-> Unified Messaging: Introduced the integration of voicemail and fax into the email system.

Users
could access voicemail and faxes through their email inbox.

-> Improved Scalability: Enhanced capabilities for larger mailboxes and improved server
performance, supporting up to 16TB of storage.

-> Improved High Availability: Introduced new high availability features such as Continuous
Replication and Local Continuous Replication (LCR) for better data redundancy and availability.

-> Role-Based Access Control (RBAC): Introduced RBAC for more granular control over administrative
roles and permissions within the Exchange environment.

-> Improved Outlook Web Access (OWA): Redesigned OWA with a more user-friendly interface and
added new functionalities for better web-based email access.

-> Transport Rules: Enhanced message compliance and control by implementing transport rules for
managing email flow.

-> Database Availability Groups (DAGs): Introduced DAGs, a high availability and site resilience
feature, providing database-level replication, failover, and automatic recovery.

-> Archiving and Retention: Included built-in archiving and retention policies to better manage
mailbox sizes and compliance requirements.

-> Role-Based Access Control (RBAC) Enhancements: Further refined RBAC to provide more control
and delegation over administrative tasks.

-> Outlook Web App (OWA) Improvements: Continued enhancements to OWA, improving the user
experience and adding features for better web-based email access.

-> Mailbox Database Improvements: Enhanced storage and performance efficiencies in mailbox
databases, providing more reliability and scalability.

-> Personal Archives: Introduced the concept of personal archives, allowing users to have separate
archives from their primary mailboxes.

-> The protocol logs are stored by default in C:\Program Files\Microsoft\Exchange

Server\V15\TransportRoles\Logs\Hub\ProtocolLog\SmtpSend and can be opened and read in a text

editor such as Notepad. The protocol log will show the SMTP conversation between your

server and the external recipient’s server, so any SMTP errors should appear in the log.

How to create Mailbox Database with Exchange Mangement Shell ?

-> Open Exchange Management Shell -> cls -> Get-MailboxDatabase -> new-mailboxdatabase -Server
'Node-1' -Name 'VishuDB3' -EdbfilePath 'C:\Program Files\Microsoft\Exchange
Server\V15\Mailbox\vishuDB3.edb' -LogFolderPath 'C:\Program Files\Microsoft\Exchange
Server\V15\Mailbox\vishuDB -> Get-MailboxDatabase

Basic configuration of Mailbox Database with Exchange Admin Center

-> servers -> databases -> Q.) How to change status of any database : click on that database -> click :
... (you will see on the header ) -> mount -> Yes -> Refresh
1) Key Features and Concepts

The key areas that Microsoft has focussed on with Exchange Server 2016 are:

Better collaboration – with Outlook 2016 and the new “Outlook on the web” (the new name for
OWA) document sharing will be easier, replacing traditional email attachments with links to OneDrive
for Business or SharePoint 2016 (currently in Preview).

Improved Outlook web experience – this is truly a big step forward for Outlook on the web which I
personally use about 50% of the time. The quick action “Archive” button is my favourite, as well as
the pasting of in-line images. Emojis are nice as well I suppose.The experience across different
browsers and devices is optimized and more consistent as well.

Search – faster, more flexible, more intelligent. Search can always be better of course.

Extensibility – the add-in model for Outlook and Outlook on the web is in full swing.

Interestingly the REST APIs have not made it into RTM, but we can likely expect to see those in a
future update.

eDiscovery – an important addition is the ability to search, hold and export public folder content.
Microsoft has moved through the five stages of grief over public folders and is now in the acceptance
stage. Public folders, once considered deprecated, will be around for a long time and need the same
compliance features as mailboxes.

Simplified architecture – combining Client Access and Mailbox services into a single server role
greatly simplifies deployment and management. And the co-existence story for Exchange Server
2016 with Exchange 2013 and 2010 is set to make this one of the lowest friction upgrade paths in
Exchange history.

High availability – many performance and stability improvements that have flowed down to the on-
premises product from Microsoft ongoing experience running Exchange Online.

2) A few of the missing features at RTM are:

Search index from passive – the goal here is to have content indexes for passive database copies
build/update from the passive database copy rather than replicate from the active database copy,
which should reduce DAG replication traffic. No timeline on when this feature will appear.

Auto-expanding archives – the goal here is to have Exchange 2016 automatically provision
additional archives for a user when their archive mailbox reaches 100Gb. This feature is still marked
as “in development” on the Office 365 roadmap, so you should expect to wait at least until it is
rolling out in Office 365 before it will appear in an onpremises CU.

Delayed lag play down – lagged copy play down will be enabled by default, causing lagged copies to
automatically replay their log files and bring the database up to date if the DAG detects a loss of
database redundancy, something that has reportedly avoided some potentially bad outage scenarios
in Office 365. Delayed lag play down will throttle that replay process based on the server workload,
ensuring it does not overload the server.
3) Server Roles Architecture

Exchange Server 2016 has just two server roles:

Mailbox server role – this role will consolidate the Mailbox and Client Access roles from Exchange
Server 2013. Compared to Exchange Server 2010 this role consolidates all of the functions of the
Client Access, Mailbox, Hub Transport, and Unified Messaging server roles. The Mailbox server role in
Exchange Server 2016 is the only mandatory server role, and the consolidation reinforces the
recommended practice since Exchange Server 2010 to deploy Exchange as a multi-role server instead
of deploying individual roles to separate servers.

Edge Transport server role – this role will be much the same as Edge Transport in previous versions
of Exchange, designed to sit in perimeter networks and provide secure inbound and outbound mail
flow for the organization. Edge Transport servers are not mandatory

4) What’s New for Exchange Server 2013 Customers

-> For Exchange Server 2013 customers there are no unpleasant surprises and we can mostly enjoy
the improvements in performance, manageability, and user experience, with no significant changes
to the management tools and interfaces we’re already used to. The server roles architecture is a
change from Exchange Server 2013, which had separate Client Access and Mailbox server roles.
These are now consolidated into a single Mailbox server role for Exchange Server 2016.

5) What’s New for Exchange Server 2010 Customers

-> For Exchange Server 2010 customers there’s a new web-based administrative interface

-> Public folder databases no longer exist, and have been replaced since Exchange Server 2013 with
public folder mailboxes instead.

-> The server roles architecture is a more drastic change for Exchange Server 2010 customers who
were used to the five server roles (Mailbox, Client Access, Hub Transport, Edge Transport, and
Unified Messaging). Now you’ve got just two server roles to consider (Mailbox and Edge Transport),
which is much simpler to deploy and manage.

6) storage is an area of some confusion when it comes to Exchange Server 2016. A lot

has been said about using cheap JBOD storage instead of expensive SAN

7) System Requirements

-> Exchange Server 2016 has stricter requirements than previous versions of Exchange, however
most of them are due to older versions of Windows Server falling out of support. For example,
Windows Server 2003 has reached end of life, so in theory no customers should be running Windows
Server 2003 in their environment any more.

-> Operating Systems

Exchange Server 2016 can be installed on:

Windows Server 2012 Standard or Datacenter

Windows Server 2012 R2 Standard or Datacenter

-> Active Directory

Exchange Server 2016 has the following Active Directory requirements:

Windows Server 2008 or higher domain controllers and global catalog servers

Windows Server 2008 or higher domain and forest functional levels

-> Exchange Organization

Exchange Server 2016 can be installed into an existing Exchange organization if it meets the following
requirements:

No Exchange Server 2007 or earlier versions of Exchange in the organization

Any Exchange Server 2010 servers must be running at least Service Pack 3 with Update Rollup 11

Any Exchange Server 2013 servers must be running at least Cumulative Update 10

-> Network and Firewall

Exchange Server 2016 supports IPv6, but only when IPv4 is also enabled on the server’s network
interfaces. It is not supported to disable IPv6 on your Exchange 2016 servers.

On an IPv6-capable network Exchange Server 2016 can use IPv6 to communicate.

The Windows Firewall on Exchange 2016 servers should be left enabled to help protect the server
from network threats. The Exchange 2016 setup routine will automatically create Windows Firewall
rules required for Exchange to operate. Although the Windows Firewall is recommended, it is not
supported to use firewalls or other network devices to restrict the ports that are accessible between
Exchange servers, or between Exchange servers and domain controllers.

8) RTM - Release to manufacturing

9) Which Edition of Exchange Server 2016 to Deploy?

-> For Exchange Server 2016 there are two editions of the server product itself, and there is only one
difference between them which is the number of mounted databases per server.

Exchange Server 2016 Standard Edition – maximum of 5 mounted databases per server

Exchange Server 2016 Enterprise Edition – maximum of 100 mounted databases per server

10) s definition of a “mounted database” is

“A mounted database can be an active mailbox database that is mounted for use by clients, or a
passive mailbox database that is mounted in recovery for log replication and replay

example a single Mailbox server running Standard Edition has 5 mailbox databases. All 5 databases
will be able to mount, and an additional recovery database can also be created and mounted for any
data restoration scenarios.

The same server running Standard Edition with 6 mailbox databases will not be able to mount all of
the databases at the same time. However, if it is running Enterprise Edition it will be able to mount
all 6 databases, or up to 100 databases.

11) What about a database availability group?

DAGs can have up to 16 members, and each member is limited by the edition of Exchange Server
2016 that is installed. So a Standard Edition DAG member can host up to 5 active or passive database
copies, and an Enterprise Edition DAG member can host up to 100 active or passive database copies.
The DAG itself is only limited by the capabilities of all of its members. A DAG made up of 16 Standard
Edition members, with each database having 4 copies, could therefore host up to 20 databases.

12) Installing Exchange Server 2016 PreRequisites on Windows Server 2012 R2

C:\> Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features,

RPCover-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt,
RSATClustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-
Auth, WebClient-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-
Errors, Web-HttpLogging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter,
Web-Lgcy-MgmtConsole, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45,
Web-Request-Monitor, WebServer, Web-Stat-Compression, Web-Static-Content, Web-Windows-
Auth, Web-WMI, Windows-Identity-Foundation

After the restart download and install (in order):

.NET Framework 4.5.2

Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit

C:\> Install-WindowsFeature RSAT-ADDS

The forest functional level must be at least Windows Server 2008

The account used to run the schema update and Active Directory preparation must be a

member of Enterprise Admins and Schema Admins.

To apply only the schema update run the following command:

C:\Admin\ex2016>setup /PrepareSchema /IAcceptExchangeServerLicenseTerms

PS C:\> "Exchange Schema Version = " + ([ADSI]("LDAP://CN=ms-Exch-Schema-Version-Pt," +

([ADSI]"LDAP://RootDSE").schemaNamingContext)).rangeUpper

Exchange Schema Version = 15317

After installing the Exchange Server 2016 pre-requisites on a server you can install the Exchange
Server 2016 Mailbox server role by running the following command from an elevated command
prompt.

C:\Admin\ex2016>setup /Mode:Install /Role:Mailbox /IAcceptExchangeServerLicenseTerms

After setup has completed restart the server before you continue with configuring Exchange

Server 2016.

13) When you purchase your Exchange Server 2016 server licenses you’ll be provided with a license
key that needs to be entered on the server. The license keys determines which server edition is
installed, there is no different in installation media or installation method for each edition. All servers
are first installed as a Trial Edition, and then you add your license key after installation is complete.
You can upgrade from Trial to Standard, or from Trial to Enterprise. You can also upgrade from
Standard to Enterprise. However, you can’t downgrade from Enterprise to Standard without
completely reinstalling the server. This means it is feasible to initially license your servers as Standard
Edition, and then later upgrade them to Enterprise Edition if your environment scales up (e.g. if there
is a corporate acquisition or merger). The Client Access Licenses (CALs) are considered separately,
and have no impact on the server license you choose to deploy and vice versa. CALs determine which
features a given mailbox user can make use of.

14) How can you identify your Schema Master?

PS C:\> (Get-ADForest).SchemaMaster

15) How to check the current

Exchange schema version before applying the update?

PS C:\> "Exchange Schema Version = " + ([ADSI]("LDAP://CN=ms-Exch-Schema-Version-Pt," +

([ADSI]"LDAP://RootDSE").schemaNamingContext)).rangeUpper

Exchange Schema Version =

16) How to provide a name for the organization?

C:\Admin\ex2016>setup /PrepareAD /OrganizationName:"Exchange Lab"

/IAcceptExchangeServerLicenseTerms

If you’re installing Exchange Server 2016 into an existing Exchange organization you do not

need to specify the organization name, for example:

C:\Admin\ex2016>setup /PrepareAD /IAcceptExchangeServerLicenseTerms

17) What is web-based administrative interface for Exchange Server 2016?

The Exchange Admin Center (EAC)

18) What is Exchange Control Panel?

The /ecp is for “Exchange Control Panel” which is the web-based control panel that allows users to
access options such as their out of office settings using only a web browser. The EAC interface for
administrators is delivered from the same /ecp virtual directory

19) Exchange Management Shell (EMS) : The EMS is PowerShell with an Exchange management
module loaded and a connection established to an Exchange server in your organization
20) What is called the account that you used to install Exchange will be granted?

“Organization Management”

21) Few of the key roles that will be useful for most IT departments:

-> Organization Management – members of this role group can administer the entire Exchange
organization

-> View-Only Organization Management – members of this role group can view but not modify
everything in the organization.

-> Recipient Management – this role group is a good general purpose, day to day administration
account for Help Desk and lower level support staff.

22) How to creat a Mailbox?

-> Recipients Mailboxes -> User mailbox

23) How to creat a User?

Fill out the new user form. In this example I’m creating a mailbox for a New user, which will create
the Active Directory user object as well. As such, I need to fill out details such as the name,
organizational unit, and password. If you already have an Active Directory user then choose Existing
user instead. Click Save when you’re finished.

-> Access the New User’s Mailbox

24) Which are the two most common problems reported by the Outlook certificate warning message
are?

The name on the security certificate is invalid or does not match the name of the site

The security certificate was issued by a company you have not chosen to trust

25) How to see the Autodiscover URL for an Exchange 2016?

Get-ClientAccessService

[PS] C:\>Get-ClientAccessService -Identity EXSERVER | Select AutodiscoverServiceInternalUri

26) What is Autodiscover service?

-> Service Connection Point (SCP) is used for the Autodiscover service

-> Autodiscover is used by client applications to discover information about Exchange mailboxes and
services for example, Outlook uses Autodiscover during the setup of a new Outlook profile to
discover the server settings for the user, so that the profile can be automatically configured (instead
of the old days of manually entering server names and other details into Outlook). Autodiscover is
accessible via an HTTPS (SSL) connection from clients. The Exchange server also has a number of
other web services that are accessible using HTTPS connections from clients, such as Exchange Web
Services (EWS), Outlook on the web (also known as OWA), ActiveSync (for mobile devices), and
Outlook Anywhere (used by Outlook clients).

As the connection is over HTTPS the SSL certificate configured on the server must meet three criteria
to be considered valid by the client:

The certificate was issued by a trusted certificate authority (CA)

The certificate has not expired

The name on the certificate matches the server name (or URL) that the client is connecting to

27) Why does new inbound email to the recipient will not work?

-> Without the MX records being added to DNS, and the correct firewall points being opened to
allow the inbound SMTP connections it will not work

28) Which service has default Client Access services with URLs for the various HTTPS services when
you first install Exchange Server 2016?

-> It is pre-configured in HTTPS services such as OWA (Outlook on the web, formerly known as
Outlook Web App), ActiveSync (mobile device access), Exchange Web Services (the API used for a
variety of client communications), and others

-> The default URLs contain the fully qualified domain name of the server. So for example if your
server name is “exchange01.domain.com” then the default URL for OWA will be
“https://exchange01.domain.com/owa“.

-> These default URLs allow the services to function but they are not suitable for production
deployments for several reasons, such as:

They are difficult for end users to remember (this primarily impacts Outlook on the web,

where users tend to find it easier to remember a URL such as “webmail.domain.com“)

A URL containing a specific server name can’t be load-balanced across multiple servers in a high
availability deployment

The internal AD namespace for many organizations is not a valid domain name on the internet, for
example domain.local, which makes it impossible to acquire SSL certificates for Exchange 2016 (I’ll
cover SSL certificates in a separate article coming soon)

29) How to configure the same namespace (URL) for all services?

In my example scenario:

The server’s real name is exserver.exchange2016demo.com

The namespace I’ll be using is mail.exchange2016demo.com

Internal and external namespaces will be the same

PS C:\Scripts> .\GetExchangeURLs.ps1 -Server EXSERVER

30) How a query is sent to the Autodiscover service to learn which URLs Outlook should connect to
for accessing that particular user’s mailbox?

-> Autodiscover returns an XML response with that information in it

31) What is Test E-mail AutoConfiguration?

-> Test Email AutoConfiguration (also known as Test E-mail AutoConfiguration) is a tool in Microsoft
Outlook that helps troubleshoot issues with email configuration. It allows users to verify and
diagnose their email account settings within Outlook by automatically configuring account settings,
retrieving the Exchange Web Services (EWS) URLs, and displaying the results.

The tool can be accessed within Outlook by pressing and holding the Ctrl key on your keyboard and
right-clicking the Outlook icon in the system tray. Then select "Test E-mail AutoConfiguration" from
the context menu.

Once opened, you can input the email address and password you want to test. The tool performs
several tests, such as retrieving server settings, checking connectivity, and providing information
about the configuration process. It displays detailed information about how Outlook is connecting to
the mail server and any errors or issues encountered during the autoconfiguration process.

Enter the password for the user account, and clear the two Guessmart tick boxes before you launch
the test. In the results you’ll see a list of URLs for services such as OWA, MAPI HTTP, OAB, and others.

32) Split DNS means

-> I will host a DNS zone on my internal DNS servers, and use that to resolve
mail.exchange2016demo.com to the internal IP address of my Exchange server (or load balancer if
this was a high availability deployment). Meanwhile, the public DNS zone also has a
mail.exchange2016demo.com record that resolves to the public IP address of my firewall or router,
which will then NAT any external connections to the Exchange server’s internal IP/

33) Who hosts internal DNS zone?

Active Directory domain controllers in your environment, and managed using the DNS management
console

34) Who hosts public DNS zone?

-> A DNS hosting provider (often the same company that was used to register the domain name)

The DNS hosting provider will have a self-service portal you can use to manage your DNS records.

35) Add the records to both of the zones in your split DNS configuration and make sure they are
resolving correctly before you continue

-> PS C:\> Resolve-DnsName mail.exchange2016demo.com

-> PS C:\> Resolve-DnsName mail.exchange2016demo.com

36) Configuring Client Access Namespaces Using the Exchange Admin Center

After logging in to the Exchange Admin Center in your organization navigate to Servers-> Virtual
Directories and select the server you want to configure. There are two approaches you can take. The
first is clicking the wrench icon to configure the external namespace for one or more servers.A
window appears that allows you to add one or more servers and specify an external namespace to
use.The outcome of this approach is that all of the external URLs are configured to use that
namespace, but the internal URLs remain untouched.

OR
To configure all all services to use the same internal and external namespace

Instead you can edit the configuration of each virtual directory listed in the Exchange Admin Center
by clicking the edit icon.From here you can edit both the internal and external namespaces for the
virtual directory, as well as additional settings such as authentication.

OR

with Powershell

[PS] C:\>Get-OwaVirtualDirectory -Server EXSERVER | Set-OwaVirtualDirectory -InternalUrl

https://mail.exchange2016demo.com/owa -ExternalUrl https://mail.exchange2016demo.com/owa

37) how can I apply my desired namespace configuration to my Exchange

2016 server using ConfigureExchangeURLs.ps1?

C:\Scripts> .\ConfigureExchangeURLs.ps1 -Server EXSERVER -InternalURL

mail.exchange2016demo.com -ExternalURL mail.exchange2016demo.com

PS C:\Scripts> .\GetExchangeURLs.ps1 -Server EXSERVER

38) Why do we need SSL Certificates?

Exchange Server 2016 communicates with clients, applications and other servers over a variety of
network protocols such as HTTPS, SMTP, IMAP and POP

Much of this communication, particularly clients and applications, involves username and password-
based authentication.When user credentials are sent over the network they are sent “in the clear”,
meaning they can potentially be intercepted and read by an attacker. Other information transmitted
during the session may also be sensitive and prone to abuse if interception was possible.

To secure these communications Exchange Server 2016 uses SSL certificates to encrypt the network
traffic between the server, clients and applications. This includes:

Outlook connecting to Outlook Anywhere (RPC-over-HTTP) or MAPI-over-HTTP

Web browsers connecting to Outlook on the web (OWA)

Mobile devices connecting to ActiveSync to access mailboxes and calendars

Applications connecting to Exchange Web Services (EWS) for free/busy and other lookups

Email clients connecting to secure POP or IMAP

TLS encrypted SMTP between Exchange servers or other email servers

When Exchange Server 2016 is first installed it generates a self-signed SSL certificate that is then
enabled for IIS (HTTPS services like OWA, EWS and ActiveSync), SMTP, POP and IMAP. The self-signed
certificate allows the server to be “secure by default” and begin encrypting network communications
right from the start, but it is only intended to be used temporarily while you provision the correct SSL
certificates for your environment.

39) What are SSL Certificate Requirements?

There are three basic requirements for an SSL certificate in an Exchange Server 2016

deployment.
 Correct server/domain names – the SSL certificate must contain the namespaces (aka, URLs,
aliases, domain names) to match the names that clients will be connecting to (for example, users
typing “mail.exchange2016demo.com” in their web browser to access Outlook on the web

Certificate validity period – each SSL certificate has a fixed period of time during which it can be
considered valid. When the SSL certificate reaches its expiry date it will need to be renewed to
continue working.

Trusted certificate authority – clients will only trust SSL certificates that have been issued by a
certificate authority that they already trust. This is one reason that the selfsigned certificate is not
suitable for general production use, because your clients will not trust certificates issued by the
Exchange server itself. There are a wide range of

certificate authorities available to purchase certificates from that your client operating

systems and devices will trust. I generally recommend using DigiCert.

40) Which Type of Certificate to Purchase?

A standard SSL certificate contains a single name and is generally the cheapest to purchase, however
these are not suitable for even the simplest of namespace designs.

A wildcard SSL certificate allows you to secure multiple names on a domain without having to specify
the exact names on the certificate itself. For example, a DigiCert wildcard certificate can be acquired
for exchange2016demo.com and*.exchange2016demo.com. While these are often a lower cost
option, wildcard certificates can have compatibility issues with some integration scenarios with other
systems, as well as not being suitable for secure POP and IMAP configurations.

A SAN or UC (Unified Communications) certificate is the recommended type of SSL certificate to

purchase. A SAN certificate can contain multiple names.

41) How to Configuring the SSL Certificate?

Absolutely, generating a certificate request for Exchange Server 2016 can be done through both the
Exchange Admin Center (EAC) and the Exchange Management Shell (EMS), giving you options based
on your preference or familiarity with tools. Here's a breakdown of both methods:

Exchange Admin Center (EAC) Method:

Access EAC: Log in to the Exchange Admin Center.

Navigate to Servers: Go to "Servers" and select "Certificates" in the EAC.

New Certificate: Click on the "+" symbol or "New" to start the certificate request process.

Follow Wizard: Follow the prompts in the wizard to enter required information for the certificate
request (organization details, domains, etc.).

Generate Request: At some point, you'll be prompted to generate a certificate request file. Save this
file, as it will be used to obtain the SSL certificate from a Certificate Authority (CA).

Exchange Management Shell (EMS) Method (PowerShell):

Open Exchange Management Shell: Launch the Exchange Management Shell.

Run Command: Use the New-ExchangeCertificate cmdlet to generate the certificate request. Here's
an example:

New-ExchangeCertificate -GenerateRequest -SubjectName "C=US, O=YourOrg,

CN=mail.yourdomain.com" -PrivateKeyExportable $true -KeySize 2048 -Path
"C:\CertificateReq\certrequest.req"

Modify the parameters (-SubjectName, -PrivateKeyExportable, -KeySize, and -Path) according to your
specific requirements.

Once you've generated the certificate request, regardless of the method you used, you'll need to
submit this request file to a Certificate Authority (CA) to obtain the SSL certificate. After receiving the
certificate, it needs to be installed/imported onto the Exchange Server.

42) Select services, then tick the boxes for each service you wish to enable.

IIS is used for all HTTPS services (such as OWA, ActiveSync, Outlook Anywhere). Only one certificate
can be assigned to IIS, so it’s important that the certificate contains all of

the correct names configured as URLs for your HTTPS services.

SMTP is used for TLS-encrypted mail flow. More than one certificate can be assigned to SMTP.

POP and IMAP are disabled by default in Exchange Server 2016, but if you are planning to enable
them you should assign a certificate, whether that is the same certificate used for HTTPS or a
different one

UM is optional as well. If you are planning to use the UM features of Exchange Server 2016 enable
a certificate for UM as well, again that can be the same certificate as used for HTTPS services or a
different one.

43) What About External Access?

For external access to Client Access services to work there are three main components:

Public DNS records for the Client Access namespaces

A firewall rule that allows TCP port 443 (for HTTPS traffic) and NATs it to the Exchange server.

A trusted SSL certificate

44) Which are the three most common transport requirements?

Inbound mail flow from the internet to recipients on the Exchange server

Outbound mail flow to the internet from senders on the Exchange server

Applications and systems using the Exchange server for SMTP relay

45) Inbound Mail Flow

For your server to receive email from the internet and deliver it to internal recipients there needs to
be:

An Accepted Domain configured for the organization

An email address assigned to the recipient

MX records in your public DNS zone

SMTP connectivity from external senders to your Exchange server, or a mail route that leads to
your Exchange server

The Exchange server will accept SMTP connections using a receive connector

The receive connector is named Default Frontend SERVERNAME

46) Configuring Accepted Domains

Accepted domains define which domain names your Exchange servers will accept email for. When
you install a new Exchange 2016 server the DNS name of the Active Directory forest is automatically
added as an accepted domain for the Exchange organization.

You can view your accepted domains in the Exchange Admin Center. Navigate to mail flow and then
choose accepted domains

Exchange admin center -> mail flow -> If you need to add a new accepted domain click the “+” icon,
which launches a wizard for the task. Enter a name for the accepted domain, then the domain name
itself (I always just configure those two values to be the same).

-> three options for the type of domain

Authoritative – a domain for which your servers host the only recipients. For most scenarios this
will be the correct choice.

Internal relay – a domain for which your servers host some, but not all of the recipients.

A typical use case for this type of accepted domain is a shared SMTP namespace, which is often
required when two companies are merging or separating.

External relay – a domain for which your server receives email, but hosts none of the recipients

47) Configuring Email Address Policies

-> to add email addresses to recipients in your organization. You can do this on a per-recipient basis,
by simply opening the properties of the recipient (such as a mailbox),

selecting email address, and adding the desired SMTP address

The next step is to add email addresses to recipients in your organization. You can do this on a per-
recipient basis, by simply opening the properties of the recipient (such as a mailbox), selecting email
address, and adding the desired SMTP address

An email address policy is configured by default when you install a new Exchange 2016 server, or it
will simply use the existing policy if you’re installing into an existing organization. Email address
policies are found in the mail flow section of the Exchange Admin Center
Earlier you may have noticed the check box on the mailbox user that says:

“Automatically update email addresses based on the email address policy applied to this recipient.”

In effect this means that the email address policy shown above will stamp the SMTP addresses on
that recipient (and all the other recipients with that check box enabled), without me having to add
them manually.

48) Configuring MX Records in DNS

MX stands for “mail exchanger”. An MX record is a type of DNS record, so any understanding of MX
records has to begin with an understanding of the fundamentals of the Domain Name System (DNS)

The most important role of DNS for the majority of us is translating names into IP addresses so that
network communications can occur

PowerShell for Mail Routing in Exchange Server:

Open Exchange Management Shell (EMS):

------------------------------------------------------

Launch PowerShell with administrative privileges.

View Accepted Domains:

Use the Get-AcceptedDomain cmdlet to view the accepted domains configured in Exchange:

Get-AcceptedDomain

Add Accepted Domain (if needed):

Use the New-AcceptedDomain cmdlet to add a new accepted domain:

New-AcceptedDomain -Name "yourdomain.com" -DomainName yourdomain.com -DomainType

Authoritative

Set Mail Routing:

Use the Set-SendConnector and Set-ReceiveConnector cmdlets to configure mail routing and
connectors within Exchange.

For example, configuring a send connector:

Set-SendConnector -Identity "YourSendConnector" -AddressSpaces "SMTP:yourdomain.com" -

Internet

This step helps Exchange determine where to send outbound emails.

Test Mail Flow:

After configuring connectors and accepted domains, test mail flow both internally and externally to
ensure emails are routing correctly.
Steps to Configure MX Records for Exchange Server:

------------------------------------------------------

Access DNS Management Interface:

Log in to your DNS hosting provider's website or the DNS management console where your domain's
DNS records are hosted.

Locate DNS Zone Settings:

Find the DNS zone settings for the domain you want to manage.

Add or Modify MX Records:

Look for an option to manage DNS records, specifically MX records, within the DNS zone settings.

Configure MX Records:

Add or modify MX records to point to your Exchange Server:

Priority (Preference): Set the priority value (numeric value) for the mail servers. Lower numbers
indicate higher priority (e.g., 0, 10, 20).

Mail Server/Host Name: Enter the hostname or domain name of your Exchange Server responsible
for handling incoming emails.

TTL (Time to Live): Set the Time to Live value for the record (in seconds).

Save Changes:

After entering the MX record details, save the changes within the DNS management interface.

Multiple MX Records (Optional):

Optionally, you can add multiple MX records with different priorities to set up backup or redundant
mail servers. Ensure proper priority levels are assigned.

Verify MX Record Configuration:

Confirm that the newly added or modified MX records are correctly displayed in the DNS settings.

Propagation Time:

Keep in mind that DNS changes might take time to propagate across the internet. Allow some time
(usually a few minutes to 48 hours) for changes to take effect globally.

49) Configuring SMTP Connectivity to the Exchange Server

Steps to Configure SMTP Connectivity to Exchange Server:

Access Exchange Admin Center (EAC) or Exchange Management Shell (EMS):

Log in to the Exchange Admin Center or open Exchange Management Shell with administrative
privileges.

Create Send Connector:

In EAC: Go to "Mail Flow" > "Send Connectors."

Click on "Add" or "+" to create a new send connector.

Specify a name and select the intended use (Internet or custom scenario).

Define the address space (e.g., "*") for all external domains or specific domains to route emails.

Configure the network settings: specify how Exchange will relay emails (DNS or smart host).

Complete the wizard by verifying settings and saving the connector.

In EMS: Use the New-SendConnector cmdlet to create a send connector.

New-SendConnector -Name "OutboundConnector" -AddressSpaces "*;1" -Internet -

UseExternalDNSServersEnabled $true

Configure Receive Connector:

In EAC: Go to "Mail Flow" > "Receive Connectors."

Check the existing receive connectors or create a new one if needed.

Ensure the settings allow for incoming emails from the internet or internal networks as required.

In EMS: Use the New-ReceiveConnector cmdlet to create a receive connector.

New-ReceiveConnector -Name "InboundConnector" -Bindings "0.0.0.0:25" -RemoteIPRanges

"0.0.0.0-255.255.255.255"

DNS Configuration:

Ensure the MX records in your DNS settings point to your Exchange Server for incoming emails.

Configure Reverse DNS (PTR record) for your Exchange Server's IP address to match the sending
domain, aiding email deliverability.

Firewall and Network Configuration:

Open TCP port 25 (SMTP) on your firewall to allow inbound and outbound SMTP traffic to and from
the Exchange Server.

Confirm that your Exchange Server's IP is allowed to send emails through your network
infrastructure.

SSL/TLS Configuration (Optional but recommended):

Configure SSL/TLS certificates for secure SMTP communication between the Exchange Server and
other mail servers.

Enable secure communication settings on send/receive connectors if using encryption.

Testing Connectivity:
Verify SMTP connectivity by sending test emails both internally and externally to ensure mail flow
functions properly.

Use tools like Telnet or PowerShell's Test-NetConnection to check SMTP connectivity.

Monitoring and Maintenance:

Regularly monitor SMTP traffic, mail queues, and logs to detect any issues or irregularities.

Keep Exchange Server and associated components updated with the latest patches and security
updates.

50) three options for the type of domain. The explanations are very clear, but to summarise

Authoritative – a domain for which your servers host the only recipients

Internal relay – a domain for which your servers host some, but not all of therecipients.

A typical use case for this type of accepted domain is a shared SMTP namespace, which is often
required when two companies are merging or separating

External relay – a domain for which your server receives email, but hosts none of the recipients.

51) Testing Inbound Mail Flow

The simplest way to test inbound mail flow is of course to send an email from an external sender
(such as a Gmail account) to a recipient on your Exchange server. If the email arrives, then inbound
mail flow works!

-> the Remote Connectivity Analyzer does not cache DNS records, so it should show you the current
configuration. You may just need to wait longer for real world email servers to pick up the changes

52) Outbound Mail Flow

When you first install Exchange Server 2016 there is no outbound mail flow configured by setup.if
you’re installing into a new organization, or want to change your existing outbound mail flow, then
you’ll need to create a send connector.

Send connectors control outgoing mail flow from your Exchange server. Every organization that
needs to send email message to external recipients will need at least one send connector.

53) Creating a Send Connector

Log on to your Exchange Admin Center and navigate to mail flow and then send connectors.Click the
“+” icon to create a new connector.

Give the new send connector a meaningful name and set the Type to Internet.

Next you’ll need to decide how the outbound emails will be delivered. There are two choices

by MX record, or via smart host. MX record delivery involves your Exchange server looking up the MX
records of the recipient’s domain in DNS, and then connecting directly to their email server via SMTP
to deliver the email message. Smart host delivery involves your Exchange server sending the
messages to a specified IP address or host name for another system (typically an email security
appliance or cloud service) that is then responsible for the further delivery of that email message.
52) Testing the Send Connector

A simple test to verify that the send connector is working is to send an email from a mailbox on the
server to an external address. If the email message is received by the external mailbox you can then
check the message headers by copying them from the message and pasting them into the Message
Analyzer at ExRCA.com

If the email message was not received check the transport queue on the Exchange 2016 server.

[PS] C:\>Get-Queue

If you see message stuck in the queue for the next hop domain that you’re trying to send to you can
see more details about them by piping the command to Get-Message.

[PS] C:\>Get-Queue | Get-Message | fl

Since outbound mail flow depends on DNS and firewall access you can also check those items.

For example, to verify that MX records can be resolved in DNS by the Exchange server use the
Resolve-DnsName cmdlet.

[PS] C:\>Resolve-DnsName gmail.com -Type MX

You can also test SMTP connectivity from the server using Telnet. Because the Telnet client is not
installed by default on Windows Server you may need to install it first.

[PS] C:\>Install-WindowsFeature Telnet-Client

From a CMD prompt try to telnet to one of the MX records you resolved earlier.

C:\>telnet gmail-smtp-in.l.google.com 25

if SMTP connectivity looks fine but the emails are still not being delivered you can

enable protocol logging on your send connector and then use the log data to assist your

troubleshooting.

[PS] C:\>Set-SendConnector "Internet Email" -ProtocolLoggingLevel Verbose

53) SMTP Relay for Applications and Devices

There are generally two types of SMTP relay scenarios that Exchange Server 2016 is used for:

Internal relay – devices and applications that need to send email messages only to

internal recipients in the Exchange organization.

External relay – devices and applications that need to send email messages to external

recipients

Internal SMTP Relay

When Exchange Server 2016 is first installed the setup routine automatically creates a receive
connector that is pre-configured to be used for receiving email messages from anonymous senders
to internal recipients. This allows inbound internet email to be received by the server, and is also
suitable for internal relay scenarios.
[PS] C:\>Get-ReceiveConnector

54) Backup and Recovery Terminology

Backup and Recovery Terminology:

Backup Types:

Full: Complete copy of data, including unchanged data.

Incremental: Partial copy including changes since last backup.

Differential: Similar to incremental but doesn't mark data as backed up.

Copy: Similar to full but not marked as backed up.

Backup Storage Types:

Tape: Magnetic tape used for backup.

Disk: High-capacity, faster storage often with features like de-duplication.

Cloud: Storage provided by services like AWS or Azure.

General Terminology:

RPO: Recovery Point Objective - Time to recover data.

RTO: Recovery Time Objective - Time to perform recovery.

VSS: Volume Shadow-copy Service - Used for application-aware backups.

Recovery Database: Special database used for restore operations.

Database Portability: Mounting databases from other Exchange servers.

Dial Tone Recovery: Mounting temporary empty mailboxes for users.

Log Truncation: Process of removing unnecessary transaction logs.

What to Back Up for Exchange Server 2016:

Backup requirements for Edge Transport and Mailbox servers differ.

Considerations for backing up databases, log files, and system files.

Backup Using Windows Server Backup:

Install Windows Server Backup feature if not already installed.

Launch Windows Server Backup and configure scheduled backup job.

Restoring Mailbox Databases:

Scenario: Restoring a lost database from a backup.

Use Windows Server Backup to select source and start recovery process.

Restoring Mailboxes and Items Using a Recovery Database:

Creation of a recovery database using Exchange Management Shell.

Restoring database files into the recovery database.

Making the restored database mountable and running mailbox restore requests.

Managing Mailbox Restore Requests:

Commands to monitor the progress, status, and statistics of mailbox restore requests.