Prepare Active Directory

Follow steps to check Active Directory and make sure they are meet the requirements in Exchange 2016 system requirements.

  1. Download Get-ADinfo.ps1 PowerShell script from follow link and save to c:\post-install:

    https://github.com/cunninghamp/Powershell-Exchange/tree/master/ADInfo

  2. Login exchange 2016 server, the account needs to be a member of the Schema Admins and Enterprise Admins security groups.

  3. Open PowerShell as administrator and run Get-ADinfo.ps1

4. Review all of information and mare sure they are meet the requirements in Exchange 2016 system requirements.

Note
You also can use cmdlet as follow to check the Active Directory and Domain Controller information.

Get-ADForest

 


Get-ADDomainController | Select Name,OperatingSystem

 

5. Download Cumulative Update 7 for Exchange Server 2016 (KB4018115) from link

https://www.microsoft.com/en-us/download/details.aspx?id=55953

6. Open a Windows Command Prompt as administrator and go to Exchange Server 2016 Cumulative Update 7 installation file folder.

7. Run the following command to extend the schema.

Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

8. Run the following command to Prepare Active Directory.

Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms

9. Run the following command to Prepare Active Directory domains

Setup.exe /PrepareAllDomains /IacceptExchangeServerLicenseTerms

10. You can review settings via ADSI EDIT tool and make sure everything is correct.


Deploy Exchange Server 2016 Mailbox Role Server

  1. Login exchange 2016 server
  2. Open Windows command prompt as administrator
  3. Run follow command to install Exchange Server 2016 Mailbox Role

Setup.exe /mode:Install /r:MB /IAcceptExchangeServerLicenseTerms

Note
Please make sure you are using the correct .Net Framework with exchange 2016 version. It will happen error message as follow when they are not match.


4. Restart exchange 2016 server after deployment finish.

Deployment Certificate

We can re-use existing SSL certificate for new Exchange 2016 server.

  1. Logon to Exchange 2010 Server.
  2. Go to Exchange Management Console, expand Microsoft Exchange On-Premises.
  3. In the Console
    tree, click Server Configuration.
  4. Select exchange CAS/HUB server and click certificate which use for exiting exchange services.
  5. On the Action pane select Export Exchange Certificate….

6. On the Export Exchange Certificate page, click Browse...

 

7. On the Save As page, select path and type file name and then click Save.

 

8. On Export Exchange Certificate page, type password and then click Export.

 

9. On the Completion page, click Finish.

 

10. Copy certificate file from exchange 2010 server to exchange 2016 server.

11. Login to Exchange 2016 server.

12. Open Exchange Administrative Center, select Continue to this website.

 

13. On the Exchange Admin Center page, type user name and password and then click sign in.

 

14. On the Exchange admin center page, click servers.

 

15. Select certificates and then click and then select Import Exchange Certificate.

 

16. On the import Exchange certificate page, type certificate file name from a UNC path and password and then click Next.

 

17. On the Specify the servers where you want to install the certificate page, click +.

 

18. Select server form list, click add and then click OK.

 

19. On the Specify the servers where you want to install the certificate page, click Finish.

 


Note
Run follow cmdlet to use the Exchange Management Shell to import a certificate on an Exchange server.

Import-ExchangeCertificate -FileName \\localhost\c$\post-install\certificate\gdmexternal.pfx -Password (ConvertTo-SecureString -String 'P@ssw0rd' -AsPlainText -Force) -PrivateKeyExportable $true -Server GDMEX02

 


You need to write down the Thumbprint if you would like to assign exchange service for this certificate via cmdlet.

20. On the certificates page, select new add certificate and the click .

21. Select services, click SMTP, IIS (specify the exchange services that you want to assign this certificate) and then click Save.

 

22. On the Warning page, click Yes.

 


Note
Run follow cmdlet to use the Exchange Management Shell to assign Exchange services to a certificate on an Exchange server.

Enable-ExchangeCertificate -Thumbprint E6195C7F197AAD4C3E087C976EB9B0BC744D21C5 -Services SMTP,IIS -Server GDMEX02

 


Run follow cmdlet to verify that you have successfully assigned a certificate to one or more Exchange services.

 

Get-ExchangeCertificate | Format-List FriendlyName,Subject,CertificateDomains,Thumbprint,Services

 



To be continue……

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun


Advertisements