Automating Multi-Tenancy in Exchange Server 2010 SP2 (Part 4)

If you would like to read the other parts in this article series please go to:

Documenting the process and planning the automation

In the second and third articles of this series we performed all steps required to create a new tenant using Exchange Management Console. During the execution of each step I recorded all the cmdlets that we used which are detailed below. We are creating a domain called and the short-name (the one used in the Address List) is AP.

Import-Module ActiveDirectory

New-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $False -ErrorVariable ADError

Set-ADForest apatricio.local -UPNSuffixes @{Add=””} -ErrorVariable ADError

New-AcceptedDomain -Name “” -DomainName “”

New-EmailAddressPolicy -Name ‘’ -RecipientContainer ‘apatricio.local/’ -EnabledPrimarySMTPAddressTemplate ‘’ -IncludedRecipients ‘AllRecipients’

New-AddressList -Name “AP – All Users” -RecipientFilter {(RecipientType -eq ‘UserMailbox’)} -RecipientContainer “apatricio.local/”

New-AddressList -Name “AP – All Groups” -RecipientFilter {((RecipientType -eq “MailUniversalDistributionGroup”) -or (RecipientType -eq “DynamicDistributionGroup”))}  -RecipientContainer “apatricio.local/”

New-AddressList -Name “AP – All Contacts” -RecipientFilter {((RecipientType -eq “MailContact”) -or (RecipientType -eq “MailUser”))} -RecipientContainer “apatricio.local/”

New-AddressList -Name “AP – All Rooms” -RecipientFilter {(Alias -ne $null) -and (RecipientDisplayType -eq ‘ConferenceRoomMailbox’) -or (RecipientDisplayType -eq ‘SyncedConferenceRoomMailbox’)}  -RecipientContainer “apatricio.local/”

New-GlobalAddressList -Name “AP – Global Address List” -RecipientFilter {(Alias -ne $null)} -RecipientContainer apatricio.local/

New-OfflineAddressBook -Name “AP – Offline Address Book” -AddressLists “AP – Global Address List” -GlobalWebDistributionEnabled $True

New-AddressBookPolicy -Name ‘’ -GlobalAddressList “\AP – Global Address List” -OfflineAddressBook “\AP – Offline Address Book” -RoomList “\AP – All Rooms” -AddressLists “\AP – All Contacts”,”\AP – All Groups”,”\AP – All Users”

Based on the cmdlets above we can adapt and create a script with just a few changes (Figure 01), where we can inform the domain as first parameter and the short-name as second parameter and everything will be created automatically.

Figure 01

You may be asking… Isn’t that enough? Well, it is a good start but in order to run such cmdlets the user needs access to run on a console and we want to automate the process for a non-IT user.

Deploying the System Center Orchestrator

In this section we are going to do a quick summary of the System Center Orchestrator installation process. Before installing Orchestrator we have a couple of pre-requisites to configure, as follows:

  • .NET Framework 4.0 – We can download it from here
  • A service account for the Orchestrator service in Active Directory (for this article we are going to use svc.sco)
  • Create a Group Account for the Orchestrator Users, let’s name it SCO-AdminUsers
  • Install the Active Directory Remote Tools on the Orchestrator server

The last pre-requisite is the SQL Server which can be installed on the Orchestrator server itself. We can use an existent one or install a new one. If you decide to install a new one, just follow the default settings during the product installation (Yes, SQL has tons of pages to install the product). These are the key settings that you must configure. Make sure that you select Database Engine Services, Management Tools – Basic and Management Tools – Complete select as shown in Figure 02.

Figure 02

Also, make sure to add your user as administrator during the SQL installation to have access to the SQL settings afterwards.

That’s all for prerequisites! The remaining task is to install Orchestrator in our spare server, we can download a trial version from the System Center web site (here) and the following steps can be used to deploy the product.

  1. On the initial page, click Install (Figure 03).

Figure 03

  1. On the Product Registration page, fill out your company information and Product Key if you have it already, and then click Next. Note: If you don’t add a product key the product will be in trial mode for 180 days.
  2. On the Please read this License Terms Page, if you are okay with the terms, click I accept the license terms and then Next.
  3. On the Select features to install page, select all roles for this server that we are installing (Figure 04). Click Next.

Figure 04

  1. In the Setup will install these missing software prerequisites section refers to any missing feature such as IIS. Then, we will be prompted as shown in Figure 05. Click Next.

Figure 05

  1. The All prerequisites are installed page, is displayed when all required features are installed. Just click Next.
  2. On the Configure the service account page, fill out the service account name that we created in the beginning of this section and click Test to make sure that the account is okay (Figure 06). Click Next.

Figure 06

  1. On the Configure the database server page, type in the server name or the current server and then click Test Database Connection. If it displays Database connection succeeded then just click Next.
  2. On the Configure the database page, leave default settings which are New Database and Orchestrator and click Next.
  3. On the Configure Orchestrator user group page, click browse and select the group that we created in the beginning of this section and then click Next. Also, make sure that the option Grant remote access to the Runbook Designer is selected.
  4. On the Configure the ports for the web services page, leave default settings (Port 81 and 82) and click Next.
  5. In the following pages: Select the installation location, Microsoft Update, and Help improve Microsoft System Center Orchestrator just leave default settings and click Next.
  6. On the Installation Summary page, click Install.
  7. On the Setup completed successfully page, a summary of the installation will be displayed (Figure 07). Click Close.

Figure 07

Now that we have Orchestrator installed in our environment, we are ready to move to the next phase that is the automation for our new tenants.

Orchestrator has two main interfaces: Runbook designer (Figure 08) where we are going to work to create the automation and start/stop Runbooks; there is also the Orchestration Console which is a web interface where the end-user can execute Runbooks.

Figure 08

Permissions required

One of the benefits of automation is to allow a regular user to do some tasks without granting the user elevated permissions.

If you are going to create Active Directory objects the correct permission for that is required, the same for Exchange. To keep things easier in this article series our account svc.sco will be part of Domain Admins and Organization Management groups.


In this fourth article of our series we listed all the cmdlets required to build our future automation and we created a script to test the process. In the last section we installed Orchestrator in our environment.

If you would like to read the other parts in this article series please go to:

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top