setup to allow for replication depending on your organization size – sometimes it’s fast, but other times there might be errors/slowness to deal with.

Run the following commands in order:

cd C:\Temp\CU


make sure it’s clean; no errors

 repadmin /showreps

– make sure it’s clean; no errors

setup.exe /prepareschema /IAcceptExchangeServerLicenseTerms

setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms

setup.exe /PrepareDomain:resourcedomain.com /IAcceptExchangeServerLicenseTerms


make sure it’s clean; no errors

repadmin /showreps

make sure it’s clean; errors

Exchange Server Install

Uninstall any A/V client if currently installed.

Run Windows Updates; don’t install .Net 4.6.1, in fact, hide that update so it doesn’t show up again.

**Note** MS has released an update for .Net 4.6.1/Exchange compatibility, but I’ve found it still causes problems.

Create your database storage partitions, with drive letters E: (which will be for Databases) and F: (which will be for Archives) on each server.

Name them Volume1 and Volume2 respectively.

**Note** You can assign whatever drives you wish, and I always run Archive Databases on slow disks, so I separate them as volumes on the servers. If you don’t plan on Archiving, disregard the F:\Archives volume.

Mount the Exchange 2016 CU .ISO.

Right-click setup.exe and Run-as admin

1.      Install Mailbox role
          2.      Leave malware scanning enabled
          3.      Wait a looooong time
          4.      Click OK to close Installer
          5.      Reboot the machine to complete Exchange setup
          6.      After the reboot, check that all Exchange Services are running
          7.      Install license key, by running below cmdlet:
                    Set-ExchangeServer -Identity "server name" -ProductKey XXXX-XXXX-XXXX-XXXX
          8.      Restart Microsoft Exchange Information Store for the key to take effect.

Next, follow Part 2 here

No comments:

Post a Comment