Microsoft Exchange 2013

Microsoft Exchange is an email server. It is one of the email systems that Retain can connect to. It is helpful to have an Exchange server handy for testing. Microsoft is pushing people toward Office 365 but it is safe to say people will continue to use Exchange for 5-20 years.

Make sure your server has the name that you want Exchange does not like having it changed once it is set up.

Installing Microsoft Exchange 2013

You need to install Exchange 2013 on a Microsoft Windows Server 2012 R2 system.

The most important tool to have handy is the Exchange Server Deployment Assistant. This provides a great checklist of things you must do to successfully deploy an Exchange server.

We will want an On-premise, new install, with both Mailbox and CAS roles on board. We will NOT be using disjoint namespaces. We will NOT be using Unified Messaging (but it will install it anyway). We will NOT be using an Edge server.

Save that checklist.

Make sure to do the prerequisites!

Open PowerShell and execute the commands

Install-WindowsFeature RSAT-ADDS

and

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, 
RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, 
WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, 
Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, 
Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, 
Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, 
Windows-Identity-Foundation

Prerequisite installs

Note: .NET Framework 4.5 and Windows Management Framework 3.0 are included with Windows Server 2012 and don't need to be installed separately. .NET Framework 4.5 and Windows Management Framework 4.0 are included with Windows Server 2012 R2 and don't need to be installed separately. Just add the role/feature in Server Manager.

Download and install the Unified Communications Managed API 4.9 Runtime http://www.microsoft.com/en-us/download/details.aspx?id=34992

The Microsoft Office 2010 Filter Packs http://www.microsoft.com/en-us/download/details.aspx?id=17062

Filter Packs SP1 http://www.microsoft.com/en-us/download/details.aspx?id=26604

Filter Packs SP2 http://www.microsoft.com/en-us/download/details.aspx?id=39671

Preparing AD

First you need to extend the schema. Open a command prompt in administrator mode, go to the directory you downloaded exchange into and run

Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

Now you have to prepare Active Directory this can be done right after the previous command.

Setup.exe /PrepareAD /OrganizationName:"<organization name>" /IAcceptExchangeServerLicenseTerms

Now you have to prepare your AD domains and in the case of a lab you want to do all of them.

Setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms

Install Exchange

Now we can start installing Exchange: From File Explorer you can run Setup.exe as administrator (right-click and choose Run as administrator)

It will ask you about downloading updates which is a good idea.

There will be more screens but defaults will be sufficient.

When it comes to Server Role Selection you want to choose Mailbox role and Client Access role (Client Access will appear to be greyed out but you can select it.)

Take the default location.

Turn off Malware detection.

Then it will check for the prerequisites. Warnings are okay, because this will be the first exchange server and as long as there are no errors you are good to go.

Then it will take about a hour to install and prepare all the software.

Finally, you will have to reboot.

Post-install steps

There are a number of post-install tasks that need to be completed before your Exchange Server is fully functional.

You can log into the Exchange Admin Center (EAC) by browsing to https://[serverName|IP address]/ecp Remember to log in with your AD forest domain name\user name

You can use the Outlook Web App(OWA) to send and receive mail https://[serverName|IP address]/owa Remember to log in with your AD forest domain name\user name

Instructions for installing the Outlook Retain Plugin

Send Connector

You will need to create a Send Connector so the mail can flow.

First you need to create a send connector.

Go to EAC/Mail Flow/Send Connector.

Click the plus sign to create a new connector, a dialog box will appear, for the lab an internal connector will be enough. Route it through a smart host. I name mine intranetMailSendConnector, not terribly original but it is straightforward. now add the host, which is the Active Directory domain you created before. No need for authentication, at this time. Add your AD domain as an SMTP host. Add your domain as a transport server. and click finish.

Accepted Domain

Next configure an accepted domain.

In the EAC goto Mail flow/Accepted domains The Deployment assistant talks about creating a new one but since Exchange already has the current domain, you can skip this step in the assistant.

Preparing Exchange for Retain

Create Impersonation User

In the EAC/Mailboxes there is a nice big plus sign. That is the add button and that is where you can create new users and mailboxes.

At the very least you need to create an Impersonation Account for Retain.

So add a user and make sure the user does not have to change password after next login.

Then go on the left sidebar and select Permissions. Under Admin Role click add. Add Role and select ApplicationImpersonation, press Add-> and then OK. Add the Impersonation User to the Role Group. Click OK.

ProTip: Go into Server Manager/Tools/Active Directory Users and Groups. Choose the impersonation account. Set the Account expires to Never.

Go to the Account tab, then set in the Account Options:

• User cannot change password
• Password never expires

Other things

Backup the IIS config file. http://technet.microsoft.com/en-us/library/cc754617(v=ws.10).aspx

Storage strategy: You would want separate partitions for the OS, the main mailbox databases, the archive databases and the log files. http://exchangeserverpro.com/exchange-2013-move-database-to-new-folder-path/ http://careexchange.in/how-to-move-database-path-and-log-folder-path-in-exchange-2013/ http://social.technet.microsoft.com/wiki/contents/articles/22479.move-logging-in-exchange-2013-via-powershell.aspx

Archiving Strategies

Exchange does not have a positive retention system, that is it has no way to signal that a message has been backed up or not. So we have to jump through some hoops to have a reasonable chance at archiving all messages in the system. Under default operating procedures all we would have is a snapshot of what was in Exchange when the job was run. It would not be a true archive. A message that was received, replied to, trashed, emptied from trash and then purged from "Recoverable Items" would be missed completely.

Not to say Exchange doesn't have an archive system built it, it just runs into its own limitations too quickly for comfort. Very simply you can tell Exchange to put a hold on a mailbox. That means that no messages will be allowed to be permanently deleted and that does the job very well. However, it doesn't take some users, often the most important users, very long to reach that 2GB mailbox limit.

Now you can get around that by allowing users to have archive folders in their mailboxes, but do you want to try keeping 10 years of data attached to your production system when most of it is never referenced again or only very rarely.

Journaling Mailbox

This method is not recommended but will be discussed as it was popular to us. Exchange can be set to create a mailbox that receives a copy of all messages received by the system. Retain's ImpersonationApplication user could access that mailbox and archive all the messages, deleting them when done.

The major issue comes when the system becomes large or if there is an issue and the journaling mailbox cannot be cleared in time that it can never be cleared because Exchange can't give the messages to Retain. Exchange has an issue that when a mailbox becomes very large it is unable to serve the messages in it. That is why there is a 2GB limit on mailboxes.

To make this system more resilient, create a separate mailbox database for the journaling mailbox and be prepared to create new journaling mailboxes as they reach that 2GB limit so there is a chance to clear them.

In-Place Hold

Exchange does have holds: In-Place Hold and Litigation Hold

http://blogs.technet.com/b/exchange/archive/2013/12/11/litigation-hold-and-in-place-hold-in-exchange-2013-and-exchange-online.aspx Limited to 10k users, but you can create another hold policy for the next 10k.

http://www.msexchange.org/articles-tutorials/exchange-server-2013/compliance-policies-archiving/exchange-2013-place-hold-and-place-ediscovery-part3.html There are some odd steps to deal with making sure things are locked down.

Interesting 2013 has a purges folder http://www.msexchange.org/articles-tutorials/exchange-server-2013/compliance-policies-archiving/exchange-2013-place-hold-and-place-ediscovery-part2.html

Purges - users delete an item from the Recoverable Items folder (by using the Recover Deleted Items tool), the item is moved to the Purges folder. Items that exceed the deleted item retention period are also moved to thePurges folder. Items in this folder are not visible to users if they use the Recover Deleted Items tool. When the mailbox assistant processes the mailbox, items in the Purges folder are purged from the mailbox database unless the mailbox is on hold;but maybe we should recommend using Messaging Records Management instead?

Messaging Records Management http://technet.microsoft.com/en-us/library/dd297955(v=exchg.150).aspx

This is how you do a hold for one mailbox http://technet.microsoft.com/en-us/library/jj150573(v=exchg.150).aspx For all mailboxes http://technet.microsoft.com/en-us/library/dn767952(v=exchg.150).aspx