Prepare Active Directory
Follow steps to check Active Directory and make sure they are meet the requirements in Exchange 2016 system requirements.
Download Get-ADinfo.ps1 PowerShell script from follow link and save to c:\post-install:
Login exchange 2016 server, the account needs to be a member of the Schema Admins and Enterprise Admins security groups.
- Open PowerShell as administrator and run Get-ADinfo.ps1
4. Review all of information and mare sure they are meet the requirements in Exchange 2016 system requirements.
You also can use cmdlet as follow to check the Active Directory and Domain Controller information.
Get-ADDomainController | Select Name,OperatingSystem
5. Download Cumulative Update 7 for Exchange Server 2016 (KB4018115) from link
6. Open a Windows Command Prompt as administrator and go to Exchange Server 2016 Cumulative Update 7 installation file folder.
7. Run the following command to extend the schema.
Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
8. Run the following command to Prepare Active Directory.
Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms
9. Run the following command to Prepare Active Directory domains
Setup.exe /PrepareAllDomains /IacceptExchangeServerLicenseTerms
10. You can review settings via ADSI EDIT tool and make sure everything is correct.
Deploy Exchange Server 2016 Mailbox Role Server
- Login exchange 2016 server
- Open Windows command prompt as administrator
- Run follow command to install Exchange Server 2016 Mailbox Role
Setup.exe /mode:Install /r:MB /IAcceptExchangeServerLicenseTerms
Please make sure you are using the correct .Net Framework with exchange 2016 version. It will happen error message as follow when they are not match.
4. Restart exchange 2016 server after deployment finish.
We can re-use existing SSL certificate for new Exchange 2016 server.
- Logon to Exchange 2010 Server.
- Go to Exchange Management Console, expand Microsoft Exchange On-Premises.
- In the Console
tree, click Server Configuration.
- Select exchange CAS/HUB server and click certificate which use for exiting exchange services.
- On the Action pane select Export Exchange Certificate….
6. On the Export Exchange Certificate page, click Browse...
7. On the Save As page, select path and type file name and then click Save.
8. On Export Exchange Certificate page, type password and then click Export.
9. On the Completion page, click Finish.
10. Copy certificate file from exchange 2010 server to exchange 2016 server.
11. Login to Exchange 2016 server.
12. Open Exchange Administrative Center, select Continue to this website.
13. On the Exchange Admin Center page, type user name and password and then click sign in.
14. On the Exchange admin center page, click servers.
15. Select certificates and then click and then select Import Exchange Certificate.
16. On the import Exchange certificate page, type certificate file name from a UNC path and password and then click Next.
17. On the Specify the servers where you want to install the certificate page, click +.
18. Select server form list, click add and then click OK.
19. On the Specify the servers where you want to install the certificate page, click Finish.
Run follow cmdlet to use the Exchange Management Shell to import a certificate on an Exchange server.
Import-ExchangeCertificate -FileName \\localhost\c$\post-install\certificate\gdmexternal.pfx -Password (ConvertTo-SecureString -String 'P@ssw0rd' -AsPlainText -Force) -PrivateKeyExportable $true -Server GDMEX02
You need to write down the Thumbprint if you would like to assign exchange service for this certificate via cmdlet.
20. On the certificates page, select new add certificate and the click .
21. Select services, click SMTP, IIS (specify the exchange services that you want to assign this certificate) and then click Save.
22. On the Warning page, click Yes.
Run follow cmdlet to use the Exchange Management Shell to assign Exchange services to a certificate on an Exchange server.
Enable-ExchangeCertificate -Thumbprint E6195C7F197AAD4C3E087C976EB9B0BC744D21C5 -Services SMTP,IIS -Server GDMEX02
Run follow cmdlet to verify that you have successfully assigned a certificate to one or more Exchange services.
Get-ExchangeCertificate | Format-List FriendlyName,Subject,CertificateDomains,Thumbprint,Services
To be continue……
Hope you enjoy this post.