I've also created this guide as an eBook, which you can buy here
Resource Forest Creation
Pre-Reqs
Two
Active Directory Forests:
One AD forest contains the user accounts – called the Accounts Forest.
One AD forest will contain Exchange – called the Resource (or Exchange) Forest.
**Note** The forests do not have to be the same Functional Level, but if you're trying to create a trust with 2003 and 2012 R2, you will have issues. My recommendation is bump the 2003 to at least 2008 R2.
To create a trust between 2003 and 2012, you must have DNS Conditional Forwarders set in each Forest.
Configure your DNS for name resolution across forests – when you’re finished, ping each forest from the other forest to ensure connectivity.
Configure DNS
In the Accounts Forest:
Log on to the Accounts Forest Domain Controller
Open the DNS Management Console
Right-click on
Click on the Forwarders tab
Click
on New button and in the new box, insert the name of the Exchange Forest, and
then click OK
In the Exchange
Forest:
Log on to the Resource Forest Domain Controller
Open the DNS Management Console
Right-click on
Click on the Forwarders tab
For each Accounts Forest follow these steps:
Click on the “New…” button, and add the Accounts Forest domain name
Click
on the recently created new zone in DNS Domain box, and add the IP address of
the respective DNS Server in the field bellow and click “Add”
Create the
One-Way trust
From a DC in the new Exchange Forest, create a one-way outgoing forest trust to your Accounts Forest.
1.
Open
Active Directory Domains and Trusts.
2.
In
the console tree, right-click the Accounts domain that you want to
establish a trust with, and then click Properties.3. On the Trusts tab, click New Trust, and then click Next.
4. On the Trust Name page, type the DNS name of the domain, and then click Next.
5. On the Trust Type page, click Forest trust, and then click Next.
6. On the Direction of Trust page, click One-way: outgoing, and then click Next.
7. On the Sides of Trust page, click Both this domain and the specified domain, and then click Next.
8. On the User Name and Password page, type the user name and password for the domain admin in the specified domain.
9. On the Outgoing Trust Authentication Level--Local Forest page, Click Forest-wide authentication, and then click Next:
10. On the Trust Selections Complete page, review the results, and then click Next.
11. On the Trust Creation Complete page, review the results, and then click Next.
12. On the Confirm Outgoing Trust page, click Yes, to confirm the outgoing trust, and then supply the appropriate admin credentials from the specified domain.
13. On the Completing the New Trust page, click Finish.
**Note** You can create an external trust (if your forests are on different
functional levels) but when creating Linked Mailboxes later, you will need to
supply admin creds for the Accounts Forest.
In
the Exchange Forest, install your first Exchange 2016 server (by following
along further down) which will create your new Exchange organization.
Installing Exchange 2016
Install
Exchange 2016 Pre-Reqs
On
each server that is to be an Exchange server, run the following in an elevated Windows PowerShell:
Install-WindowsFeature
AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features,
RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface,
RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console,
WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth,
Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors,
Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext,
Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console,
Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server,
Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI,
Windows-Identity-Foundation
Install the supported version of .net Framework according the Exchange Supportability Matrix here:
https://docs.microsoft.com/en-us/exchange/plan-and-deploy/supportability-matrix?view=exchserver-2019
Install
MS Unified Communications API 4.0 Core Runtime from the following link:
Install Visual C++ 2012 and 2013 (technically only 2013 is needed, but I've some server balk at not having 2012):
ADPrep
A
few hours in advance of your Exchange Server setup, prepare AD and extend the Schema,
from the Exchange 2016 CU install file:
Download the latest Exchange 2016 CU, and extract to C:\Temp\CU on each server
**Note** You can install Exchange directly from the CU setup.
**Note** I always run ADPrep a few hours before the setup to allow for replication depending on your organization size – sometimes it’s fast, but other times there might be errors/slowness to deal with.
Run the following commands in order:
cd C:\Temp\CU
dcdiag
– make sure it’s clean; no errors
repadmin /showreps
– make sure it’s clean; no errors
setup.exe /prepareschema /IAcceptExchangeServerLicenseTerms
setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms
setup.exe /PrepareDomain:resourcedomain.com /IAcceptExchangeServerLicenseTerms
dcdiag
– make sure it’s clean; no errors
repadmin /showreps
– make sure it’s clean; errors
Exchange Server
Install
Uninstall
any A/V client if currently installed.
Run
Windows Updates; don’t install .Net 4.6.1, in fact, hide that update so
it doesn’t show up again.
**Note** MS has released an update for
.Net 4.6.1/Exchange compatibility, but I’ve found it still causes problems.
Create
your database storage partitions, with drive letters E: (which will be for Databases) and F: (which will be for Archives) on each server.
Name
them Volume1 and Volume2 respectively.
**Note** You can assign whatever drives
you wish, and I always run Archive Databases on slow disks, so I separate them
as volumes on the servers. If you don’t plan on Archiving, disregard the
F:\Archives volume.
Mount
the Exchange 2016 CU .ISO.
Right-click
setup.exe and Run-as admin
1.
Install
Mailbox role
2.
Leave
malware scanning enabled3. Wait a looooong time
4. Click OK to close Installer
5. Reboot the machine to complete Exchange setup
6. After the reboot, check that all Exchange Services are running
7. Install license key, by running below cmdlet:
Set-ExchangeServer -Identity "server name" -ProductKey XXXX-XXXX-XXXX-XXXX
8. Restart Microsoft Exchange Information Store for the key to take effect.
Next, follow Part 2 here
No comments:
Post a Comment