Automating Multi-Tenancy in Exchange Server 2010 SP2 (Part 2)

If you would like to read the other parts in this article series please go to:

Introduction

In the first article we went over some basic components to build the environment to host multiple tenants. We decided to use Exchange Server 2010 Service Pack 2 built-in features. We also went over high availability, a few hints to improve user experience and other things.

Orchestrator is such a nice tool; however you can’t automate tasks if you don’t have a process in place and that’s why this article becomes key for our automation process. In this article we will practice how to add a new customer to our solution. Based on our exercise we will document the process, create a checklist and then automate using Orchestrator.

Let’s use a scenario for this article series where we are opening a new hosting company to support small businesses and we are going to call our company Andy365.ca 🙂 We just got our first customer and we have several tasks to complete before allowing the user to access our services. In order to make our job a little bit easier we are going to follow the diagram shown in Figure 01 where we have the key settings that need to be added/configured in our Active Directory/Exchange Organization environment during the process.


Figure 01

Active Directory changes…

Based on the previous article we are going to create a new organization unit in our Active Directory for each new customer using their domain name.

In order to complete such task, let’s open Active Directory Users and Computers, right-click on the domain and then New and Organization Unit. In the new window, let’s uncheck the option Protect container from accidental deletion just for the sake of simplicity. Let’s type in the Domain name for the name field and then click OK (Figure 02)


Figure 02

After creating the new Organization Unit our next step is to create a new UPN (User Principal Name). Let’s open Active Directory Domains and Trusts, then right-click on the first item on the left which is Active Directory Domains and Trusts and click Properties. In the new window we will add our new UPN for our customer, as shown in Figure 03.


Figure 03

Managing the new Domain

We have two tasks to complete at Organization Level in the Hub Transport area which is a new domain and a new recipient policy for our new customer.

In order to create a new domain, let’s open Exchange Management Console, then expand Organization Configuration, click on Hub Transport and then Accepted Domains tab. Click on New Accepted Domain link on the Toolbox Actions. On the new page, type in the domain name on both fields and then click New (Figure 04) and Finish.


Figure 04

Now that we have the domain accepting new messages in our organization we need to create an E-mail address policy to stamp the customer SMTP address on its future mail-enabled objects, such as: mailboxes, groups, contacts, resource mailboxes and etc. We will restrict this new policy based on the Organization Unit that we created in the previous section.

In order to create this e-mail address policy the following steps can be used:

  1. Logged on Exchange Management Console
  2. Expand Organization Configuration
  3. Click on Hub Transport
  4. Click on E-mail Address Policy tab
  5. Click on New E-mail Address Policy in the Toolbox Actions
  6. On the Introduction page, in the Name field use the domain name, and click on Browse and select the Organization Unit with the same domain name (Figure 05). Click Next.


Figure 05

  1. On the Conditions page, leave default settings and click Next.
  2. On the E-mail Addresses page, click on Add and on the new window select the option Select the accepted domain for the e-mail address and click on Browse and select the domain that we have just created (Figure 06) and click OK.


Figure 06

  1. Back to the E-mail addresses page. We will see just the e-mail of our new customer which is perfect since it has only its own domain name. Click Next. (Figure 07)


Figure 07

  1. On the Schedule page, leave default settings and click Next.
  2. On the New E-mail Address Policy page, a summary of what we have defined so far will be listed, hit New.
  3. On the Completion page, we should see two completed tasks and no errors, click on Finish.

Managing Address Lists for the new domain…

Time to create the Address Lists to support our new customer: Basically from the Address List perspective we need to create a couple of lists to support the Address Book Policy. In our environment we will be creating the following lists for each new customer:

  • All Users
  • All Groups
  • All Contacts
  • All Rooms

Besides of the Address Lists listed above we also need to create a Global Address List and an Offline Address List as well however, we are going to tackle those two in our next section.

Before creating our first Address List object you may have noticed that we are pretty consistent in our naming convention where the domain name is the object name. This kind of consistency makes administration of the environment down the road a piece of cake, however, we don’t want to add the entire domain for each Address List and for this kind of object let’s use the short name for each customer. Usually it’s going to be their name or in some cases can be an acronym of the company. For MSExchange.org we will be naming all address lists as MSExchange - <Something>.

Let’s create the first one to make sure that we are on the same page and the for remaining ones it's just a matter of changing a few attributes that we will be summarizing in a table at the end of this first run.

  1. Logged on Exchange Management Console
  2. Expand Organization Configuration
  3. Click on Mailbox
  4. Click on Address Lists tab
  5. Click on New Address List.. item located in the Toolbox Actions
  6. On the Introduction page, type in the customer name added of <space><dash><space> and All Users, as shown below in figure 08.


Figure 08

  1. On the Filter Settings page, select the Organization Unit related to the customer (MSExchange.org in this case) and since the Address List was named All Users then we are going to select only users with Exchange mailboxes. Click Next. (Figure 09)


Figure 09

  1. On the Conditions page, leave default settings and click Next.
  2. On the Schedule page, leave default settings and click Next.
  3. On the New Address List page, click New.
  4. On the Completion page, click Finish.

As you notice the process is not rocket science and now we need to repeat the same process above for all other objects. In the following table we show the names, and the recipient type required to be selected on each one of the Address Lists that we are going to create.

Address List Name

Recipient Types

<Company> -   All Users

Users with Exchange   Mailboxes

<Company> -   All Groups

Mail-enabled groups

<Company> -   All Contacts

Contacts with   external e-mail addresses

<Company> -   All Rooms

Resource mailboxes

Table 1

After creating all those Address Lists, the result should be similar to the Figure 10.


Figure 10

Conclusion

In this second article we went through the manual process to configure Active Directory (Organization Unit and UPN) and Exchange (Address Lists, Accepted Domains and Recipient Policies) for a new customer. In our next article we will be finishing up the requirements, getting the cmdlet information required and testing on the client side how all that works.

If you would like to read the other parts in this article series please go to:

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides of the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange, CISSP and several other certifications. Anderson contributes to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at Techgenix.com, MSExchange.org, ITPROCentral.com and Anderson Patricio.org (Portuguese).

Share
Published by
Anderson Patricio

Recent Posts

What are the potential disadvantages of SSL/TLS?

There’s wide consensus on the benefits of SSL/TLS. However, not as much attention has been given to SSL/TLS disadvantages.

1 day ago

Exploring native software inventory logging in Windows Server

Windows Server has built-software inventory logging that can be very useful. Here’s how to use this little-known feature.

2 days ago

Passwordless authentication: Safer, better, and about time

Passwordless authentication has quickly become one of the primary means by which users access their laptops, phones, and tablets because…

2 days ago

Automated Incident Response in Office 365 ATP simplifies cybersecurity

Microsoft has pumped up Office 365 Advanced Threat Protection with a new feature, Automated Incident Response. Here’s what you need…

2 days ago

IFA 2019: Smart TVs and even smarter wearables unveiled

What will be in your living room or on your wrist this year? It may very likely be one of…

3 days ago

Consider these SD-WAN technologies for faster, more reliable networking

As virtualization becomes a major part of organizations’ infrastructure, these SD-WAN technologies provide faster and more reliable networking solutions.

3 days ago